Skype - 3.0 beta Guide de l'utilisateur télécharger pdf (Page 13)

Skype Network Administrator’s Guide Skype 3.0 Beta 13

2006-10-31 Document version 2.0 Beta

Skype is the only Internet voice application provider that currently employs strong

encryption to protect network traffic. This is because Skype’s tight security model is

integrally linked to its underlying P2P network architecture.

The fact that Skype network traffic is routed through supernodes and may be routed

through relay hosts (computers and devices that are not party to a call, IM, or file transfer)

means that all Skype network traffic must be automatically encrypted end-to-end to ensure

privacy.

As a result, Skype’s network traffic cannot be intercepted and decoded while in transit.

That being said, even though Skype offers a private communication channel, it still runs on

mass-market operating systems.

This means that even though Skype network traffic cannot be intercepted and decoded

while in transit, when Skype traffic is decrypted on computers that are party to a call, IM,

or file transfer, data such as chat logs, and voicemail messages may be vulnerable.

In the context of the security provided by operating system(s) on which the Skype client is

installed and running, Skype provides operational level of security or privacy. Therefore,

Skype neither provides a secure computing platform in the strictest definition, nor does it

offer a secure file storage solution.

By secure computing platform, we mean a computing platform that meets technical criteria

about how information is transmitted, received, handled, and stored such that high-value or

high-risk transactions can be handled securely.

Skype utilizes a security model that effectively prevents anyone who may have access to a

supernode or relay host from interfering with or capturing any part of a Skype

communication, even if they are able to collect or sniff network data packets. It also

prevents anybody (especially those you consider to be a competitive threat) from installing

a computer on the Internet in the theoretical path of incoming and outgoing Skype traffic

for the purpose of eavesdropping.

The bottom line is this; although Skype cannot guarantee complete anonymity or secrecy,

it does provide transport-layer security to ensure that message content traveling over the

Skype network cannot be tapped or intercepted. Skype network traffic and message content

will not end up at unauthorized destinations.

Skype User Authentication

Skype’s security model utilizes a public-key cryptography with signed digital credentials.

This enables Skype to validate each user’s authenticity. It also reduces the demand for

centralized infrastructure.

With public-key/private-key cryptography, one of the keys is made “public” enabling

unrestricted distribution. However, the other key remains secret. The two keys are

independent but related. Neither of the keys can be used to predict what the other key is.

Both keys are needed to complete the handshake that allows a given communication

session to complete.

Skype Security Model

1 2 ... 8 9 10 11 12 13 14 15 16 17 18 ... 36 37

Pas de commentaire

Skype - 3.0 beta Guide de l'utilisateur Page 13