Chapel Hill Computational Linguists Crack Skype Calls

← Back to Stories (view on slashdot.org)

Chapel Hill Computational Linguists Crack Skype Calls

Posted by timothy on Thursday May 26, 2011 @08:21AM from the hookt-on-fon-iks-indeed dept.

mikejuk writes "You might think of linguistics as being interesting but not really useful. Now computational linguistics [PDF of original paper] has been used to crack Skype encryption and reconstruct what is being said in a VoIP call. What is surprising is that though they are encrypted, the frames that make up a Skype call contain clues about what phonemes are being spoken."

2 of 156 comments (clear)

Min score:

Reason:

Sort:

Side channel attack by betterunixthanunix · 2011-05-26 08:25 · Score: 5, Informative

The wording in TFS is a little misleading; they did not "crack Skype encryption," they found an exploitable side channel in Skype. The crypto itself has not been cracked, but it was being used in a way that leaked lots of information.

--
Palm trees and 8
Re:Skype's encryption sucks by subreality · 2011-05-26 08:56 · Score: 4, Informative

The reason why is that any serious encryption attempt of IP traffic would make all packets a constant size, significantly below expected MTU size (taking into account tunnels). This attack would not exist in that scenario.
It's actually harder than that. You also have to generate the packets at an even rate as well, or you'll still have some leakage.
Even after you do that, the presence or absence of a stream of packets will at the very least indicate if a call is in progress; to defend against that, you have to *always* transmit the stream.
Even then you're leaking information about the maximum amount of data you could be communicating.
The goalposts keep moving right on down the field when you're talking about side channels. You just have to pick the point where you're comfortable.