Hi D3something,
as Ian said, ignore Skype. Look at open-source video chat apps (there
are a few). Then look at open source crypto libs (openssl, maybe NSS,
etc.), and crypto email solutions (esp. GPG), and crypto chat solutions
(e.g. GPG in Jabber) and how the key exchange works. Then think about
how to bring the well-known open source crypto solutions and open-source
video chat apps together.
Your main problems will be:
* TCP vs. UDP, and latency
* Key exchange (compare GPG, and maybe SSH model)
Please followup to m.d.t.crypto.
On 08.01.2009 14:10, D3|\||\|!$ wrote:
Hi All!
I am looking for real-time encryption methods/protocols for streaming
A / V / Text data. I plan to build an app similar to Skype and since
Skype doesn't really reveal much about its security architecture, I'm
looking for ingenious solutions. Any suggestions/help would be
welcome.
From whatever research I did about Skype, I found the following
things:
Skype has implemented majority of its encryption modules by itself and
which are built to comply with standards but applied in their own
ingenious ways such as the AES block cipher, the RSA public-key
cryptosystem, the ISO 9796-2 signature padding scheme, the SHA-1 hash
function, and the RC4 stream cipher.
It uses 256-bit encryption in order to actively encrypt the data in
each Skype call or instant message. Skype uses 1024 bit RSA to
negotiate symmetric AES keys. User public keys are certified by the
Skype server at login using 1536 or 2048-bit RSA certificates.
The key size used for signing here is 1536-2048, which is
significantly greater than 1024-bit keys that are a global norm.
It has also set up its own CA for authentication. On first usage, a
client contacts Skype's master server which issues a certificate from
its indigenous CA.
Besides the above cryptographic algorithms, Skype has also implemented
its own proprietary key-exchange protocol which it uses for key
exchange. I guess they have borrowed most of the features of SSL and
implemented it according to their needs besides "fixing" its need for
a connection-oriented protocol.
I guess we could also have the same functionality using IPSec in
"transport" mode and creating a indigenous CA.. I DO NOT PLAN TO USE
VPNs, so using "tunnel" mode is out of question...
The question is, can we use IPSec to secure UDP data communication??
If yes, HOW?? (since using TCP to transport A / V data would cause
huge "delays".. So SSL is also out of question...)
One more option would be to use DTLS - I needed to know if NSS
supports DTLS... Have already developed apps with NSS.. so life could
be a lot more easier if NSS did support DTLS.. :D
Another option would be to use SSH but again, I'm not sure if it can
be used with UDP and also about its authentication methods. Comments
would be welcome.
Also, I'm looking for suitable forums/IRC channels to discuss the
topic more. Could the people here suggest me some???
Regards,
D3|\||\|!$
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
