Re: Simson Garfinkel analyses Skype - Open Society Institute
Actually it's not that bad: using SIP, the RTP packets can be protected by SRTP (RFC3711, with an opensource implementation from Cisco at http://srtp.sourceforge.net/ ) SRTP...heh. Take a look at RFC3711 for a second. Specification of a key management protocol for SRTP is out of scope here. Section 8.2, however, provides guidance on the parameters that need to be defined for the default and mandatory transforms. VOIP KEX. *shudders* Voice is...unique. Session redirection is a first class function, as is active proxying, up to and including proxies that are payload-destructive (conference stream mixing). KEX in such an environment is a really painful problem, compared to the relatively solvable one of specifying a loss-tolerant encryption protocol. So, they only solved the latter, and figured something would come along for the former. Didn't really happen. (Full Disclosure: I work for Avaya, whose had a proprietary KEX implementation that handles all of this for the last few years. So it's not an unsolvable problem or anything like that. It's just really annoyingly hard.) --Dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Simson Garfinkel analyses Skype - Open Society Institute
From: Adam Shostack [EMAIL PROTECTED] Sent: Jan 29, 2005 12:45 PM To: Mark Allen Earnest [EMAIL PROTECTED] Cc: cryptography@metzdowd.com Subject: Re: Simson Garfinkel analyses Skype - Open Society Institute But, given what people talk about on their cell phones and cordless phones, and what they send via unencrypted email, they are acting like they think their communications are secure in the absence of any encryption. So I don't think adding some 'cryptographic mumbo jumbo' is going to change their sense of security in the wrong direction. One thing most people seem to miss about this, though, is that cellphones and cordless phones are *great* for privacy from other humans who live in your house or work in your office. When you don't want your children to hear a conversation, you can go take the call in the bathroom or in the car while you're driving alone. Everybody seems to miss this--cellphones and cordless phones don't diminish privacy, they just move it around. Sophisticated eavesdroppers can violate more of your privacy, but nosy family members, roommates, and office mates can violate a lot less. I thnk most people correctly evaluate which of these groups is more likely to do something unpleasant with what they learn by eavesdropping. It seems to me that VOIP pushes this in a somewhat different direction, because it's probably easy for your high-speed internet access (maybe a wireless hop to a router that talks to a cable modem) to be eavesdropped by moderately technically savvy nosy neighbors, and because there are a lot of criminals who are using more technology, and will surely target VOIP if they think they can make any money off it. Adam --John Kelsey - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Simson Garfinkel analyses Skype - Open Society Institute
On Sun, Jan 30, 2005 at 11:12:05AM -0500, John Kelsey wrote: | From: Adam Shostack [EMAIL PROTECTED] | Sent: Jan 29, 2005 12:45 PM | To: Mark Allen Earnest [EMAIL PROTECTED] | Cc: cryptography@metzdowd.com | Subject: Re: Simson Garfinkel analyses Skype - Open Society Institute | | But, given what people talk about on their cell phones and cordless | phones, and what they send via unencrypted email, they are acting like | they think their communications are secure in the absence of any | encryption. So I don't think adding some 'cryptographic mumbo jumbo' | is going to change their sense of security in the wrong direction. | | One thing most people seem to miss about this, though, is that cellphones and cordless phones are *great* for privacy from other humans who live in your house or work in your office. When you don't want your children to hear a conversation, you can go take the call in the bathroom or in the car while you're driving alone. Everybody seems to miss this--cellphones and cordless phones don't diminish privacy, they just move it around. Sophisticated eavesdroppers can violate more of your privacy, but nosy family members, roommates, and office mates can violate a lot less. I thnk most people correctly evaluate which of these groups is more likely to do something unpleasant with what they learn by eavesdropping. | | It seems to me that VOIP pushes this in a somewhat different direction, because it's probably easy for your high-speed internet access (maybe a wireless hop to a router that talks to a cable modem) to be eavesdropped by moderately technically savvy nosy neighbors, and because there are a lot of criminals who are using more technology, and will surely target VOIP if they think they can make any money off it. Hi John, That's a very interesting point. There are clearly times when it's the case. I suspect, with no data to back me up, that a form of hyperbolic discounting occurs here: The family member who is clearly present ends up dominating consideration, and the less likely/understood eavesdropping threat disappears. (As does the 'yell for attention, pick up another extension attack,' but that's another story.) Adam - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Simson Garfinkel analyses Skype - Open Society Institute
On Fri, Jan 28, 2005 at 02:38:49PM -0500, Mark Allen Earnest wrote: | Adam Shostack wrote: | I hate arguing by analogy, but: VOIP is a perfectly smooth system. | It's lack of security features mean there isn't even a ridge to trip | you up as you wiretap. Skype has some ridge. It may turn out that | it's very very low, but its there. Even if that's just the addition | of an openssl decrypt line to a reconstruct shell script. | | In that case, the value of 'better' is vanishingly small, but it will | still take an attacker at least 5 minutes to figure that out. | | I would contend that a false sense of security is worse than no security | at all. Someone's behavior may be different if they are wrongfully | assuming that their communications are encrypted by what they believe is | strong encryption when if fact it may be very very low. I fully agree with you that, if people had a sense of how their conversations could be eavesdropped on, then this would be the case. But, given what people talk about on their cell phones and cordless phones, and what they send via unencrypted email, they are acting like they think their communications are secure in the absence of any encryption. So I don't think adding some 'cryptographic mumbo jumbo' is going to change their sense of security in the wrong direction. Adam - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Simson Garfinkel analyses Skype - Open Society Institute
Adam Shostack [EMAIL PROTECTED] writes: On Mon, Jan 10, 2005 at 08:33:41PM -0800, David Wagner wrote: | In article [EMAIL PROTECTED] you write: | Voice Over Internet Protocol and Skype Security | Is Skype secure? | | The answer appears to be, no one knows. The report accurately reports | that because the security mechanisms in Skype are secret, it is impossible | to analyze meaningfully its security. Most of the discussion of the | potential risks and questions seems quite good to me. | | But in one or two places the report says things like A conversation on | Skype is vastly more private than a traditional analog or ISDN telephone | and Skype is more secure than today's VoIP systems. I don't see any | basis for statements like this. Unfortunately, I guess these sorts of | statements have to be viewed as blind guesswork. Those claims probably | should have been omitted from the report, in my opinion -- there is | really no evidence either way. Fortunately, these statements are the | exception and only appear in one or two places in the report. The basis for these statements is what the other systems don't do. My Vonage VOIP phone has exactly zero security. It uses the SIP-TLS port, without encryption. It doesn't encrypt anything. So, its easy to be more secure than that. So, while it may be bad cryptography, it is still better than the alternatives. Unfortunately. I don't buy it. How do you know that Skype is more secure, let alone vastly more private? Maybe Skype is just as insecure as those other systems. For all we know, maybe Skype is doing the moral equivalent of encrypting with the all-zeros key, or using a repeating xor with a many-time pad, or somesuch. Without more information, we just don't know. I'm sorry to pick nits, but I have to stand by my statement. No matter how atrociously bad other systems may be, I don't see any basis for saying that Skype is any better. It might be better, or it might be just as bad. We don't know. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Simson Garfinkel analyses Skype - Open Society Institute
On Thu, Jan 27, 2005 at 03:22:09PM -0800, David Wagner wrote: | Adam Shostack [EMAIL PROTECTED] writes: | On Mon, Jan 10, 2005 at 08:33:41PM -0800, David Wagner wrote: | | In article [EMAIL PROTECTED] you write: | | Voice Over Internet Protocol and Skype Security | | Is Skype secure? | | | | The answer appears to be, no one knows. The report accurately reports | | that because the security mechanisms in Skype are secret, it is impossible | | to analyze meaningfully its security. Most of the discussion of the | | potential risks and questions seems quite good to me. | | | | But in one or two places the report says things like A conversation on | | Skype is vastly more private than a traditional analog or ISDN telephone | | and Skype is more secure than today's VoIP systems. I don't see any | | basis for statements like this. Unfortunately, I guess these sorts of | | statements have to be viewed as blind guesswork. Those claims probably | | should have been omitted from the report, in my opinion -- there is | | really no evidence either way. Fortunately, these statements are the | | exception and only appear in one or two places in the report. | | The basis for these statements is what the other systems don't do. My | Vonage VOIP phone has exactly zero security. It uses the SIP-TLS | port, without encryption. It doesn't encrypt anything. So, its easy | to be more secure than that. So, while it may be bad cryptography, it | is still better than the alternatives. Unfortunately. | | I don't buy it. How do you know that Skype is more secure, let alone | vastly more private? Maybe Skype is just as insecure as those other | systems. For all we know, maybe Skype is doing the moral equivalent | of encrypting with the all-zeros key, or using a repeating xor with a | many-time pad, or somesuch. Without more information, we just don't know. The 'vastly more secure' is not my claim. My claim is that it is somewhat better. Even if it's using an RC4 key of all-zeros, it is somewhat better than what I have today, because today, my voip calls don't even have that, and as far as I can see, I can use asterisk's codec translator API to turn tcpdump captured streams into mp3. (http://www.asterisk.org/index.php?menu=architecture). The effort to get skype data is slightly higher. Until shown otherwise, I expect a grad student could do it in a weekend. However, that same grad student could build me a wiretap for VOIP in an hour. (By which metric, Skype is nearly 50x as secure :) | I'm sorry to pick nits, but I have to stand by my statement. No matter | how atrociously bad other systems may be, I don't see any basis for saying | that Skype is any better. It might be better, or it might be just as bad. | We don't know. I hate arguing by analogy, but: VOIP is a perfectly smooth system. It's lack of security features mean there isn't even a ridge to trip you up as you wiretap. Skype has some ridge. It may turn out that it's very very low, but its there. Even if that's just the addition of an openssl decrypt line to a reconstruct shell script. In that case, the value of 'better' is vanishingly small, but it will still take an attacker at least 5 minutes to figure that out. That was my claim. Similarly, I'd put VOIP above a POTs line, because I've tapped POTS lines with aligator clips and mis-functioning cordless phones. We agree that its not 'interesting' or 'useful' security. Adam - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Simson Garfinkel analyses Skype - Open Society Institute
Adam Shostack wrote: I hate arguing by analogy, but: VOIP is a perfectly smooth system. It's lack of security features mean there isn't even a ridge to trip you up as you wiretap. Skype has some ridge. It may turn out that it's very very low, but its there. Even if that's just the addition of an openssl decrypt line to a reconstruct shell script. In that case, the value of 'better' is vanishingly small, but it will still take an attacker at least 5 minutes to figure that out. I would contend that a false sense of security is worse than no security at all. Someone's behavior may be different if they are wrongfully assuming that their communications are encrypted by what they believe is strong encryption when if fact it may be very very low. -- Mark Allen Earnest Lead Systems Programmer Emerging Technologies The Pennsylvania State University smime.p7s Description: S/MIME Cryptographic Signature
Re: Simson Garfinkel analyses Skype - Open Society Institute
* David Wagner: I don't buy it. How do you know that Skype is more secure, let alone vastly more private? Maybe Skype is just as insecure as those other systems. For all we know, maybe Skype is doing the moral equivalent of encrypting with the all-zeros key, or using a repeating xor with a many-time pad, or somesuch. Without more information, we just don't know. Skype is unregulated. PSTN operators (and other VoIP services by large telcos) are subject to at least some scrutiny. There's another not readily observable property of Skype's network: reliability. Would anyone claim that Skype's network is more reliable than PSTN? I don't think so, even though we know as little about its reliability as about its security. And please don't forget that privacy of call records is much more important than encryption of the actual voice traffic. Doing interesting things with call record data is much, much cheaper than voice recognition, entire call archival and so on. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Simson Garfinkel analyses Skype - Open Society Institute
On Mon, Jan 10, 2005 at 08:33:41PM -0800, David Wagner wrote: | In article [EMAIL PROTECTED] you write: | Voice Over Internet Protocol and Skype Security | Simson L. Garfinkel | http://www.soros.org/initiatives/information/articles_publications/articles/security_20050107/OSI_Skype5.pdf | | Is Skype secure? | | The answer appears to be, no one knows. The report accurately reports | that because the security mechanisms in Skype are secret, it is impossible | to analyze meaningfully its security. Most of the discussion of the | potential risks and questions seems quite good to me. | | But in one or two places the report says things like A conversation on | Skype is vastly more private than a traditional analog or ISDN telephone | and Skype is more secure than today's VoIP systems. I don't see any | basis for statements like this. Unfortunately, I guess these sorts of | statements have to be viewed as blind guesswork. Those claims probably | should have been omitted from the report, in my opinion -- there is | really no evidence either way. Fortunately, these statements are the | exception and only appear in one or two places in the report. The basis for these statements is what the other systems don't do. My Vonage VOIP phone has exactly zero security. It uses the SIP-TLS port, without encryption. It doesn't encrypt anything. So, its easy to be more secure than that. So, while it may be bad cryptography, it is still better than the alternatives. Unfortunately. Adam - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Simson Garfinkel analyses Skype - Open Society Institute
People may already have seen this, but maybe not. Another Skype analysis: http://www.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf -- Chris Palmer Technology Manager, Electronic Frontier Foundation 415 436 9333 x124 (desk), 415 305 5842 (cell) 81C0 E11D CE73 4390 B6C7 3415 B286 CD8F 68E4 09CD pgpikIGZhSbq4.pgp Description: PGP signature
Re: Simson Garfinkel analyses Skype - Open Society Institute
- Original Message - From: David Wagner [EMAIL PROTECTED] Subject: Simson Garfinkel analyses Skype - Open Society Institute In article [EMAIL PROTECTED] you write: Is Skype secure? The answer appears to be, no one knows. The report accurately reports that because the security mechanisms in Skype are secret, it is impossible to analyze meaningfully its security. Actually that is not entirely true. While Skype has been getting more than it's fair share of publicity lately surrounding it's security the truth is that shortly after it's first release I personally had a discussion in their forums (should still be there if you find something by holomntn that's the correct one, I haven't discussed anything since). In that discussion it was shown that they clearly did not have a solid grasp on security, nor apparently had anyone of them read the SIP specification. During that conversation, and some future private ones, it has been revealed to me that Skype's security is questionable at best, and that they are in fact basically relying on security through obscurity. It is likely that this will work for quite some time simply because most IM conversations, and most phone conversations for that matter are simply not worth listening to. With that said, in their favor they do have substantial qualities. Because they effectively form a routed network an intermediate evesdropping attempt will have to sort through a substantial amount of undesired traffic (see Rivest on Wheat and Chaff for explaination of the security offered), this is possible because although there are security holes, the end stream is difficult to determine from random (AES/CBC). This creates a substantial boost in the amount of effort required to acquire a stream of significance unless the endpoints are known. The other big thing in their favor is that apparently very few people want to be bothered by analysing the security, basically if no one is looking it is secure. Additionally, in version 1.1 Skype appears to have begun providing a moving target for a break, between version 1.0 and 1.1 Skype performed some changes to the protocol, while I do not know the exact nature of these, even a simple investigation of the GUI shows some changes (IM someone with a different version you will be cautioned about protocol changes even though security is not listed), this moving target creates the possibility to generate some security through obscurity, and the ability to upgrade the security at a moments notice. Working against them. The biggest thing working against them is that a growing number of teenagers are using Skype (a significant portion of Gunderson High School in San Jose, Ca actually uses Skype during class, and has been busted by me for it). This poses a substantial risk for common hacking to occur. This is something that I am unclear on whether or not Skype has prepared. As the general populus begins to use Skype more the security question becomes of greater importance (reference the attacks on Windows that go on every day). With all that said it is important to note that I have no access to the current Skype protocol and I only briefly had limited access to an early one, so my analysis may be substantially off. Joe - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Simson Garfinkel analyses Skype - Open Society Institute
In article [EMAIL PROTECTED] you write: Voice Over Internet Protocol and Skype Security Simson L. Garfinkel http://www.soros.org/initiatives/information/articles_publications/articles/security_20050107/OSI_Skype5.pdf Is Skype secure? The answer appears to be, no one knows. The report accurately reports that because the security mechanisms in Skype are secret, it is impossible to analyze meaningfully its security. Most of the discussion of the potential risks and questions seems quite good to me. But in one or two places the report says things like A conversation on Skype is vastly more private than a traditional analog or ISDN telephone and Skype is more secure than today's VoIP systems. I don't see any basis for statements like this. Unfortunately, I guess these sorts of statements have to be viewed as blind guesswork. Those claims probably should have been omitted from the report, in my opinion -- there is really no evidence either way. Fortunately, these statements are the exception and only appear in one or two places in the report. All in all, a useful analysis. Thanks for posting that. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Simson Garfinkel analyses Skype - Open Society Institute
Voice Over Internet Protocol and Skype Security Simson L. Garfinkel January 7, 2005 With the increased deployment of high-speed (broadband) Internet connectivity, a growing number of businesses and individuals are using the Internet for voice telephony, a technique known as Voice over Internet Protocol (VoIP). With a VoIP system, two people can speak with each other by using headsets and microphones connected directly to their computers. Skype is a proprietary VoIP system developed by Skype Technologies S.A. Like the popular KaZaA file-trading system, Skype is based on peer-to-peer technology: instead of transmitting all voice calls through a central server, as some VoIP services do (Vonage, for example), Skype clients seek out and find other Skype clients, then build from these connections a network that can be used to search for other users and send them messages. Is Skype secure? How does its security compare with that of conventional telephone calls, or of other VoIP-based systems? In this article commissioned by OSI's Information Program, Simson Garfinkel, an expert on Internet security and networking issues, looks at the security properties of key importance for civil society organizations relying on Skype for voice communications. http://www.soros.org/initiatives/information/articles_publications/articles/security_20050107/OSI_Skype5.pdf -- News and views on what matters in finance+crypto: http://financialcryptography.com/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]