The Skype protocol is a proprietary network used for Internet telephony. Its specifications are not publicly available, and all official applications based on the protocol are closed-source. It lacks interoperability with most Voice over IP (VoIP) networks, so it requires licensing from Skype for any integration. Many attempts to reverse-engineer the protocol have been made to study its security features or to enable unofficial clients. On June 20, 2014, Microsoft announced that the old Skype protocol would be deprecated. Users had to upgrade to the 2014 version of Skype to continue accessing services, and older clients could no longer log in. As of the second week of August 2014, the new protocol, Microsoft Notification Protocol 24, was implemented to improve offline messaging and message synchronization across devices.

Peer-to-peer architecture

Skype pioneered peer-to-peer (P2P) technology for IP telephony. Its architecture includes supernodes, ordinary nodes, and a login server. Each client maintains a cache of reachable supernodes, while user directory data is distributed across these supernodes, organized into slots and blocks. Initially, any client with sufficient bandwidth and processing power could become a supernode. This setup posed challenges for users behind firewalls or Network Address Translation (NAT) because their connections could be used to facilitate calls between other clients. In 2012, Microsoft transitioned control of supernodes to its data centers to enhance performance and scalability, raising privacy concerns that were later highlighted by the PRISM surveillance revelations in 2013. Skype does not support IPv6, which could simplify its communication infrastructure.

Communication challenges

Supernodes relay communications for clients that are behind firewalls or NAT, enabling calls that would otherwise be impossible. However, issues may arise, such as:

Protocol details

Signaling in Skype is encrypted using RC4, but this method is considered weak because the encryption key can be recovered from the traffic. Voice data is protected with AES encryption. The Skype API allows developers to access the network for user information and call management. The code remains closed-source, and parts of the client utilize an open-source socket communication library called Internet Direct (Indy). In July 2012, a researcher revealed insights gained from reverse-engineering the Skype client.

Protocol detection

Various networking and security firms claim to have methods for detecting Skype's protocol. While their specific methods are proprietary, some published techniques include Pearson's chi-squared test and stochastic characterization using Naive Bayes classifiers.

Obfuscation layer

Skype employs RC4 to obfuscate the payload of data packets. The initialization vector (IV) is derived from a combination of the public source and destination IPs and a packet ID, transformed into an RC4 key. Notably, the misuse of RC4 can occur on TCP streams, where the first 14 bytes of a stream are XOR-ed with the RC4 stream, impacting data security.

Packet structure and compression

Most Skype traffic is encrypted, with commands and their parameters organized in an object list that can be compressed using a variant of arithmetic compression.

Legal considerations

The terms of Skype's license agreement prohibit reverse engineering. However, EU law allows for reverse engineering for interoperability purposes, and the U.S. Digital Millennium Copyright Act provides similar protections. Certain countries also permit copying for reverse engineering.