Sai Praveen Sadhu George Mason University Fall 2014, ECE 646

Transcription

1 Sai Praveen Sadhu George Mason University Fall 2014, ECE 646

2 VoIP - > Voice over IP Technology to send voice and mul9media over Internet Protocol. Skype is a good example of VoIP. Skype was developed in Till 2013 the amount of 9me spent on Skype voice and Video call is 1.4 trillion minutes. To be more precise 2.6 million years of conversa9ons in just 10 years. On an average around 5 million users are ac9ve.

3 Skype Internal Structure vital parts 1. Skype Client (SC) 2. Super Node (SN) 3. Login Server (LS)

4 Neighbor Supernode 9-10 Supernodes slots 8 slots - block

5 1. End to End (E2E) 2. End to Out (E20) aka PTSN End to End (E2E) clients on same IP Network End 2 Out (PTSN) PTSN Public Switched Telephone Network

6 1. Ports UDP and TCP ports for communica9on. 3 Ports mainly used a. Port which is greater than 1024 b. Port 443 c. Port 80

7 2. Host Cache Host Cache consists of list of Supernodes. Maximum number in a list =< 200 (approx characters) Host Cache starts and ends with a tag. <HostCache> Example - <HostCache> 4325DAF23424LK233432JKGLGL32GLJ23 ASGLK32423K4LGLK BLJDSFLA 7924HHSFONAOUIYASFBJ </HostCache> Interested to know where is this host cache, below is the link C:\Users\<user name>\appdata\roaming\skype\ AppData(Hidden Files), Shared.XML

8 4. Buddy s List Buddy s List is the list of all contacts that you have in your Skype This list is stored in config.xml located in your local PC. Skype will mainly rely on.xml files to operate. If we observe all the important informa9on is stored in.xml format. Syntax <skypebuddy1> </skypebuddy1> <skypebuddy2> </skypebuddy2> <skypebuddyn> </skypebuddyn> C:\Users\<user name>\appdata\roaming\skype\ Goto your user name and you can find config.xml

9 1. Startup 2. Login 3. User Search 4. Media Transfer

10 1. start 2. send UDP packet(s) to HC 3. if no response within 5 seconds then 4. akempt TCP connec9on with HC 5. if not connected then 6. akempt TCP connec9on with HC on port 80 (HTTP) 7. if not connected then 8. akempt TCP connec9on with HC on port 443 (HTTPS) 9. if not connected then 10. akempts if akempts == 5 then 12. fail 13. else 14. wait 6 seconds 15. goto step Success

11 Skype UDP Packet Format Payload ID FUN Data Frame 2 bytes 1 byte ID For Iden9fica9on Start of Message (SoM) - Unencrypted Fun Describe the payload audio or video etc.

12 Security policy under Skype consists of different parameters. 1. Username and Password combo. 2. Usernames must be unique. 3. Proof of Iden9ty is shared among the users who communicate via Skype. 4. No intermediate node has access to the messages which are transmiked from caller to caller when they are communica9ng.

13 It has mainly 3 components 1. Registra9on 2. Peer to Peer Key Agreement 3. Session Cryptography

14 Cryptographic Secret in Skype Central Server private signed key S S Public Verifica9on Key V S Iden9fier for the key pair Installed on every Skype client at build 9me. Enrolment in the Skype cryptosystem starts with registra9on Basic Requirement for Skype is Username A, Password P A

15 Skype client creates an RSA key pair at client loca9on. S A Private Key, V A Public Key Private key and Hash of the password are stored as securely as possible at client loca9on. In windows generally this is achieved by Windows CryptProtectData Applica9on programming Interface.

16 Client establishes 256 bit AES encrypted session with Central Server. The client sends username A, H(P A ) and V A (Public Key of client) to central server. The server stores (A, H(H(P A ))) in database. Once the username and the hash of hash of the password are stored in the database, the server signs an Iden9ty Cer9ficate for A. i.e. IC A IC A contains lot of things. * central server RSA signature binding username A and public key of the client V A which gives {A,V A } S S Key Iden9fier of S S. IC A returned to the client.

17 Usually there are 2 Central Server Key Pair 1. mod 1536 bits 2. mod 2048 bits The server decides which mod func9on it has to use. Generally if the client bought any premium services if will go with mod 2048 bits else it will go with mod 1536 bits.

18 Let us suppose A,B are calling on Skype 1 st 9me. A à B No Skype session between them. 64 bit nonces challenge IC A Iden9ty and Public Key - > IC A 128 bits 256 key 128 bits Modified and signed by private key Sound Cryptography Shared Key SK AB Nonce Arbitrary number used only once in a cryptographic communica9on.

19 All traffic in a session is encrypted by XORing the plain text with key stream generated by 256 bit AES running in ICM. Key used here is SK AB. Skype session contains mul9ple streams. ICM depends on Stream, Salt and Sequence of the stream. Salt random data used as addi9onal input, Dic9onary akacks

20 SkyDe stands for SKYpe hyde. SkyDe is a proposed method to use Skype un- compressed silence packets to hide data. In general large Skype packets carry voice and smaller packets carry silence. SkyDe uses this dis9nc9on to select silence packets.

21 CRC checksum Secret Sender Secret key is shared Secret Receiver Secret Data Sliding Time Window Algorithm 1. SWA size w is selected Seconds 2. Every packet with lowest size is updated and stored. 3. Average reference is calculated based on 3 lowest size packets. 4. Packet loss >= 70% - > fallback to TCP 5. Packets are iden9fied payloads are replaced with encrypted data.

22 1. Each packet is iden9fied by packet size. 2. Copied to buffer. 3. CRC checksum is verified and secret data is extracted. 4. Not important to erase the data because they are considered as lost.

23 Encrypted Secret Data s Decrypted Secret Data Secret data is extracted based on Packet size and CRC calcula9on. S SS s s SR S s s This Packet is treated as lost Packets with Voice Silent Packets

24 By u9lizing 20% of the silence packets, the quality is not at all degraded. If the u9liza9on is 30%, the quality is disturbed which is considered as negligible. More than 50% of u9liza9on will lead to degrade the quality however communica9on is possible between the peers. Taking a base, we consider 30% u9liza9on is op9mal amount to perform Skyde, in this case it gives us 1.8kbps transmission rate. U9liza9on 1 Quality

25 This presenta9on gives us knowledge of how cryptography works in Skype and also how Skype Steganography is performed. Experimental results show we can use up to 1.8 kbps of bandwidth in order not to disturb the voice call. Skype Steganography will provide an ample window for anyone to perform it without geyng detected, but it is very difficult though. As Skype is based on VoIP Telephony the same method can be applied for other services as well.

26