HCIS

• Home
• About
• Articles
• Submission

Currently, the world is experiencing a global pandemic due to the spread of coronavirus disease 2019 (COVID-19), a disease stemming from a novel coronavirus. The main measure used to contain the rapid spread and to control this virus’s contamination rate is social distancing. This method has dramatically affected citizens’ daily lives. To this end, replacing face-to-face meetings with virtual meetings using cloud videoconferencing application solutions has emerged. This approach has indeed solved this problem for millions of schools, companies, governments, and individuals worldwide. However, security and privacy concerns arise. The number of videoconferencing users has increased during the pandemic, yet some applications offer only unencrypted communication for unpaid users. Moreover, uninvited attendees can join virtual meetings, collect sensitive information about users and shared files, and participate in them using deepfake tools. To resolve this dilemma, we propose in this paper a lightweight, scalable blockchain-based authentication mechanism to secure cloud videoconferencing. Private blockchain, as a decentralized network, can handle user authentication and provide complete data privacy to shared information in a virtual meeting. Moreover, to reduce the latency and mining processing overhead and for scalability of the system, we use a time-based consensus algorithm. Our simulation shows very low latency results, perfect for a video system.

Blockchain Videoconferencing, Security, Privacy, Authentication

Videoconferencing is not a new term. This concept dates to the late 19th century under the name of videotelephony [1]. The year 1930 marked the first publicly available videotelephone, which was in a booth installed in a post office. With the development of Internet technologies and the widespread use of computers, AT&T successfully created the first version of videoconferencing in 1970, by which anyone could subscribe to and use the service in the comfort of their own home. Web-based videoconferencing allows users in different locations to engage in real-time face-to-face interactions over the Internet. This technology revolutionized numerous industries, including finance, medical, and education, among others. With regard to medications, for example, patients with mild symptoms are not required to visit hospitals and wait in line to talk to a doctor or physician; instead, they can use telemedicine, which is a form of videoconferencing hosted by doctors and their patients. Telemedicine accordingly helps with the practice of medicine using technology at a distance and reduces the stress of visitors on hospitals, thus reducing contamination and virus propagation.
Videoconferencing has been used and developed over the years for various reasons; notably, with the current global pandemic of coronavirus disease 2019 (COVID-19), multiple industries are forced to work remotely instead of in regular offices. Principally with the launch of 5G network technology, it enhances videoconferencing resolution and the quality-of-service perceptions, which significantly influenced users. The usage of videoconferencing applications has noticeably increased during the global pandemic. For example, “Zoom,” a videoconferencing application, was founded in 2011 but only received attention from the public in 2020 due to the COVID-19 epidemic, reaching 300 million daily users, with 3 trillion annual meeting minutes [2]. This well-known videoconferencing software was downloaded 485 million times in 2020 alone. Users worldwide, including companies, schools, hospitals, and individuals, rely on web-based videoconferencing such as Zoom, Google Meet, Skype, and many more, for various reasons. Videoconferencing appears to connect people regardless of their distance and/or circumstances. Users only need a device connected to the Internet, such as a smartphone or computer, to connect, have face-to-face meetings, socialize with friends and family, follow real-time courses, and receive quick advice from their doctors.
Videoconferencing technology is helping millions worldwide in their daily lives, generally during unique and challenging situations such as COVID-19 and over long distances. However, concerns about its security and privacy arise. During a virtual meeting over the Internet, users tend to share sensitive information, such as their faces, full names, ID numbers, company data, and medical data, among other types. Moreover, videoconferencing software allows file and screen sharing as well; such files may include confidential data but are openly shared over the Internet. Some videoconferencing applications do not provide robust data security for unpaid users, exposing the data transmitted by normal users openly. This is a critical issue that users and service providers should not disregard. Recently, it was reported that nearly 352 Zoom application users accounts were comprised. These accounts include those of healthcare providers and school institutions in the United States. Moreover, more than 500,000 instances of account information were leaked and sold over the dark web. Hence, videoconferencing security and privacy are significant concerns that urge quick responses from service providers as the usage of this technology has grown over time.
On the other hand, blockchain technology, as a secure, shared ledger, and its sub-technologies such as smart contracts can bring about desirable security and privacy to videoconferencing systems. Blockchain is a technology that has been used recently to secure data and ensure the authentication of multiple services in an innovative city environment. To this end, and to solve the security concerns related to videoconferencing technologies, we propose in this paper the usage of blockchain technology fully to support the confidentiality, integrity, authentication, and privacy of users and entities such as companies. We discuss various types of potential attacks on videoconferencing software and the types of data that can be leaked. Moreover, through our proposed architecture and the use of a lightweight private blockchain, we satisfy the latency and real-time communication requirements while not affecting the quality-of-service and quality-of-experience metrics. Our primary research contributions are presented below

The rest of the paper is organized as follows. In Section 2, we present a general overview of blockchain and videoconferencing technologies and some recent related works. Section 3 discusses the convergence of blockchain for videoconferencing technology supported by a detailed architecture. In Section 4, we discuss some of the most critical open research challenges and performance issues. We conclude this work by in Section 5.

In this section, first we discuss some of the main seminal contributions, offer an overview of blockchain and videoconferencing systems, and discuss the primary key consideration of the proposed framework.

Kiah et al. [3] proposed a novel design of a videoconferencing framework for real-time telemedicine applications. Their proposal utilized secure group-based communication architecture and Java media framework application programming interface classes to test the feasibility of their framework. The authors used as well Rivest-Shamir-Adleman (RSA) and Advanced Encryption Standard (AES) algorithms to provide the required security services. However, in their results, the encryption phase notably increases the videoconferencing computational time. On the other hand, Khalaf et al. [4] deployed blockchain technology for live streaming video transmissions and telecommunication algorithms. Their proposal focuses more on the reliability and flexibility of video streaming services; however, security concerns are not considered. Jan et al. [5] discussed as well the usability of blockchain technology for the Internet of Multimedia Things. Their survey stressed the importance of blockchain for authentication, privacy, trust, and security in multimedia, such as videoconferencing services. The authors reviewed some of the existing blockchain-enabled multimedia platforms, such as Theta, Livepeer, Moecp, Waltonchain, IoTeX, and OriginTrail. However, their study does not include a robust security analysis, nor does it provide results. Meanwhile, Gipp et al. [6] deployed blockchain’s Bitcoin for the security and integrity of videos and video-camera-enabled smartphones. Their proposal hashes the bits of each video into SHA256 and transmits the hash to a blockchain transaction. It seems promising as it provides the desired levels of security and privacy. However, it cannot be utilized for real-time video transmissions such as videoconferencing as it is computationally heavy and not cost-effective. Hasan and Salah [7] considered a very interesting security issue in videoconferencing, that of deepfake videos. The authors used blockchain, smart contracts, and the InterPlanetary File System (IPFS) to generate a unique hash for each video and to validate the video’s owner, both on-chain and off-chain.
Multiple studies have discussed security issues as they related to video streaming, multimedia as well as, videoconferencing using blockchain. However, to the best of our knowledge, no study has yet deployed blockchain for real-time video streaming applications. During COVID-19, and with the increased use of videoconferencing platforms for work, research, meetings, and socialization, the risk of cyber-attacks has increased. Primarily, most videoconferencing service providers do not provide security measures for unsubscribed users. Thus, in this study, we propose a blockchain-based secure authentication scheme to verify, validate, and create a cluster of authentic users. Adopting this method ensures that only honest users have the right to participate in a given video call, including sending and receiving files, viewing files, and joining either the video, audio, or both.

In this paper, the leading deployed technologies are blockchain and videoconferencing systems; we will review below the concepts and components of these technologies.

Blockchain
Blockchain is a chain data structure in which all data are structured into blocks connected based on adding time [8]. Blockchain is proved to be cryptographically secured against data manipulation. Thus, using it can ensure network stability and security. Despite its short history, blockchain has been successfully integrated into multiple applications and industry sectors due to its security benefits [9]. Apart from its financial uses, such as Bitcoin and similar applications, Blockchain has proved its role as a secure and decentralized database based on blockchain technology. The decentralized storage in the blockchain can be used to store extensive complex data into securely connected blocks. The decentralized and secure nature of blockchain makes it a promising solution for videoconferencing. Blockchain was initially designed as a linear infrastructure based on linked data structures and hashing strategies. However, recently, non-linear infrastructures are being adopted for real-time applications, as they can handle big data based on graph theory and queuing information models, making this technology perfect for latency-intolerant applications on videoconferencing systems. We can distinguish four types of blockchain [10]: public or permission-less blockchain, an open ledger where all nodes can participate in the validation process; private or permissioned blockchain, where a particular entity makes a restriction; a smart contract that executes acts included automatically once conditions are fulfilled without the intervention of a third party; and finally the consortium blockchain or semi-decentralized blockchain. Unlike the private blockchain, the consortium blockchain is controlled by a group of approved entities.

Videoconferencing
Videoconferencing is the technology that allows two or more users to interact, share files, and have a real-time face-to-face meeting [11]. Its infrastructure consists of four main layers; the endpoint is the user’s device, such as a computer or a smartphone. Peripheral equipment such as webcams and microphones are used during the interaction. Videoconferencing servers are used to process meeting data and manage videoconferencing [12]. The last layer is the software infrastructure, including content transmission and storage.
In Fig. 1(a), the end-to-end videoconferencing concept, also known as point-to-point video-conferencing, is explained. A centralized server residing in the cloud usually controls and manages the communication and interaction between two users at different locations. Unlike the end-to-end architecture, the centralized multi-point videoconferencing system allows multiple users to interact using a multi-point conferencing unit (MCU), as depicted in Fig. 1(b).

Fig. 1. (a) End-to-end videoconferencing systems and (b) centralized multi-point videoconferencing.

Threat modeling
In recent years, security experts have warned about the growing risk and potential impact of cyber-physical attacks on important systems. The videoconferencing system is highly dependent on the physical server and storage, and telemetry vulnerabilities of the hardware can allow cyber tampering and the interception of data, as discussed in [13].
Other potential attacks have also been explained in the literature [21], as depicted in Fig. 4. They can be described as follow:


Key consideration
The primary considerations of the proposed framework are described below.
Security and privacy: Videoconferencing system are very fragile as they contain sensitive shared information from their users, such as personal and work files; spoken information such as names, ages, addressers; and other personal and professional details. Moreover, videoconferencing is a space where users openly share their voice and face records. This information is prone to attacks; thus, securing these forms of data from any possible attack is critical. We address this problem by allowing access only to pre-authenticated users.
Confidentiality: The main challenge of videoconferencing systems and applications is the confidentiality of the corresponding platforms’ shared information and data. Sensitive data are prone to leakages and attacks from third parties, leading to data manipulation, losses, or exposure by unauthorized individuals.
Integrity: Users often share data and files over videoconferencing systems. An attacker may use malware or a masquerade attack to erase such data. Data manipulation and losses are other serious issues related to the integrity of a videoconferencing system.
Availability: Due to the real-time nature of videoconferencing systems, data and shared information require fast accessibility. Data should be accessible by authorized individuals and parties upon request. Assuring the availability and accessibility of data and services is critical to maintaining high quality-of-service and quality-of-experience levels.
Authenticity: For a videoconferencing system, joining a video meeting without a prior invitation is one of the easiest types of cyber-attacks. “Zoom bombing,” a new term for this attack, was coined given the increased usage of the Zoom videoconferencing application, referring to when an un-invited user succeeds in joining a Zoom meeting (work, study, or socializing meetings). The attacker is capable of listening, viewing, and participating in the conversation. Improving authentication methods and mechanisms is a critical step for a secure videoconferencing experience.

System Overview
The proposed blockchain-based videoconferencing security framework consists of three main layers: (1) the device layer, (2) the edge layer, and (3) the cloud layer.
The device layer involves several users, joining videoconferencing devices such as phones, computers, cameras, projectors, and Internet connections such as 5G networks. The user layer is based on heterogeny; honest and misbehaving users are all parts of this layer. The edge layer is where our blockchain resides. In this layer, blockchain is used to verify, validate, and authenticate users. Honest users will be added to the Blockchain ledger as a transaction with a signed certificate.
While dishonest devices will be excluded from the ledger, only users with signed validated certificates can participate in the videoconferencing system. Instruments that show signs of manipulation will be signaled to the blockchain and rejected from the communication channel. The last layer of the proposed framework is the cloud layer. The cloud layer is where the data center resides, and it serves as a means of communication between users. Real-time videos are uploaded and downloaded from the data center at the cloud layer. The cloud data center manages all users and hosts videoconferencing applications such as Zoom software. The details mentioned above are depicted in Fig. 2.

Fig. 2. System overview of the proposed framework.

Methodology and System Workflow
To explain the workflow of our system, system considerations should be discussed first. The type of blockchain we use in this proposal is a private blockchain. A trusted entity controls the blockchain; we assume that the trusted entity is the videoconferencing platform provider. The platform provider will select a group of other trusted nodes or users to verify and validate other users. The private blockchain is considered to be a lightweight form of blockchain and thus consuming less energy and time during the consensus phase. Moreover, it is more suitable for real-time applications such as videoconferencing systems. We consider that the encryption and decryption methods are performed on the service provider side. The steps of users’ authentication and validation can be described as follows: As discussed above, the server at the cloud layer will store the identification of all malicious nodes and accumulate these entities in its memory, matching the number of times the same device has been declared as a malicious node. If this number exceeds five, the device will be rejected from using the system forever. Moreover, honest devices participating in multiple rounds and proved, to be frank, can become verification nodes in the future. This system utilizes a lightweight blockchain (private blockchain) to verify and validate users before the videoconferencing call starts. If a malicious device wants to join the call, it must have the encrypted message sent by the first user as an invitation. Moreover, it needs to send a request for verification in a short amount of time. Otherwise, it will be denied the service and rejected if the number of denials exceeds five. Algorithm 1 depicted the proposed system. Table 1 provides the notations utilized and their respective meanings, while Fig. 3 shows a flowchart of the proposed method.
Table 1. Notations utilized

Variable	Definition	Variable	Definition
$R, R_{id}$	The root node, the first node to request a video conference call and its respective identification	$U_{id}$	Identification
$SP_k$	Service Provider	$VN$	Verification nodes
$Msg$	Message	$Δt$	Permissioned delay
t	Timestamp	$HL$	Honest user list
$ML$	Malicious nodes list	$SP_{pid}$	Pseudo key of the service provider
$Bmsg$	Broadcasted message	$n$	Random nonce

Fig. 3. Flowchart of the proposed system.

To evaluate our system, we utilized Network Simulator-3 (ns-3), based on C++, to implement virtual nodes representing a video call participant. Go-Ethereum is used to implement and test the blockchain network feasibility and execution time based on the fault-tolerance node. The simulation was performed on an Intel Core-i7 computer with 16 GB of RAM running under Ubuntu Linux. As shown in Fig. 4, the proposed Blockchain algorithm for validation scores better in terms of the execution time, making it perfect for latency-intolerant applications such as videoconferencing software. Moreover, comparing the utilization of blockchain to verify and validate the participating nodes contributes directly to decreasing the number of potential attacks such as spoofing, tampering, repudiation, information disclosure, call data disclosure, denial of service, elevation of privilege, and hardware integrity attacks, among others. The proposed method covers large security measures as the verification and authentication phase is executed before the video call.

Fig. 4. Proposed blockchain algorithm execution time.

Discussion and Open Issues
Blockchain technology is a promising tool for security and privacy concerns. For systems such as videoconferencing, which are latency-sensitive, a fast and efficient tool must be used. Thus, we have deployed in the proposed framework a lightweight blockchain ledger that relies on a private blockchain. In the private blockchain, a group of pre-selected and trusted nodes participate in a consensus algorithm and are controlled by a single entity, thus reducing the time and computation power needed. The proposed framework provides the required privacy and security levels by authenticating nodes that can participate in the videoconferencing call.
However, some issues are not yet addressed in our proposal. Firstly, a root user who requests to initialize a videoconferencing call is verified only using its identification by the service provider; if a malicious node managed to become a root for a videoconferencing initialization, and even if all other users are honest, the communication will not be secure. Another point is related to the service provider itself. In cyber-attacks, an attacker can manage to impersonate a device or a server; thus, if a malicious node imitates the service provider to receive requests, all communications are at risk as a hostile server can view these messages. Providing secure communication and ensuring the privacy of videoconferencing systems are challenging tasks. Most current service providers do not cover security for unsubscribed users, which creates a greater chance of malicious attacks to occur. Users should be cautious when using these systems, as their data can be leaked, as can biometric information such as voice and facial identification data. The information mentioned above can be used for severe attacks such as deepfake attacks. Moreover, files shared during a videoconferencing call must be protected by an additional password in case an uninvited user joins the system. Table 2 presents a comparative analysis between our paper and other related state-of-the-art approaches.

Table 2. Comparison with existing research

Study	Technology	Efficiency	Security	Privacy
Kiah et al. [3]	RSA and AES	No	Yes	Yes
Khalaf et al. [4]	Blockchain	Yes	No	No
Jan et al. [5]	Blockchain	Yes	No	Yes
Gipp et al. [6]	Blockchain, SHA256	No	Yes	Yes
Hasan and Salah [7]	Blockchain	No	Yes	Yes
This work	Blockchain	Yes	Yes	Yes

The videoconferencing system is an emerging technology, especially with the recent COVID-19 pandemic and the increased usage of such platforms. With the development of 5G technologies, videoconferencing systems are essential in our daily lives, whether in relation to work, study, or for simple and casual meetings. However, security issues and dilemmas arise. Multiple cases of deepfake video and Zoom bombing have been recorded in increased numbers during the pandemic. To this end, and in this paper, we propose the deployment of blockchain technology. A private blockchain as a secure ledger can ensure the security and privacy desired for such systems. Moreover, a private blockchain channel can verify, validate, and authenticate all participating users on the same videoconferencing call. Users who have been reported as malicious devices more than five times will be permanently rejected from the service. Blockchain deployment for videoconferencing security is a necessary step that requires urgent integration to create a safe and private environment for videoconferencing.

This research was supported by Energy Cloud R&D Program (No. 2019M3F2A1073386) through the National Research Foundation of Korea, both funded by the Ministry of Science and ICT.

Conceptualization, AEA, MYC. Methodology, AEA. Software, AEA. Validation, AEA, MYC. Formal analysis, AEA. Investigation, AEA. Resources, AEA, MYC. Writing—original draft preparation, AEA, MYC. Writing—review and editing, AEA, MYC, JHP. Visualization, AEA. Supervision, JHP. Project administration, JHP, CHL. Funding acquisition, CHL. All authors have read and agreed to the published version of the manuscript.

The authors declare that they have no competing interests.

Abir El Azzaoui received a B.S. degree in computer science from the University of PicardieJules-Verne, Amiens, France. And a master’s degree from the Seoul University of Science and Technology, Seoul, South Korea. She is currently pursuing a PhD degree in computer science and engineering with the Ubiquitous Computing Security (UCS) Laboratory, Seoul National University of Science and Technology, Seoul, South Korea, under the supervision of Prof. Jong Hyuk Park. Her current research interests include Quantum communication, Blockchain, Internet-of-Things (IoT) security, and cloud security. She is also a reviewer of the IEEE Access, and IEE TII journal.


Minyeong Choi received a B.S. degree in electrical engineering from JeonBuk national university, Jeonju, South Korea. He is currently pursuing his master’s degree in computer science and engineering with Cyber Information Security (CIS) Laboratory at Seoul National University of Science and Technology. His research interests include digital forensics, encryption, information security, cyber threat intelligence, and lightweight cryptography.


Seungwon Jung received a B.S. degree in computer science from Seoul National University of Science and Technology, Seoul, South Korea. He is currently pursuing his master’s degree at the same university with Cyber Information Security (CIS) Laboratory. His research interests include digital forensics, cryptography, information security, and cyber threat intelligence.


Dr. Changhoon Lee received his Ph.D. degree in Graduate School of Information Management and Security (GSIMS) from Korea University, Korea. In 2008, he was a research professor at the Center for Information Security Technologies in Korea University. In 2009-2011, he was a professor in the School of Computer Engineering in Hanshin University. He is now a professor at the Department of Computer Science and Engineering, Seoul National University of Science and Technology(SeoulTech), Korea. He has been serving not only as chairs, program committee, or organizing committee chair for many international conferences and workshops but also as a (guest) editor for international journals by some publishers. His research interests include Cyber Threats Intelligence(CTI), Information Security, Cryptography, Digital Forensics, IoT Security, Computer Theory etc. He is currently a member of the IEEE, IEEE Computer Society, IEEE Communications, IACR, KIISC, KDFS, KIPS, KITCS, KMMS, KONI, and KIIT societies.


Dr. Jong Hyuk (James J.) Park received Ph.D. degrees in the Graduate School of Information Security from Korea University, Korea. He is a professor at the Department of Computer Science and Engineering and Department of Interdisciplinary Bio IT Materials, Seoul National University of Science and Technology (SeoulTech), Korea. He is editor-in-chief of Human-centric Computing and Information Sciences (HCIS) by KIPS, The Journal of Information Processing Systems (JIPS) by KIPS, and Journal of Convergence (JoC) by KIPS CSWRG. His research interests include IoT, Human-centric Ubiquitous Computing, Information Security, Digital Forensics, Vehicular Cloud Computing, Multimedia Computing, and so on. In addition, he has been serving as a Guest Editor for international journals by some publishers: Springer, Elsevier, John Wiley, Oxford University Press, Emerald, Inderscience, and MDPI.