IdentityMeme.org

This slide deck, from the recent Black Hat Europe 2006 conference..

• Silver Needle in the Skype, by Philippe BIONDI and Fabrice DESCLAUX (2006)

..provides an intriguing look inside the Skype executable, revealing the fairly great lengths its creators went to in attempting to obfuscate its code and workings. Also dissected are the ciphering techniques applied to Skype PDUs (protocol data units, aka packets). The deck illustrates creatively effective use of various debugging/disassembling tools. Icing on the proverbial cake are their some-assembly-required instructions for how to patch skype.exe for use in creating your own closed, private P2P network

This work adds to the body of openly disseminated information about this very closed P2P network and program. For reference, here are two earlier analyses..

• An Analysis of the Skype Peer-to-Peer Internel Telephony Protocol, by Salman A. Baset and Henning Schulzrinne (2004)
• Skype Security Overview – Rev 1.6 - 1/26/05, By Simson L. Garfinkel.

My colleague and friend, Susan Landau, works (in one of her multi-facets) at the intersection of privacy, security, and public policy. I find it a good idea to keep up on what she’s writing in these areas. She doesn’t (yet?) have a blog per-se, but watching the publications section of her homepage works pretty well — hence there being a link to her page in my sidebar here. She has a couple of recent articles on the multi-faceted topic of the Internet/VoIP and wiretapping/CALEA that are interesting and provocative…

• Security, Wiretapping, and the Internet
• The Real National-Security Needs for VoIP

I recently co-authored a major rewrite of the so-called “SIP SAML” I-D, crafting it into an actual SAMLv2 profile and binding, now (rather plainly) entitled “SIP SAML Profile and Binding”. Here’s the publication announcement: I-D ACTION:draft-tschofenig-sip-saml-05.txt.

Here is the abstract:

This document specifies a Session Initiation Protocol (SIP) profile of Security Assertion Markup Language (SAML) as well as a SAML SIP binding. The defined SIP SAML Profile composes with the mechanisms defined in the SIP Identity specification and satisfy requirements presented in “Trait-based Authorization Requirements for the Session Initiation Protocol (SIP)”.

The “SIP Identity” Internet-Draft, whose lead author is my colleague Jon Peterson, was recently blessed by the IESG and is to be issued as a “Proposed Standard” RFC. Here’s the announcement: Protocol Action: ‘Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)’ to Proposed Standard.

My colleague John Kemp has blogged a quick, accurate (although partial) tutorial on the Liberty Authentication Service, of which I was the original designer (see my bibliography). I hope he gets the time to post part 2 of his write-up!