Developed by Skype Technologies S.A., Skype is a peer-to-peer Voice over IP (VoIP) communication platform. Based on peer-to-peer network protocols, no centralized servers are used during call or file transfer.
Skype has implemented 256 bit AES encrypt to insure the privacy of it users conversations. This level of real time encrypt virtually eliminated the possibility of eavesdropping, expect by large government organizations. The encryption protocol is embedded within the Skype Protocol, transparent to the user, and cannot be turned off.
Skype’s Security Policy is defined within the context of its system and is based upon:
- Unique usernames;
- Usernames and passwords must be authenticated;
- All parties to a session provide proof of username and privilege level when a session is established with each party independently verifying the other’s proof before communication is allowed;
- Messaging and file transmission during a session are encrypted, end to end;
- Intermediate nodes in the communication path are unable to decrypt the information contained in messages, conversations, or file transfers.
During the User’s Registration, unique usernames and passwords are used to build a RAS key pair. RSA encryption (named for its developers, Rivest, Shamir and Adleman) is a method of public-key cryptography widely used in electronic commerce protocols and is considered secure when long keys are used. The conclusion of the Registration process is the formation of a Certificate identifying the user and containing the server’s RSA signature.
After completion of this user invisible complex process, two parties are now able to establish communications on a pear to peer basis. For example, Fred wants to speak with Barney. A new session between them is started and a 256-bit session key is established. Upon session establishment, the key-agreement protocol begins and Fred and Barney agree upon a Session Key.
There are flaws and benefits to the Skype System:
- • The initial process of establishing communication may not be fully encrypted;
- • There is a History File that can be used to capture all communications between users.
- • Being a peer-to-peer application Skype uses others’ bandwidth which they do not control;
- • The file transfer function may all the transfer of viruses and malware;
- • It is hard to enforce Business Security Policies; and
- • Skype may be eavesdropping.
Benefits include no-cost worldwide communication and file transfers between trusting parties. Provide a transportable communications system for travelers when using Skype as a portable application. Being aware of its limitation and when to turn it off, Skype gives the user an excellent, high level of communication at the cost of some bandwidth when the portable Skype is running or waiting for a call.
