P2P based VoIP software Founded by the founders of Kazaa Can be downloaded free at: Services - Both paid and free services available
- Free
- - Instant Messaging
- - Voice and Video communication (PC to PC)
Hierarchical P2P architecture but involves a central Skype authority for registration and certification services Hierarchical P2P architecture but involves a central Skype authority for registration and certification services
Proprietary and closed source software Employs countermeasures against reverse engineering However, has undergone some reverse engineering attempts over a couple of years - Basis of understanding (part of) Skype security protocol
Almost everything is encrypted, including protocol message headers (except some) Almost everything is encrypted, including protocol message headers (except some) Provides:
User registration User login User to User authentication User to User communication
- User selects a unique username (over the skype domain) and a password
- Sends username and SHA -1 hash of password to the Skype Login Server, encrypted with the public key of the Skype Server
- Skype server extracts username, hash of password using its private key
- Public Key of Skype Server known to client during Skype installation
User registration User registration - - Register username at Skype server
User login - - Get the one time public key for the user certified by Skype Server
User to User authentication User to User communication
- User (client application) generates 1024-bits public and private key pair (KA+, KA-) One time key pair for the user for this login session
- User generates 256-bits AES symmetric key (K)
- Encrypts KA+, username and SHA-1 hash of password using K.
- Encrypts K using public key of Skype Server
- Encrypted KA+, username and password hash and encrypted session key K are sent to the Skype Server
- Login Server extracts K using its private key and decrypts username, password hash and KA+ using K.
- If username and password hash match, user is authenticated. Skype Server signs username and KA+ pair to give certificate (CA).
- CA sent to user
User registration User registration - - Register username at Skype server
User login - - Get the one time public key for the user certified by Skype Server
User to User authentication User to User communication
- Users Alice (A) and Bob (B) want to authenticate and communicate to each other
- Users get each other’s certificates
- - Alice sends Bob her certificate (that she obtained from Skype Server) and vice-versa
- Each use 8 bytes challenge-response method to authenticate each other
User registration User registration - - Register username at Skype server
User login - - Get the one time public key for the user certified by Skype Server
User to User authentication User to User communication
- After mutual authentication, Alice and Bob establish a 256-bits common session key Ks (AES) for encryption
- Each side contributes 128-bits for the 256-bits long Ks
- Each side sends its contribution to the other side, encrypted with the latter’s public key
- Two 128-bits contributions combined in some way to generate the 256-bits secret session key Ks
- All traffic (voice, video and text) is encrypted
Some part of Skype security protocol has been deciphered Some part of Skype security protocol has been deciphered Skype uses standard cryptographic techniques:
1) An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol by S. A. Baset and H. Schulzrine 1) An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol by S. A. Baset and H. Schulzrine - http://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf
2) Silver Needle in Skype by P. Biondi and F. Desclaux - http://www.secdev.org/conf/skype_BHEU06.handout.pdf
3) Skype Security Evaluation by T. Berson - http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf
Dostları ilə paylaş: |