

Defeating Skype Encryption Without a Key - privacyguru
http://www.securityweek.com/defeating-skype-encryption-without-key

======
JoachimSchipper
Edited form of my comment from <http://news.ycombinator.com/item?id=2590731>,
which discussed the same finding:

\- Skype's encryption algorithm is not, itself, broken;

\- Skype uses a "prediction" algorithm (LPC) to compress voice streams;

\- therefore, words etc. have a specific pattern of bandwidth use;

\- bandwidth use of encrypted compressed data is equal to bandwidth use of
data that has only been compressed;

\- these patterns (which can be detected "through" the encryption) allow
fairly good reconstruction of the voice stream.

If you like this kind of thing, Google "ssh keystroke timing attacks", or,
more generally, "traffic analysis".

------
aidenn0
The article isn't really clear, you need to read the paper. Quick summary:

They can use the size of the packets to find boundaries to different phonemes,
which can then be used to check for e.g. what language is used, or even
against known phrases. They have also had some success at determining which
phonemes are used based solely on the length of the VBR packets.

------
gvb
Interesting. They are using frequency analysis[1] of LPC phonemes rather than
characters. This implies the sound is not encrypted at all (security by
obscurity). It definitely implies the (voice) data stream is not being
encrypted as a stream.

[1] <http://en.wikipedia.org/wiki/Frequency_analysis>

~~~
SriniK
Streams are encrypted. They are exploiting VBR(variable bit rate) part of the
Skype's architecture. Skype uses VBR to make sure they pack enough fidelity
while maintaining the low bandwidth requirements.

It is an interesting paper to read. Initially I thought they exploited LPC
which is the base for all our mobile communications as well. As long as VOIP
provider doesn't opt for VBR compression, their networks are immune from this
attack.

From the paper.

 __ _Under VBR, the size of the codebook entry, and thus the size of the
encoded frame, can vary based on the complexity of the input frame. The
speciﬁcation for Secure RTP (SRTP) [3] does not alter the size of the original
payload; thus encoded frame sizes are preserved across the cryptographic
layer. The size of the encrypted packet therefore reﬂects properties of the
input signal; it is exactly this correlation that our approach leverages to
model phonemes as sequences of lengths of encrypted packets._ __

Also, they included the solution.

 __ _For this reason, the use of constant bit-rate codecs is important to
consider as an alternative to simple block ciphers for VoIP, since such codecs
might improve call quality given a relatively large ﬁxed packet size. Another
alternative might even be to drop or pad packets [19, 27, 57], though, in that
case, the effect on perceived call quality is unclear. We note, however, that
VoIP providers have made no move to employ any such measures: Skype’s SILK,
for instance, is a VBR codec. Similarly, one of the leading proposals for 4G,
the LTE Advanced standard, speciﬁes a VBR codec for audio [1] and the use of
SRTP to secure voice data channels._ __

