Skype's encryption destroyed by phonemes

Skype’s encryption can be defeated by the use of phonemes, a team of insecurity experts have warned.

For ages, users have thought that Skype calls were safe because they were encoded, however according to i-programmer, computational linguistics can crack the encryption on VOIP calls well enough to reconstruct what is being said.

Boffins at the University of North Carolina have used the grammar of phonemes to match the patterns of data frame sizes with the most likely patterns of phonemes. This “Phonotactic Reconstruction” can translate the encryption into words.

Apparently, even though they are encrypted, the frames that make up a Skype call contain clues about what phonemes are being spoken and this means that the hackers don’t have to worry about mathematically breaking the encryption.

The encrypted data contains statistical relationship to the original data which makes Skype, and many other forms of VOIP telephone systems, vulnerable to this sort of attack.

Part of the problem is that voice data makes use of the structure of speech using the Linear Predictive Filter. Data is compressed by using an input code word that represents the sound made in the throat by the vocal chords. These are set in a filter so that the output matches the sound as well as it can.

Skype uses Code Excited Linear Prediction which gives data a code word, the gain coefficient and a set of linear prediction coefficients. The frame is compressed using a variable bit rate scheme and this produces a frame that has a size that does depend on the type of phoneme that has been encoded. It is then encrypted.

But the encryption doesn’t change the size of the frame and so the encrypted data that is transmitted has a correlation between frame size and phoneme uttered.

This made it possible for the boffins to use their “Phonotactic Reconstruction” techniques to reveal what was said during the call.