Looking into the Skype Protocol

As you all know, Skype is a very popular Voice-over-IP software. Skype also claims that all its communication is encrypted (which raised some discussion whether you should considered a criminal (digged also) if you "hide away" from eavesdropping).

Philippe Biondi and Fabrice Desclaux from EADS held a talk at Blackhat Europe conference where they show their latest discoveries.

The talk is rather technical and might be hard to understand. I picked some of the most interesting points:

  • Almost everything is obfuscated (looks almost random)
    This is a sign for good use of encryption.
  • Automatically reuse proxy credentials
    When Skype gets to know how to use your proxy, it will hand on the information to other Skypes.
  • Traffic even when the software is not used (pings, relaying).
    I heard quite a few times of some office PCs being promoted to Supernodes, generating enormous traffic.
  • No clear identification of the destination peer
    The destination IP is not disclosed to a firewall for example, network administrators can't block certain IPs.
  • Many protections, antidebugging tricks, and ciphered code
    This is an attempt to protect themselves from spies (i.e. hackers, government) but it might also hide away secret backdoors or them spying. This is often a problem of closed software.
    Using this techniques also hinders open source or simply 3rd party software from building compatible clients.

In Skype's FAQ they state that they use AES encryption. This seems to be proved and seems a good thing, but they embed the data into a proprietary protocol which may have its drawbacks and is incompatible to others. It's their right to do so, but this gives much power to those who know about the inner workings (this does not necessarily only include Skype).

They give as a conclusion:

  • Impossible to protect from attacks (which would be obfuscated)
    It basically means that we have to trust Skype that they keep up their secrets. There are very many users which makes the Skype audience an interesting target.
  • Total blackbox. Lack of transparency. No way to know if there is/will be a backdoor
  • Skype was made by clever people; Good use of cryptography
    They admit that it was built in a good way. But it's like the government that may be suspicious if you encrypt all your communication. Skype encrypts everything and itself. Should we be suspicious?

Further readings: Skype network structure, Skype's Guide for Network Administrators

, ,

digg it

Posted in web