Archive for the ‘Skype’ Category

Smile like key logger 1 & 2 or implementation error, software as service, and be the best

Monday, February 27th, 2006

Always approach that person behind the counter with a smile and always asked them how they are doing. Not only is it pleasant, but it will get you better service as well. Most people just take them for granted – if you do not, it will stand out in a good way.

This is key when your seat reservation on that last minute, packed flight you had to book for business is awful. You could use electronic checkin, but you know there are better seats being held open (not available via electronic checkin) and you want one of them.

-

In DIY news,

Here’s how to make a PS/2 keyboard line keylogger

This was of interest because of a generic saying my buddies and I used to have when I was younger that revolved around attacks, such as social engineering techniques, key loggers, implementation errors, and rubber hoses, that often violated the assumptions of threat models and rendered the security mechanisms of a system moot – we used to say “yeah right, crypto this.” The term derived from our feeling that crypto was often not the weakest link and that claims like such and such crypto being used meant a product/system/whatever was amazingly “secure” were often effectively meaningless. (This previous post comes to mind.)

via Schneier on Security

-

In this same groove… FUD about “crypto for the masses” still exists, as this article about Skype illustrates. But, the interesting item is this.

[...]For the FBI, keyloggers are a popular choice; they obviate the need for backdoors or for sophisticated computer solutions. They simply steal the password. The same (metaphorical) approach may give them access to Skype calls; rather than breaking the encryption, they simply grab the key and decrypt the data.

There we go. “Yeah right, crypto this.”

Also of note,

The FCC ruled last year that VoIP providers need to offer backdoors into their systems for wiretapping reasons, but Skype isn’t based in the US and so is not subject to the rule. It is subject to the EU’s new Data Retention Directive, though, which may require them to retain call logs and decryption keys for a period of time. If so, real-time monitoring of Skype calls would still be out, but after-the-fact review of recorded calls from people of interest might well be possible for the government.

Key escrow. (Even without key escrow, 1024 bit RSA keys are coming within reach – that means a passive adversary could archive the calls, crack the 1024 bit RSA keys used during key transport (thus compromising the 256 bit AES keys used for data encryption), and satisfy those voyeuristic tendencies.)

via cypherpunks

-

A simple crypto implementation error.

The Perl Crypt::CBC module versions through 2.16 produce weak
ciphertext when used with block encryption algorithms with blocksize >
8 bytes.

Ciphertext encrypted with Crypt::CBC using the legacy RandomIV header
and the Rijndael cipher is not secure. The latter 8 bytes of each
block are chained using a constant effective IV of null, meaning that
the ciphertext will be prone to differential cryptanalysis,
particularly if the same key was used to generate multiple encrypted
messages. Other >8-byte cipher algorithms will be similarly affected.

Whoops, that ain’t AES in CBC mode. :)

-

This article discusses IBM’s belief and moves in the “software as service” area.

The growing interest in hosted applications, or software as a service, among corporate customers has prompted IBM to focus its ISV program on hosting, said Buell Duncan, IBM’s general manager of ISV and developer relations.

“Software as service” fits with this old post, in particular as another example for the following paragraph.

Selling software is so last century, much like long distance call fees. New software is distributed for free virtually immediately after its development, regardless of a company’s desire to sell it, and we could chat about ways to control that, but I don’t think there is much point in that. Services are what matter now.[...examples...]

Coming from a small business background, the real-world example of a successful “software as service” that always comes to mind is salesforce.com. They built a great CRM that should be at the top of the list for consideration by any small business looking at deploying such a tool.

Thanks to Potter for the pointer.

-

And, everyone here enjoyed this post by Lindstrom.

Don’t be first. Be best… at something. It doesn’t even have to be a product function – it could just as easily be customer service or price.

Amen.

(Should I start splitting these into seperate posts?)

Posted in Crypto, Customer service, Security, Skype, VoIP | 3 Comments »

Skype, anonymity, and timing

Monday, January 23rd, 2006

The proceedings from the 2005 ACM CCS conference arrived Saturday, and I noticed that “Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet” was included in it. The paper is freely available online, and, since it falls in line with recent posts (Skype/VoIP, anonymity, and timing attacks), I figured it worth mentioning.

Our analytical and experimental results demonstrate that (1) tracking anonymous peer-to-peer VoIP calls on the In-ternet is feasible and (2) low latency anonimizing systems are susceptible to timing attack. Our VoIP tracking tech-nique does not require the global monitoring capability, and it could be used to determine if party A is communicating (or has communicated) with party B via peer-to-peer VoIP even if the VoIP traffic is (or has been) disguised by low latency anonymous communication systems.

The attack was demonstrated on Skype, and custom software was written for Linux to perform the watermarking of traffic. It is effective enough, even when traffic is piped both through the Skype network and an low-latency anonymizing service.

In this section, we empirically validate our active water-mark based tracking of anonymous, peer-to-peer VoIP calls on the Internet. In specific, we conduct our experiments with real-time Skype peer-to-peer VoIP calls over the com-mercially deployed anonymizing system of findnot.com.

In all of the following experiments, we use 24-bit water-marks with embedding delay a=3ms and redundancy num-ber r=25. With this set of watermarking parameters, the watermarking of VoIP flow only requires 1200 packets to be delayed by 3ms. Given the 30ms packetization interval of Skype VoIP calls, the transparent watermarking can be applied to any VoIP calls that are as short as 90 seconds.

Out of the 9900 pairs of uncorrelated flows, no one has less than 6 different bits between the two watermarks decoded. There are 10 pairs of uncorrelated flows that have 6 different bits. Therefore, if we choose 5 as the number of allowed error bits, we would have 99% true positive rate and 0% false positive rate. If we use 6 as the number of allowed error bits, we would get 100% true positive rate and 0.1% false positive rate.

The paper contains the details. Some of the interesting papers referenced in it follow.

As many of this blog’s reader knows, the general consensus out there is that no one knows exactly how effective low-latency mix networks are at providing anonymity, but current incarnations don’t look too good (in the cypherpunk anonymity threat model). Of course, what level of anonymity is enough for a particular use depends on the threat model.

(Side note, I enjoy the CCS conference proceedings, as the conference seems to cover a wide variety of topics and flipping through the papers is always interesting.)

Posted in Security, Skype, VoIP | 3 Comments »

Skype 2.0 released

Tuesday, January 10th, 2006

Running behind on posting about Skype news, Skype 2.0 for Windows left beta and was officially released late last week. The following is an excerpt from a Share Skype blog post.

Key new stuff in here:

  • Video (obviously!). Free one-to-one video calls.
  • Contact grouping. Finally here for heavy users.
  • Mood messages.

Contact grouping is quite useful, and that is the most immediately relevant change to us. Video calling for Skype is cool, and hopefully we will put it to good use in the future. We have yet to really utilize video calls for anything that voice calls could not have handled, but the ability to communicate strengthens when you can bring in body language and other media (like paper or white boards), depending on the quality of the call. I think it would be good to have video calls with our customers (that support it), and perhaps this could become part of our process for repeat customers in the nearer term. (In the longer term, I am sure video calls will start to become more and more common in general, regardless of Skype.) Of course, video calls are also fun for chatting with friends.

The latest Windows release of the Skype client can be found here. The main download page for Skype can be found here, but Skype clients on platforms other than Windows are running behind (e.g., no video call support).

Posted in D-Kriptik, Skype | No Comments »

Comments on comments on the Skype security report

Tuesday, October 25th, 2005

I got in from running around town in the cold, miserable weather outside and was pointed to the following post on Skype Journal.

The Skype Forum is buzzing with commentary on Tom Berson’s security white paper. Most of it from sidewalk superintendents.

I thought I would find an industry specialist to talk with.

Please meet Michael Gough.

The whole post should be reviewed to see what Michael Gough has to say, and it gives a little background on him. I have three comments on Michael Gough’s statements.

  1. “Nothing custom; nothing home grown. The fact that Skype followed industry best practices helped to ease my concerns and those in my field as to how Skype actually implemented their encryption scheme.”

    From the details provided, we know Skype has not created home brew cryptographic algorithms (the implementations are custom), and the report did ease some of our concerns. However, the report is a summary of conclusions and, as such, is quite vague. For example, we do not know much about the protocols being utilized, especially for session key negotiation, and these do appear to be home grown. And, the CRC usage is an example to me of not using industry best practices (of course, VoIP is not my industry).

  2. “Skype uses 256-bit AES to encrypt every session between users. More important, this encryption changes each time you contact someone via IM, file transfer, or a voice call. So if some malicious person managed to capture all the data and managed to figure out your AES key, it would be worthless for the next call you make with Skype. Cracking the AES key would take someone roughly 20 years, so it’s not very probable.”

    The fact is, we do not know enough to make such statements. The key life cycle for Skype has not been provided to us. For example, without knowing how these AES session keys are generated and exchanged, claiming the strength of the session confidentiality is equivalent to that of cracking AES encryption with a 256 bit key is not possible and there is no guarantee of perfect forward secrecy.

    Let’s take the example of a very simple, RSA-based key exchange between two clients to demonstrate the example given in the preceding paragraph. (This is not a step-by-step example of a key exchange, and we are not going into the various types of attacks, just a couple relevant to what we want to demonstrate – please don’t beat me up on this piece. :) ) Let’s say each client has a static, 1024 bit RSA key pair. Both clients generate a 128 bit random values from a reasonable pseudo random number generator seeded with a solid amount of gathered, whitened system entropy, encrypt these key components using RSA with the other client’s public key, exchange these encrypted key components with each other, decrypt the encrypted key component using their respective private keys, and then simply concatenate these two values to form a 256 bit AES key. This key exchange is weaker than the 256 bit AES key being exchanged (e.g., an ideally generated RSA key pair with a 1024 bit modulus being used for RSA encryption is not close to equivalent in strength to (half of) a 256 bit AES key being used for AES encryption), and it lacks perfect forward secrecy (e.g., if the RSA private keys are compromised, then all AES session keys negotiated between these two clients (or one half of the session keys negiotated between one of these clients and another client) under these RSA key pairs are compromised, regardless of whether new session keys are generated during each key exchange, assuming the adversary can eavesdrop on the key exchange as they can the established session).

    When I skimmed the report previously, I did not see any claims in the report as to the confidentiality of the session being as strong as the underlying AES primitive with a 256 bit key nor to perfect forward secrecy.

  3. “Tom found some code issues, didn’t he? Well are they fixed yet? Where is the proof? How will Skype continue to test their security with third parties like Anagram Labs?” Security is an on going process and one security evaluation will not be enough to convince the biggest of security skeptics.”

    Very true, reading the post on the Skype blog, there is no statement as to whether they actually made changes with respect to the issues discussed in the report. I also wonder if they are reading the comments on the report and other questions raised by security people.

This is not to put the Skype security assessment nor Michael Gough’s positive comments in a negative light. As stated in a previous post,

Now, I do feel Skype provides confidentiality beyond a traditional phone company. I still believe the protocols should be publicized fully for proper evaluation, but I think Skype has done a good job having a respectable and known third party evaluate the security assessment of its system. That is a big step, and I was particular encouraged by the following statement from the blog post.

    As Skype and its software and services evolve, so does the need for security and similar reviews. This won’t remain the last one, but we’re happy to get our security review process off the ground with this report.

My set of thoughts as I skimmed the report can be found in a previous post.

(Ok, time for some hot coffee!)

via Skype Journal

Posted in Crypto, Skype, VoIP | 3 Comments »

Skype security

Sunday, October 23rd, 2005

Once again, we have fallen behind on reading the multitude of blog feeds we are subscribed to, but I just noticed the Skype blog posted that a general security analysis has been performed on the workings of the Skype system. I downloaded the report, which is essentially a summary of the results of the analysis. While details of the proprietary protocols are not given, it does provide some information about the mechanisms being employed and clearly states that the author of the report, Tom Berson of Anagram Laboratories, feels that Skype has done a good job of designing security elements into its system. The conclusions are summarized in the following statements at the end of the report.

The designers of Skype did not hesitate to employ cryptography widely and well in order to establish a foundation of trust, authenticity, and confidentiality for their peer-to-peer services. The implementers of Skype implemented the cryptographic functions correctly and efficiently. As a result, the confidentiality of a Skype session is far greater than that offered by a wired or wireless telephone call or by email and email attachments.

Beyond errors in the cryptosystem, I have also looked for back doors, Trojans, overreaching “debugging” facilities, etc. I did not find any hints of malware in the portions of the Skype code I reviewed.

I remember a post we wrote back in September of this year, in which I stated the following.

On a side note, the article glazes over the security of VoIP, as it does anything technical being outside the focus, but Werbach does give the following example.

    “Skype, for example, encrypts every call end to end, providing more privacy than any traditional phone company.”

It may, it may not. I tend to think it is no worse.

The main drawback of Skype is that it uses proprietary protocols. For example, the cryptographic protocol has not been publicly disclosed.

Now, I do feel Skype provides confidentiality beyond a traditional phone company. I still believe the protocols should be publicized fully for proper evaluation, but I think Skype has done a good job having a respectable and known third party evaluate the security assessment of its system. That is a big step, and I was particular encouraged by the following statement from the blog post.

As Skype and its software and services evolve, so does the need for security and similar reviews. This won’t remain the last one, but we’re happy to get our security review process off the ground with this report.

On a side note, some things I noted while skimming the paper. Berson’s conclusions pretty much summed these up.

  1. The code correctly implements AES using a block size of 128 bits and a key size of 256 bits. Standard AES-256 test vectors and keys were compared to the Skype AES. Skype AES matches the results produced by other implementations. Skype put significant effort into making Skype AES run quickly. It is optimized for Integer Counter Mode.

    Optimized AES implementations can be susceptible to information leaks, like these. Berson later points out

    It is well known that implementations of cryptographic operations may sometimes leak information about the plaintext or the key through their consumption of shared resources, such as storage, CPU time or power.

    and

    I consider this a minor problem, because a malicious program running on the same platform as a Skype client could do much greater damage directly.

  2. B. A CRC is computed on the contents of the encrypted buffer. The mod 2 sum of the CRC with the low order 2 bytes of the packet_index is stored in the last 2 bytes of the buffer.

    No keyed message authentication code (MAC) for integrity, just a squishy CRC. Berson later points out

    CRC-type checksums are commonly used in communication protocols to reliably and efficiently detect bit errors. However, because they are linear, they may be unsuitable for the purpose of detecting intentional modification of data.

  3. Why use AES with a 256 bit key when RSA with a ?? (client-client), 1536 (client-server), or 2048 (client-server) bit modulus is being used for key exchange? It could be planning for future changes that will strengthen the key exchange mechanism.
  4. There is no discussion on the coding practices utilized by the Skype team. For example, is code reviewed for common errors, such as buffer overflows? Berson finds

    I found a potential error associated with the decoding of integers. The error does not imperil the confidentiality of Skype communications, but might lead to unpredictable behavior in the presence of malicious inputs. I communicated this information to Skype engineering.

  5. The details on the protocols being used, especially for key exchange, are vague. While more information is given, it still requires leaps of interpretation by the reader to figure out what may be going on.
  6. Bravo to Skype for this initial security review.

Update: Whoops, forgot – via Share Skype

Posted in Crypto, Skype, VoIP | 2 Comments »

Skype again

Tuesday, September 27th, 2005

I just saw this post by TechCrunch about the Skype roadmap, as I was catching up on my RSS/Atom feeds.

Upcoming version 1.5, schedule to be released in October, is to add video and client-side web presence features. Version 1.6, in November, streamlines the client and adds social networking, among other features.

Cool.

via TechCrunch

Also, I listened to the interview with PCHome people on the Skype blog (later realizing that the blog entry was a full transcription of the interview), and there was this little blurb about the current and future products of IPEVO.

Not only Free-1 USB phone which is selling very well. We’re going to launch a cordless USB phone, a WiFi phone and speakerphone and so on. So we have a lot of plans for the future.

This reminded me of an earlier entry on the Skype blog.

Folks in our secret undercover engineering labs were kind enough to let me play with our recent WiFi phone prototype. We’re working with many companies on a wild variety of hardware concepts and the WiFi phone is just one example.

Nothing new here, but still cool.

via Share Skype

Last note, a new version of Skype has been released for GNU/Linux, which the change log shows as fixing a number of bugs and improving call quality. And, there is a Debian package available.

Posted in Off-topic, Skype, VoIP | No Comments »

Skype adds call forwarding

Thursday, September 1st, 2005

Skype provides VoIP, peer-to-peer software that allows voice phone calls between Skype users over an IP-based network. In other words, you can make phone calls over the Internet. Skype-to-Skype calls are free, as is the Skype software itself. Skype is easy to use and the call quality is quite good, which is why we use it; however, it also uses a proprietary protocol, which limits openness/interoperability and makes me wonder about the security considerations factored into design.

Skype has many additional, useful services. SkypeIn allows calling a Skype user over a standard phone line by providing a standard phone number that essentially serves as a gateway into the Skype network. SkypeOut allows the reverse, calls from Skype to standard phones.

We use Skype at D-kriptik for a number of purposes, one of which is to provide a static phone number through the SkypeIn service. With our “headquarters” currently based in my apartment and my migration across New York City (NYC) in progress, Skype gives us a low-priced, static [non-cell] phone number that follows us wherever we go, no matter what the borough.

However, Skype is also tied directly to our ability to be logged into our Skype account via our Skype client, which requires that we always have access to bandwidth with a device actively running a Skype client. Having bandwidth is not particularly hard in many parts of NYC, but having a running, connected client is quite difficult while on the go. So…

Skype has now added support for call forwarding, so that Skype calls can be forwarded to different phone numbers when you are not logged into Skype. This great new feature allows us to forward our Skype calls to our [cell] phones whenever when we are not logged into Skype, exactly what we needed.

(It looks like only the 1.4 Windows client supports configuring this new feature. The latest Skype clients can be found here.)

Update: I forgot to mention a couple of other capabilities added to the 1.4 Windows client. The following text is taken directly from the Share Skype blog.

In order to make it easier for organizations to enforce their security and intellectual property protection policies, Skype for Windows 1.4 lets you disable the File Transfer feature and Skype API connections by having a special registry key. This is not only limited for businesses, of course – if you’ve got your grandma set up on Skype and are afraid someone may trick her into receiving a virus, you can disable these features for her too.

To disable Skype File Transfer, create a new key under HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, key name “DisableFileTransfer”, type DWORD, value 1. After this, outgoing file transfers will not be available and incoming file transfers will be silently rejected.

To disable Skype API, create a new key under HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, key name “DisableAPI”, type DWORD, value 1. After this, connection requests from all external Skype plugins and hardware will be ignored. (The location of the registry keys corresponds to Microsoft’s Registry-based Policy Guidelines.)

To enable either feature again, just remove the corresponding registry key and restart Skype. Disabling File Transfer or API does not affect any other Skype features in any way.

via Share Skype

Posted in Skype, VoIP | 7 Comments »