Computer Security - A / V / Text encryption methods

01-08-2009, 06:20 AM

Hi All!

I am looking for real-time encryption methods/protocols for streaming
A / V / Text data. I plan to build an app similar to Skype and since
Skype doesn't really reveal much about its security architecture, I'm
looking for ingenious solutions. Any suggestions/help would be
welcome.

From whatever research I did about Skype, I found the following
things:

Skype has implemented majority of its encryption modules by itself and
which are built to comply with standards but applied in their own
ingenious ways such as the AES block cipher, the RSA public-key
cryptosystem, the ISO 9796-2 signature padding scheme, the SHA-1 hash
function, and the RC4 stream cipher.

It uses 256-bit encryption in order to actively encrypt the data in
each Skype call or instant message. Skype uses 1024 bit RSA to
negotiate symmetric AES keys. User public keys are certified by the
Skype server at login using 1536 or 2048-bit RSA certificates.
The key size used for signing here is 1536-2048, which is
significantly greater than 1024-bit keys that are a global norm.

It has also set up its own CA for authentication. On first usage, a
client contacts Skype's master server which issues a certificate from
its indigenous CA.

Besides the above cryptographic algorithms, Skype has also implemented
its own proprietary key-exchange protocol which it uses for key
exchange. I guess they have borrowed most of the features of SSL and
implemented it according to their needs besides "fixing" its need for
a connection-oriented protocol.

I guess we could also have the same functionality using IPSec in
"transport" mode and creating a indigenous CA.. I DO NOT PLAN TO USE
VPNs, so using "tunnel" mode is out of question...

The question is, can we use IPSec to secure UDP data communication??
If yes, HOW?? (since using TCP to transport A / V data would cause
huge "delays".. So SSL is also out of question...)

Also, I'm looking for suitable forums/IRC channels to discuss the
topic more. Could the people here suggest me some???

Regards,
D3|\||\|!$

D3|\\||\\|!$

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
.....encryption	Kornholio	Software	1	03-20-2008 11:07 AM
Encryption Software	Kornholio	Software	0	02-19-2008 12:18 PM
Calling Java methods in C	boyabhi123	Software	0	08-02-2007 10:42 AM
Use page methods in another page at asp.net 2?	ahmad_n80	Software	0	07-29-2007 07:14 PM
Rip & Burn methods, and .ISO files	def456	DVD Video	0	02-05-2007 05:01 PM

01-08-2009, 06:20 AM	#1
	A / V / Text encryption methods Hi All! I am looking for real-time encryption methods/protocols for streaming A / V / Text data. I plan to build an app similar to Skype and since Skype doesn't really reveal much about its security architecture, I'm looking for ingenious solutions. Any suggestions/help would be welcome. From whatever research I did about Skype, I found the following things: Skype has implemented majority of its encryption modules by itself and which are built to comply with standards but applied in their own ingenious ways such as the AES block cipher, the RSA public-key cryptosystem, the ISO 9796-2 signature padding scheme, the SHA-1 hash function, and the RC4 stream cipher. It uses 256-bit encryption in order to actively encrypt the data in each Skype call or instant message. Skype uses 1024 bit RSA to negotiate symmetric AES keys. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates. The key size used for signing here is 1536-2048, which is significantly greater than 1024-bit keys that are a global norm. It has also set up its own CA for authentication. On first usage, a client contacts Skype's master server which issues a certificate from its indigenous CA. Besides the above cryptographic algorithms, Skype has also implemented its own proprietary key-exchange protocol which it uses for key exchange. I guess they have borrowed most of the features of SSL and implemented it according to their needs besides "fixing" its need for a connection-oriented protocol. I guess we could also have the same functionality using IPSec in "transport" mode and creating a indigenous CA.. I DO NOT PLAN TO USE VPNs, so using "tunnel" mode is out of question... The question is, can we use IPSec to secure UDP data communication?? If yes, HOW?? (since using TCP to transport A / V data would cause huge "delays".. So SSL is also out of question...) Also, I'm looking for suitable forums/IRC channels to discuss the topic more. Could the people here suggest me some??? Regards, D3\|\\|\|\\|!$ D3\|\\\|\|\\\|!$