1.

• Introduction to Skype and ICQ protocols

• Technical University of Koice

• By: Marek Kitz Matej Kostro Martina Papjov

• Distributed Programming 2011 with Marek Parali

2.

Instant Messaging Generally

IM as online chat is communitaion text-based as well as bidirectionally exchanged in realtime.

IM set of communication technologies used for text-based communication between two or more participants over the Internet or other types of networks

IM allows effective and efficient communication, allowing immediate receipt of acknowledgment or reply

Some of IM allows more features as audio and video calls based on VoIP (Skype) or multimedia file transfer, etc.

3.

History

Modern, GUI-based messaging clients, began in the mid 1990swith PowWow, ICQ, and AOL Instant Messenger.

In 2000, an open source application and open standards-based protocol called Jabber was launched(XMPP).

XMPP servers could act as gateways to other IM protocols, reducing the need to run multiple clients.

attempts to create a unified standard for instant messaging: (SIP,SIP SIMPLE,APEX,Prim,...)

4.

Integrating several IM protocols

Many disparate protocols inside the IM server. Task of communicating with the other services is on the server. This approach is transparent for clients.

Many protocols inside client IM application. This approach is based on connecting to many servers from one application. (Pidgin, Digsby, Miranda, etc.)

5.

Security risks

crackers use IM networks as vectors for delivering phishing attempts, "poison URLs", and virus-laden file attachments

viruses, trojan horses, or spyware within an infected file

"socially engineered" text with a web address that entices the recipient to click on a URL connecting him or her to a website that then downloads malicious code

IM connectionsin plain text, making them vulnerable to eavesdropping.

IM client requires open UDP ports, raising the threat posed by potential security vulnerabilities

6.

In January 2011, reached a record 27 millionsimultaneous online users.

7. voice and video calls and chat over the Internet 8. uses a proprietary Internet telephony (VoIP) networkcalled the Skype protocol 9. the main difference between Skype and standardVoIP clients is that Skype operates on a peer-to- peer model, rather than the more usual client server model 10.

Ordinary host

Super node

Neighbour relationships in the Skype network

Message exchange with login server during login

Skype network architecture description I.

Skype Login server

11.

Skype network architecture description II.

Ports:

• Skype client (SC) opens a TCP and a UDP listening port from itsconnection dialog box

• SC also opens TCP listening ports at port number 80 and443

12. there is no default TCP or UDP listening port

Host Cache:

• is a list of super node IP address and port pairs that SC builds andrefreshes regularly

13. most critical part to the Skype operation

14. IP address and port number of an online Skype node 15.

Skype network architecture description III.

• Encryption:

• Skype uses 256-bit encryption AES (Advanced Encryption Standard)

16. 1.1 x 10^77 possible keys

17. 1536 to 2048 bit RSA to negotiate symmetric AES keys 18. public keys are certified by Skype server at login Packet compression:

Uses arithmetic compression that uses reals instead bits.

19. Normally, a string of characters represented using a fixed number of bitsper character, as in the ASCII code 20. separating the input into component symbols and replacing each with acode, arithmetic coding encodes the entire message into a singlenumber, a fraction n where (0.0 n < 1.0) 21.

Skype functions I.

• Startup:

• • after installation, it sent a HTTP 1.1 GET request to the Skypeserver (skype.com)
• 22. subsequent startups, a SC only sent a HTTP 1.1 GET request tothe server to determine if a new version is available

23. Skype client authenticates the user with the login server, advertisesits presence to other peers, determines the type of NAT andfirewall it is behind and discovers nodes that have public IPaddresses.

• Login:

• • Process described on the next slide

24.

Start

Success

Send UDP packet toHC IP address and port

Response within5 seconds

TCP connection attempt with HC IP address and random port

Connected

TCP connection attempt with HC IP address and port 80

Connected

TCP connection attempt with HC IP address and port 443

Connected

Wait for 6 seconds

ConnectionsAttempts == 5

Failure

Yes

No

Yes

Yes

Yes

No

No

No

No

Skype connection to another peer

Yes

NOTE: Authentication with login server is not included !!!

25.

Skype functions II.

• User Search:

• • Global Index (GI) technology to search for a user
• 26. It is guaranteed to find a user if it exists and has logged induring the last 72 hours

• Call Establishment :

• • call signaling is always carried over TCP
• 27. signaling information is exchanged over TCP

• Media Transfer:

• • If both clients has public IP, then media traffic flowed directlybetween them over UDP
• 28. media traffic flow to and from the UDP port configured indialog box

29.

Features:

text messages, offline support,multi-user chats, free daily-limited SMS sending, file transfers, greeting cards, multiplayer games, searchable user directory

Clients:

Digsby, eBuddy, Fring, Kopette, Meebo, Miranda, Pidgin, QUIP

OSCAR:

protocol is used in ICQ and AIM

30. OSCAR used in ICQ is named v7 31.

FLAP : Frame Layer Protocol

• FLAP container encloses every packet. It carries information about packet size, channel, and its number in sequence.

32. is used on the TCP connection between all clients and servers

33. flap sequence numbers are used for errors detection Offset Field Type/Size (in bytes) Remarks 00 FLAP ID Byte/1 Always contains 2A. It is mark of packet start. 01 Channel Byte/1 1 = login, 2 = SNAC layer, 3 = error, 4 = disconnect 02 Number in sequence Int 16/2 Incremented by 1 each time a packet sent. Wraps to 0 after FFFF 03 Data size Int 16/2 Size does not include FLAP header FLAP Header OSCAR I. 34.

SNAC( Simple Network Atomic Communication ) :

communication unit that is exchanged between clients and servers

35. length depends on FLAP 36. the SNAC communication layers sits on top of the FLAP layer 37. flags is a general SNAC properties TLV (Type-Length-Value) tuple description

method of putting data into an organized format, especially variable length strings, etc.

38. 16-bit value for the length of the Value field, and then the actual data in the Value field (variable length) 39. TLVs make sending a variable length string like"nickname@gmail" as simple as defining a TLV with values{0x0011, 0x000c, "nickname@gmail.com"}. OSCAR II. 40. Authorization based on MD5 41. Protocol negotiation 42. Retrieving offline messages 43. Any Questions? U mad? Problem? 44. So...Thank you for your attention