What makes Hololight Stream a secure XR streaming solution?

• End-to-End Encryption
  Hololight Stream uses Secure Real-time Transport Protocol (SRTP), the same encryption method used in standard WebRTC. SRTP encrypts all data streams—video, audio, and user interactions—to ensure confidentiality and prevent unauthorized access to sensitive 3D model data.
• Encapsulation of user interactions
  User input, device configuration, and authentication data are encapsulated using Stream Control Transmission Protocol (SCTP).
• Secure Key Exchange
  Datagram Transport Layer Security (DTLS) is used to securely exchange the keys needed for SRTP. This ensures attackers can't intercept or decrypt the stream.
• Client Application Security
  Hololight Stream operates strictly within the secured communication channel established between the rendered application and the XR device. This reduces attack surfaces and minimizes vulnerabilities.
• Air-Gapped Deployment
  Many customers deploy Hololight Space and its XR clients in air-gapped environments for highly sensitive data. The Stream SDK supports this by enabling secure operation without requiring any external processing.

• No Data Stored on Devices
  Sensitive 3D model data is never stored on the XR device itself. It remains securely on the server, minimizing the risk of data loss or theft .  
• Control Over Network
  Hololight Stream allows you to stream XR applications over networks you control, adding an extra layer of security . This is particularly important for industries dealing with highly sensitive data.  

• Data Interception
  End-to-end encryption prevents attackers from accessing the 3D model data even if they intercept the network traffic.
• Device Compromise
  Even if an XR device is lost or stolen, the sensitive data remains safe on the server.
• Man-in-the-Middle Attacks
  Secure key exchange with DTLS prevents attackers from tampering with the encryption keys.

Technical breakdown of secure pixel streaming

• End-to-end Encryption
  Underlying webRTC as well as Stream SDK mandates the use of Secure Real-Time Transport Protocol (SRTP) for encrypting media streams, ensuring confidentiality and preventing unauthorized access to the data stream. This is crucial for protecting sensitive CAD models from interception or eavesdropping.
• Secure Key Exchange
  Datagram Transport Layer Security (DTLS) is used for secure key exchange, protecting the encryption keys used for SRTP. This ensures that only authorized devices can decrypt and access the streamed 3D content.
• Secure Signaling
  Stream utilizes HTTPS for secure signaling (if setup by the developer), protecting the initial handshake and session establishment process from tampering or interception.
• Firewall and NAT Traversal
  Stream employs a combination of technologies to securely navigate firewalls and Network Address Translation (NAT) devices. These technologies include:
  • Interactive Connectivity Establishment (ICE)
    This framework allows devices to find the best path for communication, even when behind firewalls.   
  • Session Traversal Utilities for NAT (STUN)
    STUN servers help devices discover their public IP addresses and the type of NAT they are behind.   
  • Traversal Using Relays around NAT (TURN)
    If direct peer-to-peer connection is not possible due to restrictive firewalls, TURN servers act as relays, forwarding traffic between devices.