This article has multiple issues. Please help improve it or discuss these issues on the talk page . (Learn how and when to remove these template messages)
|
Part of a series on |
Skype |
---|
mobile applications |
The Skype protocol is a proprietary Internet telephony network used by Skype. The protocol's specifications have not been made publicly available by Skype and official applications using the protocol are closed-source.
The Skype network is not interoperable with most other Voice over IP (VoIP) networks without proper licensing from Skype. Numerous attempts to study or reverse-engineer the protocol have been undertaken to reveal the protocol, investigate security or allow unofficial clients.
On June 20, 2014, Microsoft announced the deprecation of the old Skype protocol. Within several months from this date, in order to continue using Skype services, Skype users had to update to Skype applications released in 2014, and users were not able to log in to older Skype versions (clients). [1] [2] No announcement has been made on whether SmartTV and hardware phones with built-in Skype functionality will continue to work without interruptions. The new Skype protocol—Microsoft Notification Protocol 24—promised better offline messaging and better messages synchronization across Skype devices. The deprecation became effective in the second week of August 2014. [3]
Skype was the first peer-to-peer IP telephony network. [4] The network contains three types of entities: supernodes , ordinary nodes, and the login server. Each client maintains a host cache with the IP address and port numbers of reachable supernodes. The Skype user directory is decentralized and distributed among the supernodes in the network. Supernodes are grouped into slots (9–10 supernodes), and slots are grouped into blocks (8 slots).[ citation needed ]
Previously any client with good bandwidth, no restrictions due to firewall or network address translation (NAT), and adequate processing power could become a supernode. This placed an extra burden on those who connected to the Internet without NAT, as Skype used their computers and Internet connections as third parties for UDP hole punching (to directly connect two clients both behind NAT) or to completely relay other users' calls. In 2012, Microsoft altered the design of the network, and brought all supernodes under their control as hosted servers in data centres. [5] Microsoft at the time defended the move, saying they "believe this approach has immediate performance, scalability and availability benefits for the hundreds of millions of users that make up the Skype community." [6] At the time there was some concern regarding the privacy implications of the change, [7] which appear to have been proven true with the revelation of the PRISM surveillance program in June 2013. [8] [9]
Skype does not support the use of the IPv6 protocol, [10] which would greatly reduce the complexity associated with the aforementioned IPv4 communication structure.
Supernodes relay communications on behalf of two other clients, both of which are behind firewalls or "one-to-many" network address translation. Without relaying by the supernodes, two clients with firewall or NAT difficulties would be unable to make or receive calls from one another. Skype tries to get the two ends to negotiate the connection details directly, but sometimes the sum of problems at both ends can prevent direct conversation being established.
The problems with firewalls and NAT can be:
Signaling is encrypted using RC4; however, the method only obfuscates the traffic as the key can be recovered from the packet. Voice data is encrypted with AES. [11]
The Skype client's application programming interface (API) opens the network to software developers. The Skype API allows other programs to use the Skype network to get "white pages" information and manage calls.
The Skype code is closed source, and the protocol is not standardized. [12] Parts of the client use Internet Direct (Indy), an open source socket communication library.[ citation needed ]
On July 8, 2012, a researcher from Benin, Ouanilo Medegan, released articles and proof of concept code, results of his reverse engineering the Skype client. [13]
Many networking and security companies claim to detect and control Skype's protocol for enterprise and carrier applications. While the specific detection methods used by these companies are often proprietary, Pearson's chi-squared test and stochastic characterization with Naive Bayes classifiers are two approaches that were published in 2007. [14]
The RC4 encryption algorithm is used to obfuscate the payload of datagrams.
The XOR of these two 32-bit values is transformed to an 80-byte RC4 key using an unknown key engine.
A notable misuse of RC4 in Skype can be found on TCP streams (UDP is unaffected). The first 14 bytes (10 of which are known to the user, since they consist of a hash of the username and password) are XOR-ed with the RC4 stream. Then, the cipher is reinitialized to encrypt the rest of the TCP stream. [15]
TCP packets:
TCP Skype Init TCP packet
The Skype Init TCP packet contains
Almost all traffic is ciphered. Each command has its parameters appended in an object list. The object list can be compressed.
/ Object List ... -| Enc -> Cmd -> Encod ^ \ Compressed List ... -| Frag | | |------------------<---------------| Ack
NAck
Forward -> Forwarded..Message
An object can be a number, string, an IP:port, or even another object list. Each object has an ID. This ID identifies which command parameter the object is.
Object: Number IP:Port List of numbers String RSA key
Object List List Size (n) Object 1 . . Object n
Packets can be compressed. The algorithm is a variation of arithmetic compression that uses reals instead of bits.
Reverse engineering of the Skype protocol by inspecting/disassembling binaries is prohibited by the terms and conditions of Skype's license agreement. However European Union law allows reverse-engineering a computer program without getting a permission from an author for inter-operability purposes. [16] In the United States, the Digital Millennium Copyright Act provides protections for reverse engineering software for the purposes of interoperability with other software. [17] [18] There are also legal precedents in the United States when the reverse-engineering is aimed at interoperability of file formats and protocols. [19] [20] [21]
In addition, some countries specifically permit a program to be copied for the purposes of reverse engineering. [22]
{{cite web}}
: CS1 maint: unfit URL (link)The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suite are the Transmission Control Protocol (TCP), the User Datagram Protocol (UDP), and the Internet Protocol (IP). In the development of this networking model, early versions of it were known as the Department of Defense (DoD) model because the research and development were funded by the United States Department of Defense through DARPA.
Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used to bypass the need to assign a new address to every host when a network was moved, or when the upstream Internet service provider was replaced, but could not route the network's address space. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network.
Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms Internet telephony, broadband telephony, and broadband phone service specifically refer to the provisioning of communications services over the Internet, rather than via the public switched telephone network (PSTN), also known as plain old telephone service (POTS).
In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource.
This page provides an index of articles thought to be Internet or Web related topics.
SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.
Skype is a proprietary telecommunications application operated by Skype Technologies, a division of Microsoft, best known for VoIP-based videotelephony, videoconferencing and voice calls. It also has instant messaging, file transfer, debit-based calls to landline and mobile telephones, and other features. Skype is available on various desktop, mobile, and video game console platforms.
In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway, by remapping the destination IP address and port number of the communication to an internal host.
In computer networks, a tunneling protocol is a communication protocol which allows for the movement of data from one network to another. It involves allowing private network communications to be sent across a public network through a process called encapsulation.
A VoIP phone or IP phone uses voice over IP technologies for placing and transmitting telephone calls over an IP network, such as the Internet. This is in contrast to a standard phone which uses the traditional public switched telephone network (PSTN).
UDP hole punching is a commonly used technique employed in network address translation (NAT) applications for maintaining User Datagram Protocol (UDP) packet streams that traverse the NAT. NAT traversal techniques are typically required for client-to-client networking applications on the Internet involving hosts connected in private networks, especially in peer-to-peer, Direct Client-to-Client (DCC) and Voice over Internet Protocol (VoIP) deployments.
Network address translation traversal is a computer networking technique of establishing and maintaining Internet protocol connections across gateways that implement network address translation (NAT).
Interactive Connectivity Establishment (ICE) is a technique used in computer networking to find ways for two computers to talk to each other as directly as possible in peer-to-peer networking. This is most commonly used for interactive media such as Voice over Internet Protocol (VoIP), peer-to-peer communications, video, and instant messaging. In such applications, communicating through a central server would be slow and expensive, but direct communication between client applications on the Internet is very tricky due to network address translators (NATs), firewalls, and other network barriers.
A middlebox is a computer networking device that transforms, inspects, filters, and manipulates traffic for purposes other than packet forwarding. Examples of middleboxes include firewalls, network address translators (NATs), load balancers, and deep packet inspection (DPI) boxes.
Hole punching is a technique in computer networking for establishing a direct connection between two parties in which one or both are behind firewalls or behind routers that use network address translation (NAT). To punch a hole, each client connects to an unrestricted third-party server that temporarily stores external and internal address and port information for each client. The server then relays each client's information to the other, and using that information each client tries to establish direct connection; as a result of the connections using valid port numbers, restrictive firewalls or routers accept and forward the incoming packets on each side.
An ICMP tunnel establishes a covert connection between two remote computers, using ICMP echo requests and reply packets. An example of this technique is tunneling complete TCP traffic over ping requests and replies.
In computing, Microsoft's Windows Vista and Windows Server 2008 introduced in 2007/2008 a new networking stack named Next Generation TCP/IP stack, to improve on the previous stack in several ways. The stack includes native implementation of IPv6, as well as a complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration settings that enables more dynamic control and does not require a computer restart after a change in settings. The new stack, implemented as a dual-stack model, depends on a strong host-model and features an infrastructure to enable more modular components that one can dynamically insert and remove.
Skype is a Voice over Internet Protocol (VoIP) system developed by Skype Technologies S.A. It is a peer-to-peer network where voice calls pass over the Internet rather than through a special-purpose network. Skype users can search for other users and send them messages.
An IPv6 transition mechanism is a technology that facilitates the transitioning of the Internet from the Internet Protocol version 4 (IPv4) infrastructure in use since 1983 to the successor addressing and routing system of Internet Protocol Version 6 (IPv6). As IPv4 and IPv6 networks are not directly interoperable, transition technologies are designed to permit hosts on either network type to communicate with any other host.
SoftEther VPN is free open-source, cross-platform, multi-protocol VPN client and VPN server software, developed as part of Daiyuu Nobori's master's thesis research at the University of Tsukuba. VPN protocols such as SSL VPN, L2TP/IPsec, OpenVPN, and Microsoft Secure Socket Tunneling Protocol are provided in a single VPN server. It was released using the GPLv2 license on January 4, 2014. The license was switched to Apache License 2.0 on January 21, 2019.