Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

An Analysis of the Skype Peer-to- Peer Internet Telephony Protocol

advertisement 
An Analysis of the Skype Peer-toPeer Internet Telephony Protocol
Salman Baset and Henning Schulzrinne
April 27, 2006
Agenda








What is Skype?
What problems does it solve?
The Skype network
The Skype software components
Experimental setup
The Skype functions
Skype, MSN, Yahoo and Google Talk
Skype super nodes
2
What is Skype?



Peer-to-peer, pc-to-pc, pc-to-phone, phone-to-pc VoIP and
IM client
Developed by people who created KaZaa
SkypeOut (pc-to-phone)




SkypeOut terms of service: governed by the laws of Luxembourg
SkypeIn (phone-to-pc), voicemail
Supported OS: Windows, Linux, MacOS, PocketPC
A p2p illusion




Login server
Buddy-list server
Servers for SkypeOut and SkypeIn
Anonymous call minutes statistic gathering
3
What problems does it solve?

NAT and firewall traversal

Nielsen September 2005 ratings

61.3% of US home internet users use broadband
(http://www.nielsen-netratings.com/pr/pr_050928.pdf)



‘Most’ users have some kind of NAT
Phone-to-pc calling, SkypeIn
Configuration-less connectivity
4
The Skype Network
Skype login
server
Message exchange
with the login server
during login
ordinary host (SC)
super node (SN)
neighbor relationships in the
Skype network
5
The Skype Network (contd…)

Ordinary host (OH)


Super nodes (SN)



A Skype client
A Skype client
Has public IP address, ‘sufficient’ bandwidth, CPU and
memory
Login server



Stores Skype id’s, passwords, and buddy lists
Used at login for authentication
Version 1.4.0.84: 212.72.49.141 and 195.215.8.141
6
Skype Components

Ports




No default listening port
Randomly chooses a port (P1) on installation
Opens TCP and UDP listener sockets at P1
Opens TCP listener sockets at port 80 (HTTP)
and port 443 (HTTPS)
7
Skype Components (contd…)

Host cache (HC)



IP address and port number of online Skype nodes (SNs)
Maximum size: 200 entries
Liang, Kumar and Ross. Understanding KaZaA



200 entries for ordinary nodes (ON)
Login server IP address and port number
HC Windows location
C:\Documents and Settings\All Users\Application Data\Skype
8
Skype HC
9
Skype Components (Contd…)

Codecs (GlobalIPSound)





Wide band codecs (50-8,000 Hz)
iLBC (packet size: 20 and 30 ms bitrate: 15.2 kbps and 13.3 kbps)
iSAC (packet size: 30-60 ms bitrate: 10-32 kbps)
G.729 for SkypeOut?
Buddy list

Stored in ‘config.xml’ file

C:\Documents and Settings\<XP user>\Application Data\Skype\<skype user id>
<CentralStorage>
<LastBackoff>0</LastBackoff>
<LastFailure>0</LastFailure>
<LastSync>1120325519</LastSync>
<NeedSync>0</NeedSync>
<SyncSet>
<u>
<skypebuddy1>f384d3a0:1</skypebuddy1>
<skypebuddy2>7d1dafc4:1</skypebuddy2>
10
Agenda








What is Skype?
What problems does it solve?
The Skype network
The Skype software components
Experimental setup
The Skype functions
Skype, MSN, Yahoo and Google Talk
Skype super nodes
11
Experimental Setup




We have NOT reverse engineered Skype executable but it
can be done (Biondi and Desclaux)
Skype version: Linux v1.2, Windows v1.4.0.84
Experiments performed between June-July and
Nov-Dec 2005
Tools Used





Ethereal (for packet capture)
NetPeeker (for tuning per process bandwidth)
NCH Tone generator (for generating tones of various frequencies)
APIMonitor (for monitoring the system calls)
LD_PRELOAD: Linux shared library and system call interception

Skype fails to run with ltrace and strace
12
Overloaded strcpy() function
char* strcpy(char* dest, const char* src) {
void *handle = NULL;
double (*mystrcpy)(char* dest, const char* src);
long temp;
handle = dlopen("/lib/libc.so.6", RTLD_LAZY);
mystrcpy = dlsym(handle, "strcpy");
temp = (*mystrcpy)(dest, src);
dlclose(handle);
return dest;
}
13
Experimental Setup (Contd…)
Public
INTERNET
B (public IP)
A (public IP)
NAT
INTERNET
A (private IP)
Firewall
A (private IP address)
B (public IP)
port-restricted NAT
INTERNET
B (private IP address)
port-restricted NAT
UDP-blocking firewall
port-restricted NAT
UDP-blocking firewall
14
Port-restricted NAT
IP_private:P1:IP_public:Port1
NAT Host
IP_private
IP_private:P1:IP_public:Port2
Public Host
IP_public
NAT
15
Skype Functions








Startup
Login
User search
Call establishment
Media transfer
Keep-alive
NAT and firewall traversal
Conferencing
16
Skype Functions: STARTUP

First time startup


GET /ui/0/97/en/installed HTTP/1.1
Normal startup

GET /ui/0/97/en/getlatestversion?ver=0.97.0.6 HTTP/1.1
17
Skype Functions: LOGIN




Establishes a TCP connection with SN
Authenticates with the login server and gets a certified public key
Bootstrap super nodes
Hard-coded in Skype
IP address:port
Reverse lookup result
Authority section
66.235.180.9:33033
sss1.skype.net
ns1.hopone.net
66.235.181.9:33033
No PTR result
ns1.hopone.net
212.72.49.143:33033
No PTR result
ns07.customer.eu.level3.net
195.215.8.145:33033
No PTR result
ns3.DK.net
64.246.49.60:33033
rs-64-246-49-60.ev1.net
ns2.ev1.net
64.246.49.61:33033
rs-64-246-49-61.ev1.net
ns2.ev1.net
64.246.48.23:33033
ev1s-64-246-4823.ev1servers.net
ns1.ev1.net
18
Skype Functions: LOGIN
Start
Send UDP
packets to seven
bootstrap SNs at
port 33033
Response within
6 seconds
No
Yes
TCP connection attempts
with seven bootstrap SN
IP addresses and port
33033
Success
Connected
Yes
No
Wait for 6 seconds
19
Skype Functions: LOGIN


Public, NAT
 Establishes a TCP connection with the SN
 Authenticates with the login server
 Announces arrival on the network (controlled
flooding?)
 Determines NAT type?
Firewall
 Establishes a TCP connection with the SN
 Authenticates with the login server
20
Skype Functions: LOGIN
SC
195.215.8.145:33033 (Bootstrap node)
UDP
41B
64B
UDP
SC
SN: (IP address not shown for privacy reasons)
TCP
357B
4032B
TCP
SC
UDP
UDP
SC
18B
18B
SSL: client_key_exchange
195.215.8.141:33033 (login server)
TCP:SYN
SSL: version
TCP:ACK
5B (1) 16 3 1 0 0
TCP
5B (2) 17 3 1 0 0
TCP
413B (3) 16 3 1 0 0 . . . .
TCP
TCP
222B (4) 17 3 1 0 0 len . . . .
21
Skype Functions: USER SEARCH

From the Skype website




Search results are cached at intermediate nodes
Unable to trace messages beyond SN
Cannot force a node to become a SN



Host cache is used for connection establishment and not for SN
selection
User does not exist. How does search terminate?


Guaranteed to find a user it exists and logged in the last 72 hours
Skype contacts login server for failed searches
SN searches for a user behind UDP-restricted firewall
Same wildcard (sal*) search query from two different
machines initiated at the same time gives different results
22
Skype Functions: CALL ESTABLISHMENT




Call signaling always carried over TCP and goes e2e
Calls to non buddies=search+call
Initial exchange checks for blocked users
Public-public call


Caller SC establishes a TCP connection with callee SC
Public-NAT




Caller SC is behind port-restricted NAT
Caller---->Skype node (SN?) ----> Callee
TCP connection established between caller, callee, and more than
one Skype nodes
Unknown: How a node is selected to route calls from caller to
callee?


Perhaps determined at login
Firewall-firewall call

Same as public-NAT but no in-UDP packets
23
Skype Functions: CALL ESTABLISHMENT

Caller is behind port-restricted NAT and callee has a public
IP address Caller (NAT)
Callee
No of messages
UDP
UDP
Caller
(5)
(7)
TCP
TCP
Callee
1554B (8)
1176B (9)
TCP
TCP
SN
184B (6)
1269B (6)
UDP
UDP
Other
748B (20)
3287B (20)
TCP
TCP
Other
265B (12)
77B (6)
Caller
Caller
Caller
Caller
271B
221B
Callee
Media: UDP
Voice packet size is between 70 and 100 bytes.
24
Skype Functions: CALL ESTABLISHMENT

Caller and callee are behind port-restricted NAT and UDPblocking firewall
Caller (NAT+firewall)
TCP
TCP
Caller
TCP
TCP
Caller
SN
713B (7)
3464B (8)
Relay
124B (4)
45B (4)
Callee (NAT+firewall)
TCP
51B (3)
TCP
117B (4)
Relay
Media:TCP
Caller
TCP
TCP
Callee
Media:TCP
N1, N2, N3
19B
19B
TCP
TCP
Callee
19B
19B
Caller and callee on the average exchange 3 msg/s
over TCP with N1, N2 and N3 after call has been
established.
25
Skype Functions: Summary
Public
Login
Search
NAT
Firewall
10 KB
11 KB
7 KB
1-2 KB
1-2 KB
5-7 KB
6 KB
8 KB
8 KB
Call establishment
Public
NAT
Firewall
Login
3-7 seconds
3-7 seconds 30-35 seconds
Search
3-4 seconds
5-6 seconds 10-15 seconds
26
Skype Functions: MEDIA TRANSFER


10/100 Mbps Ethernet
iSAC codec was used (adaptive bit-rate)
Public-public NAT-public
Firewall-firewall
Packet size
40-120 bytes
40-110 bytes
30-90 bytes
Stream bw
5 kilobytes/s
5 kilobytes/s
5.5 kilobytes/s
Transport
UDP
UDP
TCP
27
Skype Functions: MEDIA TRANSFER


No silence suppression
Silence packets are used to




Putting a call on hold



1 packet/3 seconds to call-peer or Skype node
same reasons as above
Codec frequency range


play background noise at the peer
maintain UDP NAT binding
avoid drop in the TCP congestion window
50-8,000 Hz (total bw of 3 kilobytes/s)
Reasonable call quality at (4 kilobytes/s)
28
Skype Functions: KEEP ALIVE


Refresh message over TCP to SN every 120
seconds
Refresh message size: 2 bytes
29
Skype Functions: CONFERENCING

A, B, and C have public IP addresses
A: 1.6 GHz Pentium4, 512 MB RAM
1: B-A Call
B: 3 GHz Pentium4, 1 GB
C: 3 GHz Pentium4, 1 GB
30
Skype Functions: CONFERENCING

A, B, and C have public IP addresses
A: 1.6 GHz Pentium4, 512 MB RAM
1: B-A Call
B: 3 GHz Pentium4, 1 GB
2: B-C Call
C: 3 GHz Pentium4, 1 GB
31
Skype Functions: CONFERENCING

A, B, and C have public IP addresses
A: 1.6 GHz Pentium4, 512 MB RAM
1: B-A Call
B: 3 GHz Pentium4, 1 GB
B decides to
initiate a
conference
2: B-C Call
C: 3 GHz Pentium4, 1 GB
32
Skype Functions: CONFERENCING

A, B, and C have public IP addresses
A: 1.6 GHz Pentium4, 512 MB RAM
B
A+C
B: 3 GHz Pentium4, 1 GB
C
A+B
C: 3 GHz Pentium4, 1 GB
33
Skype, MSN, Yahoo and Talk
Application Memory
version
usage before
call (caller,
callee)
Memory
usage after
call (caller,
callee)
Process
priority
before
call
Process
priority
during
call
Mouth-toear
latency
Skype
1.4.0.84
19 MB, 19 MB 21 MB, 27 MB Normal
High
MSN
7.5
25 MB, 22 MB 34 MB, 31 MB Normal
Normal
184ms
38 MB, 34 MB 43 MB, 42 MB Normal
Normal
152ms
9 MB, 9 MB 13 MB, 13 MB Normal
Normal
109ms
Yahoo 7.0 beta
GTalk
1.0.0.80
96ms
34
Mouth-to-ear latency setup
35
Mouth-to-ear latency
36
Skype Super Nodes



Skype super node: A node with which a Skype
establishes a TCP connection at login
8,153 successful login attempts over four days
35% hostnames had a .edu suffix



894 unique super nodes
Unique SN IP distribution:



102 universities
US 83.7%, Asia 8.9%, Europe 7.1%
Top 20 nodes received 43.8% of the total
connections
Top 100 nodes: 70.5%
37
Skype Super Nodes
Unique SNs per
day
Cumulative
unique SNs
Common SNs
between previous
and current day
Day1
224
224
Day2
371
553
42
Day3
202
699
98
Day4
246
898
103
38
Skype Super Node Map
39
Conclusion

Selfish application










Uses best CPU and bandwidth resources
Evades blocking
Change application priority to ‘High’ after call establishment
No application configuration to prevent machine from becoming a
super node. Possible by limiting per-process bandwidth
Code obfuscation, runtime decryption
Login server and super nodes, not strictly peer-to-peer
STUN and TURN equivalent functionality
Combination of hashing and controlled flooding
Multiple paths for ‘in-time’ switching incase of failures
Search falls back to login server
40
Questions?
41
Related documents
Chemistry Skype Tutoring
Chemistry Skype Tutoring
SEO-U_Case_Study_June2011
SEO-U_Case_Study_June2011
Skype Bruce Maggs
Skype Bruce Maggs
ITP28 - Skype for Business: Reference Architectures and Design
ITP28 - Skype for Business: Reference Architectures and Design
Download
advertisement