Skype (IPA pronunciation: /skaɪp/, rhymes with type) is a proprietary peer-to-peer Voice over IP (VoIP) network founded by the entrepreneurs Niklas Zennström and Janus Friis, also founders of the file sharing application Kazaa. It competes against existing open VoIP protocols such as SIP, IAX, and H.323. The Skype Group, acquired by eBay in October 2005, is headquartered in Luxembourg, with offices in London and Tallinn. It has experienced rapid growth in both popular usage and software development since launch, both of its free and its paid services. The Skype communications system is notable for its broad range of features, including free voice and video conferencing, and its ability to use peer to peer (decentralized) technology to overcome common firewall and NAT problems.
System and software
[edit] Technology
The caller ID information is masked when a SkypeOut call is placed.
Enlarge
The caller ID information is masked when a SkypeOut call is placed.
A typical early version of Skype 1.0, running on a Windows XP desktop
Enlarge
A typical early version of Skype 1.0, running on a Windows XP desktop
Skype users essentially make telephone calls and video calls through their computer using Skype software and the internet. The basis of the system is free communication between users of Skype software; however the product also allows Skype users to communicate with users of regular landline and mobile telephones. This software is currently available free of charge and can be downloaded from the company website, but the software is proprietary and the Skype protocol is unpublished.
The main difference between Skype and other VoIP clients is that Skype operates on a peer-to-peer model, rather than the more traditional server-client model. The Skype user directory is entirely decentralised and distributed among the nodes in the network, which means the network can scale very easily to large sizes (currently just over 100 million users) without a complex and costly centralised infrastructure.
Skype also routes calls through other Skype peers on the network to ease the traversal of Symmetric NATs and firewalls. This, however, puts an extra burden on those who connect to the Internet without NAT, as their computers and network bandwidth may be used to route the calls of other users.
The selection of intermediary computers is fully automatic, with individual users having no option to disable such use of their resources.
This fact is not clearly communicated however and seems to contradict the license agreement, which limits Skype's usage of the user's "processor and bandwidth [to the] purpose of facilitating the communication between [the user] and other Skype Software users" (section 4.1).
The Skype code is closed source, and the protocol is not standardized but proprietary; this has raised suspicion and drawn some criticism from software developers and users.[citation needed]
The Skype client's application programming interface (API) opens the network to software developers. The Skype API allows other programs to use the Skype network to get "white pages" information and manage calls.
The Windows user interface was developed in Pascal using Delphi, the Linux version is written in C++ with Qt, and the Mac OS X version is written in Objective-C with Cocoa.[1] Parts of the client use Internet Direct (Indy), an open source socket communication library.
[edit] Security
Skype generates a significant amount of discussion on how secure its traffic really is. It has had an impact upon the security and culture of VoIP telephony because of this discussion and several design principles:
* All Skype traffic is encrypted by default and the user cannot turn it off.[citation needed]
* Skype reportedly uses openly available, strong encryption algorithms.[citation needed]
* The user is not involved in the encryption process and therefore does not have to deal with the issues of Public key infrastructure.
This has had an effect upon the rest of the market as they seek to offer competitive products. The security of internet communication has become an issue of which people are more aware and secure communication a feature they want to see in the products they use.
[edit] General
Since the Skype code is proprietary and closed source, the security of the software cannot be firmly established by independent experts; thus, its users—experts and non-experts alike—may base their usage of the product on merely trusting the manufacturer and behavior of the software downloaded from sources authorized by the manufacturer. In 2004, Niklas Zennstrom, co-founder of Skype, appeared to admit in an article on The Register that the current security model used a relatively short key size, relied upon security through obscurity, and would not withstand open-source scrutiny:
Would he make Skype open-source?
No, that would make its strong 1024 bit encryption and security vulnerable: "We could do it but only if we re-engineered the way it works and we don't have the time right now."
—Niklas Zennstrom, co-founder of Skype, on the Skype security model[2]
The canonical Skype architecture and security model are described in detail in a book entitled, Skype: The Definitive Guide[3] from Que Publishing. In addition, at least two analyses of the Skype code have been published. Tom Berson of Anagram Laboratories, an encryption and security specialist of over thirty years standing, was invited by Skype to analyse their source code in October 2005. Separately, a reverse-engineered study by Philippe Biondi and Fabrice Desclaux, of the actual Skype release package in action, was presented at BlackHat Europe in March 2006.[4][5]
The conclusions of the two analyzes were as follows:
* There are two sets of issues—discussion of the Skype system in general, and review of the security within its various parts and communications.
* Skype is a "complete black box"—that is, it is extremely hard for the lay user to identify what it is doing, or what it might be doing, or how appropriately it is doing it. It uses security through obscurity to make itself troublesome to analyse or reverse engineer without a significant amount of work, or use of emulation.
* Searches for contacts, and connection via supernodes, are trusted instead of requiring authentication: There are notable "holes" in security in the area of the global Skype network—in some areas, "Skype trusts any computer that speaks Skype".
* The Skype software itself uses a great deal of code obfuscation and decryption in memory, including hundreds of checksummers and other anti-reverse-engineering devices.
* The company claims that the protocol includes 1536- and 2048-bit public/private key pairs. These are not considered excessively long by modern standards, but are a strong barrier to decryption. Apparently, users of paid services obtain a replacement 2048 bit key (the 1536 bit key being standard). It also uses 256-bit AES over 128-bit blocks, which is considered strong.
* The Skype system automatically selects certain users with fast CPUs, good broadband connections and no firewall issues to be either "supernodes" or "relays", through which other users may connect. Skype can therefore utilise other users' bandwidth. (Although this is allowed for in the EULA, there is no way to tell how much bandwidth is being used in this manner). There are some 20,000 supernodes out of many millions of users logged on. Skype Guide for network administrators [4] claims that supernodes carry only control traffic up to 5 kbytes/s and relays may carry other user data traffic up to 10 kbytes/s (for one video call). A relay should not normally handle more than one "relayed connection".
* Every package virtually, including the actual software itself, is encrypted, often by means of public/private key signing methods or AES.
* Skype's file-transfer function does not contain any programmatic interfaces to antivirus products, although Skype claims to have tested its product against antivirus "Shield" products. If the EICAR test file is sent over Skype's file-transfer service, every major antivirus product appears to catch the virus and halt its transmission or reception via Skype.
* The lack of clarity as to content means that firewalls and systems administrators cannot be sure what Skype is doing. (The combination of an invited and a reverse-engineered study taken together suggest Skype is not doing anything hostile.) Firewall rules for Ip tables were given to block Skype for corporates.
* The full functionality of Skype was not reviewed; both studies appear to have focused upon its security. Thus, it cannot be said what else may or may not be present.
* The actual communication of any given Skype conversation is reported to appear relatively secure; both cryptographic analyses concluded that Skype had made good use of modern encryption techniques and had coded the actual encryption algorithms correctly within the software.
[edit] Resource usage
A typical early version of Skype 3.0 Beta, running on a Windows XP desktop
Enlarge
A typical early version of Skype 3.0 Beta, running on a Windows XP desktop
Skype accesses the hard disk several times per minute. This can be verified by observing the HDD's activity LED, or by using a file access monitor such as FileMon.[6] Although those accesses are small, extremely fast, and safe in the short term, they can be harmful in the long term. In particular, the continuous access pattern does not allow the disk to enter "sleep" or "idle" modes while Skype is active, even when offline. This will cause the computer to consume more energy than otherwise, even when idle, but will not affect the lifespan of the HD (a hard disk will actually last longer if left spun up compared to being constantly spun up and down. Spinning down a hard disk is strictly a power-saving feature). Stronger HDD caching does not seem to improve this behavior.
Also, as mentioned above, certain users are selected by software to act as "supernodes". Under certain conditions, Skype is reportedly willing to accept thousands of connections, but is stated to limit itself to 40Kb/s upload and download.[7][8][9]
[edit] Confidentiality of data
Since a Skype connection may be routed through an intermediate peer, 256-bit AES encryption actively encodes the data stream of each call, or file transfer. Skype uses 1024-bit RSA keys to secure the pairwise negotiation of an AES symmetric session key over an untrusted channel (cf. http://www.skype.com/help/faq/privacy.html). Skype claims that the proprietary session establishment protocol is efficient and prevents both man-in-the-middle and replay attacks. The software is not self-certifying which means it needs to connect and login to a centralized Skype server to certify each user's public key.
Skype currently permits multiple concurrent logins: if an attacker is able to obtain a user's login password, the attacker could login as that user, and change their status to "Hidden". Thereafter, any chat sessions involving the real user are copied to the hacker's "ghost" account. If a user keeps their password secure, this is not of concern.
[edit] Integrity/authenticity of data
The integrity of the data, i.e. data modified while traveling though peers, even if encrypted, is unknown and undocumented. The mechanism and implementation has been examined in Berson's report (referenced below).
[edit] Authenticity of user identity
Skype provides an uncontrolled registration system for users: registration requires no proof (in means of state-issued ID card) of the identity of the user. This works two ways: you can use the system safely without revealing your real-life identity to other users of the system, but on the other hand you have no guarantees that the person you communicate with is the one they say they are in real life. The downside of this is that it is easy to use the personal name (but not identity) of a trusted person as a Skype nickname and trick a naive user into revealing information or executing a program sent to them.
It should be noted that this behavior is common to all digitally provided services: the exception is certificates from trusted certificate authorities with all the known drawbacks.
[edit] Traffic analysis
Skype incorporates some features which obfuscate its traffic, but it is not specifically designed to thwart traffic analysis and therefore does not provide anonymous communication. Some researchers have also been able to watermark the traffic so that it is identifiable even after passing it through an anonymizing network [5]. Even short skypeout calls have been traced, leading to the apprehension of at least one suspect.
[edit] Prank program
In September 2005, a prank program was launched online.[citation needed] This unauthorized patch allowed a Skype user to masquerade as another user. The technique was for the prankster to put up an attractive profile with a woman’s name and picture, and put that profile into "Skype me" mode. Within minutes, generally, another user would invariably try calling/chatting. The patch running the whole time would then partner up another call to the first caller, and send messages from the first person to the second, and vice versa. This way, both victims would think that they were talking to a third fictitious user, while they were instead talking to each other. The patch only supported text messaging.