Skype, Category, million, calls, security, application, first, SkypeOut, voice, support, protocol, through, secure

40px
Skype (pronounced to rhyme with "type") is a proprietary peer-to-peer Internet telephony (VoIP) network founded by the entrepreneurs Niklas Zennström and Janus Friis, also founders of the file sharing application Kazaa. It competes against existing open VoIP protocols such as SIP, IAX, and H.323. The Skype Group, acquired by eBay in October 2005, is headquartered in Luxembourg, with offices in London and Tallinn. It has experienced rapid growth in both popular usage and software development since launch, both of its free and its paid services.

The Skype communications system is notable for its broad range of features, including free voice and video conferencing, and its ability to use peer to peer (decentralized) technology to overcome common firewall and NAT problems.

The use of end-user bandwidth in the form of supernodes, the use of closed source software in general and the use of closed source software for ecryption of network traffic in particular, have caused concern. Independent analyses of the software has addressed the latter to some degree.

System and software

Technology

thumb information is masked when a SkypeOut call is placed.]]
Each Skype user must have the Skype software running on his/her computer. This software is currently available free of charge and can be downloaded from the company website, but the software is proprietary.

The main difference between Skype and other VoIP clients is that Skype operates on a peer-to-peer model, rather than the more traditional server-client model. The Skype user directory is entirely decentralised and distributed among the nodes in the network, which means the network can scale very easily to large sizes (currently just over 100 million users) without a complex and costly centralised infrastructure.

Skype also routes calls through other Skype peers on the network, which allows it to traverse Symmetric NATs and firewalls, unlike most other VoIP programs (The two most common VoIP protocols, SIP and H323 are usually UDP and point-to-point, making NAT traversal problematic.) This, however, puts an extra burden on those who connect to the Internet without NAT, as their computers and network bandwidth may be used to route the calls of other users.

The selection of intermediary computers is fully automatic, with individual users having no option to disable such use of their resources.

This fact is not clearly communicated however and seems to contradict the license agreement, which limits Skype's usage of the user's "processor and bandwidth the purpose of facilitating the communication between user and other Skype Software users" (section 4.1).

The Skype code is closed source, and the protocol is proprietary; this has raised suspicion and drawn some criticism from software developers and the VoIP user communities.

The Skype client's application programming interface (API) opens the network to software developers. The Skype API allows other programs to use the Skype network to get "white pages" information and manage calls.

The Windows user interface was developed in Pascal using Delphi, the Linux version is written in C++ with Qt, and the Mac OS X version is written in Objective-C with Cocoa.

Security

Skype generates a significant amount of discussion on how secure its traffic really is. It has had an impact upon the security and culture of VoIP telephony because of this discussion and several design principles:
* All Skype traffic is encrypted by default and the user cannot turn it off.
* Skype reportedly uses openly available, strong encryption algorithms.
* The user is not involved in the encryption process and therefore does not have to deal with the issues of Public key infrastructure.
This has had an effect upon the rest of the market as they seek to offer competitive products. The security of internet communication has become an issue of which people are more aware and secure communication a feature they want to see in the products they use.

General

Since the Skype code is proprietary and closed source, the security of the software cannot be firmly established by independent experts; thus, its users — experts and non-experts alike — may base their usage of the product on merely trusting the manufacturer and behaviour of the software downloaded from sources authorised by the manufacturer. In 2004, Niklas Zennstrom, co-founder of Skype, appeared to admit in an article on The Register that the current security model used a relatively short key size, relied upon security through obscurity, and would not withstand open-source scrutiny:
}}

Since that time, at least two analyses of the Skype code have been published. Tom Berson of Anagram Laboratories, an encryption and security specialist of over thirty years standing, was invited by Skype to analyse their source code in October 2005. Separately, a reverse-engineered study by Philippe Biondi and Fabrice Desclaux, of the actual Skype release package in action, was presented at BlackHat Europe in March 2006.

The conclusions were broadly as follows:
* There are two sets of issues - discussion of the Skype system in general, and review of the security within its various parts and communications.
* Skype is a "complete black box" -- that is, it is extremely hard for the lay user to identify what it is doing, or what it might be doing, or how appropriately it is doing it. It uses security through obscurity to make itself troublesome to analyse or reverse engineer without a significant amount of work, or use of emulation.
* Every package virtually, including the actual software itself, is encrypted, often by means of public/private key signing methods or AES.
* The Skype software itself uses a great deal of code obfuscation and decryption in memory, including hundreds of checksummers and other anti-reverse-engineering devices.
* The protocol includes 1536- and 2048-bit public/private key pairs. These are not considered excessively long by modern standards, but are a strong barrier to decryption. Apparently, users of paid services obtain a replacement 2048 bit key (the 1536 bit key being standard). It also uses 256-bit AES over 128-bit blocks, which is considered strong.
* The Skype system automatically selects certain users with fast CPUs, good broadband connections and no firewall issues to be "supernodes", through which other users may connect. Skype can therefore utilise other users' bandwidth. (Although this is allowed for in the EULA, there is no way to tell how much bandwidth is being used in this manner). There are some 20,000 supernodes out of many millions of users logged on.
* There are notable "holes" in security in the area of the global Skype network -- that is, searches for contacts, and connection via supernodes, are trusted instead of requiring authentication. In some areas, "Skype trusts any computer that speaks Skype".
* Skype's file-transfer function does not contain any programmatic interfaces to antivirus products, although Skype claims to have tested its product against antivirus "Shield" products. If the EICAR test file is sent over Skype's file-transfer service, every major antivirus product appears to catch the virus and halt its transmission or reception via Skype.
*The lack of clarity as to content means that firewalls and systems administrators cannot be sure what Skype is doing. (The combination of an invited and a reverse-engineered study taken together suggest Skype is not doing anything hostile, although that does not mean it could not.) Firewall rules for Ip tables were given to block Skype for corporates.
*The full functionality of Skype was not reviewed; both studies appear to have focused upon its security. Thus, it cannot be said what else may or may not be present.
* The actual communication of any given Skype conversation is reported to appear relatively secure; both cryptographic analyses concluded that Skype had made good use of modern encryption techniques and had coded the actual encryption algorithms correctly within the software.

Resource usage

Skype accesses the hard disk several times per minute. This can be verified by observing the HDD's activity LED, or by using a file access monitor such as FileMon. Although those accesses are small, extremely fast, and safe in the short term, they can be harmful in the long term. In particular, the continuous access pattern does not allow the disk to enter "sleep" or "idle" modes while Skype is active, even when offline. This will cause the computer to consume more energy than otherwise, even when idle, but will not affect the lifespan of the HD (a hard disk will actually last longer if left spun up compared to being constantly spun up and down. Spinning down a hard disk is strictly a power-saving feature). Stronger HDD caching does not seem to improve this behavior.

Also, as mentioned above, certain users are selected by software to act as "supernodes". Under certain conditions, Skype is reportedly willing to accept thousands of connections, but is stated to limit itself to 40Kb/s upload and download.

Confidentiality of data

Since a Skype connection may be routed through an intermediate peer, 256-bit AES encryption actively encodes the data stream of each call, or file transfer. Skype uses 1536-bit RSA (2048-bit RSA for customers who have purchased any "paid services" such as voicemail) to secure the pairwise negotiation of an AES symmetric session key over an untrusted channel. Skype claims that the proprietary session establishment protocol is efficient and prevents both man-in-the-middle and replay attacks. The Skype server certifies each user's public key at login.

That said, Skype currently permits multiple concurrent logins: if an attacker is able to obtain a user's login password, the attacker could login as that user, and change their status to "Hidden". Thereafter, any chat sessions involving the real user are copied to the hacker's "ghost" account. If a user keeps their password secure, this is not of concern.

Integrity/authenticity of data

The integrity of the data, i.e. data modified while traveling though peers, even if encrypted, is unknown and undocumented. The mechanism and implementation has been examined in Berson's report - referenced below.

Authenticity of user identity

Skype provides an uncontrolled registration system for users: registration requires no proof (in means of state-issued ID card) of the identity of the user. This works two ways: you can use the system without revealing your real-life identity to other users of the system, but on the other hand you have no guarantees that the person you communicate with is the one they say they are in real life. The downside of this is that it is easy to use the personal name (but not identity) of a trusted person as a Skype nickname and trick a naive user into revealing information or executing a program sent to them.

It should be noted that this behaviour is, regrettably, common to all digitally-provided services: the exception is certificates from trusted certificate authorities.

Prank program

In September 2005 a prank program was launched online. This unauthorised patch allowed a Skype user to masquerade as another user. The technique was for the prankster to put up an attractive profile with a girl’s name and picture, and put that profile into "Skype me" mode. Within minutes generally another user would invariably try calling/chatting. The patch running the whole time would then partner up another call to the first caller, and send messages from the first person to the second, and vice versa. This way, both victims would think that they were talking to a third, fictitious user, while they were instead talking to each other. The patch only supported text messaging.

Linux-specific issues

While Skype support thrives in the Windows and Mac platforms, its popularity on Linux has suffered from its lack of interoperability with other platforms for some features; and frustration by some users at what they see as the company's inability to handle critical bugs.

While Skype has fixed some minor bugs, the latest stable major revision for Linux is still 1.2 (compare version 1.4 for OS X and 2.5 for Windows). Moreover, the main complaint of the user community remains unaddressed. Bugs that the company has thus far addressed have dealt merely with the installation issues, and not the functionality of the program: January 6, 2006, Skype made a bugfix release (1.2.0.21) to fix the broken Mandriva installation and issued official package to fix some broken deb dependencies in late March 2006; however, unofficial packages fixing the latter bug had been in circulation at least since November 2005. (It took some 5 minutes to repackage the program starting from the material on the official site.)

As welcome as late, these fixes have nothing to do with the main issue, rendering Skype virtually unusable on the present-day Linux desktop: even the most recent versions of Skype support only the old and obsolete Open Sound System (OSS) and not its successor, Advanced Linux Sound Architecture (ALSA). The ALSA system has deprecated the OSS system since Linux kernel version 2.6, which was first released in December 2003.

As a result, the Skype version currently in distribution needs extensive system configuration, and does not work well with other audio programs. A related issue that seems to be a bug in Skype's implementation (and not fixed by and including the version 1.2.0.21) makes Skype unable to make more than a single call before restarting the program is necessary.

There are some workarounds to these problems, like the skype_dsp_hijacker -wrapper, but these are tedious and often require extensive system administration.

However, Skype does appear to be addressing this; an open beta has been released with ALSA support. http://share.skype.com/sites/linux/2006/06/open_beta.html

In addition, since Skype is not open-source, it cannot be included in the main repositories of distributions like Debian. This also prevents it from being re-compiled by the Linux community for other hardware architectures than the ones proposed. As of writing, only Linux on x86 is supported.

Milestones and releases

:For detailed changelog see Skype changelog .
;2002-2004:
* September 2002: Skyper Limited received its founding investment from Draper Investment Company
* April 2003: Skype.com and Skype.net domain names registered
* August 2003: First public beta version released
* June 2004: Beta release of version 0.98.0.28 with first support for SkypeOut. Credits by voucher only initially, then from website.
* July 2004: Release of Version 1.0 for Windows.
* October 2004: 1 million Skype users online simultaneously.

;2005:
* February 2005: 2 million users online simultaneously
* March 2005: SkypeIn Public Beta starts. Skype reports 1 million SkypeOut users and 29 million registered users. 84 million software downloads and 5.98 billion talk minutes served. Central contact lists introduced with v1.2
* April 2005: Downloaded more than 100 million times.
* May 2005: 3 million online at once.
* June 2005: Ten billion minutes of voice conversation served.
* August 2005: Call forwarding introduced with 1.4 beta.
* September 2005: SkypeOut banned in South China.. eBay announces purchase of Skype (Sept 12).
* October 2005: eBay completes purchase of Skype (Oct 14).
* December 2005: videotelephony introduced in Skype-to-Skype calls with v2.0 beta.
;2006:
* January 2006: Skype 2.0 released. Five million concurrent Skype users on line.
* April 2006: 100 million registered users.
* March 2006: A third party paper analyzing the security and methodology of Skype is presented at Black Hat Europe 2006.
* May 2006: Skype 2.5 beta introduces Skypecast preview and SMS messaging. Skype users spoke for 6.9 billion minutes during the first quarter 2006. Skype now handles 7% of the world's long-distance minutes. Skype for Mac 1.4.0.49 is released, the first Universal build of Skype. First major "free minutes" offer with SkypeOut to US and Canadian landlines free until December 2006.
* June 2006 Skype 2.5 for Windows released. A Mac version with video, named Skype for Mac 1.5 Beta, is leaked on the Skype site before pulled shortly afterwards. The version is currently available through third party sites http://www.digg.com/apple/Skype_beta_for_mac_with_video_support! but Skype has warned Mac users not to use it, as it might be unstable and might delete a user's contacts. http://share.skype.com/sites/en/2006/06/skype_for_mac_with_video_comin.html
* July 2006 Three new Skype toolbars for Web, email, and desktop applications, designed to let people initiate voice and video calls, and instant messages directly from computer applications such as Microsoft Outlook and Internet Explorerhttp://about.skype.com/2006/07/skype_introduces_new_toolbars.html .

Versions now exist for Microsoft Windows (2000, XP and CE (Pocket PC)), Mac OS X and GNU/Linux. The Linux version runs on FreeBSD through its Linux binary compatibility.

Usage

right

It was reported that six million concurrent Skype users were online as of March 27 2006. Skype Journal reported five million concurrent Skype users online January 20 2006 and expects, during the summer of 2006, 7 million users online, and by March 2007, 10 million concurrent Skype users online. The highest concentration of users online occurs between 3PM and 4PM CET.
On April 27, 2006 Skype reported it had more than 100 million registered users.

SR Consulting reviewed 4 million Skype user profiles in October 2005 and produced some demographic information reported by Skype News and Skype Journal.
* Average claimed age: 29.7 years old.
* About 46% of Skypers are in Europe, but Brazil and China have the most Skype users of any country, with China coming in at 13% of the Skype population.
* Gender information is inconclusive so far. More than half of all users declined to state their sex.

Criticisms

Skype has been criticised over its use of a proprietary protocol, instead of an open standard like H.323, IAX, or SIP, since this makes it impossible for other providers to interact with the Skype network. There are of course clear business reasons for this, since it helps protect the SkypeOut revenue stream from competition.

A design limitation of Skype is that, if given access to an unrestricted network connection, Skype clients can become supernodes. These supernodes hold together the peer-peer network and provide data routing for those behind restrictive firewalls. Unfortunately, these supernodes can generate a significant amount of bandwidth—saturating a high-speed, 100 Mbit/s connection is not unheard of. For this reason some network providers, such as universities, have banned Skype.

A third party paper analyzing the security and methodology of Skype was presented at Black Hat Europe 2006. . It analyses Skype inside and out. Some of the bad things discovered:
* Heavy use of anti debugging techniques (typically found in malware)
* Heavy use of obfuscation of code
* Keeps chatting on the network, even when idle (even for non-supernodes)
* Blind trust in anything else speaking Skype
* Ability to build a parallel Skype network
* Lack of privacy (Skype has the keys to decrypt sessions)
* Heap overflow in Skype
* Skype makes it hard to enforce a (corporate) security policy
* "No way to know if there is/will be a backdoor"

Some parties allege that Skype's success to date is due to marketing and may not be a direct indication of service and call quality. However, others argue that the market penetration of a product such as Skype is a good indication that it is the best product available. Skype has been more successful in obtaining mass popularity for its service than other pre-existing VoIP telephony services.

SkypeOut rates are "per minute" based. By contrast in some countries, domestic calls can be charged at a specified (usually low) fixed rate per call, meaning that despite having lowered charges during 2006, SkypeOut can be comparatively expensive for certain inland calls.

Another criticism of Skype has been content filtering. See: Internet censorship in mainland China - International Corporations

While available for most operating systems, there is no Skype version for the Palm OS which is widely used in mobile devices like the Treo 700p.

Legal and political aspects

Skype faces challenges from two main legal and political directions - challenges to its intellectual property, and political concerns by governments who wish to exert more formal control over aspects of their telecommunications systems.

Skype's technology is proprietary and closed to outside review. It is unknown to what extent it can potentially intrude upon other parties' patents and copyrights. It is not unreasonable, therefore, to expect legal challenges from third parties concerning Intellectual Property issues.

Legal challenges

Streamcast lawsuit

In January, 2006, StreamCast Networks filed a complaint in U.S. District Court in Los Angeles, accusing Skype of stealing its peer-to-peer technology. The $4.1 billion lawsuit did not initially name eBay, Skype's parent company; however, the lawsuit was amended in a filing with Federal Court in the Central District of California on May 22, 2006, to include eBay and 21 other parties as defendants.

Streamcast seeks a worldwide injunction on the sale and marketing of eBay’s Skype Internet voice communication products, as well as billions of dollars in unspecified damages.

IDT lawsuit

On June 1, 2006, Net2Phone (the Internet telephone unit of IDT Corp.) filed a lawsuit against eBay and Skype accusing the unit of infringing US Patent 6,108,704 which was granted in 2000.

Political issues

China 2005

For a brief period, SkypeOut was blocked in some regions of mainland China (notably Shenzhen) by the operator China Telecom for undisclosed reasons; it has been speculated that this may relate to SkypeOut's ability to take lucrative international and long-distance business away from the People's Republic of China's state-controlled telecommunications companies.

Skype has been involved in the censoring of politically-sensitive messages for the regime of the People's Republic of China.

Skype is one of many companies (others include AOL, Google, Microsoft, Yahoo, Cisco) which have cooperated with the Chinese government in implementing a system of Internet censorship in mainland China. Critics of such policies argue that it is wrong for companies to assist in such policies, which might allow them to profit from censorship and restrictions on freedom of the press and freedom of speech. Human rights advocates such as Human Rights Watch and media groups such as Reporters Without Borders state that in their view, if companies stopped contributing to the authorities' censorship efforts the government could be forced to change.

Niklas Zennstrom, Skype's chief executive, told reporters that its joint venture partner in China is operating in compliance with domestic law. "Tom Online had implemented a text filter, which is what everyone else in that market is doing," said Mr Zennstrom. "Those are the regulations." "I may like or not like the laws and regulations to operate businesses in the UK or Germany or the US, but if I do business there I choose to comply with those laws and regulations. I can try to lobby to change them, but I need to comply with them. China in that way is not different."

France 2006

In September 2005, the French Ministry of Research, acting on advice from the general secretariat of national defence, issued an official disapproval of the use of Skype in public research and higher education; some services are interpreting this decision as an outright ban. The exact reasons for the decision were not given, but speculatively may relate to issues noted earlier, relating to inability to monitor the nature of information being communicated, possible extreme resource usage, or unknown potential actions of the software.

Skype group (corporate)

On October 14 2005, eBay acquired the company for €1.9 billion in cash and stock, plus an additional €1.5 billion in rewards (earn out) if goals are met by 2008.

Skype business ecology

Skype vs. traditional phone companies

Phone companies have traditionally charged users a large amount, often proportional to the distance, for long-distance calls. Skype, arguably the first major VoIP software, allowed people to talk over the Internet for free. This led to many home users with broadband capability to switch to Skype for placing their calls over the Internet. Skype, encrypted end-to-end and claiming to be secure, has also attracted large corporations who are beginning to switch from their traditional phone companies for their internal calls. Phone companies were suddenly out of favor in the markets which patronized Skype.

Distribution partners

Skype has partnered with online web properties including Tom.com, ChinaGate, PcHomeOnline, Daum, Livedoor, Bebo and Onet and hardware manufacturers including Plantronics, Logitech, Motorola, VTech, RTX, Siemens and Linksys.

Skype voice services

Skype has partnered with Tellme Networks, Voxpilot and Voxeo to enable content providers to create new voice services. These platform partners enable the voice services, provide development resources and manage the submission process for new services.

Compatible hardware and software products

Netgear newly announced a Skype preloaded phone which does not have to be connected to a computer to use Skype; it uses a Wi-Fi wireless router connection instead.

Sony Mylo

It has been announced that Motorola will release a similar product (CN620 Wi-Fi cell phone). The Accton Wi-Fi Phone for Skype will also be sold under its own brand name, Edge-Core(WM4201). The i-mate PDA2 also comes with a preinstalled Skype.

Intel and Skype have entered into a partnership resulting in Skype providing advanced conference-calling features exclusively on PCs that run Intel chips. With this deal, customers who want to take advantage of multi-person conference calls cannot do so on AMD-based machines. The need for an Intel CPU is superficial and the program can be modified to allow the extra conference call features to run on an AMD CPU. AMD has questioned the legality of this agreement as part of its anti-trust lawsuit against Intel.

IPEVO is a Skype hardware partner. Its first product, Free-1, is the first Skype-certified product supporting both Windows and Mac OS.

IPdrum provides the IPdrum Mobile Skype Solution, providing users with the possibility to use the mobile phone as a Skype device. Provided that the user has a calling plan that allows free calls between specific numbers, this solution enables virtually free mobile Skype telephony.

Vitaero is a Skype-certified software plugin that enables Bluetooth headsets to be used with Skype.

There are many third-party software products that work with Skype or build upon the Skype API to provide additional features such as voicemail and call recording.

Competition and alternatives

Competitor actions and analysis

* In May 2006, Tele 2 began to challenge Skype with the open protocol based Parlino-service.

Open source alternatives

*amiciPhone: A free secure peer-to-peer VoIP application
*Ekiga: A free application that supports both H.323, SIP, audio and video. Ekiga was formerly known as GnomeMeeting.
*Kiax : VoIP application based on IAX
*PSI : The current Beta version has protocol support for Google Talk
*Switchboard : Free VoIP applet which works from within a web browser. Works on Windows, Mac, Linux, and any other Java enabled platform. No installation necessary
*Tapioca : Includes support for Google Talk
*WengoPhone: A free VoIP application based on SIP open standard

Closed source alternatives

*Google Talk: popular service provided by Google
*Gizmo Project: A closed source VoIP application based on SIP open standard and uses SRTP between clients. Now offering http://www.gizmoproject.com/learnmore-allcallsfree.html free] landline/cell calls to over 60 countries
*iCall: A closed source free VoIP application based on SIP open standard and providing free PC to Phone calling in the US and Canada.
*Jajah: Alternative where no headset, no download, no installation and no broadband connection is necessary. A VoIP call gets activated between two normal phones.
*Secure Shuttle Transport (SST) : Free encryption and secure messaging software including VoIP and video. Works on PCs running Windows 98 or higher.
*SightSpeed : Free video and voice calling service supporting Mac & Windows. Also allows phone out and in calling.
*Vbuzzer: A VoIP softphone and service as well as an active advocator of SIP open standard
*VoIP Buster : A VoIP application offering 300 minutes per week of free calls to landlines in many countries, including the EU, USA, Australia, etc.
*VoIP Stunt : A VoIP application offering 300 minutes per week of free calls to landlines in many countries, including the EU, USA, Australia, etc.
*Zfone is a solution of Phil Zimmermann (inventor of PGP) to encrypt VoIP (SIP) sessions, protocol published as IETF draft. http://www.ietf.org/internet-drafts/draft-zimmermann-avt-zrtp-01.txt
*TipicIM : A free VoIP application, Videocalling based on XMPP/Jabber and Speex audio codec support

References

External links

*Official Skype website
*Skype VoIP - Introduction, Guide and Frequently Asked Questions
*Paper on the Skype protocol
*White paper on Skype, focus on supernodes
*Skype Security Evaluation by Tom Berson (Anagram Laboratories)
*Paper discussing Skype's internals from a security perspective (Black Hat Europe 2006) - Philippe Biondi & Fabrice Desclaux
*Pretty May - A free third-party plugin that expands Skype's features
*Comparison of landline and mobile rates of Jajah, Skype, Gizmo, VoipBuster
*Skype, Zennstrom, Friis Et Al Sued for RICO Violations
*ULRTCS for Skype - Speaks Skype chat messages. Free to use.
*ULRTMT for Skype - Translates Skype chat languages in real-time. Free to use.
*Telephonenglish - English lessons with Skype
*Single Skypers - dating service
*Mixxer language exchanges
*Independent Skype voice services developer's community

Category:Telephony
Category:VoIP software
Category:File sharing programs
Category:Teleconferencing
Category:Groupware
Category:Communication
Category:Collaboration
Category:Instant messaging
Category:Social networking
Category:On-line chat
Category:Telephone service enhanced features
Category:Freeware
Category:Windows instant messaging clients
Category:Mac OS instant messaging clients
Category:Linux instant messaging clients
Category:Web 2.0
Category:VoIP protocols
Category:VoIP companies
Category:EBay