January 8, 2013 weblog
Warsaw team on Skype can send silent message
(Phys.org)—A professor in Warsaw knows a way in which to communicate privately on Skype by using silence. Wojciech Mazurczyk at the Institute of Telecommunications, Warsaw University of Technology, discovered the packets technique for embedding secret data in phone calls on Skype. Mazurczyk and colleagues Maciej Karaś and Krzysztof Szczypiorski analyzed Skype data traffic and noted that, in a Skype call, between spoken words, Skype sends 70-bit-long data packets instead of the 130-bit ones that carry speech. Mazurczyk and team hid their data in the 70-bit packets during silent periods.
This is being described as a packet hijacking, as the team injected their encrypted message into the packets. "The secret data is indistinguishable from silence-period traffic, so detection of SkypeHide is very difficult," said Mazurczyk. They could transmit text, audio or video in this fashion during Skype calls.
Mazurczyk, an assistant professor, will be presenting the team's work at a steganography conference this summer in France. The team aims to present its "SkypeHide" in Montpellier in June. The conference is the First ACM Information Hiding and Multimedia Security Workshop, to take place at the University of Montpellier from June 17 to 19. "Information Hiding" relates to digital watermarking, steganography and steganalysis, anonymity and covert/subliminal channels.
As for Skype, there have been concerns raised about airing conversations over Skype without law enforcement listening in. "There are concerns that Skype calls can be intercepted and analyzed," said Mazurczyk in New Scientist. As for SkypeHide, he and his team were able to send secret messages at a rate of almost 1 kilobit per second alongside calls.
Skype, in July last year, in a blog, assured the public that Skype had not recently changed policies with regard to law enforcement. "If a law enforcement entity follows the appropriate procedures and we are asked to access messages stored temporarily on our servers, we will do so. I must reiterate we will do so only if legally required and technically feasible."
© 2013 Phys.org