Previous

Contents

Next

Phonotactic penetration of Skype encryption
by Jim Davidson
[email protected]

Special to The Libertarian Enterprise

You have been thinking that Skype's proprietary encryption was keeping your conversations private.

Oops.

It turns out that phonotactic penetration of Skype has been demonstrated. Andrew Frey of the north-central Kansas campus of Individual Sovereign University showed me a text news site with an article on this very issue. That links to this site.

(It turns out that the morons at Facebook managed to lose my first version of this note. Fuckers.)

The way Voice Over IP seems to work involves breaking the voice stream into data blocks. Unfortunately, these blocks are of lengths that are consistent with the phonemes being encoded. After encryption, this information—the size of each data block— remains. So if you know how to analyse the data, you can use the size of each block to tell what phoneme was encrypted. Apparently, a full transcript of a Skype conversation without using decryption was recently performed.

This appears to be a general limitation of VOIP and not only Skype. An obvious work-around or solution would be to break the data stream into packets of equal length before encrypting, or after encrypting but before transmitting. Some genius is going to address this problem, soon.

It just goes to show how data communication geniuses aren't always sufficiently knowledgeable about specialities like voice communications. Who ever heard of phonotactic analysis?

People help each other on the path to agorism.

Okay, this story has been all over the discussion lists today. It turns out that Twinkle has settings to remove the pre-processing that would otherwise leave it vulnerable to the same penetration.

If you use Twinkle (a voice over IP for Ubuntu and other Linux, which has built-in encryption) in the edit menu seek: Edit -> User Profile -> RTP Audio -> Speex uncheck all

Then in the preprocessing tab, uncheck all.

This removes the vulnerability. As well, with a virtual privacy network running, you get an additional layer of encryption on everything you send and receive. You can also add some ping activity to add chaff.

Is there a solution for Skype? I don't know. I don't Skype. Proprietary encryption is not something I'm interested in. Open source crypto for the win.

[See also Blink—Editor]

Jim Davidson is an author, entrepreneur, and anti-war activist. His 1990 venture to offer a sweepstakes trip into space was destroyed by government action as was his free port and prospective space port in Somalia in 2001. His 2002-2007 venture in free market money and private stock exchange was destroyed by government action in 2007. He's going to Mars if he has to walk. His second book, Being Sovereign is now availble from Lulu and Amazon. He is currently working on a book about travel to Mars with John Wayne Smith, a book with international fugitive Chad Z. Hower on his story, a book on sovereign self-defence, and a book compiling his letters and essays in The Libertarian Enterprise from 1995 to 2010. Contact him at indomitus.net or indsovu.com. Come visit IndSovU teams at gatherings in June 2011 in New Hampshire, September 2011 in Montana, December 2011 in Florida, and March 2012 in Austin, Texas.

Help Support TLE by patronizing our advertisers and affiliates.
We cheerfully accept donations!