Analysis and Signature of Skype VoIP Session Traffic

Skype is a peer-to-peer VoIP application that has gained substantial popularity since its launch in 2003. However, none of Skype's algorithms or its protocol specification are available for public inspection, which impedes evaluation from a security perspective. In this report we present an analysis of Skype operation from the network point of view. From the analysis we develop trac signatures that allow a third party monitoring entity to detect the usage of the Skype application. These signatures concentrate on Skype signalling trac and contain dierent characteristics, including port usage, network packet sizes and payload content. The application of theses signatures in a detection tool shows their eectiveness to properly detect Skype versions 1.4 and 2.0, and 2.5 trac.

[1]  Keith W. Ross,et al.  The KaZaA Overlay : A Measurement Study , 2004 .

[2]  K.K. Tam,et al.  Session Initiation Protocol , 2002, 2002 IEEE International Conference on Industrial Technology, 2002. IEEE ICIT '02..

[3]  J. Rosenberg,et al.  Session Initiation Protocol , 2002 .

[4]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[5]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[6]  Christian Huitema,et al.  STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) , 2003, RFC.

[7]  Markus Fiedler,et al.  Measurement and Analysis of Skype VoIP Traffic in 3G UMTS Systems , 2006 .

[8]  Alfonso Valdes,et al.  Adaptive, Model-Based Monitoring for Cyber Attack Detection , 2000, Recent Advances in Intrusion Detection.

[9]  Ravi Jain,et al.  An Experimental Study of the Skype Peer-to-Peer VoIP System , 2005, IPTPS.

[10]  Henning Schulzrinne,et al.  An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol , 2004, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[11]  Matt Holdrege,et al.  IP Network Address Translator (NAT) Terminology and Considerations , 1999, RFC.