The Linear Predictive Coding used for compressing speech does it at a much lower level than "technology" versus "techcrunch" - it uses a physical model of the human vocal tract (I've actually implemented the LPC used in the GSM codec).
I think it's clear enough without the example in the brackets. Anyway, it wasn't really a criticism, just more detailed information that I thought readers might appreciate.
> Skype's encryption algorithm is not, itself, broken
Skype's encryption has not been cracked, but it is broken in the sense that it preserves exploitable structure in the ciphertext. The ciphertext should be essentially random, shouldn't it?
The ciphertext is "essentially random"; the amount of ciphertext (per second) isn't.
Encryption will keep your wife from reading your letters, but if you send a hundred letters a month to the new girl at work she might still get suspicious. Encryption does not promise to prevent that.
The essential difference is that this is a stream, not discrete messages. Yes, I know that at the IP or UDP level a stream consists of discrete datagrams, but this is not how users think of streaming media.
It's like a developer arguing that a project was completed exactly to spec, when the spec isn't what the client wanted, and the dev didn't make any real effort to understand what the client wanted.
You could always trade latency for security by batching more of the stream and encrypting larger blocks.
Steganography hides the existence of covert communication. The message is hidden in an innocuous looking host (say a picture or video that noone would get suspicious about). So in that sense, the existence of actual communication is not known to a third party. I did a PhD theses on this topic :)
I never actually took the time to use it and I couldn't find any record of any details being revealed after 29c3, but it looks solid enough and one guy on a blog claimed to have written a python library using this C code and was able to get some PoC to work.
It's a facinitating piece of research, and a great collaberation between the CompSci and Linguistics depts of this University.
The title above is linkbait, as the paper is about analysing any variable bitrate audio stream. Mobile phones and enterprise VOIP solutions could be just as vulnerable.
]
It appears that a defense against this approach is to use a stream cipher with constant blocklengths. Does that sound like a reasonable interpretation of the paper?
I think they are saying that they don't need to crack the encryption due to the encrypted data containing patterns that still matched phonemes. It's basically a failure in the encryption for skype that the stream is not mixed up enough to avoid fixed patterns. Makes you wonder how long they have been decoding skype messages for intelligence reasons.
When your moneysack is bottomless you can do anything, no need to decrypt it, man-in-the-middle it, if that cant do, switch the victims CPU for your own "special" one. Intelligence organizations have been breaking silently into peoples homes for hundreds of years, its a skill well developed. To then change a chip on your computer, is peanuts.
I have the strangest feeling I'm probably feeding the troll, but...
Why would you bother with CPU switching and such when you could just install an old fashioned microphone? If you were actually inclined to eavesdrop, it seems like hardware-subverting your PC is a lot more expensive and fragile than software or a specialty purpose bug elsewhere in the room.
Humor? The NSA tried to introduce an encryption chip[1] and get telecommunications providers to use it. It had a backdoor so that they could decrypt anything that used it.
I vaguely remember hearing other stories where chips were made with secret backdoors in them, but I can't seem to find any.
Its pretty intense research and one that is highly valued in the DoD world. They pay top dollar for this type of research and most likely did. If I remember correctly, they put out a call about 1 year ago for this type of "breaking" to be done on Skype. Mainly to listen to calls between suspects...
A pretty clever attack. I wonder what the Skype people will do about it. (It seems like any algorithm that has e.g. a variable transmission rate will be relatively easy to attack.)
> It seems like any algorithm that has e.g. a variable transmission rate will be relatively easy to attack.
Not really, just make the variability of bandwidth not depend on the amount of data that's being transmitted... i.e., add a stochastic factor to it (random). If there's enough noise, you probably shouldn't be able to decipher the words spoken.
Using pattern recognition to guess words based on occurrence frequency is not a new concept, but the way they applied it is awesome. I saw something similar in Defcon 17 where the researchers recorded sound from a keyboard (using lasers as microphones, but that's irrelevant), then analyzed breaks in typing to attempt to guess what the victim was typing. Fascinating stuff!
Does anyone know if voice traffic actually passes through super-nodes, or are super-nodes just used for authentication, and punching holes through NAT? If it does, can you point to a reference stating this?
Anyway, billions of people have unencrypted conversations through this telecommunications system called the plain old telephone service. At least Skype is one step better.
Does anyone know if voice traffic actually passes through super-nodes, or are super-nodes just used for authentication, and punching holes through NAT? If it does, can you point to a reference stating this?
Yes, Skype traffic does pass through supernodes. I know people working on using Skype to route around censorship and supernodes allow you to connect two clients even if the direct connection between them is dropped. Here's an article in Skype about rate limiting if you're running as a super node which is further evidence that voice traffic does pass through super-nodes. http://forum.skype.com/index.php?showtopic=13780
Even if it's possible to weaken encryption in Skype, it could be still strong enough and require a billion-dollar effort to decrypt a single conversation.
- Skype's encryption algorithm is not, itself, broken;
- Skype uses a "prediction" algorithm to compress voice streams;
- therefore, words have a specific pattern of bandwidth use (toy example: "techcrunch" spikes around the "-crunch", since you'd expect "-nology");
- bandwidth use of encrypted compressed data is equal to bandwidth use of data that has only been compressed;
- these patterns (which can be detected "through" the encryption) allow fairly good reconstruction of the voice stream.
If you like this kind of thing, Google "ssh keystroke timing attacks", or, more generally, "traffic analysis".