Category Archives: Miscellaneous

Why Skype Should Open Up

Ted Shelton makes a very good case in in VoIP Magazine as to why Skype should open up their protocol to other partners.  From what I see, Skype have had great success attracting development partners to using their API, and surely opening up the protocol is just a logical extension of that?  It’s just that while the API allows applications to do a lot of things, there are some areas that it cannot address. 

I meet people that want to do just what Ted Shelton is talking about, and actually implement alternative Skype client software.  Some want to create Skype gateways, for example tromboning Skype calls to other VoIP or TDM calls under their control.  Some want to use Skype’s IM and presence information as part of a larger VoIP platform.  I use and like the Skype client software, but I can see that Skype’s power is not in the software; it is in the number of desktops they own.  Skype’s would-be partners want to touch that user base too. 

Shanghai Calling … Not

Antonio Nucci, CTO of software firm Narus writes here about the Challenges In Detection of Skype Traffic.  Of course don’t expect them to give away too much detail on trade secrets, but the general approach described is not to decode or reverse-engineer the protocol, but rather to profile traffic using a heuristic approach. 

Firstly, he talks about signature analysis of the TCP, UDP packets, and then about analyzing/profiling the behaviour, for example traffic patterns.  How this can be done in a way that is CPU-efficient and with a low rate of false positives, he does not say.

Narus is one of the companies that has been linked with the Shanghai Telecom story, regarding the blocking of VoIP traffic.  It is not clear whether Shanghai have in fact bought Narus’ Skype-blocking module.

Microsoft + Yahoo! == 350 Million New VoIP Users?

It would seem that Microsoft and Yahoo! have decided to work together and create an inter-operable messaging platform that will support both the Microsoft Live Messenger and Yahoo Instant Messanger clients and protocols, and combining their separate user-bases into one that is close to 350 million users strong, easily eclipsing the 100 million that Skype boasts.

With a clear road map to VoIP services and to adding IM services to mobile phones, both of which Yahoo!’s service already offers via it’s service, as well as the ability to make PC to PSTN calls via Yahoo!’s “Phone Out” service, it’s clear that the target is being drawn squarely on Skype. It will be interesting to see if the security aspect of Skype’s closed product approach or the apparent lack of strong encryption in the Microsoft or Yahoo! protocols (at least in their default configurations) will play any part in the upcoming shootout for subscribers.

The new unified platform is currently in beta and is available for trial.

Podcast on Skype Security

The latest episode, SKP14, of the SkypePodcast focuses on security, so may be of interest to folks here.  Sasha (the host) also gives a mention to our own Dan York and the Bluebox podcast.

Sasha quotes Skype CSO Kurt Sauer justifying why Skype jumps around different IP ports, making it hard to detect or block:  “One of the reasons Skype is difficult to find is that the people who provide the carrier services [ISPs, telcos] are in competition with Skype,”

You can find the full version of this quote in a Techworld article.

Newport Wobbles

News broke last week about Session Border Controller manufacturer Newport Networks, which has run into cash-flow problems waiting for deals to close.  Newport Networks was started by serial entrepreneur Sir Terry Matthews, reportedly Wales’s first billionaire, who also founded Newbridge (now part of Alcatel) and Mitel.

Last year Newport were lined up to supply their 1460 Session Border Controller to troubled equipment supplier Marconi.  Marconi themselves failed to become prime NGN suppliers to British Telecom, which ultimately resulted in the failure of the company.  The rump of Marconi has now been absorbed into Ericsson.

Newport have announced layoffs, as reported at ZDNet and in the UK Guardian Newspaper, in an attempt to reduce cash burn while waiting for the business to arrive.  It’s ironic with CALEA in the headlines and telcos rolling out NGNs that a provider of the enabling technology should have run onto the rocks.  Let’s hope the Newport investors can keep their nerve. 

Homosapien Too

I sent a message the other day on ebay, and came across a new feature: to submit a message you now have to prove you are not spammer but human (these being opposites) with a Turing test or CAPTCHA.  Ok, these things are common on web systems these days, but the new slant here was that if you could not read the graphic, you could click on a link and download an audio version to listen to instead.  This is also one of the proposed strategies for dealing with SPIT (SPAM over Internet Telephony) in our VoIP systems of the future, i.e. interact with the bona fide caller or spammer and present them with some kind of test or quiz before they get put through.  This could be as simple as “Press 8 to speak to Martyn or 0 for voicemail.”

But there is also an arms race aspect to this, for the smart spammer might also employ automatic speech recognition (ASR) technology, which is increasingly cheap and effective due to increasing CPU performance and falling hardware prices.  Their ASR server could be programmed to understand digits, and so have a fair stab at giving the correct answer to the CAPTCHA. 

It interested me that on ebay, the audio file downloaded did not have a pristine recording of the digits being read out, but instead had a variety of noises in the background: white noise; some fragments of speech.  Naturally it’s quite easy for a human to extract the digits from the background noise, but this is just the kind of chaff that might confuse the enemy radar, so to speak, of the spammer’s ASR system.

Happy July 4th to those of you in the USA, and welcome back all our friends that just celebrated Canada Day.

Perfectly Secret

In VoIP Security it seems we owe a double debt to Claude Shannon.  Shannon is probably best known for the Nyquist-Shannon sampling theorem, which underlies the whole of digital sampling of analog signals.  The elevator version of this idea is that when you sample something into digital form, you have to do this at least twice the frequency of the highest frequency that you want to reproduce.  This is why CDs only have an audible frequency range of 22kHz (due to the 44 kHz sampling rate), which comfortably covers the range of frequencies that I can now hear, although perhaps not my childrens’. 

But Claude Shannon also coined the term perfect secrecy, as he did a lot of work related to cryptography.  In a nutshell, perfect secrecy means that you have no more information about the plaintext after seeing the ciphered version than you did before seeing it, i.e. it’s perfectly secret if the ciphered text gives you no clues and all plaintexts are equally probable.  I would highly recommend reading Shannon’s biography at the Wikipedia site.

Actually, reading this page made me think about Richard Feynmann (also  biog’ed at Wikipedia), one of my great heroes. 

The two men were about the same age: Shannon combined a serious academic career with juggling, unicycling and with roulette weekends in Las Vegas;  Feynmann, a brilliant physicist and educator, had hobbies of bongo drumming, painting and safe cracking.  I wonder if the two of them ever met?

VoWLAN with Smartphones

The German mobile telephony reseller eteleon has presented a new offering for a VoWLAN bundle featuring the Nokia E60, E61 and E70 smartphones with WLAN and VoIP capabilities. The offering is for use both in the GSM network as well as with Hotspots (or simply with the WLAN at home or in the office). Roaming from WLAN to GSM during a call is nevertheless not an option before the arrival of UMA (Unlicensed Mobile Access). The SIP clients of the Nokia models are delivered preconfigured for use with the VoIP service of the dus.net provider. The interesting thing about it: dus.net is already offering free SRTP encryption as part of its VoIP service. Though the Nokia SIP client doesn’t seem to support it, this is only a small step towards secure mobile VoIP. Should someone tell them?

You can find out more at heise and eteleon (both in German).

Black Hats and Evil Twins

In contrast to T-Mobile’s antipathy  towards VoIP services, I see that UK-based WiFi hotspot provider The Cloud is actually in partnership with Skype and Vonage, so clearly they see VoIP as an important component of their business. However, as has been discussed in recent weeks on our VOIPSEC list, security of VoIP is only as good as the security of the platform itself and of the network that carries the VoIP traffic.

The latest security worries for WiFi have just been aired in a Computer World article.  Some researchers will give a talk at the Black Hat conference on how to crash or hack WiFi drivers.  In particular, they have used a fuzzing technique (which David Endler wrote about recently) using a tool called LORCON to expose flaws in the WiFi driver.  The article suggests that LORCON is even a tool simple enough to use for script kiddies.

The life of WiFi has been punctuated by stories of insecurity, including Evil Twinning (where criminals impersonate a bona fide WiFi service), the use of Netstumbler to find unsecured WLANs and endless stories about the insecurity of WEP.  But as Virgil Gligor said at the recent VoIP Security Workshop, the history of computing is full of examples of new technologies that are used for a long period, perhaps ten years, before all of the related insecurities get found and fixed.

Cable VoIP in the news

Cable Hastens Telco Phone Line Losses

Cable Digitial News, who recently sold themselves to the parent of Light Reading, recently put up an interesting article saying that cable now has 62% of the 6 million customer residential VoIP market; up from 52% a year ago.  The telcos have been seeing an erosion north of 8 million lines per year and claim to be reducing the churn to closer to 6 million this year.  I scratch my head at that one.  I see the trend going in the other direction now that Comcast and Charter have launched cable VoIP products in most of their footprint.  That’s almost 50% of the US market that didn’t have a cable VoIP option a year ago.  I see the churn to cellular-only picking up speed, too.

The article couldn’t resist taking a pot shot at Vonage… the poster child of failed IPOs.  Like everybody else, I’ve been watching it crater.  The FCC news this week that Vonage is going to be required to pay into Universal Service Fund just further erodes their price advantage against the telco wireline product and the cable VoIP product.  This after rulings about CALEA and 911 requirements.  I think the company will end up being worth their cash plus about $100 per subscriber. 

It’s unfortunate that the lay person now thinks VoIP == Vonage and the brand is associated with low quality and a gigantic stockmarket failure.  The cable VoIP product has quality parity with the telco wireline product.  It just goes to show that if you set out to build a quality product rather than take advantage of regulatory arbitrage, you end up winning in the end.

An interesting factoid I’ve picked up recently is that when cable companies sell or trade properties to other cable operators, they value each customer who takes their VoIP product $1000 more than one who doesn’t.  I think this is going to be a big incentive for cable operators to roll out VoIP in their smaller markets since those are the properties that tend to be traded around frequently.  I’ll refrain from talking about my own company but Nortel just announced a scaled down version of their product called the CS 1500 that is clearly targeted at smaller markets. 

Obligatory mention of VoIP Security:

I’ve found myself deluged both from executives within my company and from the cable-oriented trade press about the Net2Phone theft of service hacker case.  There were all kinds rumors flying around that our product was somehow involved.  I had to run through the littany of layers of security that protect cable VoIP. 

  • DOCSIS is encrypted with 56-bit DES
  • Cable modem chips can only listen on the downstream.  You need a $10K piece of test equipment to sniff the upstream
  • The media terminal adapter (MTA) has a digitial certificate burned into it
  • The MTA authenticates with a Kerberos Key Distribution Center as part of the boot & provisioning sequence
  • The MTA is bound to a single Cable Modem Termination System so a cloned MTA will only work in a small geographical area
  • PacketCable Softswitches sit behind firewalls
  • Nobody turns on signaling or media security today but all the products support it and are conformance tested at CableLabs
  • With a simple port blocking strategy, you could make the Softswitch and MTA invisible on their signaling port

 I did get extensively quoted in one article but they mis-spelled my name.  So far, I’ve only consumed a few nanoseconds of my 15 minutes of fame.