The person Skyping in the library may not be worried about anyone snooping on his conversation, since everyone else is busy studying. Besides, conversations on Skype are encrypted, so no one should be able to listen in on them.
But how secure is Skype actually? Anyone who reads the terms of service carefully will find out that any data can be passed along to the authorities, if they request it and if it is “technically feasible.” However, no one outside of the company knows how Skype works or how “technically feasible” it is to record a conversation. There’s also a chance that Skype could contain compromising bugs that would provide hackers an entry into the system.
The potential for a system breach can be a major privacy concern for many Skype users. Thankfully, three researchers at the Warsaw University of Technology think that they’ve found a secure way to transmit information through Skype. Wojciech Mazurczyk, Maciej Karas and Krzysztof Szczypiorski used a technique called steganography in order to “hide” a conversation on Skype.
Steganography is the science of sending a message such that no one except the sender and the recipient know that the message exist; a classic example is writing something in invisible ink. They call the program they developed SkyDe, an abbreviation for “Skype Hide”.
Mazurczyk, Szczypiorski and some colleagues have already come up with different forms of network steganography, a way of hiding a message in a network in such a way that there are no traces of the message being sent.
“Steganography can be treated as e.g an anticensorship tool that could help fight oppressive regimes by providing clandestine, hard to detect communication. It can be also used by companies as a tool to prevent industrial espionage,” Mazurczyk wrote in an email to The News-Letter.
“After the 11 September attacks in 2001, rumors flew that they had been carried out with some help from steganography. A 2001 New York Times article described fake eBay listings in which routinely altered pictures of a sewing machine contained malevolent cargo. The link to 9/11 was never proved or disproved, but after those reports, the interest in steganographic techniques and their detection greatly increased.”
SkyDe works by taking advantage of how Skype treats periods of silence in a conversation.
When someone isn’t talking, Skype still transmits information instead of stopping transmissions.
However, the transmissions of silence are encrypted in shorter chunks than transmissions of speech. This allows silence to be detected reliably. While a conversation is going on, SkyDe encrypts the hidden message. Then, once a packet of data representing silence is about to be sent out, the program replaces that data with the encrypted message. The message is decrypted at the receiving end of the conversation.
Hijacking data that represents silence instead of data that represents speech keeps any possible viewers from suspecting anything, because there are no long awkward gaps in the conversation. Also the message is encrypted in a way that makes it very difficult to detect any differences between it and the data that Skype sends. SkyDe can even place the encoded message in the conversation of a third party who has no idea what’s going on. All this makes it almost impossible to realize that SkyDe is sending hidden messages.
The researchers carried out an experiment in which they were able to transmit almost 2 kilobytes a second without interfering with the quality of the Skype call and while the transmission of the message was undetectable. They plan further research into the algorithm that selects packets of data that encode silence, in order to increase the bandwidth while keeping distortion to a minimum. They also believe that they can use SkyDe for other systems that work similar to Skype.
“We are currently in contact with some companies and we plan to commercialize this as a Skype addon,” Mazurczyk wrote.