Skype protocol

Last updated
Part of a series on
Skype

mobile applications

The Skype protocol is a proprietary network used for Internet telephony. Its specifications are not publicly available, and all official applications based on the protocol are closed-source. It lacks interoperability with most Voice over IP (VoIP) networks, so it requires licensing from Skype for any integration.

Contents

Many attempts to reverse-engineer the protocol have been made to study its security features or to enable unofficial clients. On June 20, 2014, Microsoft announced that the old Skype protocol would be deprecated. Users had to upgrade to the 2014 version of Skype to continue accessing services, and older clients could no longer log in. [1] [2] As of the second week of August 2014, the new protocol, Microsoft Notification Protocol 24, was implemented to improve offline messaging and message synchronization across devices. [3]

Peer-to-peer architecture

Skype pioneered peer-to-peer (P2P) technology for IP telephony. [4] Its architecture includes supernodes, ordinary nodes, and a login server. Each client maintains a cache of reachable supernodes, while user directory data is distributed across these supernodes, organized into slots and blocks.[ citation needed ]

Initially, any client with sufficient bandwidth and processing power could become a supernode. This setup posed challenges for users behind firewalls or Network Address Translation (NAT) because their connections could be used to facilitate calls between other clients. In 2012, Microsoft transitioned control of supernodes to its data centers to enhance performance and scalability, [5] [6] raising privacy concerns [7] that were later highlighted by the PRISM surveillance revelations in 2013. [8] [9]

Skype does not support IPv6, [10] which could simplify its communication infrastructure.

Communication challenges

Supernodes relay communications for clients that are behind firewalls or NAT, enabling calls that would otherwise be impossible. However, issues may arise, such as:

Protocol details

Signaling in Skype is encrypted using RC4, but this method is considered weak because the encryption key can be recovered from the traffic. Voice data is protected with AES encryption. [11] The Skype API allows developers to access the network for user information and call management.

The code remains closed-source, [12] and parts of the client utilize an open-source socket communication library called Internet Direct (Indy).[ citation needed ]

In July 2012, a researcher revealed insights gained from reverse-engineering the Skype client. [13]

Protocol detection

Various networking and security firms claim to have methods for detecting Skype's protocol. While their specific methods are proprietary, some published techniques include Pearson's chi-squared test and stochastic characterization using Naive Bayes classifiers. [14]

Obfuscation layer

Skype employs RC4 to obfuscate the payload of data packets. The initialization vector (IV) is derived from a combination of the public source and destination IPs and a packet ID, transformed into an RC4 key.

Notably, the misuse of RC4 can occur on TCP streams, where the first 14 bytes of a stream are XOR-ed with the RC4 stream, impacting data security. [15]

Packet structure and compression

Most Skype traffic is encrypted, with commands and their parameters organized in an object list that can be compressed using a variant of arithmetic compression.

The terms of Skype's license agreement prohibit reverse engineering. However, EU law allows for reverse engineering for interoperability purposes, [16] and the U.S. Digital Millennium Copyright Act provides similar protections. [17] [18] [19] [20] [21] Certain countries also permit copying for reverse engineering. [22]

Notes

  1. "Making Way for the Next Generation of Skype on Desktop". 20 June 2014.
  2. Keizer, Gregg (21 June 2014). "Update: Skype to retire recent editions for Windows, Mac; upgrades mandatory".
  3. Chris Merrimen (15 August 2014). "Skype stops working on older Android phones leaving Linux users in the dark". CNET. Archived from the original on August 16, 2014. Retrieved 2 October 2014.{{cite web}}: CS1 maint: unfit URL (link)
  4. Salman A. Baset; Henning Schulzrinne (2004). "An analysis of the Skype peer-to-peer Internet telephony protocol". p. 11. arXiv: cs/0412017v1 .
  5. Branscombe, Mary (27 July 2012). "Forget the conspiracy theories: Skype's supernodes belong in the cloud". 500 words into the future (ZDNet). Retrieved 17 June 2013.
  6. "Skype replaces P2P supernodes with Linux boxes hosted by Microsoft (updated)". Ars Technica. 2 May 2012. Retrieved 17 June 2013.
  7. Kosner, Anthony (18 July 2012). "Will Microsoft's Changes To The Architecture Of Skype Make It Easier To Snoop?". Forbes blog. Retrieved 17 June 2013.
  8. Gallagher, Ryan (6 June 2013). "Newly Revealed PRISM Snooping Makes Verizon Surveillance Look Like Kids' Stuff". Slate blog. Retrieved 17 June 2013.
  9. Greenwald, Glenn (7 June 2013). "NSA Prism program taps in to user data of Apple, Google and others". The Guardian. Retrieved 17 June 2013.
  10. "Skype does not support IPv6". Skype official Twitter account. 1 Nov 2012. Retrieved 4 Nov 2012.
  11. Introduction Skype analysis Enforcing anti-Skype policies, Skype uncovered Security study of Skype, Desclaux Fabrice, 7/11/2005, EADS CCR/STI/C
  12. "Which protocols does Skype use?". Help. Skype. Archived from the original on March 3, 2009.
  13. "Posts under Skype Reverse Category". oKLabs.
    "Skype Reverse Engineering: The (long) journey ;)." oKLabs.
  14. Dario Bonfiglio; et al. "Revealing Skype Traffic: When Randomness Plays with You". ACM SIGCOMM Computer Communication Review. 37 (SIGCOMM 2007): 37–48. Archived from the original on 2011-04-30.
  15. Fabrice Desclaux; Kostya Kortchinsky (2006-06-17). "Vanilla Skype part 2" (PDF). RECON2006.
  16. Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs
  17. 17 U.S.C. Sec. 1201(f).
  18. WIPO Copyright and Performances and Phonograms Treaties Implementation Act
  19. Sega vs Accolade, 1992
  20. Sony vs Connectix, 2000
  21. Pamela Samuelson & Suzanne Scotchmer (May 2002). "The Law and Economics of Reverse Engineering" (PDF). Yale Law Journal. 111 (7): 1575–1663. doi:10.2307/797533. JSTOR   797533. Archived from the original (PDF) on 2011-07-16. Retrieved 2015-03-17.
  22. In the French "intellectual property" law set, there is an exception that allows any software user to reverse engineer it. See code de la propriété intellectuelle (in French). This law is the national implementation of a piece of EU legislation: Council Directive 91/250/EEC, since then repealed by Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs which also has a very similar provision allowing reverse engineering/decompilation for the purposes of development and testing of independent but inter-operating programs).

Related Research Articles

The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications. SIP is used in Internet telephony, in private IP telephone systems, as well as mobile phone calling over LTE (VoLTE).

FastTrack is a peer-to-peer (P2P) protocol that was used by the Kazaa, Grokster, iMesh and Morpheus file sharing programs. FastTrack was the most popular file sharing network in 2003, and used mainly for the exchange of music MP3 files. The network had approximately 2.4 million concurrent users in 2003. It is estimated that the total number of users was greater than that of Napster at its peak.

Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for voice calls for the delivery of voice communication sessions over Internet Protocol (IP) networks, such as the Internet.

<span class="mw-page-title-main">XMPP</span> Communications protocol for message-oriented middleware

Extensible Messaging and Presence Protocol is an open communication protocol designed for instant messaging (IM), presence information, and contact list maintenance. Based on XML, it enables the near-real-time exchange of structured data between two or more network entities. Designed to be extensible, the protocol offers a multitude of applications beyond traditional IM in the broader realm of message-oriented middleware, including signalling for VoIP, video, file transfer, gaming and other uses.

<span class="mw-page-title-main">Skype</span> Telecommunications software service/application

Skype is a proprietary telecommunications application operated by Skype Technologies, a division of Microsoft, best known for IP-based videotelephony, videoconferencing and voice calls. It also has instant messaging, file transfer, debit-based calls to landline and mobile telephones, and other features. It is available on various desktop, mobile, and video game console platforms.

Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and may take actions such as alerting, blocking, re-routing, or logging it accordingly. Deep packet inspection is often used for baselining application behavior, analyzing network usage, troubleshooting network performance, ensuring that data is in the correct format, checking for malicious code, eavesdropping, and internet censorship, among other purposes. There are multiple headers for IP packets; network equipment only needs to use the first of these for normal operation, but use of the second header is normally considered to be shallow packet inspection despite this definition.

VoIP spam or SPIT is unsolicited, automatically dialed telephone calls, typically using voice over Internet Protocol (VoIP) technology.

A session border controller (SBC) is a network element deployed to protect SIP based voice over Internet Protocol (VoIP) networks.

Teleo was a peer-to-peer Voice over Internet Protocol (VoIP) network founded in by Wendell Brown, Andy Moeck and Craig Taro Gold in 2004.

<span class="mw-page-title-main">Microsoft NetMeeting</span> Discontinued videoconferencing software

Microsoft NetMeeting is a discontinued VoIP and multi-point videoconferencing program offered by Microsoft. NetMeeting allows multiple clients to host and join a call that includes video and audio, text chat, application and desktop sharing, and file sharing. It was originally bundled with Internet Explorer 3 and then with Windows versions from Windows 95 to Windows Server 2003.

<span class="mw-page-title-main">Skype for Business Server</span> Real-time communications server software

Skype for Business Server is real-time communications server software that provides the infrastructure for enterprise instant messaging, presence, VoIP, ad hoc and structured conferences and PSTN connectivity through a third-party gateway or SIP trunk. These features are available within an organization, between organizations and with external users on the public internet or standard phones.

<span class="mw-page-title-main">VoIP phone</span> Phone using one or more VoIP technologies

A VoIP phone or IP phone uses voice over IP technologies for placing and transmitting telephone calls over an IP network, such as the Internet. This is in contrast to a standard phone which uses the traditional public switched telephone network (PSTN).

Network address translation traversal is a computer networking technique of establishing and maintaining Internet Protocol connections across gateways that implement network address translation (NAT).

This is a comparison of voice over IP (VoIP) software used to conduct telephone-like voice conversations across Internet Protocol (IP) based networks. For residential markets, voice over IP phone service is often cheaper than traditional public switched telephone network (PSTN) service and can remove geographic restrictions to telephone numbers, e.g., have a PSTN phone number in a New York area code ring in Tokyo.

Hole punching is a technique in computer networking for establishing a direct connection between two parties in which one or both are behind firewalls or behind routers that use network address translation (NAT). To punch a hole, each client connects to an unrestricted third-party server that temporarily stores external and internal address and port information for each client. The server then relays each client's information to the other, and using that information each client tries to establish direct connection; as a result of the connections using valid port numbers, restrictive firewalls or routers accept and forward the incoming packets on each side.

Skype is a Voice over Internet Protocol (VoIP) system developed by Skype Technologies S.A. It is a peer-to-peer network where voice calls pass over the Internet rather than through a special-purpose network. Skype users can search for other users and send them messages.

Peer-to-peer SIP (P2P-SIP) is an implementation of a distributed voice over Internet Protocol (VoIP) or instant messaging communications application using a peer-to-peer (P2P) architecture in which session control between communication end points is facilitated with the Session Initiation Protocol (SIP).

In telecommunications, a proprietary protocol is a communications protocol owned by a single organization or individual.

A softphone is a software program for making telephone calls over the Internet using a general purpose computer rather than dedicated hardware. The softphone can be installed on a piece of equipment such as a desktop, mobile device, or other computer and allows the user to place and receive calls without requiring an actual telephone set. Often, a softphone is designed to behave like a traditional telephone, sometimes appearing as an image of a handset with a display panel and buttons with which the user can interact. A softphone is usually used with a headset connected to the sound card of the PC or with a USB phone.

References

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.