470 likes | 486 Views
VoIP and Skype Security. Simson L. Garfinkel MIT's Computer Science and Artificial Intelligence Laboratory 1/26/2005. Graduate of Dept. of IM Wendy Y.F. Wen. Outline. Preface Introduction Skype Security Issues Privacy Authenticity Availability Survivability Resilience
E N D
VoIP and Skype Security Simson L. Garfinkel MIT's Computer Science and Artificial Intelligence Laboratory 1/26/2005 Graduate of Dept. of IM Wendy Y.F. Wen
Outline • Preface • Introduction • Skype Security Issues • Privacy • Authenticity • Availability • Survivability • Resilience • Integrity (conversation) • Integrity (system) • Recommendations • News about Skype oplab,im,ntu
Preface oplab,im,ntu
Why to study this paper? • FCC主席Michael Powell說:「我下載完 Skype,就知道舊的通訊方式已經結束了 … KaZaA 創始人免費散佈的這款小程式,可以用來撥打世界任何角落的網路電話,而且音質極好又是免費的,這就意味著完了。世界現在將不可避免的發生變化」。《Fortune,2004/2/16》 • Skype創辦人Niklas Zennstrom:「付費電話屬於上個世紀的事。Skype 軟體為人們提供了一種新的威力-人們只需利用現有的技術和網路投資,就能以較低的費用與家人和朋友保持聯絡」。 oplab,im,ntu
2004/12/16 oplab,im,ntu
Introducton oplab,im,ntu
Techniques for VoIP (1/2) • With the deployment of high-speed Internet connectivity, a growing number of users are using the Internet for voice telephony. • A VoIP adapter can be used to convert electrical signals from a standard analog telephone to Internet packets. • VoIP gateways interconnect the Internet-based systems with the world-wide PSTN. oplab,im,ntu
Techniques for VoIP (2/2) • Many different and incompatible techniques for VoIP: • ITU- standard H.225 • IETF-SIP (Session Initiation Protocol) • Cisco-SCCP (Skinny Client Control Protocol) • … oplab,im,ntu
Why is VoIP not reaching the mainstream market? • Products which have acost-saving advantage over standard telephones do not have comparable quality. • Call-completion rates are very low due to firewalls and NAT. • The UI is bloated and requires substantial configuration and technical skills. http://www.skype.com/products/explained.html oplab,im,ntu
Skype Technologies S.A. • Registered in Luxembourg • Founded by Janus Friis and Niklas Zennstrom • the same entrepreneurs who developed the popular KaZaA file trading system oplab,im,ntu
Skype System • A proprietary VoIP system • Based on peer-to-peer technology • Being free of adware and spyware • Earning revenue by charging for the use of the gateway, interconnected Skype network with PSTN oplab,im,ntu
Skype vs. Other VoIP Systems (1/2) • Skype is wildly popular. • Both the Skype software and use of the Skype network is free. • There is a nominal charge for calls made using the “Skype Out” and "SkypeIn" features. • Skype is much easier to use than other VoIP systems. oplab,im,ntu
Skype vs. Other VoIP Systems(2/2) • Skype has an astonishingly good voice compressor. • In additional to voice telephony, Skype supports instant messaging, search, and file transfer. • Skype is encrypted. oplab,im,ntu
ISDN • ISDN is another form of digital telephony system that is popular in Europe and Asia. • ISDN is similar to VoIP in that voice is digitized before it is sent over the network. • ISDN telephone lines require special instruments in order to use them. oplab,im,ntu
Skype vs. ISDN • Voice calls placed over Skype are different from over ISDN telephones in several ways: • Network: Skype uses Internet; ISDN uses PSTN. • Security: Skype is encrypted; ISDN phone calls are not encrypted. • Fee: Skype is free; ISDN phone calls are rarely free. • Additional function: Skype does not support video conferencing, but ISDN does. oplab,im,ntu
Skype vs. Peer-to-Peer (1/2) • Skype is making it different from a "pure" P2P system: • Skype relies on a central authentication server to authenticate users and software distributions. oplab,im,ntu
Skype vs. Peer-to-Peer (2/2) • When Skype is run on a computer that has a public IP address, it can become a “super-node”. These computers are used as rendezvous points so that computers behind firewalls can receive connections from other Skype users. • Although Skype refuses to explain the details of their protocol, it is likely that computers behind firewalls scan the Internet looking for super-nodes, then form and maintain long-term connections with these other computers. The super-nodes then proxy connections to the encumbered connections behind the firewalls. oplab,im,ntu
Skype SecurityIssues oplab,im,ntu
Is Skype secure? Answering this question is difficult… (1/2) • Security is not some abstract quality that can be analyzed in isolation. • The overall security of a Skype conversation depends on many factors. (ex:computer, network ...) • TheSkypeprotocol is bothproprietary and secret. oplab,im,ntu
Is Skype secure? Answering this question is difficult… (2/2) • Because Skype is mostly a P2P system, the overall security can be affected by third parties that are in the network. • Because Skype program can update itself as it runs, the security over the overall system can change without warning or even a change in appearance. oplab,im,ntu
Security Issues • Privacy • Authenticity • Availability • Survivability • Resilience • Integrity (Conversation) • Integrity (System) oplab,im,ntu
Issue 1: Privacy • Skype appears to encrypt or otherwise scramble information that is transmitted over the Internet. • The security of data sent over an encrypted or scrambled connection depends on many factors: • specific encryption or scrambling algorithms, • key management, • implementation of the algorithms, • protocol of the algorithms, • … oplab,im,ntu
Privacy (con’t) • An analysis of the packets indicates that : • HTTP protocol • authenticating and registering • communicating • transmitting an encrypted conversation (voice, IM, files ) oplab,im,ntu
Privacy (con’t) • The conclusion is that while the actual communications between Skype clients appears to be encrypted, searches conducted on behalf of Skype users are observable by the Skype network. oplab,im,ntu
What if Skype Really Does Use Encryption? • Skype claims that its system uses the : • RSA encryption algorithm for key generation • 256-bit AES as its bulk encryption algorithm • Challenges: • Skype does not publish its key exchange algorithm and its over-the-wire protocol. • Skype refused to explain the underlying design of its certificates, its authentication system, or its encryption implementation. oplab,im,ntu
Skype users should be aware of… • The security of Skype can be subverted through the use of spyware on the user’s computer. • All IM conversations are recordeddefaultly. These files could be retrieved through the use of spyware. • Supernode may monitor the voice traffic moving through it. • The SkypeIn and Skype Out services may use encryption to the Skype gateways, but at that point the telephone calls are decrypted and sent over the standard PSTN. oplab,im,ntu
Remember that… The security of the Skype system also depends entirely on the good will of Skype’s programmersandthe organization running Skype’s back-end servers. oplab,im,ntu
Issue 2: Authenticity • Every Skype user has a username and a password. • Each username has a registered email address. • Email Based Identification and Authentication. • The Skype client has the ability to “remember” the username/password and log in automatically. oplab,im,ntu
Authenticity (con’t) • User identities is digitally signed by an RSA private key. The matching RSA public key is embedded into every Skype executable. • Skype provides similar levels of authentication as MSN or AOL. • No special method to protect authenticity. • It isn’t clear how verification is done. • Voice Is a Biometric. oplab,im,ntu
Authenticity (con’t) • Several attacks may be possible: • Fake Skype client • Fake ISP • maliciousISP • Fake valid authentication oplab,im,ntu
The way to get your password: • An adversary: • Guessing • Social engineering • Keystroke loggers • Intercepting email used for password recovery • An computer administrator: • Leak passwords • Reset passwords • Empower attackers to impersonate user oplab,im,ntu
Issue 3: Availability • The availability of the PSTN is 99.99905%. • Internet service is, in general, inferior to telephone service. • Additional factors may compromise Skype’s potential availability. oplab,im,ntu
Issue 4: Survivability • The ability of a system to continue to operate after it has been degraded. • The Internet’s design allows Internet providers to choose how survivable they wish to make their networks. oplab,im,ntu
Survivability (con’t) • Most Internet users and many ISPs have not deployed systems that can withstand the arbitrary failure of one or more components. • Survivable systems are generally more expensive. • Survivable systems rarely provide better day-to-day performance. • It is not known if Skype's authentication servers can survive network disruptions or attacks. oplab,im,ntu
Issue 5: Resilience • Internet connections in many cases can be restored more quickly than traditional telephone. • Skype and other VoIP-based systems are highly tolerant of a user’s IP address changing from day-to-day. Thus, they are generally very resilient to local network disruption. • Skype clients almost certainly could not operate if Skype’s backend authentication network were to become unavailable. oplab,im,ntu
Issue 6: Integrity (Conversation) • Skype’s integrity provisions are completely unknown. • Skype makes no guarantees that Instant Messages or files will be delivered as they were transmitted. • Skype’s voice quality only suffers considerably in 802.11 wireless network. oplab,im,ntu
Issue 7: Integrity (System) • Network administrators are understandably concerned when users download and run software that might have wide-ranging implications. • It should be noted that many of the risks posed by Skype are no different than the risks posed by email and other person-to-person communications medium... • Voice communication: Skype probably poses less risk. • Exchange files: Skype poses less risk. • Anti-virus protection: Skype poses more risk. oplab,im,ntu
Recommendations oplab,im,ntu
Comparison: • Skype appears to offer significantly more security than conventional analog or ISDN voice communications, but less security than VoIP systems running over VPNs. oplab,im,ntu
When using Skype, the following may be helpful: • All PCs running the Windows operating system should be equipped with up-to-date anti-virus and anti-spyware programs. • The username/password combination used for Skype shouldn’t be used for anything else. • The username used for Skype shouldn’t be readily identifiable. oplab,im,ntu
When using Skype, the following may be helpful: • Both Skype usernames and passwords should be changed on a regular basis if the Skype network is used for any kind of sensitive discussions. • Skype users should assume the Skype system could become permanently unavailable at any moment. oplab,im,ntu
When using Skype, the following may be helpful: • Do not assume that the person behind a Skype username today is the same person that it was yesterday. • Although Skype insists that it’s voice system cannot transfer a virus, there is no evidence of this claim. oplab,im,ntu
The News about Skype oplab,im,ntu
2005/10/15 oplab,im,ntu
2005/12/04 oplab,im,ntu
2006/02/04 oplab,im,ntu
Reference • Skpye官方網站:http://www.skype.com/ • Skype中文官方網站: http://www.skype.com/intl/zh-Hant/ • http://tw.news.yahoo.com/051015/215/2f081.html • http://tw.news.yahoo.com/051214/215/2n4cg.html • http://tw.news.yahoo.com/060204/19/2tl6y.html oplab,im,ntu