臺灣博碩士論文加值系統

Skype是現今應用P2P技術最成功且是全球最多人使用的VOIP通訊軟體，巧妙的利用P2P的特性解決防火牆的阻擋以及不同類型的NAT的設置，並且為了保持在低頻寬依然有好的通訊品質以及傳送資料的安全性，採用了高規格的語音編碼和加密處理，這些都是讓Skype目前廣泛在網路世界上使用的主要原因。不過目前Skype仍非開放軟體，所以沒有人確切知道其運作行為，我們長期分析觀察，發現Skype在不同階段會根據不同功能傳送不同種類封包，所以如果擁有一個有力的分析工具將有助於對Skype進行更深一步的研究。我們結合Skype TCP/IP傳送特性，以及封包的特徵，在知名側錄軟體Wireshark開發出Skype的分析器，使我們即使是在後端的主機設備側錄，亦能及時抓取過濾出所要的封包資訊，無須另外建立單純可掌握Skype傳送的側錄環境，並且輔以Skyemu對於實際Skype傳送的封包進行解密，來研究真實的運作行為，力求了解Skype通訊協定的真實原貌。

Skype is a popular peer-to-peer (P2P) voice over IP (VoIP) application evolving quickly since it was developed in 2003. Skype claims that it can work almost seamlessly across NATs and firewalls and has better voice quality than other VoIP applications. Skype uses wideband codecs which allows it to maintain reasonable call quality at a low bandwidth and adopts the strong encryption mechanisms to protect its service.
Skype is a popular peer-to-peer (P2P) voice over IP (VoIP) application evolving quickly since it was developed in 2003. Skype claims that it can work almost seamlessly across NATs and firewalls and has better voice quality than other VoIP applications. Skype uses wideband codecs which allows it to maintain reasonable call quality at a low bandwidth and adopts the strong encryption mechanisms to protect its service.
However, Skype is a proprietary software so that the protocols and algorithms are unknown. From long-term observations, we found that the different types of packets will be sent according to different functions and stages. Therefore, it is helpful for research of Skype if there is a powerful analytical tool. Combining the characteristics of Skype with TCP/IP and packet signature, we develop the Skype module in Wireshark. Our tool is able to sniff the Skype packet information even if there are mixed (included Skype and Non-Skype) traffic. To understand the protocol for Skype, we decrypt the packet by using the Skyemu to study the real behaviors among nodes (e.g., SN and SC).

論文摘要 3
Abstract 4
誌 謝 5
第1章 緒論 10
1.1 Skype網路架構 11
1.2 Skype主要的組成要素 12
1.2.1 連接埠（Port） 12
1.2.2 Host cache 13
1.2.3 編碼器 14
1.2.4 加密技術 14
1.2.5 好友名單 15
1.2.6 NAT (Network Address Translation)與防火牆 15
1.3 相關研究 16
1.4 論文內容介紹 17
第2章 分析工具需求與介紹 18
2.1 Skype UDP封包 18
2.1.1 Skype UDP 加密 19
2.1.2 Skype UDP Probe、NAck、Resend 20
2.2 Skype UDP封包格式 21
2.2.1 Packet number (Skype ID) 23
2.2.2 Func (Skype function) 24
2.2.3 初始向量IV (Skype initial vector) 24
2.2.4 CRC循環冗餘校驗 24
2.2.5 RC4加密演算法 26
2.2.6 RC4的強度 28
2.3 Skype TCP封包 29
2.3.1 TCP RC4解密特性 29
2.4 Skype封包RC4 解譯結果 31
2.4.1 Message type: Skype UDP Probe (Request) 31
2.4.2 Message type: Skype UDP Probe (Response) 32
2.4.3 Message type: Skype UDP Fragment 33
2.4.4 Skype原始傳送資料 34
2.5 Wireshark 35
2.5.1 Wireshark功能介紹 36
2.6 Wireshark analyzer 40
2.6.1 Lua 40
2.6.2 如何透過Lua編寫通訊協定分析器 41
2.6.3 製作Skype通訊協定分析器 42
第3章 Skype運作行為分析 45
3.1 Skype 主要功能 45
3.2 登入Skype網路階段動作 45
3.2.1 SC尋找可供連線服務的SN 46
A) Hostcache解讀 49
B) IP address and port pairs hard-coded 51
3.2.2 SC跟login server確認身份 52
3.2.3 Skype NAT與防火牆環境探測 56
3.2.4 SC連上Skype網站確認其是否為最新版本 59
3.2.5 Skype central server 60
3.2.6 SC user search 61
3.2.7 Skype對外界的TCP連線 62
3.2.8 SC online process 63
3.3 登入之後的常態性傳送行為 64
3.3.1 UDP傳送至連接埠13392 64
3.4 使用者通訊階段傳送行為 65
3.4.1 Skype文字訊息傳遞 65
3.4.2 Skype語音訊息傳遞 66
3.4.3 多方通話 66
第4章 結論 68
4.1 成果與討論 68
4.2 未來研究方向 68
參考文獻 70

[1]S. A. Baset and H. G. Schulzrinne, “An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol,” Proc. of IEEE INFOCOM’06, Barcelona, Spain, Apr. 2006.
[2]Lubos Ptacek, "Analysis and detection of Skype network traffic," M.S.thesis, Dept. Informatics. Eng., Masaryk Univ., Brno, Czech Republic
[3]P. Biondi and F. Desclaux, “Silver needle in the Skype,” in Black Hat Europe’06, Amsterdam, the Netherlands, Mar. 2006
[4]B. Trammell, E. Boschi, G. Procissi, C. Callegari, P. Dorfnger, and D. Schatzmann, “Identifying Skype Traffic in a Large-Scale Flow Data Repository” In Proceedings of the Third COST TMA International Workshop on Traffic Monitoring and Analysis (TMA 2011), Vienna Austria, Apr 2011
[5]D. Bonfiglio, M. Mellia, M. Meo, D. Rossi, “Detailed Analysis of Skype Traffic”, IEEE Transactions on Multimedia, Vol. 11, No.1, Jan 2009
[6]S. Ehlert and S. Petgang, “Analysis and signature of Skype VoIP session traffic”, Technical Report NGNI-SKYPE-06b, Fraunhofer FOKUS, Berlin, Germany
[7]F. Desclaux and K. Kortchinsky. “Vanilla Skype part 2,” in Recon, Montreal, Canada, June　2006
[8]D. Bonfiglio, M. Mellia, M. Meo, D. Rossi, P. Tofanelli, Revealing Skype traffic: when randomness plays with you, in Proceedings of the 2007 ACM SIGCOMM, August 2007
[9]William Stallings, “Cryptography and Network Security: Principles and Practice” 4/E, 2006
[10]Skype Privacy and security https://support.skype.com/en-us/faq/FA31/does-skype-use-encryption
[11]The Programming Language Lua, [online] Available: http://www.lua.org
[12]Lua - The Wireshark Wiki http://wiki.wireshark.org/Lua/
[13]Serice names and port numbers are assigned by IANA http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
[14]IP Tracing and IP Tracking http://www.ip-adress.com/ip_tracer/
[15]Wireshark目前有支援的通訊協定 http://www.wireshark.org/docs/dfref/
[16]Skype整併到Microsoft的官方聲明 http://www.microsoft.com/zh-tw/skype/