Cocoooooo
Páginas: 17 (4111 palabras)
Publicado: 7 de noviembre de 2010
1
SKYPE SECURITY EVALUATION
Tom Berson Anagram Laboratories 18 October 2005
berson@anagram.com skype:tomnd2t
1. Introduction and Summary
I have been a Skype user since August 2004. My 35-year long career as cryptographer and computer security expert has taught me to be professionally skeptical about the security of almost everything, especially of a system which is as adept as Skype atgetting through typical network defenses. So I re-formatted the hard disk on a spare computer and dedicated the box to the Skype application. Over the next few months I monitored the list of processes running on the machine, looking for anything suspicious. I also ran a number of experiments during which I captured and analyzed the packets flowing into and out of the box. I was looking formalicious activity and trying to figure out how Skype works. Perhaps you have run similar experiments yourself. You may imagine my delight when, in April 2005, Skype contacted me and invited me to compete for the job of performing an independent evaluation of Skype information security, with a special focus on the Skype cryptosystem. I traveled to the Skype engineering center in Tallinn, and to the Skypebusiness center in London. In each place I interviewed Skype people and was interviewed by them. The meetings went well; I won the business. Since 1 June 2005 I have been analyzing the security properties of Skype software and services, with a focus on the current and planned uses of cryptography. I have had unimpeded access to Skype engineers and to Skype source code. I have found out a lot aboutSkype. The more I found out, the happier I became. Skype makes wide use of cryptography to authenticate user and server identities, and to protect the content transmitted across the P2P network from disclosure by parties other than the peers. The cryptographic systems engineered for these purposes are welldesigned and correctly implemented. The goals of providing verified user identity andcontent confidentiality across the P2P cloud are achieved. I believe Skype can be proud of its intelligent and correct use of cryptography toward these ends. Skype uses only standard cryptographic primitives to meet its ends, which is a sound engineering approach. These primitives include the AES block cipher, the RSA publickey cryptosystem, the ISO 9796-2 signature padding scheme, the SHA-1 hashfunction,
ALR-2005-031
Skype Security Evaluation
18 October 2005
2 and the RC4 stream cipher. I looked at the Skype implementation of each of these, and verified that each implementation conforms to its standard and interoperates with reference implementations. Skype operates a certificate authority for user names and authorizations. Digital signatures created by this authority are thebasis for identity in Skype. Skype nodes entering into a session correctly verify the identity of their peer. It is infeasible for an attacker to spoof a Skype identity at or below the session layer. (I have not examined any higher layer code). Skype uses a proprietary session-establishment protocol. The cryptographic purposes of this protocol are to protect against replay, to verify peer identity,and to allow the communicating peers to agree on a secret session key. The communicating peers then use their session key to achieve confidential communication during the lifetime of the session. I analyzed this protocol, and found that it achieves its cryptographic aims. Further, I explored the strength of the protocol against a range of well-known attacks, including replay attack andman-in-the-middle attack. I determined that each of the attack scenarios is computationally infeasible.
1.1 Caveats
This report represents a four-month evaluation. A longer evaluation effort might uncover problems not yet seen. The Version 1.3 code base was evaluated. The code base continues to evolve beyond that snapshot.
1.2 Security Policy
A Security Policy defines what “security” means in the...
SKYPE SECURITY EVALUATION
Tom Berson Anagram Laboratories 18 October 2005
berson@anagram.com skype:tomnd2t
1. Introduction and Summary
I have been a Skype user since August 2004. My 35-year long career as cryptographer and computer security expert has taught me to be professionally skeptical about the security of almost everything, especially of a system which is as adept as Skype atgetting through typical network defenses. So I re-formatted the hard disk on a spare computer and dedicated the box to the Skype application. Over the next few months I monitored the list of processes running on the machine, looking for anything suspicious. I also ran a number of experiments during which I captured and analyzed the packets flowing into and out of the box. I was looking formalicious activity and trying to figure out how Skype works. Perhaps you have run similar experiments yourself. You may imagine my delight when, in April 2005, Skype contacted me and invited me to compete for the job of performing an independent evaluation of Skype information security, with a special focus on the Skype cryptosystem. I traveled to the Skype engineering center in Tallinn, and to the Skypebusiness center in London. In each place I interviewed Skype people and was interviewed by them. The meetings went well; I won the business. Since 1 June 2005 I have been analyzing the security properties of Skype software and services, with a focus on the current and planned uses of cryptography. I have had unimpeded access to Skype engineers and to Skype source code. I have found out a lot aboutSkype. The more I found out, the happier I became. Skype makes wide use of cryptography to authenticate user and server identities, and to protect the content transmitted across the P2P network from disclosure by parties other than the peers. The cryptographic systems engineered for these purposes are welldesigned and correctly implemented. The goals of providing verified user identity andcontent confidentiality across the P2P cloud are achieved. I believe Skype can be proud of its intelligent and correct use of cryptography toward these ends. Skype uses only standard cryptographic primitives to meet its ends, which is a sound engineering approach. These primitives include the AES block cipher, the RSA publickey cryptosystem, the ISO 9796-2 signature padding scheme, the SHA-1 hashfunction,
ALR-2005-031
Skype Security Evaluation
18 October 2005
2 and the RC4 stream cipher. I looked at the Skype implementation of each of these, and verified that each implementation conforms to its standard and interoperates with reference implementations. Skype operates a certificate authority for user names and authorizations. Digital signatures created by this authority are thebasis for identity in Skype. Skype nodes entering into a session correctly verify the identity of their peer. It is infeasible for an attacker to spoof a Skype identity at or below the session layer. (I have not examined any higher layer code). Skype uses a proprietary session-establishment protocol. The cryptographic purposes of this protocol are to protect against replay, to verify peer identity,and to allow the communicating peers to agree on a secret session key. The communicating peers then use their session key to achieve confidential communication during the lifetime of the session. I analyzed this protocol, and found that it achieves its cryptographic aims. Further, I explored the strength of the protocol against a range of well-known attacks, including replay attack andman-in-the-middle attack. I determined that each of the attack scenarios is computationally infeasible.
1.1 Caveats
This report represents a four-month evaluation. A longer evaluation effort might uncover problems not yet seen. The Version 1.3 code base was evaluated. The code base continues to evolve beyond that snapshot.
1.2 Security Policy
A Security Policy defines what “security” means in the...
Leer documento completo
Regístrate para leer el documento completo.