Skype P2P communication Group Members: Andre Tran, Balta Infante, Priyanka Gangishetty, Irena Mao
In this presentation... 1) Introduction to P2P 2) Skype Overview 3) Architecture 4) Key components of Skype software 5) Functions of Skype
P2P Architecture No always-on server Peers are both clients and servers Any peer can initiate a connection and change IP address
P2P Characteristics Clients are also servers and routers Nodes are autonomous Network is dynamic Nodes collaborate directly with each other
P2P Benefits Efficient use of resources Scalability Reliability Ease of administration
Skype VoIP application services provided: host-to-host VoIP host-to-phone phone-to-host multi-party host-to-host video conferencing
Skype P2P Components Organization: hierarchical overlay network clients: skype peers connect directly to each other for VoIP call super nodes (SN): skype peers with special functions overlay network: among SNs to locate clients login server
How Skype Works skype client operation: 1. joins skype network by contacting SN (IP address cached) using TCP 2. logs-in (usename, password) to centralized skype login server 3. obtains IP address for callee from SN, SN overlay or client buddy list 4. initiate call directly to callee
Multi-party Conference Calls audio calls (N >2) : instead of each peer send audio to all other peers number of streams sent: N(N-1) reduce bandwidth by: all peers send audio to conference initiator conference initiator combine all audio into one stream sends combined steam to all other peers number of stream sent: 2(N -1)
Multi-party Conference Calls video call (N > 2): each peer's video stream is routed to a server cluster server cluster relays to each peer the N-1 streams of other peers
Skype Privacy Problems A peer to sniff IP address of another peer After obtaining IP address: use geo-location services to track location of another peer correlate to BitTorrent partially decrypt a Skype call
Architecture Overlay network Can become super node if: Sufficient bandwidth Sufficient processing power Won’t be a super node if: Behind NAT Restrictive firewall Behind HTTP or SOCKS5 proxy
Architecture Super nodes replaced by linux boxes ~10,000 boxes using grsecurity More resilient to attacks Accommodates more users More centralized and more secure
Architecture Skype client keeps table of reachable nodes Buddy lists and host cache Shared over the super nodes Contains IP addresses and port numbers Stored in XML format
Codecs SILK codec replaces SVOPC (Sinusoidal Voice Over Packet Coder) Sampling frequency: 8, 12, 16, 24 kHz Bit rate from 6 to 40 kbits/s IETF currently developing Opus based off the speech-oriented SILK and low latency CELT
Skype Protocol Protocol is proprietary It is unknown how index mappings are organized across super nodes Claimed to have 3G P2P or Global Index technology Skype doesn’t support use of IPV6 protocol
Skype Protocol By default audio and video sent over UDP Control packets are sent over TCP Media packets over TCP when firewall blocks UDP FEC (Forward Error Correction) used for loss recovery of voice and video over UDP Skype client adapts by changing video quality and FEC overhead
Skype Protocol Signaling is encrypted with RC4 obscures the traffic, but key can still be recovered Voice data encrypted by AES Skype client API is open to developers
Relays Super nodes relay communications for clients behind firewalls or NAT NAT and firewalls may prevent client from receiving UDP is not usable with NAT Firewalls block many ports TCP through many-to-one NAT is outward only Three super nodes are needed, one for each client and one to serve as relay
Key Components Ports Host Cache Codecs Buddy List Encryption NAT and Firewall
Ports A SC opens TCP and UDP listening ports at the number configured in its connection dialog box In addition, SC also opens port number 80 and 443 as alternatives There is no default TCP or UDP listening port
Port’s snapshot
Host Cache List of super node IP address and port pairs that SC builds and refreshes regularly v0.97 stops and reports login failure if unable v1.2 and onwards, tries to establish a TCP connection with one of the seven bootstrap (hardcoded) Stored as XML files Maximum of 200 entries
Codecs iLBC, iSAC, iPCM Developed by GlobalIPSound For SC v1.4 allows frequencies from 50 to 8000 Hz Thus, frequency range of a wideband codec
Buddy List Stored in config.xml v1.2 and onwards for XP also stores it on a central Skype server: 212.72.49.142 Stored unencrypted on a computer
Buddy List’s snapshot
Encryption Skype uses AES 256-bit encryption with a total of 1.1 x 10^77 Uses 1024 bit RSA to negotiate symmetric AES keys User public keys certified by the Skype server at login using 1536 or 2048-bit RSA certificates
NAT and Firewall SC uses a variation of STUN and TURN protocols to determine the type of NAT and firewall it is behind SC refreshes info periodically Info also stored in shared.xml file Unlike Kaaza, a SC cannot prevent itself from becoming a super node
Functions of Skype 1) Login SC sends a UDP packet to the bootstrap super nodes If no response, it tries to establish a TCP connection, repeats the whole process after 6 seconds if this fails too Next step is to authenticate itself to a server which is done over a TCP connection 2) NAT traversal Skype uses STUN (Session traversal utilities for NAT) to detect and traverse NATs 3) User search Skype uses a distributed search on a Global index
contd... 4) Call establishment and teardown For a user not on the friends list, its a user search plus call signalling For a person on the friend’s list, the caller SC establishes a TCP connection with the callee via a challenge-response mechanism For a machine behind a NAT, caller establishes a connection with an online Skype node 5) Media transfer If both machines have public IP addresses, media is exchanged over UDP between caller and callee SC Otherwise, a TCP connection is used via an online node
References http://www.eecg.toronto.edu/~jacobsen/mie4 56/slides/p2p-mie.pdf Computer Networking: A Top Down Approach http://www1.cs.columbia.edu/~salman/public ations/skype1_4.pdf