Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in Skype Prepared by Prithula Dhungel. Security in Skype2 The Skype Service P2P based VoIP software Founded by the founders of Kazaa Can be downloaded.

Published byTracey Andrews Modified over 8 years ago

Similar presentations

Presentation on theme: "Security in Skype Prepared by Prithula Dhungel. Security in Skype2 The Skype Service P2P based VoIP software Founded by the founders of Kazaa Can be downloaded."— Presentation transcript:

1 Security in Skype Prepared by Prithula Dhungel

2 Security in Skype2 The Skype Service P2P based VoIP software Founded by the founders of Kazaa Can be downloaded free at: –http://www.skype.comhttp://www.skype.com Services –Both paid and free services available –Free - Instant Messaging - Voice and Video communication (PC to PC) A typical Skype user interface

3 Security in Skype3 Skype Architecture Hierarchical P2P architecture but involves a central Skype authority for registration and certification services Skype Architecture: Normal peers, super nodes, and centralized Skype server

4 Security in Skype4 Reverse Engineering of Skype Proprietary and closed source software Employs countermeasures against reverse engineering However, has undergone some reverse engineering attempts over a couple of years –Basis of understanding (part of) Skype security protocol

5 Security in Skype5 Skype Security Services Almost everything is encrypted, including protocol message headers (except some) Provides: –Confidentiality –User authentication

6 Security in Skype6 Security Phases 1)User registration - Register username at Skype server 2)User login - Get the one time public key for the user certified by Skype Server 3)User to User authentication 4)User to User communication

7 Security in Skype7 User Registration [1] 1.User selects a unique username (over the skype domain) and a password 2.Sends username and SHA -1 hash of password to the Skype Login Server, encrypted with the public key of the Skype Server 3.Skype server extracts username, hash of password using its private key Public Key of Skype Server known to client during Skype installation

8 Security in Skype8 User Registration [2] Skype Server Alice 1. K s + ( Username, H(pwd) ) Username : unique over Skype’s domain K s + : public key for Skype Server (hard coded in Skype application) H(): SHA -1 H(pwd) stored securely in the client 2. K s -(K s + ( Username, H(pwd) ))  Username, H(pwd)

9 Security in Skype9 Security Phases 1)User registration - Register username at Skype server 2)User login - Get the one time public key for the user certified by Skype Server 3)User to User authentication 4)User to User communication

10 Security in Skype10 User Login [1] 1.User (client application) generates 1024-bits public and private key pair (K A +, K A - )  One time key pair for the user for this login session 2.User generates 256-bits AES symmetric key (K) 3.Encrypts K A +, username and SHA-1 hash of password using K. 4.Encrypts K using public key of Skype Server

11 Security in Skype11 User Login [2] 5.Encrypted K A +, username and password hash and encrypted session key K are sent to the Skype Server 6.Login Server extracts K using its private key and decrypts username, password hash and K A + using K. 7.If username and password hash match, user is authenticated. Skype Server signs username and K A + pair to give certificate (C A ). 8.C A sent to user

12 Security in Skype12 User Login [3] Skype Server Alice 3. K s + (K), K (K A +, Username, H(pwd) ) 1.Generate one-time key pair (K A +, K A - ) and K 2. Store K A - securely 4. K s - (K s + (K))  K 5.K(K(K A +, Username, H(pwd)))  K A +, Username, H(pwd) 6.Verify Username and H(pwd) 7.K s - (Username, K A + )  C A 8. C A

13 Security in Skype13 Security Phases 1)User registration - Register username at Skype server 2)User login - Get the one time public key for the user certified by Skype Server 3)User to User authentication 4)User to User communication

14 Security in Skype14 User-to-User Authentication [1] 1.Users Alice (A) and Bob (B) want to authenticate and communicate to each other 2.Users get each other’s certificates - Alice sends Bob her certificate (that she obtained from Skype Server) and vice- versa 3.Each use 8 bytes challenge-response method to authenticate each other

15 Security in Skype15 User-to-User Authentication [2] Alice Bob 1. R 1 (8 bytes) 2. K B - (R 1 ) 3. K B + (K B - (R 1 )) == R 1

16 Security in Skype16 Security Phases 1)User registration - Register username at Skype server 2)User login - Get the one time public key for the user certified by Skype Server 3)User to User authentication 4)User to User communication

17 Security in Skype17 Encrypted P2P Communication [1] 1.After mutual authentication, Alice and Bob establish a 256-bits common session key K s (AES) for encryption 2.Each side contributes 128-bits for the 256-bits long K s 3.Each side sends its contribution to the other side, encrypted with the latter’s public key 4.Two 128-bits contributions combined in some way to generate the 256-bits secret session key K s 5.All traffic (voice, video and text) is encrypted

18 Security in Skype18 Encrypted P2P Communication [2] Alice Bob K B + (K 1 ) K A + (K 2 ) K A - (K A + (K 2 ))  K 2 K 1 + K 2  K s K B - (K B + (K 1 ))  K 1 K 1 + K 2  K s

19 Security in Skype19 Summary Some part of Skype security protocol has been deciphered Skype uses standard cryptographic techniques: –RSA –AES –SHA-1

20 Security in Skype20 References 1) An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol by S. A. Baset and H. Schulzrine –http://www1.cs.columbia.edu/~library/TR- repository/reports/reports-2004/cucs-039-04.pdf 2) Silver Needle in Skype by P. Biondi and F. Desclaux –http://www.secdev.org/conf/skype_BHEU06.handout.pdf 3) Skype Security Evaluation by T. Berson –http://www.skype.com/security/files/2005- 031%20security%20evaluation.pdf

Download ppt "Security in Skype Prepared by Prithula Dhungel. Security in Skype2 The Skype Service P2P based VoIP software Founded by the founders of Kazaa Can be downloaded."

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Technical Presentation AIAC 2010-2011 Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.

Technical Presentation AIAC Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Skype & Network Management Taken from class reference : An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Salman A. Baset and Henning Schulzrinne.

Skype & Network Management Taken from class reference : An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Salman A. Baset and Henning Schulzrinne.
Voice over IP Skype.

Voice over IP Skype.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.
Skype & its protocol Aaron Loar CPE 401. Introduction Skype’s Background Topology 3 Node Types Questions.

Skype & its protocol Aaron Loar CPE 401. Introduction Skype’s Background Topology 3 Node Types Questions.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Similar presentations

Ads by Google