Dario Bonfiglio
Marco Mellia
Abstract
Skype is a very popular VoIP software which has recently attracted the attention of the research community and network operators. Following a closed source and proprietary design, Skype protocols and algorithms are unknown. Moreover, strong encryption mechanisms are adopted by Skype, making it very difficult to even glimpse its presence from a traffic aggregate. In this paper, we propose a framework based on two complementary techniques to reveal Skypetraffic in real time. The first approach, based on Pearson'sChi-Square test and agnostic to VoIP-related trafficcharacteristics, is used to detect Skype's fingerprint from the packet framing structure, exploiting the randomness introduced at the bit level by the encryption process. Conversely, the second approach is based on a stochastic characterization of Skype traffic in terms of packet arrival rate and packet length, which are used as features of a decision process based on Naive Bayesian Classifiers.In order to assess the effectiveness of the above techniques, we develop an off-line cross-checking heuristic based on deep-packet inspection and flow correlation, which is interesting per se. This heuristic allows us to quantify the amount of false negatives and false positives gathered by means of the two proposed approaches: results obtained from measurements in different networks show that the technique is very effective in identifying Skype traffic. While both Bayesian classifier and packet inspection techniques are commonly used, the idea of leveraging on randomness to reveal traffic is novel. We adopt this to identify Skype traffic, but the same methodology can be applied to other classification problems as well.
- Skype web site, http://www.skype.comGoogle Scholar
- Hesiod, "Theogony", ca 700 BCGoogle Scholar
- S. A., Baset, H. Schulzrinne, "An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol". IEEE Infocom'06, Barcelona, Spain, Apr. 2006.Google ScholarCross Ref
- P. Biondi, F. Desclaux, "Silver Needle in the Skype". Black Hat Europe'06, Amsterdam, the Netherlands, Mar. 2006.Google Scholar
- S. Guha, N. Daswani and R. Jain, "An Experimental Study of the Skype Peer-to-Peer VoIP System", 5th Intl. Workshop on Peer-to-Peer Systems, Santa Barbara, CA, Feb. 2006.Google Scholar
- K. Ta Chen, C. Y. Huang, P. Huang, C. L. Lei, "Quantifying Skype User Satisfaction", ACM Sigcomm'06, Pisa, Italy, Sep. 2006. Google ScholarDigital Library
- K. Suh, D. R. Figuieredo, J. Kurose, D. Towsley, "Characterizing and detecting relayed traffic: A case study using Skype", IEEE Infocom'06, Barcelona, Spain, Apr. 2006.Google Scholar
- M. Carson, D. Santay, "NIST Net: a Linux-based network emulation tool". ACM SIGCOMM Computer Communication Review, V.33, N.3, July 2003, pp:111--126. Google ScholarDigital Library
- GlobalIPSound web site, http://www.globalipsound.com/Google Scholar
- T. Berson, "Skype Security Evaluation". Online report, http://www.skype.com/security/files/2005-031securityevaluation.pdf, Oct.2005.Google Scholar
- D. S. Sivia, "Data Analysis: A Bayesian Tutorial". Oxford University Press, Sep. 1996.Google Scholar
- A. Moore, D. Zuev, "Internet Traffic Classification Using Bayesian Analysis Techniques". ACM SIGMETRICS'05, Banff, CA, Jun. 2005. Google ScholarDigital Library
- FastWeb web site, http://company.fastweb.it/Google Scholar
- M. Mellia, R. Lo Cigno, F. Neri, "Measuring IP and TCP behavior on edge nodes with Tstat", Computer Networks, Vol. 47, No. 1, pp.1--21, Jan 2005. Google ScholarDigital Library
- H. Schulzrinne, S. Casner, R. Frederick, V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications", RFC 3550, Jul. 2003. Google ScholarDigital Library
- E. Rescorla, "HTTP Over TLS", RFC 2818, May 2000. Google ScholarDigital Library
- S. Lehtinen, C. Lonvick, "The Secure Shell (SSH) Protocol Assigned Numbers", RFC 4250, Jan. 2006.Google Scholar
Index Terms
- Revealing skype traffic: when randomness plays with you
Recommendations
Revealing skype traffic: when randomness plays with you
SIGCOMM '07: Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communicationsSkype is a very popular VoIP software which has recently attracted the attention of the research community and network operators. Following a closed source and proprietary design, Skype protocols and algorithms are unknown. Moreover, strong encryption ...
Traffic analysis attacks on Skype VoIP calls
Skype is one of the most popular voice-over-IP (VoIP) service providers. One of the main reasons for the popularity of Skype VoIP services is its unique set of features to protect privacy of VoIP calls such as strong encryption, proprietary protocols, ...
Analysis of Skype VoIP traffic in UMTS: End-to-end QoS and QoE measurements
In the future Internet, multi-network services will follow a new paradigm in which the intelligence of the network control is gradually moved to the edge of the network. This impacts both the objective Quality of Service (QoS) of the end-to-end ...
Comments