An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol

Slides:



Advertisements
Similar presentations
Johan Garcia Karlstads Universitet Datavetenskap 1 Datakommunikation II Signaling/Voice over IP / SIP Based on material from Henning Schulzrinne, Columbia.
Advertisements

Introduction 2 1: Introduction.
INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 12 Prof. Crista Lopes.
Understanding KaZaA Jian Liang Rakesh Kumar Keith Ross Polytechnic University Brooklyn, N.Y.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
AN ANALYSIS OF THE SKYPE PEER-TO-PEER INTERNET TELEPHONY PROTOCOL Presentation by Andrew Keating for CS577 Fall 2009 By Salman A. Baset and Henning Schulzrinne,
Skype & Network Management Taken from class reference : An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Salman A. Baset and Henning Schulzrinne.
CS Spring 2011 CS 414 – Multimedia Systems Design Lecture 38 – Voice-over-IP/Skype Klara Nahrstedt Spring 2011.
Voice over IP Skype.
1 An Analysis of the Skype Peer-to- Peer Internet Telephony Protocol Speaker : zcchen.
Review of a research paper on Skype
Comparison between Skype and SIP- based Peer-to-Peer Voice-Over-IP Overlay Network Johnson Lee EECE 565 Data Communications.
An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Salman Baset and Henning Schuzrinne INFOCOMM 2006 Presenter - Bob Kinicki Presenter -
CS Spring 2014 CS 414 – Multimedia Systems Design Lecture 41 – P2P Streaming (Part 5) Klara Nahrstedt.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
An Analysis of the Skype Peer-to- Peer Internet Telephony Protocol Salman Baset and Henning Schulzrinne April 27, 2006.
Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.
Skype Relay Calls Skype Relay Calls Measurements and Experiments Wookyun Kho Salman Abdul Baset Henning Schulzrinne.
Application layer (continued) Week 4 – Lecture 2.
More about Skype. Overview Any node with a public IP address having sufficient CPU, memory and network bandwidth is a candidate to become a super node.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
Peer-to-Peer Intro Jani & Sami Peltotalo.
Peer-to-peer VoIP Kundan Singh, Salman Baset and Henning Schulzrinne Internet Real Time Laboratory Computer Science Dept., Columbia University, New York.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Application Layer PART VI.
Reliability and Relay Selection in Peer- to-Peer Communication Systems Salman A. Baset and Henning Schulzrinne Internet Real-time Laboratory Department.
Skype & its protocol Aaron Loar CPE 401. Introduction Skype’s Background Topology 3 Node Types Questions.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Tracking down Traffic Dario Bonfiglio Marco Mellia Michela Meo Nicolo’ Ritacca Dario Rossi.
KaZaA: Behind the Scenes Shreeram Sahasrabudhe Lehigh University
Forensic and Investigative Accounting
Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen.
ON THE STABILITY OF SKYPE SUPER NODES Anat Bremler-Barr Ran Goldschmidt Interdisciplinary Center Herzliya Haifa University
VoIP Case Study1 VoIP Case Study: Skype Dr. Danny Tsang Department of Electrical & Electronic Engineering Hong Kong University of Science and Technology.
An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and.
VoIP: Skype architecture & complete call setup Seminar 2 By: Prateek Arora.
 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.
1 Telematica di Base Applicazioni P2P. 2 The Peer-to-Peer System Architecture  peer-to-peer is a network architecture where computer resources and services.
Skype Bruce Maggs. 2 Gratuitous Quote of the Day "There have been members of the Maggs family in south east Suffolk since the great subsidy of 1327 but.
1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Skype P2P Kedar Kulkarni 04/02/09.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
SYSTEM ADMINISTRATION Chapter 7 TCP/IP. Overview (OSI Model Review) The OSI Model is a layered framework that provides structure for data communications.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
Outline Overview Video Format Conversion Connection with An authentication Streaming media Transferring media.
Case Study II: A Web Server CSCI 8710 September 30 th, 2008.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
2: Application Layer1 Chapter 2: Application layer r 2.1 Principles of network applications  app architectures  app requirements r 2.2 Web and HTTP r.
Security in Skype Prepared by Prithula Dhungel. Security in Skype2 The Skype Service P2P based VoIP software Founded by the founders of Kazaa Can be downloaded.
An analysis of Skype protocol Presented by: Abdul Haleem.
Networking Fundamentals. Basics Network – collection of nodes and links that cooperate for communication Nodes – computer systems –Internal (routers,
Voice over IP B 林與絜.
Sniffer, tcpdump, Ethereal, ntop
Lecture 10. P2P VoIP D. Moltchanov, TUT, Fall 2014
© 1stworks Corp. The Connected Community 85% of US corporations have a PC 75% of these PCs have an Internet connection 50% of US households have a PC 80%
Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.
Instant Messaging. Magnitude of the Problem Radicati reports that 85% of enterprises today use IM. Furthermore, Radicati predicts IM usage increases will.
Peer-to-Peer Networks - Skype Hongli Luo CEIT, IPFW.
K. Salah1 Security Protocols in the Internet IPSec.
@Yuan Xue CS 283Computer Networks Spring 2011 Instructor: Yuan Xue.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
SOSIMPLE: A Serverless, Standards- based, P2P SIP Communication System David A. Bryan and Bruce B. Lowekamp College of William and Mary Cullen Jennings.
A special acknowledge goes to J.F Kurose and K.W. Ross Some of the slides used in this lecture are adapted from their original slides that accompany the.
Skype.
An Experimental Study of the Skype Peer-to-Peer VoIP System
Chapter 2 Introduction Application Requirements VS. Transport Services
Skype P2P communication
Chapter 15 – Part 2 Networks The Internal Operating System
Lecture9: Embedded Network Operating System: cisco IOS
Lecture9: Embedded Network Operating System: cisco IOS
Presentation transcript:

An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Salman Abdul Baset and Henning Schulzrinne December 15, 2005

Agenda What is Skype? What problems does it solve? The Skype network The Skype software components Experimental setup The Skype functions How to block Skype? Skype, MSN, and Yahoo Disassembling the executable Unanswered questions

What is Skype? Peer-to-peer, pc-to-pc, pc-to-phone, phone-to-pc VoIP client Developed by people who created KaZaa First version in September 2003 60,000 downloads in first week, 219 million downloads (till yesterday) Current version: 1.4.0.84 and 2.0 beta SkypeOut (pc-to-phone) introduced in July 2004 SkypeOut terms of service: governed by the laws of Luxembourg SkypeIn, voicemail OS: Windows, Linux, MacOS, PocketPC

What problems does it solve? NAT and firewall traversal Nielsen September 2005 ratings 61.3% of US home internet users use broadband (http://www.nielsen-netratings.com/pr/pr_050928.pdf) ‘Most’ users have some kind of NAT Superior voice quality than MSN or Yahoo IM clients Phone-to-pc calling, SkypeIn Yahoo is starting to imitate Skype services

A p2p illusion? Login server Servers for SkypeOut and SkypeIn Anonymous call minutes statistic gathering

The Skype Network

The Skype Network (contd…) Ordinary host (OH) A Skype client Super nodes (SN) Has public IP address, ‘sufficient’ bandwidth, CPU and memory Login server Stores Skype id’s and passwords Used at login for authentication Version 0.97: 80.160.91.11 now: 212.72.49.141 and 195.215.8.141 sdfsdf

Skype Components Ports No default listening port Randomly chooses a port (P1) on installation Opens TCP, UDP listener sockets at P1 TCP listener sockets at port 80, 443

Skype Components (contd…) Host cache (HC) IP address and port number of online Skype nodes (SNs) At least one valid entry must be present in HC Maximum size: 200 entries ‘Understanding KaZaa’: 200 entries for ordinary node (ON) Login server IP address and port number Stored in Windows registry in version 0.97 Now present at C:\Documents and Settings\All Users\Application Data\Skype

Skype HC (ver: 0.97)

Skype HC

Skype Components (Contd…) Codecs (GlobalIPSound) Wide band codecs (50-8,000 Hz) iLBC (packet size: 20 and 30 ms bitrate: 15.2 kbps and 13.3 kbps) iSAC (packet size: 30-60 ms bitrate: 10-32 kbps) G.729 for SkypeOut? Buddy list Stored in ‘config.xml’ file C:\Documents and Settings\<XP user>\Application Data\Skype\<skype user id> <CentralStorage> <LastBackoff>0</LastBackoff> <LastFailure>0</LastFailure> <LastSync>1120325519</LastSync> <NeedSync>0</NeedSync> <SyncSet> <u> <skypebuddy1>f384d3a0:1</skypebuddy1> <skypebuddy2>7d1dafc4:1</skypebuddy2>

Experimental Setup I have NOT reverse engineered Skype executable but it can be done Skype version: 0.97.0.6, 1.0, 1.2, 1.4 Experiments performed between Feb-May 2004, June-July and Nov-Dec 2005. Tools Used Ethereal (for packet capture) NetPeeker (for tuning the bw) NCH Tone generator (for generating tones of various frequencies) APIMonitor (for monitoring the sys calls)

Experimental Setup (Contd…)

Skype Functions Startup Login User Search Call Establishment Media Transfer Keep-Alive NAT and firewall Traversal Conferencing

Skype Functions: STARTUP First time startup GET /ui/0/97/en/installed HTTP/1.1 Normal startup GET /ui/0/97/en/getlatestversion?ver=0.97.0.6 HTTP/1.1

Skype Functions: LOGIN Must establish a TCP connection with SN HC must contain at least one valid SN Bootstrap Super Nodes IP address:port Reverse Lookup Result Authority Section 66.235.180.9:33033 sss1.skype.net ns1.hopone.net 66.235.181.9:33033 No PTR result 212.72.49.143:33033 ns-pri.ripe.net 195.215.8.145:33033 ns3.DK.net 64.246.49.60:33033 rs-64-246-49-60.ev1.net ns2.ev1.net 64.246.49.61:33033 rs-64-246-49-61.ev1.net 64.246.48.23:33033 ev1s-64-246-48-23.ev1servers.net ns1.ev1.net

Skype Functions: LOGIN Public, NAT Establish a TCP connection with the SN Authenticate with the login server Announce arrival on the network (controlled? flooding) Determine NAT type? Firewall

Skype Functions: LOGIN 16 3 1 0 0 17 3 1 0 0 16 3 1 0 0 . . . . 17 3 1 0 0 len . . . .

Skype Functions: LOGIN 1536 and 2048 (skype account) bit RSA to negotiate symmetric AES keys Central Server Signing Key SS and Verification Key VS Client: user name A, password PA, RSA key pair SA and VA VS embedded in the Skype executable 256 bit AES session with the login server Key is chosen at random and encrypted with the public key of the login server {A, H(PA), VA} VS to login server (msg 3) {A, VA} SS to client (msg 4) Source: Tom Berson’s security evaluation

Skype Functions: LOGIN

Skype Functions: LOGIN Public NAT Firewall Data Exchanged 9 kilobytes 10 kilobytes 8.5 kilobytes Time to login 3-7 seconds 30-35 seconds

Skype Functions: USER SEARCH From the Skype website Global Index (GI) Technology Guaranteed to find a user it exists and logged in the last 72 hours Search results are cached at intermediate nodes Unable to trace messages beyond SN Cannot force a node to become a SN Host cache is used for connection establishment and not for SN selection User does not exist. How does search terminate? SN searches for a user behind UDP-restricted firewall Same search query from two different machines initiated at the same time give different results Wildcard queries supported

Skype Functions: USER SEARCH Public NAT Firewall Data Exchanged 1-2 kilobytes 2-4 kilobytes

CALL ESTABLISHMENT Call signaling always carried over TCP Calls to non buddies=search+call Initial exchange checks for blocked users Public-public call Caller SC establishes a TCP connection with callee SC Public-NAT Caller SC is behind NAT Caller---->Skype node (SN?) ----> Callee TCP connection established between caller, callee, and more than one Skype nodes Unknown: How a node is selected to route calls from caller to callee? Perhaps determined at login Firewall-firewall call Same as public-NAT

CALL ESTABLISHMENT Public-public Public-NAT Firewall-Firewall Data Exchanged 4-5 kilobytes 6-8 kilobytes 6-7 kilobytes

Skype Functions: MEDIA TRANSFER 10/100 Mbps Ethernet Public-Public Public-NAT Firewall-firewall Packet Size 67 bytes 69 bytes Stream BW 5 kilobytes/s Transport UDP TCP

Skype Functions: MEDIA TRANSFER No silence suppression Silence packets are used to play background noise at the peer maintain UDP NAT binding avoid drop in the TCP congestion window Putting a call on hold 3 packets/sec to call-peer or Skype node same reasons as above Codec frequency range 50-8,000 Hz (total bw of 3 kilobytes/s) Reasonable call quality at (4 kilobytes/s)

Skype Functions: KEEP ALIVE Refresh message over TCP to SN every 60 seconds Refresh message size: 60 bytes

Skype Functions: CONFERENCING A, B, and C have public IP addresses A: Pentium4, 2GHz 1: B-A Call B: PentiumII , 300 MHz C: Pentium Pro 200 MHz

Skype Functions: CONFERENCING A, B, and C have public IP addresses A: Pentium4, 2GHz 1: B-A Call B: PentiumII , 300 MHz 2: B-C Call C: Pentium Pro 200 MHz

Skype Functions: CONFERENCING A, B, and C have public IP addresses A: Pentium4, 2GHz 1: B-A Call B: PentiumII , 300 MHz B decides to initiate a conference 2: B-C Call C: Pentium Pro 200 MHz

Skype Functions: CONFERENCING A, B, and C have public IP addresses A: Pentium4, 2GHz B A+C B: PentiumII , 300 MHz C A+B C: Pentium Pro 200 MHz

Skype Functions: CONFERENCING B and C are behind NAT. A has public IP addresses B Online Skype node A: Pentium4, 2GHz A 1: B-A Call A B B: PentiumII , 300 MHz C: Pentium Pro 200 MHz

Skype Functions: CONFERENCING B and C are behind NAT. A has public IP addresses Online Skype node A: Pentium4, 2GHz (public IP) B C A+B A+C B: PentiumII , 300 MHz (NAT) C: Pentium Pro 200 MHz (NAT)

How to block Skype? Block IP address and port of Skype login servers. Skype goes through super nodes. Inspect TCP payload of login messages and block outgoing login messages. Skype is blocked.

Skype, MSN, and Yahoo Application version Memory usage before call (caller, callee) Memory usage after call (caller, callee) Process priority before call Process priority during call Mouth-to-ear latency Skype 1.2 17 KB, 10 KB 18 KB, 19 KB Normal High 90ms~ MSN 6.2 20 KB, 19 KB 25 KB, 25 KB 95ms~, 130ms~ Yahoo 7.0 beta 33 KB, 33 KB 38 KB, 29 KB 190ms~

Call / IM Forking User can login from multiple machines All Skype instances notified of call arrival Pickup, cancel at other locations IMs delivered to all locations

Skype Online Users

Breaking the executable Skype does not run with ltrace Skype does run with strace nm does not reveal anything libcrypt is (perhaps) statically linked. ldd does not reveal anything Skype can be run with SoftICE, OllyDbg LD_PRELOAD technique

Unanswered questions How Skype encrypts and decrypts? SN to SN communication? One hop or multiple hop media relaying? How does search terminate if the user is not found?

Conclusion Login server and super nodes, not strictly peer-to-peer Code obfuscation, runtime decryption Multiple paths for ‘in-time’ switching incase of failures Other companies are following Skype damaka, peerio, pc-telephone

References Skype reports: http://www1.cs.columbia.edu/~salman/skype/ iSAC: http://www.globalipsound.com/datasheets/iSAC.pdf iLBC: http://www.globalipsound.com/datasheets/iLBC.pdf

Questions?