Skype protocol

The Skype protocol is a proprietary Internet telephony network used by Skype. The protocol's specifications have not been made publicly available by Skype and official applications using the protocol are closed-source.

The Skype network is not interoperable with most other Voice over IP (VoIP) networks without proper licensing from Skype. Numerous attempts to study or reverse-engineer the protocol have been undertaken to reveal the protocol, investigate security or allow unofficial clients.

On June 20, 2014, Microsoft announced the deprecation of the old Skype protocol. Within several months from this date, in order to continue using Skype services, Skype users had to update to Skype applications released in 2014, and users were not able to log in to older Skype versions (clients).[1][2] No announcement has been made on whether SmartTV and hardware phones with built-in Skype functionality will continue to work without interruptions. The new Skype protocol—Microsoft Notification Protocol 24—promised better offline messaging and better messages synchronization across Skype devices. The deprecation became effective in the second week of August 2014.[3]

Peer-to-peer architecture

Skype was the first peer-to-peer IP telephony network.[4] The network contains three types of entities: supernodes, ordinary nodes, and the login server. Each client maintains a host cache with the IP address and port numbers of reachable supernodes. The Skype user directory is decentralized and distributed among the supernodes in the network. Supernodes are grouped into slots (9–10 supernodes), and slots are grouped into blocks (8 slots).

Previously any client with good bandwidth, no restrictions due to firewall or network address translation (NAT), and adequate processing power could become a supernode. This placed an extra burden on those who connected to the Internet without NAT, as Skype used their computers and Internet connections as third parties for UDP hole punching (to directly connect two clients both behind NAT) or to completely relay other users' calls. In 2012, Microsoft altered the design of the network, and brought all supernodes under their control as hosted servers in data centres.[5] Microsoft at the time defended the move, saying they "believe this approach has immediate performance, scalability and availability benefits for the hundreds of millions of users that make up the Skype community."[6] At the time there was some concern regarding the privacy implications of the change,[7] which appear to have been proven true with the revelation of the PRISM surveillance program in June 2013.[8][9]

Skype does not support the use of the IPv6 protocol,[10] which would greatly reduce the complexity associated with the aforementioned IPv4 communication structure.

Supernodes relay communications on behalf of two other clients, both of which are behind firewalls or "one-to-many" network address translation. Without relaying by the supernodes, two clients with firewall or NAT difficulties would be unable to make or receive calls from one another. Skype tries to get the two ends to negotiate the connection details directly, but sometimes the sum of problems at both ends can prevent direct conversation being established.

The problems with firewalls and NAT can be:

  • The external port numbers or IP address are not derivable, because NAT rewrites them
  • The firewall and NAT in use prevents the session being received
  • UDP is not usable due to NAT issues, such as timeout
  • Firewalls block many ports
  • TCP through many-to-one NAT is always "outward only" by default – adding port-forwarding settings to the NAT router can allow reception of TCP sessions

Protocol

Signaling is encrypted using RC4; however, the method only obfuscates the traffic as the key can be recovered from the packet. Voice data is encrypted with AES.[11]

The Skype client's application programming interface (API) opens the network to software developers. The Skype API allows other programs to use the Skype network to get "white pages" information and manage calls.

The Skype code is closed source, and the protocol is not standardized.[12] Parts of the client use Internet Direct (Indy), an open source socket communication library.

On July 8, 2012, a researcher from Benin, Ouanilo Medegan, released articles and proof of concept code, results of his reverse engineering the Skype client.[13]

Protocol detection

Many networking and security companies claim to detect and control Skype's protocol for enterprise and carrier applications. While the specific detection methods used by these companies are often proprietary, Pearson's chi-squared test and stochastic characterization with Naive Bayes classifiers are two approaches that were published in 2007.[14]

Obfuscation layer

The RC4 encryption algorithm is used to obfuscate the payload of datagrams.

  1. The CRC32 of public source and destination IP, Skype's packet ID are taken
  2. Skype obfuscation layer's initialization vector (IV).

The XOR of these two 32-bit values is transformed to an 80-byte RC4 key using an unknown key engine.

A notable misuse of RC4 in Skype can be found on TCP streams (UDP is unaffected). The first 14 bytes (10 of which are known to the user, since they consist of a hash of the username and password) are XOR-ed with the RC4 stream. Then, the cipher is reinitialized to encrypt the rest of the TCP stream.[15]

TCP

TCP packets:

TCP
Skype Init TCP packet

The Skype Init TCP packet contains

  • the seed (4 bytes)
  • init_str string 00 01 00 00 01 00 00 00 01/03

Low-level datagrams

Almost all traffic is ciphered. Each command has its parameters appended in an object list. The object list can be compressed.

                                 / Object List     ... -|
        Enc      -> Cmd -> Encod
                     ^           \ Compressed List ... -|
        Frag         |                                  |
                     |------------------<---------------|
        Ack
        NAck
        Forward  -> Forwarded..Message

Object lists

An object can be a number, string, an IP:port, or even another object list. Each object has an ID. This ID identifies which command parameter the object is.

 Object:
         Number
         IP:Port
         List of numbers
         String
         RSA key
 Object List
         List Size (n)
         Object 1
         .
         .
         Object n

Packet compression

Packets can be compressed. The algorithm is a variation of arithmetic compression that uses reals instead of bits.

Reverse engineering of the Skype protocol by inspecting/disassembling binaries is prohibited by the terms and conditions of Skype's license agreement. However European Union law allows reverse-engineering a computer program without getting a permission from an author for inter-operability purposes.[16] In the United States, the Digital Millennium Copyright Act provides protections for reverse engineering software for the purposes of interoperability with other software.[17][18] There are also legal precedents in the United States when the reverse-engineering is aimed at interoperability of file formats and protocols.[19][20][21]

In addition, some countries specifically permit a program to be copied for the purposes of reverse engineering.[22]

Notes

  1. "Making Way for the Next Generation of Skype on Desktop". 20 June 2014.
  2. Keizer, Gregg. "Update: Skype to retire recent editions for Windows, Mac; upgrades mandatory".
  3. Chris Merrimen (15 August 2014). "Skype stops working on older Android phones leaving Linux users in the dark". CNET. Retrieved 2 October 2014.
  4. Salman A. Baset; Henning Schulzrinne (2004). "An analysis of the Skype peer-to-peer Internet telephony protocol". p. 11. arXiv:cs/0412017v1.
  5. Branscombe, Mary (27 July 2012). "Forget the conspiracy theories: Skype's supernodes belong in the cloud". 500 words into the future (ZDNet). Retrieved 17 June 2013.
  6. "Skype replaces P2P supernodes with Linux boxes hosted by Microsoft (updated)". Ars Technica. 2 May 2012. Retrieved 17 June 2013.
  7. Kosner, Anthony (18 July 2012). "Will Microsoft's Changes To The Architecture Of Skype Make It Easier To Snoop?". Forbes blog. Retrieved 17 June 2013.
  8. Gallagher, Ryan (6 June 2013). "Newly Revealed PRISM Snooping Makes Verizon Surveillance Look Like Kids' Stuff". Slate blog. Retrieved 17 June 2013.
  9. Greenwald, Glenn (7 June 2013). "NSA Prism program taps in to user data of Apple, Google and others". The Guardian. Retrieved 17 June 2013.
  10. "Skype does not support IPv6". Skype official Twitter account. 1 Nov 2012. Retrieved 4 Nov 2012.
  11. Introduction Skype analysis Enforcing anti-Skype policies, Skype uncovered Security study of Skype, Desclaux Fabrice, 7/11/2005, EADS CCR/STI/C
  12. "Which protocols does Skype use?". Help. Skype. Archived from the original on March 3, 2009.
  13. "Posts under Skype Reverse Category". oKLabs.
    "Skype Reverse Engineering: The (long) journey ;)." oKLabs.
  14. Dario Bonfiglio; et al. "Revealing Skype Traffic: When Randomness Plays with You". ACM SIGCOMM Computer Communication Review. 37 (SIGCOMM 2007): 37–48. Archived from the original on 2011-04-30.
  15. Fabrice Desclaux; Kostya Kortchinsky (2006-06-17). "Vanilla Skype part 2" (PDF). RECON2006.
  16. Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs
  17. 17 U.S.C. Sec. 1201(f).
  18. WIPO Copyright and Performances and Phonograms Treaties Implementation Act
  19. Sega vs Accolade, 1992
  20. Sony vs Connectix, 2000
  21. Pamela Samuelson & Suzanne Scotchmer (May 2002). "The Law and Economics of Reverse Engineering" (PDF). Yale Law Journal. 111: 1575–1663. doi:10.2307/797533. JSTOR 797533. Archived from the original (PDF) on 2011-07-16. Retrieved 2015-03-17.
  22. In the French "intellectual property" law set, there is an exception that allows any software user to reverse engineer it. See code de la propriété intellectuelle (in French). This law is the national implementation of a piece of EU legislation: Council Directive 91/250/EEC, since then repealed by Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs which also has a very similar provision allowing reverse engineering/decompilation for the purposes of development and testing of independent but inter-operating programs).

References

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.