Internet Protocol - Research by Kirils Solovjovs
Internet Protocol - Research by Kirils Solovjovs
Internet Protocol - Research by Kirils Solovjovs
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Skype protocol 78<br />
password is used as a shared secret with the login server. The plain session key is hashed into a 256-bit AES key that<br />
is used to encrypt the session's public RSA key and the shared secret. The encrypted session key and the AES<br />
encrypted value are sent to the login server.<br />
On the login server side, the plain session key is obtained <strong>by</strong> decrypting the encrypted session key using the login<br />
server's private RSA key. The plain session key is then used to decrypt the session's public RSA key and the shared<br />
secret. If the shared secret match, the login server will sign the user's public RSA key with its private key. The<br />
signed data is dispatched to the super nodes.<br />
Upon searching for a buddy, a super node will return the buddy's public key signed <strong>by</strong> Skype. The SC will<br />
authenticate the buddy and agree on a session key <strong>by</strong> using the mentioned RSA key.<br />
UDP<br />
UDP packets:<br />
IP<br />
UDP<br />
Skype SoF<br />
Skype Crypted Data01<br />
The Start of Frame (SoF) consists of:<br />
1. frame ID number (2 <strong>by</strong>tes)<br />
2. payload type (1 <strong>by</strong>te)<br />
• obfuscated payload<br />
• Ack/NAck packet<br />
• payload forwarding packet<br />
• payload resending packet<br />
• other<br />
Obfuscation Layer<br />
The RC4 encryption algorithm is used to obfuscate the payload of datagrams.<br />
1. The CRC32 of public source and destination IP, Skype's packet ID are taken<br />
2. Skype obfuscation layer's initialization vector (IV).<br />
The XOR of these two 32-bit values is transformed to an 80-<strong>by</strong>te RC4 key using an unknown key engine.<br />
A notable misuse of RC4 in Skype can be found on TCP streams (UDP is unaffected). The first 14 <strong>by</strong>tes (10 of<br />
which are known) are XOR-ed with the RC4 stream. Then, the cipher is reinitialized to encrypt the rest of the TCP<br />
stream. [8]