Skype security

Skype is a Voip system developed by Skype Technologies S.A., and owned by eBay. It is a peer-to-peer based network in which voice calls don’t pass through a central server. Skype users search for other users to connect to, enabling them to search other Skype users and send them messages.

Unlike some other Voip based systems, Skype uses encryption of a least 128 bit block ciphers to encrypt communication between usersFact|date=January 2008, making it hard or even impossible to decrypt the content of these communicationsFact|date=January 2008Dubious|date=March 2008. Skype's encryption cannot be turned off and is transparent to the user. These fundamental design decisions have removed many of the challenges presented by Public Key Infrastructure and have enabled the regular use of encrypted communication by the general population.

Skype Security Policy

Security Policy defines the term “security” in the context of a system and allows to determine whether the system secure or not.

The company's Security Policy is:
#All usernames are unique.
#Before using Skype the user must present to Skype a username and authentication credential (Password in this case).
#Each peer correctly provides the other with proof of its username and privileges whenever a Skype session is established. Each verifies the other’s proof before the session is allowed to carry messages.
#Messages transmitted through a Skype session are encrypted from Skype-end to Skype-end. No intermediary node, if any exist, has access to the meaning of these messages.

Skype cryptography

Registration

The main cryptographic secret of Skype is the Central Server’s private signing key. The corresponding public verification key, and an identifier for the key pair are installed in every Skype client at build time.Enrolment in the Skype cryptosystem begins during user registration. The user selects a desired username, and a password. The user’s client generates an RSA key pair. The private signing key, and a hash of the password, are stored as securely as possible on the user platform.Then a 256-bit AES-encrypted session is established with the central server. The key for the session is selected with the help of the specific random number generator of the user's platform.The central server verifies that the username which was selected by the user is unique and that it is acceptable by the Skype naming rules. After the username passes the uniqueness test the server stores a pair of the username and a hash of the hash of the user's password $[H(H(P))]$ in the database.The server now forms and signs an identity certificate for the username, which contains the server's RSA signature that binding the username and the verification key of the username and the key identifier.

Peer-to-peer key agreement

Let's say for example that Alice wishes to communicate with Bob, and there is no pre-existing Skype session between them. In this case a new session is established and provided with a 256-bit session key. This session will exist as long as there will be traffic on the channel of Alice and Bob, and for a fixed time afterwards.Session establishment first requires establishing connectivity between Alice and Bob across the Skype cloud.Using this connectivity, Alice and Bob can start with the key-agreement protocol during which, they verify each other’s identity, and agree on Session Key.

Session cryptography

All traffic in a session is encrypted by XORing the plaintext with key stream generated by 256-bit AES running in ICM (Integer Counter Mode).The key used is the session key.Skype sessions contain multiple streams.The ICM counter depends on the stream, and the continuity within the stream.

Details of Skype cryptography

Random number generation

Skype uses random numbers for several cryptographic purposes, for instance as a protection against playback attacks, creation of RSA key pairs, and creation of AES key-halves for content encryption. The security of a Skype peer-to-peer session depends significantly on the quality of the random numbers generated by both ends of the Skype session. Random number generation varies from one OS to another.

Cryptographic primitives

Skype uses standard cryptographic primitives to achieve its security goals. The cryptographic primitives used in Skype are: the AES block cipher, the RSA public-key cryptosystem, the ISO 9796-2 signature padding scheme, the SHA-1 hash function, and the RC4 stream cipher.

Peer-to-peer key agreement protocol

Key-agreement is achieved using a proprietary protocol.The protocol is symmetric. To protect against playback, the peers challenge each other with random 64-bit nonces, and respond by returning the challenge, customized in a standard way, and signed with the responder’s private signing key.In order to set up identity, both ends exchange their Identity Certificates and confirm that these certificates are legitimate. Because an Identity Certificate contains a public key, each end can then confirm signatures created by the other end of the Skype session. Each end contributes 128 random bits to the 256-bit session key.

Security flaws

The main problem when examining Skype security is that Skype is not open-source, rather it is proprietary and secret, thus one can only rely on information from Skype itself or by continuous examination of its performance under various attacks.

In an article by Simson Garfinkel - Voip and Skype Security, the author says after analyzing Skype network that it seems Skype indeed encrypts users' sessions, however other traffic on the network including initiation of calls can be monitored by other parties on the network which are not privileged to participate in the specific session.Also in terms of privacy, Skype uses a "History" file saved on the user's machine to record all communication between users. This feature is enabled as default although not many users are aware of that. This enables attackers to obtain the file through spyware or other remote-control applications.

On October 2005 a pair of security flaws were discovered. Those flaws made it possible for hackers to run hostile code on computers running vulnerable versions of Skype.
The first security bug affected only Skype for Windows. It allowed the attacker to use a buffer overflow in order to crash the system or to force it to execute arbitrary code. The attacker was able to place a malformed URL using the Skype URI format, and lure the user to use it in order to execute the attack.
The second security bug affected all platforms; it used a heap-based buffer overflowto make the system vulnerable.
Skype responded to the findings by fixing the bugs and issuing a security patch.

The Skype code is proprietary and closed source, and it is not planned to become open-source software, according to one of Skype's co-founders:

Que Publishing's book, "Skype: The Definitive Guide" [cite web | url=http://www.amazon.com/dp/032140940X/ | title=Skype: The Definitive Guide | author=Harry Max | accessdate=2006-08-22] points out:
* Skype can utilise other users' bandwidth. (Although this is allowed for in the EULA, there is no way to tell how much bandwidth is being used in this manner). There are some 20,000 supernodes out of many millions of users logged on. Skype Guide for network administrators [http://www.skype.com/security/guide-for-network-admins-30beta.pdf] claims that supernodes carry only control traffic up to 5 kB/s and relays may carry other user data traffic up to 10 kB/s (for one video call). A relay should not normally handle more than one "relayed connection".
* Skype's file-transfer function does not contain any programmatic interfaces to antivirus products, although Skype claims to have tested its product against antivirus "Shield" products.
* The lack of clarity as to content means that systems administrators cannot be sure what Skype is doing. (The combination of an invited and a reverse-engineered study taken together suggest Skype is not doing anything hostile). Skype can be easily blocked by firewalls.
* The actual communication of any given Skype conversation uses modern encryption techniques to make conversations secure, as mentioned in the above studies.

Notes

# Silver Needle in the Skype — Philippe Biondi [http://www.secdev.org/conf/skype_BHEU06.handout.pdf]
# Voip and Skype Security - Simson Garfinkel [http://skypetips.internetvisitation.org/files/VoIP%20and%20Skype.pdf]
# Skype Security Evaluation — Tom Berson [http://www.anagram.com/berson/skyeval.pdf ]
# Skype Official web site — Skype security resource center [http://www.Skype.com/security/]

References