[VOIPSEC] Soft Phone Vulnerabilities
Craig Southeren
craigs at postincrement.com
Mon Jun 12 18:00:22 CDT 2006
On Mon, 12 Jun 2006 12:05:51 -0700
Jon Callas <jon at pgpeng.com> wrote:
> I'm going to take a giant step back, Craig, because you and I are
> down a rathole. I'm will restate my points back from the beginning.
>
> As I've said before, I'm not a Skype fan. I share all your concerns
> about Skype security, its lack of openness, and so on. I'm a co-
> author on a competing protocol (ZRTP) that I think has better
> security and better scaling.
>
> However, there are two very good documents I've read, and it appears
> that you're unfamiliar with them.
>
> The first is Tom Berson's. It is at <http://www.anagram.com/berson/
> abskyeval.html>, and he didn't reverse engineer it. He spent time
> with the developers, and at their request. Skype commissioned this
> report themselves. I think it counts as "peer review" when you hire
> someone reputable to do an analysis. This is not as good in my
> opinion as completely opening the doors up (which I do with PGP
> software), but it is nonetheless a form of peer review.
It is true I was not aware of this document. I've now read it and Tom
seems to have done a good job of reviewing the source code and looking
for potential problems. He certainly seems to know more about crypto than
I do :)
Regardless, a one time review of selected source code does not, in my
opinion, satisfy the criteria for peer review. What about other
platforms (Tom was given access only to the Windows code)? What about
the fact that the code he reviewed was for the 1.3 client, and Skype is
now up to 2.5beta? What about the code used on the servers?
I'm sure smarter people than me can find other reasons why this review,
while very interesting and certainly of excellent marketing value to
Skype, is a long way from constituting a comprehensive security review
of their protocol and network.
> I've also spoken to Tom about it, and he had many good things to say
> about them, their architecture, and their dedication to producing a
> quality cryptosystem. He's someone I trust, and he has said many good
> things about Skype. Before I read Berson't report, I was completely
> and peremptorily dismissive of Skype. Now, my criticisms of it (which
> we've not gotten to) are complex enough that they don't fit in a
> sentence or three. I understand that relatively few people have had
> the luxury of lunch with Tom to talk about what he thinks about Skype.
I guess I am being cynical, and I certainly don't want to be insulting
to Tom, but I suspect that Skype commissioned his paper as part of the
buyout of Skype by eBay. Not that this changes the technical merit of
his work, but I suspect the motivation behind this disclosure was less
to do with releasing information about the integrity of the security
mechanisms and more about setting the groundwork for the use of Skype
within eBay.
Given that Skype was doing business long before this time, I think the
timing says more about the business acumen of eBay than it does about
how keen Skype is to have external reviews of their code :)
> The second important report to read is the one from this year's Black
> Hat Europe. You can find it at: <http://www.secdev.org/conf/
> skype_BHEU06.pdf>. They *did* get their results through reverse-
> engineering. Nonetheles, I was pleasantly amazed to read about some
> very cool things in Skype that gosh-darn it, they *should* talk about
> publicly, like their anti-malware mechanisms.
I have seen this paper before, having been pointed to it shortly after
it came out by someone who attended the conference in Europe. This is an
impressive feat of reverse engineering, but once again, it is hampered
by the inability to prove full coverage of the code.
I'm suprised at your reference to anti-malware mechanisms. I interpreted
most of the mechanisms as being intended to prevent the kind of reverse
engineering that these guys has performed.
> So, there are two things to read, and I am surprised to see that
> there is as much attention to security in Skype as there is. While I
> disagree with some of the decisions they made, they're not idiots. If
> you are a competitor with them, the biggest favor they're doing for
> you is by *not* showing up in standards meetings. If Skype showed up
> in Montreal for the IETF and said, "Hi, we're here to open the
> kimono," that would be devestating to many competitors. The criticism
> that they are not open vanishes, and we're left with a protocol-to-
> protocol discussion of features and benefits. And they're not stupid
> people.
Skype is in the service provision business, not the protocol business.
Making their protocol public would cost them money, and possibly reveal
flaws in their network that they would rather not make public. I'm sure
they will continue to hedge their bets by asking in experts like Tom to
review their code, but I doubt they will release any more info any time
soon - there simply is no monetary reason for them to do so.
And please don't misinterpret my tone - if I was in Skype's position I
would probably do the same thing.
But let's assume that Skype did open their kimono and let it all hang
out. The short-term result would be a resounding nothing. There is
sufficient investment (both emotional and monetary) that nobody would be
throwing away their SIP or H.323 networks anytime soon. I would expect
that a whole bunch of Taiwanese companies would write their own Skype
stacks and stop paying Skype royalties for their stack, but that would
be about the only only immediate reaction.
Over time, the protocol would be reviewed and more implementations would
appear (provided that any parts that are encumbered by patents could be
licensed) but the end result would be nothing so dramatic. If Skype did
have any non-patented techniques that were useful, then they would be
adopted by other vendors (maybe). But the end result of all this would
be very little additional revenue gain for Skype, if not a loss, for a
significant monetary cost. This would be more than outweighed by the loss
of a significant competitive advantage. So my bet is that it's not
happening any time soon.
> Okay, on to what I have been saying:
>
> I have been hearing people say something of the form, "I don't like
> Skype because of X," and that remark puzzles me. I think that there
> are a couple of possibilities about this complaint:
>
> 1) I don't understand it. People get in a hurry and they don't have
> the time to be clear and precise, so they type some shorthand. I am
> reasonably certain that most of the issues are in this category,
> particularly here. We're all smart, busy people. That's why I've been
> asking questions. I think I don't understand.
I would agree that there is certainly a lot of knee-jerk reaction to
Skype of the "closed source is bad, open source is good" type. I'm
certainly not doing that.
> 2) The problem isn't a problem with Skpye per se, but with something
> larger.
>
> That's why I've been asking for the complaints about things that are
> *uniquely* Skype issues.
>
> Let me give some examples.
>
> If the complaint is, "I don't like Skype because it chews up my
> precious network bandwidth," then this is not a Skype issue, it is a
> problem of resources and allocation. Yes, indeedie, if you are in a
> small office on the tail end of an IDSL line, then you are not a
> candidate for VOIP of any sort.
I agree with you on this. If Skype is a problem because it is a VoIP
service that chews bandwidth, then any VoIP service will cause the same
problem
> If the complaint is, "I don't like Skype because my users might do
> scary stuff I can't see," then I am genuinely confused. In the
> absence of VOIP, most of these people would be doing the same scary
> stuff some other way. I also wonder what the scary stuff is.
I agree again, People can do scary stuff via MSN, or via cell phones -
so what's the difference?
> If the scary stuff is the usual sort of phone abuse (calling
> relatives in Elbonia on company phones), VOIP in general makes that
> less of a problem (except for the lost time). It's certainly no
> worse. If the scary stuff is information leakage, then mobile phones,
> particularly ones that can operate as network connections (EDGE/GPRS
> etc.) are a far bigger threat.
Again, we are in agreement.
> I am genuinely puzzled about the genuine problem. I must be missing
> something because every threat about Skype I can think of is not
> Skype-specific. If I wave a magic wand and make Skype go away, any
> threat I think of moves to some other place. Some threats to mobile
> phones, some to POTS, some to other VOIP systems, and some to
> networking in general.
Also agreed
> Even my complaints about Skype (it's insufficiently documented,
> overly complex network architecture, etc.) are not unique to it. As
> someone said earlier today, the security parts of GSM are still
> secret. And there's a bit of a brouhaha going on about a mysterious
> room or three in the POTS infrastructure. One of the reasons I've
> been working on ZRTP is that I think it's a good architecture and
> good security; I'm not being paid for it. Nonetheless, at the end of
> the day, I have to give the devil his due. The more I have learned
> about Skype, the more I've been favorably impressed.
This is where we diverge.
Comparing Skype and the GSM or 3G networks is a straw-man argument. The
*only* part of the GSM network protocol that is not disclosed is certain
parts of the encryption scheme as well as the various mechanisms that
vendors use for encrypting the SIMs (I'm not an expert here, so please
feel free to demolish me on this point. But provide references, please :)
Every other part of the GSM and 3G standards (as far as I know) is
available as an open standard. These protocols have been implemented
countless times and have been subjected to probably millions of
man-hours of review.
Skype has a looong way to go before I will consider it to be in the same
state of review as GSM or 3G, or even SIP or H.323.
As I said in a previous email, my problem with Skype is that they claim
to provide a secure network, but as we know, the word "secure" means
different things to different people. Skype calls are no less secure
than any other kind of VoIP calls, and may be more secure - but we have
no way of verifying the latter.
Skype calls are not provably cryptographically secure, and any claim by
anybody that they are needs to be carefully examined. History shows that
extensive and ongoing peer review is the only way in which confidence in
a cryptographic system can be gained - I do not yet see any reason why
Skype is any different.
In the mean time, users who are rightly impressed by a friendly, cheap,
easy to use and well marketed product are also believing that Skype's
claims of "secure" actually mean something. I think that is a confusion
that we (as experts in the field) have a duty to clarify.
In short, I believe that Skype seeks to provide secure and encrypted
communications, but that these claims should be treated with a great
deal of suspicion until they have been proven, and continue to be
verifiable on an ongoing basis. Until then, I won't be recommending to
anybody that they rely on Skype's security, any more than I will be
recommending to anybody that they rely on GSM phone security, or that
they should use 128 bit RSA keys for their OpenSSH sessions.
I have no problem recommending or using Skype as a VoIP service. I use
it myself when I am on the road, as it has a good record of penetrating
hotel firewalls and I can always use SkypeOut for making PSTN calls if I
need to.
But I always assume that anything I say on a Skype call can be
intercepted (just like any VoIP call) and I certainly won't be making it
an indispensable part of my business any time soon.
> I think it is important, if one is to criticize Skype, to criticize
> it for the right things.
Agreed :)
Craig
-----------------------------------------------------------------------
Craig Southeren Post Increment – VoIP Consulting and Software
craigs at postincrement.com.au www.postincrement.com.au
Phone: +61 243654666 ICQ: #86852844
Fax: +61 243656905 MSN: craig_southeren at hotmail.com
Mobile: +61 417231046
"It takes a man to suffer ignorance and smile.
Be yourself, no matter what they say." Sting
More information about the Voipsec
mailing list