ZUI and the Skype PKI
By
Kurt on February 3, 2006 in Skype security features.
Hi, I’m Kurt Sauer, Skype’s CSO. Over the coming weeks, I’d like to talk about some of the different security features in Skype and where we’re going with them. This month (February 2006) marks my second year here, which, in Skype-years, is nearly an eternity. Over that time, we’ve been able to put on the street one of the largest functional PKI-based communications systems in the world, so I thought that talking about PKIs would be a good starting point.
While I suppose it isn’t the most glamorous piece of our products, the Skype PKI (public key infrastructure) is an important component of what makes Skype work. Last year, Brad Templeton described Skype’s PKI as a ZUI (Zero User Interface) system. (I liked the way he put it so much that I still have the original article bookmarked.)
We didn’t do anything particularly revolutionary in terms of designing the PKI, but what was an important step forward was to design the PKI into every aspect of the Skype product, from the user interface right down to the underlying session layer. Yet, I don’t think anyone could claim that Skype’s PKI is hard to understand or hard to use. It takes no particular technical prowess to use Skype, to make a new account, to search its directory, or to figure out who you’re talking to.
Ease-of-use goes at the top of the list?
One way people often measure the security of a service is through the three axes represented by the terms Confidentiality, Integrity and Availability. There are several components of Skype that work together to ensure delivery of protection along these three axes. However, the best designed system will fail if users simply don’t use it. That’s why ease-of-use is such an important design criteria for Skype’s PKI.
I tried to get my tech-savvy septuagenarian mom to use digitally signed e-mail a while back. You know: buy a digital certificate to enable S/MIME, install it in the mail client, set the default settings, and everything should work. And it did, for a while. Then a mail client update reset the S/MIME settings. Then the certificate got deleted. Then the replacement certificate expired and had to be renewed. Bottom line, she doesn’t sign her e-mails today and therefore can’t accept S/MIME encrypted e-mails either.
So I’m mighty happy that Skype is able to deliver to every single user a PKI experience that is robust and well-integrated. (I’m going to talk about Skype cryptography and some of the other related security stuff in a later posting.)
Comments
I'm all for getting people to use encryption transparently... However, while we are on transparency, could you please elaborate on why Skype's encryption methods are secret and whether you plan to open them up for public scrutiny?
Thanks for the blog.
anonymonk | Monday, Feb 6
Skype doesn't use 'secret' encryption methods anywhere. Take a look at the external crypto review of Skype published in late 2005: I think it explains in detail all of the cryptographic primitives used in the Skype product.
However, it is true that Skype is a closed-source product. This means that we have to be especially vigilant in how we design and maintain the security of our software. Of course, we're not the only product manufacturer to be faced with this need.
kurt | Monday, Feb 6
I did go through the external crypto review of Skype. It seems that the session key is negotiated end-to-end. If that is the case, it is not possible to allow lawful interception of conversations through Skype.
Could you confirm on that? Will Skype support "No backdoor" philosophy?
w.shao | Thursday, Mar 16
I nam not interested in the political debate about your service in China. However, please can you reassure userrs by explaining how you can filiter out content in China without using spyware or otherwise compromising end to end security
John
johnghartley | Thursday, May 4
Sorry for the typos! I doesn't look as if I'm going to get a reply, so I would think that users should assume that there is a back door into skype, and use it accordingly
johnghartley | Wednesday, May 10
Would you please comment on the following quote which was originally published in the New York Times, and also on CNET (May 22,2006): "...at a conference last week in Cyprus, German officials said they had technology for intercepting and decrypting Skype phone calls, according to Anthony M. Rutkowski, vice president for regulatory affairs and standards for VeriSign, a company that offers security for Internet and phone operations."
It was reported on February 25, 2004 on http://www.financialcryptography.com/mt/archives/000076.html,that "Skype says, the company does not keep the encryption "keys" that are used to encode each Skype transmission,each one is generated and then discarded by the computer that initiates the call. So government agents couldn't force Skype to turn over the keys needed to decrypt a call either." I would appreciate your comments on these apparent contradictions so we can be assured that Skype is secure. Thank you very much.
bobandalli | Tuesday, May 23
The link to the CNET article is http://news.com.com/Voice+encryption+may+draw+U.S.+scrutiny/2100-1029_3-6074795.html?tag=nefd.top
The link to the Financial Cryptography article should be http://www.financialcryptography.com/mt/archives/000076.html
bobandalli | Tuesday, May 23
I've been through all the information related to Skype security and the responses from support have been pathetic.
It is my professional opinion that Skype is *NOT* secure. The company can intercept and read user content at will.
I really like everything else though. Unfortunately, at least for us, the explanation that "true SSL security with user-replaceable and generate-able SSL certificates is too difficult" is not true.
I just used HTTPS on Skypes own website to logon with my account to post this message. It worked fine and was very easy.
To me, it is disturbing the Skype team is simply refusing to use SSL.
There is only one reason - the Skype company people want access to the user content transmitted via text and via phone.
It's a shame, because after 6 months of use, I really like Skype, however, working SSL-based security with user-generatable ceritificates (and no private key transmission) is a mandatory requirement for any serious use of the technology, so we will be dumping it as soon as SIP is running.
I've tried repeatedly to get solid answers on this from the Skype people and they've just given me the run around. Skype "security" is really just maarketing and propaganda. The product isn't secure. The Skype people are free to read, record, view, playback all user content.
Worse - they are trying to advertise the product as being "secure" when it really isn't. This opens up some very interesting liability scenarios for Skype whereby user information ultimately gets mis-used and Skype is marketing it as a secure system when it isn't.
I really hope they change their view on true SSL certificates for Skype use. The above "ZUI" response is basically just a bunch of crap.
HTTPS works well all over the world.
autonoc | Tuesday, Jul 11
Hi
My name is Kamreen Sen Zou, i read ur article and feels better. But I stll expext more from this. I expext a hardware gadget whih cn protect the computr data and software files from being get copied. It should be easy to carry, compatible with the present computing systems, easy to use. If anybody knows somthing like this please let me know. We are loosing lot from the act piracy. We wants to adapt newer effective security systems to protect our IP which are getting hacked by outsiders. We need it very urgently, please let us know its availability in the globe.
kamreen.sen | Wednesday, Oct 11