Thursday, March 11, 2010

Skype process


In response to a query raised by one of my friend asking how secure is to use skype and were the communication encrypted?  I did some quick browsing on Skype technology and thought its time to share some information about skype.
Skype is a peer to peer VoIP client allows users to place voice calls and send text messages to other users of Skype clients. Skype claim to have better voice quality than similar applications like MSN and Yahoo Messenger. It also encrypts calls end-to-end. Skype technology uses two types of nodes in its network named Ordinary host ( skype application) and super node (computer with valid IP address).
Windows Registry
Skype application must connect to a host with active internet connection and must register itself with the Skype login server for a successful login. Skype  login server is an important entity in the Skype network with stored usernames,passwords and also used for authentication purpose.  Each Skype client has the capability to build and refresh tables (host cache) of reachable nodes and it contains IP address and port number of super nodes. This table is normally stored in the Windows registry.
Skype traffic
Skype uses wideband codecs to allow and maintain call quality at an available bandwidth of 32kbps. Skype uses TCP for signalling and both UDP and TCP for transporting media traffic. It is to be noted that both signalling and media traffic are not sent on a same port.
Friends list
Skype stores its friends list information in the Windows registry. This list is digitally signed and encrypted. The buddy list is local to one machine and is not stored on a central server. If a user uses SC on a different machine to log onto the Skype network, that user has to reconstruct the buddy list.
Skype encryption
Skype uses AES 256 bit encryption with total possible keys of around 1.1* 10^77. In order to encrypt data in each skype call, it uses 1536 to 2048 bit RSA to negotiate symmetric AES keys. Skype uses STUN protocol to determine the type of firewall or Netowrk Address Translators used in the network. all these data's are stored in windows registry
Session Cryptography:
All traffic in a session is encrypted by XORing the plaintext with key stream generated by 256-bit AES (also known as Rijndael) running in integer counter mode (ICM). The key used is SKAB. Skype sessions contain multiple streams. The ICM counter depends on the stream, on salt, and the sequency within the stream.
Signature padding:
The signature verification method checks the integrity of the signed message. It decrypts the RSA and extracts and checks the padding. It also checks the hash for accuracy. Consistent with ISO 9796-2, after the first signed block, the rest of the signed message is in plaintext, and this is verified via the SHA-1 hash check.
Skype logins
For skype  to initiate it needs more than one value in the host cahce table. As soon as you start the Skype the login process is to look for valid entries with in Cache table.  Without valid entries it is not possible to connect to skype network.  Skype client will first send UDP packet to this entry. If there was no response afterroughly five seconds, SC tried to establish a TCP connection withthis entry. It then tried to establish a TCP connection to the HC IPaddress and port 80 (HTTP port). If still unsuccessful, it tried toconnect to HC IP address and port 443 (HTTPS port). SC thenwaited for roughly 6 seconds. It repeated the whole process fourmore times after which it reported a login failure.We observed that a SC must establish a TCP connection with aSN in order to connect to the Skype network. If it cannot connectto a super node, it will report a login failure.
Media Transfer process:
The video/voice communication through SKype is established through UDP. The trick here is that quite often, one of the users is behind a firewall or a router, hence it doesn't have a real IP address. But if both Skype clients are on real IPs, then the media traffic flows directly between them over UDP. The size of the voice packet is 67 bytes, which is actually the size of UDP payload. One second conversation results in roughly 140 voice packets being exchanged both ways, or 3-16 kilobytes/s.
If one of the callee or both of them do not have a public IP, then they send voice traffic to another online Skype node over UDP or TCP. The developers of Skype have preferred to use UDP for voice transmission as much as possible.
An interesting fact is that even if both sides are not speaking, voice packets will still be flowing between them. The purpose of these so called 'silent packages' is to keep the connection alive.
For detailed Skype security review click here