What does end-to-end encryption with identity verification do in webex?
Once media streams are transferred from a client to a Webex server, they are decrypted by the firewall after crossing the Webex firewall. Cisco will be able to provide all media streams on the network in a network-based recording that will be available for future reference. The media stream is then re-encrypted by Webex before it is sent to other clients on the network. It is important to note that Webex also offers end-to-end encryption for businesses requiring a higher level of security. In a wireless communication scenario, Webex does not decrypt any of the media streams, as it does in a regular online communication scenario. For establishing a connection between a client and a server, the transport layer encryption (TLS) protocol is used instead. In addition, each Webex client generates a key pair and sends the public key to the host’s client, so that the pair can be verified.
Using a cryptographically secure pseudo-random number generator (CSPRNG), the host generates a symmetric key first, encrypts it with the client’s public key, and sends the encrypted symmetric key back to the client, who then receives the decrypted key. By using the symmetric key, clients are able to encrypt the traffic they generate. The WebEx server cannot decode traffic in this model because it does not have the ability to decode traffic. Webex Meetings and Webex Support are two products that offer end-to-end encryption as an option.
This security whitepaper provides more information on E2E and Cisco Secure Real-Time Collaboration solutions and how they can help your organization.