Skype protocol

Last updated
Part of a series on
Skype

mobile applications

The Skype protocol is a proprietary Internet telephony network used by Skype. The protocol's specifications have not been made publicly available by Skype and official applications using the protocol are closed-source.

Contents

The Skype network is not interoperable with most other Voice over IP (VoIP) networks without proper licensing from Skype. Numerous attempts to study or reverse-engineer the protocol have been undertaken to reveal the protocol, investigate security or allow unofficial clients.

On June 20, 2014, Microsoft announced the deprecation of the old Skype protocol. Within several months from this date, in order to continue using Skype services, Skype users had to update to Skype applications released in 2014, and users were not able to log in to older Skype versions (clients). [1] [2] No announcement has been made on whether SmartTV and hardware phones with built-in Skype functionality will continue to work without interruptions. The new Skype protocol—Microsoft Notification Protocol 24—promised better offline messaging and better messages synchronization across Skype devices. The deprecation became effective in the second week of August 2014. [3]

Peer-to-peer architecture

Skype was the first peer-to-peer IP telephony network. [4] The network contains three types of entities: supernodes , ordinary nodes, and the login server. Each client maintains a host cache with the IP address and port numbers of reachable supernodes. The Skype user directory is decentralized and distributed among the supernodes in the network. Supernodes are grouped into slots (9–10 supernodes), and slots are grouped into blocks (8 slots).[ citation needed ]

Previously any client with good bandwidth, no restrictions due to firewall or network address translation (NAT), and adequate processing power could become a supernode. This placed an extra burden on those who connected to the Internet without NAT, as Skype used their computers and Internet connections as third parties for UDP hole punching (to directly connect two clients both behind NAT) or to completely relay other users' calls. In 2012, Microsoft altered the design of the network, and brought all supernodes under their control as hosted servers in data centres. [5] Microsoft at the time defended the move, saying they "believe this approach has immediate performance, scalability and availability benefits for the hundreds of millions of users that make up the Skype community." [6] At the time there was some concern regarding the privacy implications of the change, [7] which appear to have been proven true with the revelation of the PRISM surveillance program in June 2013. [8] [9]

Skype does not support the use of the IPv6 protocol, [10] which would greatly reduce the complexity associated with the aforementioned IPv4 communication structure.

Supernodes relay communications on behalf of two other clients, both of which are behind firewalls or "one-to-many" network address translation. Without relaying by the supernodes, two clients with firewall or NAT difficulties would be unable to make or receive calls from one another. Skype tries to get the two ends to negotiate the connection details directly, but sometimes the sum of problems at both ends can prevent direct conversation being established.

The problems with firewalls and NAT can be:

Protocol

Signaling is encrypted using RC4; however, the method only obfuscates the traffic as the key can be recovered from the packet. Voice data is encrypted with AES. [11]

The Skype client's application programming interface (API) opens the network to software developers. The Skype API allows other programs to use the Skype network to get "white pages" information and manage calls.

The Skype code is closed source, and the protocol is not standardized. [12] Parts of the client use Internet Direct (Indy), an open source socket communication library.[ citation needed ]

On July 8, 2012, a researcher from Benin, Ouanilo Medegan, released articles and proof of concept code, results of his reverse engineering the Skype client. [13]

Protocol detection

Many networking and security companies claim to detect and control Skype's protocol for enterprise and carrier applications. While the specific detection methods used by these companies are often proprietary, Pearson's chi-squared test and stochastic characterization with Naive Bayes classifiers are two approaches that were published in 2007. [14]

Obfuscation layer

The RC4 encryption algorithm is used to obfuscate the payload of datagrams.

  1. The CRC32 of public source and destination IP, Skype's packet ID are taken
  2. Skype obfuscation layer's initialization vector (IV).

The XOR of these two 32-bit values is transformed to an 80-byte RC4 key using an unknown key engine.

A notable misuse of RC4 in Skype can be found on TCP streams (UDP is unaffected). The first 14 bytes (10 of which are known to the user, since they consist of a hash of the username and password) are XOR-ed with the RC4 stream. Then, the cipher is reinitialized to encrypt the rest of the TCP stream. [15]

TCP

TCP packets:

TCP Skype Init TCP packet

The Skype Init TCP packet contains

Low-level datagrams

Almost all traffic is ciphered. Each command has its parameters appended in an object list. The object list can be compressed.

                                 / Object List     ... -|         Enc      -> Cmd -> Encod                      ^           \ Compressed List ... -|         Frag         |                                  |                      |------------------<---------------|         Ack
        NAck
        Forward  -> Forwarded..Message

Object lists

An object can be a number, string, an IP:port, or even another object list. Each object has an ID. This ID identifies which command parameter the object is.

 Object:          Number          IP:Port          List of numbers          String          RSA key
 Object List          List Size (n)          Object 1          .          .          Object n

Packet compression

Packets can be compressed. The algorithm is a variation of arithmetic compression that uses reals instead of bits.

Reverse engineering of the Skype protocol by inspecting/disassembling binaries is prohibited by the terms and conditions of Skype's license agreement. However European Union law allows reverse-engineering a computer program without getting a permission from an author for inter-operability purposes. [16] In the United States, the Digital Millennium Copyright Act provides protections for reverse engineering software for the purposes of interoperability with other software. [17] [18] There are also legal precedents in the United States when the reverse-engineering is aimed at interoperability of file formats and protocols. [19] [20] [21]

In addition, some countries specifically permit a program to be copied for the purposes of reverse engineering. [22]

Notes

  1. "Making Way for the Next Generation of Skype on Desktop". 20 June 2014.
  2. Keizer, Gregg (21 June 2014). "Update: Skype to retire recent editions for Windows, Mac; upgrades mandatory".
  3. Chris Merrimen (15 August 2014). "Skype stops working on older Android phones leaving Linux users in the dark". CNET. Archived from the original on August 16, 2014. Retrieved 2 October 2014.{{cite web}}: CS1 maint: unfit URL (link)
  4. Salman A. Baset; Henning Schulzrinne (2004). "An analysis of the Skype peer-to-peer Internet telephony protocol". p. 11. arXiv: cs/0412017v1 .
  5. Branscombe, Mary (27 July 2012). "Forget the conspiracy theories: Skype's supernodes belong in the cloud". 500 words into the future (ZDNet). Retrieved 17 June 2013.
  6. "Skype replaces P2P supernodes with Linux boxes hosted by Microsoft (updated)". Ars Technica. 2 May 2012. Retrieved 17 June 2013.
  7. Kosner, Anthony (18 July 2012). "Will Microsoft's Changes To The Architecture Of Skype Make It Easier To Snoop?". Forbes blog. Retrieved 17 June 2013.
  8. Gallagher, Ryan (6 June 2013). "Newly Revealed PRISM Snooping Makes Verizon Surveillance Look Like Kids' Stuff". Slate blog. Retrieved 17 June 2013.
  9. Greenwald, Glenn (7 June 2013). "NSA Prism program taps in to user data of Apple, Google and others". The Guardian. Retrieved 17 June 2013.
  10. "Skype does not support IPv6". Skype official Twitter account. 1 Nov 2012. Retrieved 4 Nov 2012.
  11. Introduction Skype analysis Enforcing anti-Skype policies, Skype uncovered Security study of Skype, Desclaux Fabrice, 7/11/2005, EADS CCR/STI/C
  12. "Which protocols does Skype use?". Help. Skype. Archived from the original on March 3, 2009.
  13. "Posts under Skype Reverse Category". oKLabs.
    "Skype Reverse Engineering: The (long) journey ;)." oKLabs.
  14. Dario Bonfiglio; et al. "Revealing Skype Traffic: When Randomness Plays with You". ACM SIGCOMM Computer Communication Review. 37 (SIGCOMM 2007): 37–48. Archived from the original on 2011-04-30.
  15. Fabrice Desclaux; Kostya Kortchinsky (2006-06-17). "Vanilla Skype part 2" (PDF). RECON2006.
  16. Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs
  17. 17 U.S.C. Sec. 1201(f).
  18. WIPO Copyright and Performances and Phonograms Treaties Implementation Act
  19. Sega vs Accolade, 1992
  20. Sony vs Connectix, 2000
  21. Pamela Samuelson & Suzanne Scotchmer (May 2002). "The Law and Economics of Reverse Engineering" (PDF). Yale Law Journal. 111 (7): 1575–1663. doi:10.2307/797533. JSTOR   797533. Archived from the original (PDF) on 2011-07-16. Retrieved 2015-03-17.
  22. In the French "intellectual property" law set, there is an exception that allows any software user to reverse engineer it. See code de la propriété intellectuelle (in French). This law is the national implementation of a piece of EU legislation: Council Directive 91/250/EEC, since then repealed by Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs which also has a very similar provision allowing reverse engineering/decompilation for the purposes of development and testing of independent but inter-operating programs).

Related Research Articles

The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suite are the Transmission Control Protocol (TCP), the User Datagram Protocol (UDP), and the Internet Protocol (IP). In the development of this networking model, early versions of it were known as the Department of Defense (DoD) model because the research and development were funded by the United States Department of Defense through DARPA.

<span class="mw-page-title-main">Network address translation</span> Protocol facilitating connection of one IP address space to another

Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used to bypass the need to assign a new address to every host when a network was moved, or when the upstream Internet service provider was replaced, but could not route the network's address space. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network.

Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms Internet telephony, broadband telephony, and broadband phone service specifically refer to the provisioning of communications services over the Internet, rather than via the public switched telephone network (PSTN), also known as plain old telephone service (POTS).

<span class="mw-page-title-main">Proxy server</span> Computer server that makes and receives requests on behalf of a user

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource.

This page provides an index of articles thought to be Internet or Web related topics.

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.

<span class="mw-page-title-main">Skype</span> Telecommunications software service/application

Skype is a proprietary telecommunications application operated by Skype Technologies, a division of Microsoft, best known for VoIP-based videotelephony, videoconferencing and voice calls. It also has instant messaging, file transfer, debit-based calls to landline and mobile telephones, and other features. Skype is available on various desktop, mobile, and video game console platforms.

<span class="mw-page-title-main">Port forwarding</span> Application of network address translation

In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway, by remapping the destination IP address and port number of the communication to an internal host.

In computer networks, a tunneling protocol is a communication protocol which allows for the movement of data from one network to another. It involves allowing private network communications to be sent across a public network through a process called encapsulation.

<span class="mw-page-title-main">VoIP phone</span> Phone using one or more VoIP technologies

A VoIP phone or IP phone uses voice over IP technologies for placing and transmitting telephone calls over an IP network, such as the Internet. This is in contrast to a standard phone which uses the traditional public switched telephone network (PSTN).

UDP hole punching is a commonly used technique employed in network address translation (NAT) applications for maintaining User Datagram Protocol (UDP) packet streams that traverse the NAT. NAT traversal techniques are typically required for client-to-client networking applications on the Internet involving hosts connected in private networks, especially in peer-to-peer, Direct Client-to-Client (DCC) and Voice over Internet Protocol (VoIP) deployments.

Network address translation traversal is a computer networking technique of establishing and maintaining Internet protocol connections across gateways that implement network address translation (NAT).

Interactive Connectivity Establishment (ICE) is a technique used in computer networking to find ways for two computers to talk to each other as directly as possible in peer-to-peer networking. This is most commonly used for interactive media such as Voice over Internet Protocol (VoIP), peer-to-peer communications, video, and instant messaging. In such applications, communicating through a central server would be slow and expensive, but direct communication between client applications on the Internet is very tricky due to network address translators (NATs), firewalls, and other network barriers.

A middlebox is a computer networking device that transforms, inspects, filters, and manipulates traffic for purposes other than packet forwarding. Examples of middleboxes include firewalls, network address translators (NATs), load balancers, and deep packet inspection (DPI) boxes.

Hole punching is a technique in computer networking for establishing a direct connection between two parties in which one or both are behind firewalls or behind routers that use network address translation (NAT). To punch a hole, each client connects to an unrestricted third-party server that temporarily stores external and internal address and port information for each client. The server then relays each client's information to the other, and using that information each client tries to establish direct connection; as a result of the connections using valid port numbers, restrictive firewalls or routers accept and forward the incoming packets on each side.

An ICMP tunnel establishes a covert connection between two remote computers, using ICMP echo requests and reply packets. An example of this technique is tunneling complete TCP traffic over ping requests and replies.

In computing, Microsoft's Windows Vista and Windows Server 2008 introduced in 2007/2008 a new networking stack named Next Generation TCP/IP stack, to improve on the previous stack in several ways. The stack includes native implementation of IPv6, as well as a complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration settings that enables more dynamic control and does not require a computer restart after a change in settings. The new stack, implemented as a dual-stack model, depends on a strong host-model and features an infrastructure to enable more modular components that one can dynamically insert and remove.

Skype is a Voice over Internet Protocol (VoIP) system developed by Skype Technologies S.A. It is a peer-to-peer network where voice calls pass over the Internet rather than through a special-purpose network. Skype users can search for other users and send them messages.

An IPv6 transition mechanism is a technology that facilitates the transitioning of the Internet from the Internet Protocol version 4 (IPv4) infrastructure in use since 1983 to the successor addressing and routing system of Internet Protocol Version 6 (IPv6). As IPv4 and IPv6 networks are not directly interoperable, transition technologies are designed to permit hosts on either network type to communicate with any other host.

<span class="mw-page-title-main">SoftEther VPN</span> Open-source VPN client and server software

SoftEther VPN is free open-source, cross-platform, multi-protocol VPN client and VPN server software, developed as part of Daiyuu Nobori's master's thesis research at the University of Tsukuba. VPN protocols such as SSL VPN, L2TP/IPsec, OpenVPN, and Microsoft Secure Socket Tunneling Protocol are provided in a single VPN server. It was released using the GPLv2 license on January 4, 2014. The license was switched to Apache License 2.0 on January 21, 2019.

References

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.