Chapel Hill Computational Linguists Crack Skype Calls 156
mikejuk writes "You might think of linguistics as being interesting but not really useful. Now computational linguistics [PDF of original paper] has been used to crack Skype encryption and reconstruct what is being said in a VoIP call. What is surprising is that though they are encrypted, the frames that make up a Skype call contain clues about what phonemes are being spoken."
Side channel attack (Score:5, Informative)
Encrypting a wave (Score:2, Informative)
Of course, since the data basically represents sound waves, there is a certain level of predictability and pattern on the data unlike normal data which is much more random.
It would have to be a special encryption to get rid of this pattern using a more dynamic algorithm that changes as it progress (which can make it annoying to decrypt or simpler to detect) or disjoint the data over a greater amount of data (making it somewhat harder to find the patterns though still might be possible) of the encryption though that is difficult in a time sensitive app like Skype which encrypts and sends as it receives the data.
Re:Skype's encryption sucks (Score:5, Informative)
The reason why is that any serious encryption attempt of IP traffic would make all packets a constant size, significantly below expected MTU size (taking into account tunnels). This attack would not exist in that scenario.
It's actually harder than that. You also have to generate the packets at an even rate as well, or you'll still have some leakage.
Even after you do that, the presence or absence of a stream of packets will at the very least indicate if a call is in progress; to defend against that, you have to *always* transmit the stream.
Even then you're leaking information about the maximum amount of data you could be communicating.
The goalposts keep moving right on down the field when you're talking about side channels. You just have to pick the point where you're comfortable.
Re:Side channel attack (Score:4, Informative)