[VOIPSEC] Soft Phone Vulnerabilities

Hallam-Baker, Phillip pbaker at verisign.com
Tue Jun 13 11:53:10 CDT 2006 

I would not be worried about paid analysis.

If the analyst finds a problem the analysis probably does not see the light of day.

Then the consultant gets a followon gig to fix it. Or to review the fix.

The fact that a good guy is willing to put their name to it is significant.

Also consider the liklihood that ebay paid or at least chose the consultant. Who usually pays for a house survey?

 -----Original Message-----
From: 	Jon Callas [mailto:jon at pgpeng.com]
Sent:	Tue Jun 13 07:29:01 2006
To:	Craig Southeren
Cc:	Voipsec at voipsa.org
Subject:	Re: [VOIPSEC] Soft Phone Vulnerabilities

On 12 Jun 2006, at 4:00 PM, Craig Southeren wrote:

>
> It is true I was not aware of this document. I've now read it and Tom
> seems to have done a good job of reviewing the source code and looking
> for potential problems. He certainly seems to know more about  
> crypto than
> I do :)
>
> Regardless, a one time review of selected source code does not, in my
> opinion, satisfy the criteria for peer review. What about other
> platforms (Tom was given access only to the Windows code)? What about
> the fact that the code he reviewed was for the 1.3 client, and  
> Skype is
> now up to 2.5beta? What about the code used on the servers?
>
> I'm sure smarter people than me can find other reasons why this  
> review,
> while very interesting and certainly of excellent marketing value to
> Skype, is a long way from constituting a comprehensive security review
> of their protocol and network.
>

Tom is the first Fellow of the IACR (the group that puts on CRYPTO  
and EuroCRYPT etc). They picked a good guy to hire.

> I guess I am being cynical, and I certainly don't want to be insulting
> to Tom, but I suspect that Skype commissioned his paper as part of the
> buyout of Skype by eBay. Not that this changes the technical merit of
> his work, but I suspect the motivation behind this disclosure was less
> to do with releasing information about the integrity of the security
> mechanisms and more about setting the groundwork for the use of Skype
> within eBay.
>
> Given that Skype was doing business long before this time, I think the
> timing says more about the business acumen of eBay than it does about
> how keen Skype is to have external reviews of their code :)
>

Oh, yeah, it was a paid analysis, but they picked a good guy, as I said.

One of the things Tom told me was that he liked their architecture,  
but he found bugs in their code, and suggested tweaks they could make  
to the core system.

But he also said that these are guys who literally grew up under  
Soviet occupation, and they see no need to bow to anyone. *That* is  
the attitude I want to see. I've seen eBay follow up on it, as well.

>> The second important report to read is the one from this year's Black
>> Hat Europe.  You can find it at: <http://www.secdev.org/conf/
>> skype_BHEU06.pdf>. They *did* get their results through reverse-
>> engineering. Nonetheles, I was pleasantly amazed to read about some
>> very cool things in Skype that gosh-darn it, they *should* talk about
>> publicly, like their anti-malware mechanisms.
>
> I have seen this paper before, having been pointed to it shortly after
> it came out by someone who attended the conference in Europe. This  
> is an
> impressive feat of reverse engineering, but once again, it is hampered
> by the inability to prove full coverage of the code.
>
> I'm suprised at your reference to anti-malware mechanisms. I  
> interpreted
> most of the mechanisms as being intended to prevent the kind of  
> reverse
> engineering that these guys has performed.
>

There's no difference between reverse-engineering and malware. I *am*  
smiling when I say that, but I do mean it.

>> So, there are two things to read, and I am surprised to see that
>> there is as much attention to security in Skype as there is. While I
>> disagree with some of the decisions they made, they're not idiots. If
>> you are a competitor with them, the biggest favor they're doing for
>> you is by *not* showing up in standards meetings. If Skype showed up
>> in Montreal for the IETF and said, "Hi, we're here to open the
>> kimono," that would be devestating to many competitors. The criticism
>> that they are not open vanishes, and we're left with a protocol-to-
>> protocol discussion of features and benefits. And they're not stupid
>> people.
>
> Skype is in the service provision business, not the protocol business.
> Making their protocol public would cost them money, and possibly  
> reveal
> flaws in their network that they would rather not make public. I'm  
> sure
> they will continue to hedge their bets by asking in experts like  
> Tom to
> review their code, but I doubt they will release any more info any  
> time
> soon - there simply is no monetary reason for them to do so.
>
> And please don't misinterpret my tone - if I was in Skype's position I
> would probably do the same thing.
>

Me too.

I was at a conference that included law enforcement people a few  
months ago, and the Skype/eBay folks were there. They had a big slide  
that said

	Skype is software
	  not a service

as part of their preso. I interpreted this as saying that they do not  
believe CALEA applies to them. That is another bit of info that I  
noted and thought favorable.

> But let's assume that Skype did open their kimono and let it all hang
> out. The short-term result would be a resounding nothing. There is
> sufficient investment (both emotional and monetary) that nobody  
> would be
> throwing away their SIP or H.323 networks anytime soon. I would expect
> that a whole bunch of Taiwanese companies would write their own Skype
> stacks and stop paying Skype royalties for their stack, but that would
> be about the only only immediate reaction.
>
> Over time, the protocol would be reviewed and more implementations  
> would
> appear (provided that any parts that are encumbered by patents  
> could be
> licensed) but the end result would be nothing so dramatic. If Skype  
> did
> have any non-patented techniques that were useful, then they would be
> adopted by other vendors (maybe). But the end result of all this would
> be very little additional revenue gain for Skype, if not a loss, for a
> significant monetary cost. This would be more than outweighed by  
> the loss
> of a significant competitive advantage. So my bet is that it's not
> happening any time soon.
>

I don't know. I really don't. I confess that I don't know why anyone  
is in the VOIP business. At the risk of oversimplification and  
caricature, it seems to me that the VOIP business has a lot of people  
racing to see how fast they can give their stuff away (Skype  
included). I don't see how this is a viable business model at all.

If the Skype business model is *only* that they charge for connection  
to the POTS network, then compatible implementations are no threat to  
that. I don't know how much licensing of the actual stack is part of  
their plans.

>
> I would agree that there is certainly a lot of knee-jerk reaction to
> Skype of the "closed source is bad, open source is good" type. I'm
> certainly not doing that.
>

As someone who makes a quasi-open source system, I think open source  
is good. I think open review is good. I look askance at closed  
protocols. I do, however, twitch at what I mentioned before -- the  
threat of lots of portable storage getting turned into "iPods are  
bad." Security people are especially prone to that sort of hyperbole.

(PGP Corporation makes our source available. We also have a freeware/ 
trialware mode for the software. I consider what we do to be open  
source. But the open source people don't, for reasons that I consider  
silly, but on a different axis.)

>
> This is where we diverge.
>
> Comparing Skype and the GSM or 3G networks is a straw-man argument.  
> The
> *only* part of the GSM network protocol that is not disclosed is  
> certain
> parts of the encryption scheme as well as the various mechanisms that
> vendors use for encrypting the SIMs (I'm not an expert here, so please
> feel free to demolish me on this point. But provide references,  
> please :)
>
> Every other part of the GSM and 3G standards (as far as I know) is
> available as an open standard. These protocols have been implemented
> countless times and have been subjected to probably millions of
> man-hours of review.
>
> Skype has a looong way to go before I will consider it to be in the  
> same
> state of review as GSM or 3G, or even SIP or H.323.
>

Well, I mentioned GSM solely because I have a GSM phone with which I  
have a love-hate affair. I had my CSO hat on, not my protocol  
designer hat on. I apologize for a lack of clarity. I think the  
data / voice capabilities of other mobile protocols are the same.

 From the CSO perspective, if Skype represents a threat, but the same  
threat is posed by cell phones or wireless cards, then banning Skype  
is merely shifting the threat. It also shifts it to a place that I  
have less control over. The actual protocol matters not.

> As I said in a previous email, my problem with Skype is that they  
> claim
> to provide a secure network, but as we know, the word "secure" means
> different things to different people. Skype calls are no less secure
> than any other kind of VoIP calls, and may be more secure - but we  
> have
> no way of verifying the latter.
>
> Skype calls are not provably cryptographically secure, and any  
> claim by
> anybody that they are needs to be carefully examined. History shows  
> that
> extensive and ongoing peer review is the only way in which  
> confidence in
> a cryptographic system can be gained - I do not yet see any reason why
> Skype is any different.
>

Agreed. I'd only add that I know of no system that is *provably*  
secure, and I have a very cynical opinion of proofs of security, anyway.

> In the mean time, users who are rightly impressed by a friendly,  
> cheap,
> easy to use and well marketed product are also believing that Skype's
> claims of "secure" actually mean something. I think that is a  
> confusion
> that we (as experts in the field) have a duty to clarify.
>
> In short, I believe that Skype seeks to provide secure and encrypted
> communications, but that these claims should be treated with a great
> deal of suspicion until they have been proven, and continue to be
> verifiable on an ongoing basis. Until then, I won't be recommending to
> anybody that they rely on Skype's security, any more than I will be
> recommending to anybody that they rely on GSM phone security, or that
> they should use 128 bit RSA keys for their OpenSSH sessions.
>
> I have no problem recommending or using Skype as a VoIP service. I use
> it myself when I am on the road, as it has a good record of  
> penetrating
> hotel firewalls and I can always use SkypeOut for making PSTN calls  
> if I
> need to.
>
> But I always assume that anything I say on a Skype call can be
> intercepted (just like any VoIP call) and I certainly won't be  
> making it
> an indispensable part of my business any time soon.
>

And here we agree again.

>> I think it is important, if one is to criticize Skype, to criticize
>> it for the right things.
>
> Agreed :)
>

Cool. Thanks. This has been a fun discussion.

	Jon

-- 
Jon Callas
CTO, CSO
PGP Corporation         Tel: +1 (650) 319-9016
3460 West Bayshore      Fax: +1 (650) 319-9001
Palo Alto, CA 94303     PGP: ed15 5bdf cd41 adfc 00f3
USA                          28b6 52bf 5a46 bc98 e63d
	



_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list