Skip to the content of the web site.

Observations re: Skype

Summary

Skype is a popular and free Voice-over-IP (VOIP) application that many use -- including staff within IST and many others at UW. This note makes some observations that might help those who are considering Skype. If you want to use the technology there are some modest security and acceptable use issues to address.

These critical observations are those of the author and do not constitute the policy or recommendations of Information Systems and Technology or the University of Waterloo. You should know that I am not a Skype user but many users accept the risks described here.

Postscript: Mike Gore of CSCF has prepared a note on Skype Configuration and Security. He describes registry settings for Windows system sufficient with Skype v3 to prevent a system from being elevated to a super node. The firewall advice presented here will accomplish the same and will help to secure many services.

Best Practices for Skype Users

  1. Skype performs well on a wide variety of network connections, although it is cumbersome to use on dial-up lines. Voice quality can be significantly improved by using a headset.

  2. You should acquaint yourself with the risks (and benefits) involved in using Skype. All technologies have some risk, some may be not acceptable. See An analysis of Skype VOIP Application for use in a corporate environment and the universities listed below who have banned Skype. See especially the problems discussed below.

  3. Before installing Skype you should have the authorization of your system and network managers who allocate resources to you. See the Statement on Security of UW Computing and Network Resources. At this writing no one has permission to act as a Skype "super-node" so you need to take measures to prevent that from happening (a personal firewall to block access to ports 80/tcp and 443/tcp is sufficient).

  4. On all platforms you should have a personal firewall to block unsolicited connections by Skype peers and to prevent your system from becoming a super-node. This is the default configuration for Windows XP/SP2, but needs to be configured for other versions of Windows.

  5. A common recommendation is to only start Skype for pre-arranged calls and to shut it down when it is not being used. See, e.g., the UMN recommendations on SAFE COMPUTING: Skype. We have seen super-node problems when Skype is left running on unattended systems who have not blocked access to ports 80/tcp and 443/tcp. Shutting Skype down helps to prevent your system from being promoted to a super-node and consuming resources on behalf of others.

  6. Some report good experiences with Skype started automatically at login and left running all day -- they appreciate the convenience of unsolicited calls from colleagues. If you do that you need to be sure you have a firewall installed so you don't become a super-node -- blocking access to ports 80/tcp and 443/tcp is sufficient. Further you should know that Skype will keep a persistent connection to some super-node and there will be periodic network traffic to keep that connection alive.

  7. It would not be prudent to use a password you use elsewhere on Skype. You have no control over who obtains your password and every reason to not trust those who route traffic for you -- use another password and change it regularly. See Staying Secure with Skype.

  8. Like all software products, Skype has regular updates of bug fixes, security patches and new features. Users should keep the software up to date. Skype does not automatically update itself, but can be configured in the "Options - Updates" panel to automatically download any hotfixes and/or major releases. Choosing this option will help in keeping the software current. The "Help" menu option also includes an item to "Check for updates". It's wise practice to check for updates on a regular, monthly basis. See Skype Security Bulletins.

  9. As a user of Skype you will be required to setup a profile for entry into the directory. The profile information is organized into information that all Skype users will see, information that only your contacts will see and private information. Users should be judicious with regards to the information they provide, providing enough information so that colleagues, friends and family can find you in the directory. All profile information is optional. By providing no useful directory information, users can effectively hide from everyone except those who they specifically inform about their Skype id. See Staying Secure with Skype.

Skype -- Several Problems

There are several minor concerns you should be aware of:

  1. There are security and privacy concerns for all VOIP technologies -- for most the risks are comparable to cellular telephone technologies. Skype uses strong public key encryption (see Skype: Guide for Network Administrators) so it is much more secure. However, the encrypted traffic can be captured and recorded by third parties (super-nodes). The recording might be decrypted in due course (possible but very unlikely).

  2. Skype relies on super-nodes (these are ordinary end user systems) to route traffic and store directory information. You have no idea who/where they are, what they are doing with the information sent through them (they might capture, record and decrypt) or how much of the Skype directory is replicated onto them. Again, Skype uses strong public key encryption (see How does Skype ensure that the user records (stored in p2p) cannot be tampered?) so a compromise is very unlikely.

  3. Skype supports file transfer/sharing technologies -- that can be a vector for malicious content and can be abused to share copyright material. File transfers can be disabled by policy, see Admin control of Skype features.

  4. The Skype End User Licence Agreement (EULA) requires the user to grant use of university resources (the computer and the network) by Skype users otherwise unaffiliated with the university. End users are not authorized to enter into this type of agreement on behalf of the university (i.e., the end user is not the owner of the resource and may not grant access to others).

  5. The Skype EULA grants them permission to user your system to support their application. You should be concerned about software updates that poke holes through your firewall or otherwise abuse your system in furtherance of their goals.

Skype -- Super-Nodes, the "big" problem

Skype is a peer-to-peer application where each end of the VOIP conversation should communicate directly with the other. There is a central Skype server where you login and locate others -- it acts as directory server so that peers know where you are and the details of your Skype service. The problem with that design is many systems are protected by firewalls (host based, campus firewalls and "home" NAT routers) that block unsolicited connections (as would be the case when someone calls you).

Skype gets around firewall problems with "super-nodes". These are Skype client systems (they are not systems owned and managed by Skype) that are not behind a firewall and who will accept connections on behalf of others. Super-nodes accept connections on ports 80/tcp and 443/tcp (those are the port numbers for "http" and "https"). Clients who are well protected (and there are a lot of them) establish a persistent connection to a super-node which routes traffic for them. This means that many Skype conversations are routed through one or two super-nodes. It is unclear how much of central directory is replicated to super-nodes. See An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol (Basset & Shulzrinne).

Any Skype end user system can become a super-node -- in the EULA you grant permission to Skype to use your system for that purpose. On most systems there is no easy way for the end user to know that their system has become a super-node or to decline to do so (short of not using Skype). Further, our experience is that super nodes will consume lots of resources -- tens of gigabytes a day of network traffic as they relay voice and replicate the directory for others, they will have many persistent network connections as they support peers scattered around the world, etc. This issue of resource allocation is probably the most important.

Observations on Windows vs. Unix

Skype includes clients for Mac OS/X and Linux. It is my understanding that the super-node problem is better managed on those platforms. First, the application can be configured to not act as a super-node. Second, a super-node will need to open priviledged ports not available to ordinary users. That means the problem is less likely (but nevertheless possible).

See Also

  1. Guidelines on Use of UW Computing and Network Resources (2006), UCIST/UW.
  2. Statement on Security of UW Computing and Network Resources (2003), CSAG/CNAG/UCIST/UW.
  3. Skype Prohibited at UCSB (2003-2006) University of California, Santa Barbara.
  4. SAFE COMPUTING: Skype (2003-2006), University of Minnesota.
  5. Security Service: Skype Policy (2003-2006), Loughborough University.
  6. An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol (2004), Salman A. Basset and Henning Shulzrinne, Computer Science, Columbia University.
  7. An analysis of Skype VOIP Application for use in a corporate environment. (2004(), Dennis Bergstrom.
  8. Skype: End User License Agreement (2006), Skype Technologies S.A.
  9. Skype: Guide for Network Administrators (2005), Skype Technologies S.A.
  10. Skype security resource center (2006), Skype Technologies S.A.
  11. Skype Security Bulletins (2004-2006), Skype Technologies S.A.
  12. Staying Secure with Skype (2006), Skype Technologies S.A.
  13. Admin control of Skype features (2006), Skype Technologies S.A.
  14. CSCF Skype Configuration and Security (2007/04/24).
(ed) Reg Quinton, Information Systems and Technology
2006/06/21-2007/04/25