Extralabs Software
Home Products Purchase Download Forum Support
   

 

 

 

  

Skype Security Information

So what differentiates Skype from a lot of similar programs released those days in enormous quantities? Unlike other VoIP software, Skype used and still uses a P2P architecture which isn't a surprise actually if we recall the other products by Skype's creators. P2P is one of the main advantages of Skype: all voice traffic goes through nodes of the network each one being a user itself. So the more users are using the system, the better it works. Skype routes calls through computers of other users, and that allows users behind NAT or a firewall to connect with each other. By the time when Skype had been released, the VoIP market was overwhelmed with software and hardware products working via the SIP protocol - which definitely deserves to be reviewed in details. Unlike the closed Skype protocol, SIP is completely open-sourced, well developed and is simple for hardware implementation. As a sample protocol for SIP the HTTP protocol was used - SIP messages just like HTTP queries are sent via Internet in the text form, and their formats are very similar. This makes developing and debugging of SIP supporting programs easier, and quite likely that was one of the reasons of the high popularity of the SIP protocol. Just like Skype, SIP isn't centralized; there are multiple servers, and in fact anyone can setup its own server; all servers are connected to and interact with each other. The protocol merely establishes and manages the communication, while the type of communication data can vary. Not only voice data can be sent; this could be video, multimedia or interactive services as well. SIP is oriented to work in local networks and through Internet connections of wide bandwidths.

 

Skype is an exact antithesis of SIP, though some data point that it was modified SIP that lies in the basis of Skype. Be that as it may, there are still more than enough differences between them: Skype - is a closed protocol, and due to its P2P structure it uses forced encryption (data are encrypted using AES-256, and to transfer the key, a 1024-bit RSA key is used in its turn. Public user keys are certified at the central Skype server when a user logs in, using 1536- or 2048-bit RSA certificates), and it handles extreme conditions much better than SIP. "Throw it out of the door, and it comes back through the window" - this phrase describes Skype's behavior best of all - if you close common range of UDP ports, it will switch to available TCP ones, and if things goes tougher, Skype can always use an HTTP-proxy. Some experts claim the only way to block Skype completely is to analyze all packets it sends - and they are encrypted, remember? All other simpler methods can't do anything with the program. The mentioned problem seriously worries special services of many countries in the world - some info can't be intercepted and decrypted - catastrophic! Though Switzerland, Australia, Austria, Germany and Russia have already implied that they have solutions to intercept Skype talks. Skype is often criticized by many security experts, even hackers. In 2007, in the 100th issue of the Russian "Hacker" magazine, Chris Kaspersky authored a long article entitled as "Skype: hidden menace". "Skype is a black-box with a multi-level encryption system", said Chris, "it is stuffed with methods to prevent debugging of the executable, and it reads your private information and sends it via Internet using a closed protocol. The latter avoids firewalls and strongly masks traffic to prevent blocking attempts. All of these make Skype an ideal way to transmit viruses, worms and drones creating their own network using existing Skype's resources".

But Skype captivated such wide audience no only with its encryption strength and resourcefulness, but also with two important things: simplicity and quality sound. Starting from the very first version released in fall 2003 Skype supported 10 languages and had extremely simple interface - unlike other IM's it was initially designed for voice calls. The ease of setup and registration of a new user processes also played a role. As for codecs, Skype uses SVOPC (16 kHz), AMR-WB (16 kHz), G.729 (8 kHz) and G.711 (it used to work also with ILBC and ISAC in the past), which allows receiving sound quality comparable with a usual phone line as long as you have sufficient connection speed [30-60 Kbit/s].
 

 

 

 

  

 

Home | Company | Articles | Products | Download | Purchase | Contact us

(c) Copyright ExtraLabs Software 2001-2021. All rights reserved.