In the past two days, Andy Abramson has created a small storm by scooping a story of a possible(?) legal action taken by one Streamcast Networks against a collection of individuals and companies, including the founders of Skype. This story is sensational and might also be interesting; but as Andy himself suggests that this could very well be a transient one and could be settled out of court. At least for the present time, there is no suggestion that Skype will be affected very much.
On the other hand recently there have been talk of two studies that further explore the inner workings of Skype. Some of their observations are worth noting. The first one (Ref.1) is a study by Philippe Biondi and Fabrice Desclaux (I saw it in Brough Turner’s blog) and the second (Ref.2) is by Saikat Guha, Neil Daswani and Ravi Jain (I saw it in Skype Journal). The following are some of the interesting points I picked from these two references.
NAT Traversal: As I have been claiming, that Skype essentially uses STUN and TURN (actually I will say ICE to handle intra LAN and such connectivity scenarios) for NAT/FW traversal. Slide 45 of Ref.1 points out that clients determine their public IP address using a NACK message exchange - a customized procedure that otherwise could have used a standard procedure. Ref.2 (in Experiment 1) also claims this and extends that Skype uses TURN-like procedure if both the clients are behind NAT/FW. So can we now stop harping about the great NAT/FW traversal capability of Skype?
Supernode cloud: Ref.1 claims (slide 99) that they observed 20K supernodes. It is not clear when the study was conducted. In an early interview, Skype CEO claimed that a supernode will serve about 100 users. This suggests that the data must be dated. Ref.2 (Experiment 4) claims that they discovered 250K supernode “addresses” and were able to crawl 150K of them. The same analysis suggests that the pool of eligible supernodes is rather large. Because of this, each supernode is only lightly loaded – the median bandwidth consumption is less than 205 bps.
The second study found out that “a public host with a 10 Mbps connection to the Internet joined the supernode network within minutes.” They also observed that “there is very little churn in the supernode network.” These are important because the stability of supernodes is important for the stability of the network.
They also observed that only about 10% of the time supernodes are utilized for relaying voice and they note that this is smaller than they expected. It is not clear why they expected this to be higher. It is known that only 6 or 7 percent of home routers are “symmetrical” NATs and only they require media relying for the duration of the session. This means that 1-((1-.06)^2) = .12, which is about the observed value.
Security: Ref.1 makes an interesting claim (Slides 102 and 103) that there is a possibility that voice can be intercepted, encrypted or not. I am not sure I fully understand the scenario; but it looks like this is possible only if the attacker is able to convince the users to use a modified Skype client. With that kind of an assumption, isn’t everything vulnerable?
Posted by aswath at March 28, 2006 01:58 AM
re: firewall traversal
It may be that Skype is not doing anything extraordinarily new, but from my limited experience, it is the only VOIP client that works through the firewall we have at work, which is very restrictive - ie, no UDP, TCP only to 80,443 and 8080.
I guess Skype just tries every possible solution, where none of the other clients go so far, even if it actually doesn't seem that hard to do.