Network Security Special Topic on Skype Security - PowerPoint PPT Presentation

About This Presentation
Title:

Network Security Special Topic on Skype Security

Description:

Skype is used to call from one PC to another PC. ... The answer is, they cannot and Skype is secure. ... Skype does not encrypt the messages directly in this way. ... – PowerPoint PPT presentation

Number of Views:117
Avg rating:3.0/5.0
Slides: 26
Provided by: zhen6
Learn more at: http://www.cs.fsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Network Security Special Topic on Skype Security


1
Network Security Special Topic on Skype Security
2
Is Skype Secure?
  • Skype is used to call from one PC to another PC.
  • Think about it, your conversation is carried by
    routers in the Internet. If someone owns a router
    logs everything, can he figure out what you just
    told your friend?
  • The answer is, they cannot and Skype is secure.
    Actually governments are complaining about it
    because the police cannot eavesdrop the call.

3
All data is encrypted
  • Everything the sender sends out will be encrypted
    by AES (Advanced Encryption Standard).
  • So the encryption makes the data seen at the
    routers unreadable.
  • In this sense, Skype is secure from one Skype end
    to the other Skype end.

4
Block Cipher
  • AES is a Block Cipher, means that it maps a
    fixed-length (128 bits) input to a fixed-length
    (128 bits) output.
  • Given the same input bits, the Block Cipher
    always returns the same output bits. So, it is a
    mapping from the input to the output.
  • The decryption algorithm is just the reverse
    mapping.

5
The Key
  • The AES algorithm is known to the world. So if
    you can use AES to encrypt your data, anyone will
    be able to use the AES to decrypt your data and
    you achieved nothing.
  • So, you must make your encryption unique, even if
    you are using a well-known algorithm.
  • How?
  • By having a key. The key is unique to each
    session and the encryption result for one key is
    unique to other keys.

6
How AES works
  • AES takes 128-bit input and turn it into 128-bit
    output with the help of a 128 bit key (or 192, or
    256). (Skype uses 256 bit key)
  • The key is expanded into 11 sub-keys (K0, K1, ,
    K10.)
  • s M xor K0.
  • Then the following is executed 10 rounds.
  • s SBOX(s).
  • s shift_row(s).
  • s mix_col(s) if not the last round
  • s s xor Ki.
  • Return s.

7
  • The S BOX simply maps the input to an output
    according to a predetermined mapping.
  • The shift_row() does the following. Regard the
    16-byte s as a 4 by 4 matrix.

s0 s4 s8 s12 s1 s5 s9 s13 s2 s6
s10 s14 s3 s7 s11 s15
s0 s1 s2 s3 s5 s9 s13 s1 S10 s14 s2
s6 s15 s3 s7 s11
  • The mix_col does the following. ai is4 bytes.

02 02 01 01 01 02 03 01 01 02 02 03
03 01 01 02
a0 a1 a2 a3
a0 a1 a2 a3

8
The Integer Counter Mode
  • Skype does not encrypt the messages directly in
    this way.
  • It xores the plaintext (message) with the output
    of AES when taking a counter as input.
  • Just to run faster.

9
Problem solved?
  • So, is the problem solved?
  • No. How about the key? How can two Skype ends
    agree on the same key?
  • Can one end send the key to the other end in
    plaintext?

10
The public/private key.
  • Everyone has a public key and private key.
  • With Bs public key (pkB) A can encode data that
    only B can decode with his private key (skB)
    because other people does not have Bs private
    key.
  • D_skBE_pkB(W) W
  • E_pkBD_skB(W) W

11
The public/private key
  • So, A can choose a 128-bit string W as the
    session key and send E_pkB(W) to B. B runs the
    decryption algorithm to get D_skBE_pkB(W) W.
  • Skype actually asks two ends to both contribute
    128 bits to make the 256-bit session key.

12
The RSA algorithm
  • The RSA algorithm is used to get the public
    key/private key.
  • Choose two large primes, p and q.
  • Compute npq and z(p-1)(q-1).
  • Choose a number relatively prime to z and call it
    d.
  • Find e such that ed 1 mod z.
  • (e,n) is the public key for encoding and (d,n) is
    the private key for decoding.

13
The RSA algorithm
  • To encrypt a message M, CMe mod n.
  • To decrypt from C, M Cd mod n.
  • You can verify (non-trivial!) that
    D_skBE_pkB(M) M and E_pkBD_skB(M) M.

14
Why is RSA secure?
  • The problem is, given (d,n), can you figure out
    e?
  • It is difficult.
  • You can try to find p and q given n. If you
    indeed can, then you get z. Given z and d, you
    get e.
  • But it is difficult to factor large numbers.

15
Problem solved?
  • If someone calls you and claimed that he is Bob,
    how can you be sure he is indeed Bob before
    saying things confidential?
  • Imagine that someone impersonates your spouse and
    ask you to tell her/him your bank password with
    Skype chat.

16
Authentication
  • If someone claims he is A, how do you verify?
  • He should present something to you which you can
    check and which he can have if and only if he is
    A.
  • We can all think of certain things for our real
    friends, but does such thing exist in the
    electronic world?

17
The solution
  • Recall that everyone has a public key and a
    private key.
  • Suppose Alice and Bob knows each others public
    key.
  • If Alice wants to setup a session with Bob, she
    sends Bob a message E_pkBAlice, R_a, meaning
    that I am Alice and I want to talk to you, where
    R_a is a number picked at random.
  • Bob replies E_pkAR_a, R_b, K_s, where R_b is a
    number picked at random and K_s is the session
    key.
  • Alice replies AES_K_sR_b.
  • (not exactly the same as Skypes own protocol,
    but the idea is the same)

18
Explanations
  • Message 2. When Alice gets E_pkAR_a, R_b, K_s,
    she can decrypt it and can get R_a, R_b, K_s.
    When she sees R_a, she knows that this is the
    response she is waiting for and the sender must
    be Bob. Why?
  • Because no one except Bob knows how to decode
    E_pkBAlice, R_a to get R_a and R_a is totally
    random and it is impossible for one to guess it
    right.

19
Explainations
  • Message 3. When Bob gets AES_K_sR_b, he can use
    K_s to decode it to get R_b. Then he knows that
    this must be the message he is waiting for and
    the one who sent the first message must be Alice.
    Why?
  • Because no one except Alice knows how to decode
    E_pkAR_a, R_b, K_s to get R_b and K_s to get
    AES_K_sR_b.

20
Is problem solved?
  • How can Alice and Bob know each others public
    key?
  • Can Alice send a message to Bob to ask him to
    send her pkB?
  • No. Tom may intercept this message and return
    Alice a message with his key or some junk.

21
Solution?
  • Ask someone with authority, say, C.
  • Alice asks C can you tell me the public key of
    Bob?
  • C replies Here you are, pkB.
  • Will this work?
  • No. Because how can Alice be sure that this
    message is from C and not from Tom?

22
Solution
  • Because C is well-known, Alice remembers his
    public key.
  • So when C sends Alice the reply, he signs it
    with his private key D_skC(pkB, I am sending you
    the public key of Bob as you requested).
  • When Alice gets this message, she knows that this
    must be from C and can be trusted.

23
Problems?
  • If everyone must contact C before the session
    begins, can C still handle it?
  • Note that the RSA algorithm involves
    multiplications of large numbers and is slow.

24
Solution
  • In fact, C does not have to answer the reply in
    real time.
  • He can send Bob a certificate like D_skCI
    hereby certificate that this key
    belongs to Bob. Bobs IP address is and
    his email is _at__at__at__at_.
  • Later, when Bob wants to prove he is indeed Bob,
    he can just present this to Alice.
  • Actually, it is D_skCSHA_1I hereby certificate
    that this key belongs to Bob. Bobs
    IP address is and his email is _at__at__at__at_. and
    C is called Certificate Authority (CA).

25
Optimizations
  • Still, signing all these certificates is too much
    for a single machine.
  • There is PKI (Public Key Infrastructure) as a
    tree. You have a root, Regional Authorities, and
    CAs.
  • A node certifies the nodes under it by signing.
  • Chain of trust.
Write a Comment
User Comments (0)
About PowerShow.com