Skype: security & supernodes questions

Everybody loves Skype. Not you? (Haven't tried it yet? It's a piece of software that let you place and receive phone calls for free or for cheap and do other things over the Internet - using the so-called "Voice over IP" technology. I wrote a column about it for the Wall Street Journal Europe one year ago if you want more details explained in a non-tech language). The London/Luxembourg/Tallinn-based company has been a wildly successful startup, a darling of the media, a true disrupter of the old world of telecommunication, and eBay bought it in September for 2.6 billion USD (plus another billion or so if they reach some financial targets).
But with success comes scrutiny, and Skype is getting some punches.

One: Skype's design is peer-to-peer. The core functions of the network, call set up, routing and call transfer, and the audio streams are decentralized; the audio streams are going directly between end users and not traversing any "central infrastructure". That's good for robustness and reliability and scalability (as well as for Skype the company, which doesn't have to invest in any major infrastructure and can add new users at near-zero marginal cost). But for the scheme to work, someone must hold a sort of "central database" that contains the names of the users that are active at this precise moment - otherwise the system wouldn't know whether someone is online and where to route my call. That database is also distributed among some of the users, generally those with the most powerful computers and the biggest bandwidth: they're transformed in "supernodes". Here is how Sykpe's CEO Niklas Zennström explained the concept of supernode to me in an interview (via Skype) while I was researching that column last year:

Any user can be elevated to become a supernode. It means that you are participating in the network by holding a small portion of the database that contains all the Skype users. If I want to call you I type in your Skype name and there is a lookup function of your name compared to and IP address and some other parameters. That database has been spread out among several supernodes. So supernodes are holding a distributed database. It is a dynamically decentralized part of system. You have to qualify to be a supernode, need to have a powerful PC, good uptime and bandwidth. Very much a decentralized process.

I'm right now logged in as a normal user. I see my buddy list, can place a call. What happens in the background of my computer? What am I sharing with the rest of the network right now?

Most likely nothing. When you connect – you have filled out your profile. When you connect the information is being pushed out to a supernode that you are connected. There is less than 1 percent of the users that are supernodes. When you become supernode you share some of your resources and a little bit of bandwidth, but very little, you won't notice.

That qualification as a supernode doesn't seem to happen explicitly: it's rather a dynamic function of the Skype design, and becoming a supernode, at least in certain cases, uses up huge amounts of CPU and bandwidth, as Paul Kedrosky discovered last week when he noticed that his computer (which he was not using: he was travelling) "was sending out enormous amounts of traffic": it was routing Skype traffic as a supernode. An article in Computerworld stresses the same point:

In supernode mode, Skype is reputedly able to saturate 100 Mbit/s connections.

Normal Skype users' computers are less taxed than this, obviously (although each successive version of the Skype software seems to be taking up more and more power). The possibility of becoming a supernode is written into Skype's end-user licence agreement, somehow:

4.1 Permission to utilise your computer. In order to receive the benefits provided by the Skype Software, you hereby grant permission for the Skype Software to utilise the processor and bandwidth of your computer for the limited purpose of facilitating the communication between Skype Software users.

(Notice the absence of the word "supernode".)
All this forces two consideration: Skype is using some people's CPUs and bandwidth at an amazing rate. Sure, they agree by it when they click that button on the licence and install the software: but some of them may come soon to the idea of asking Skype to share the riches. Second: Skype may start deploying its own supernodes; that would completely transform its the business model. In that interview, Zennström - while acknowledging scaling issues - said it would not come to massive capex, and that Skype was basically infinitely scalable without building a central infrastructure:

We won't need to invest in infrastructure. At some point we will need to make some changes in the technology to be able to scale more.: if we don't, when we reach 10 million concurrent users we believe there will be problems. So before that happens we will have to spend some time to make some changes in the architecture. But there is no investment needed in hardware etc, just in development.

However, Skype is now part of eBay and they may think differently there, particularly if the current scattered notes by supernode-users should turn into more vocal complaints.

Two: security concerns are growing. Not really about the confidentiality of Skype-based calls (though the company has not released details about its encryption, it claims, as I wrote in that column, that it uses 256-bit encryption, and so far nothing has come up that would infirm that claim). The concerns are rather about a key design feature of Skype: its ability to pass calls through firewalls. Are employees installing Sykpe on their PCs opening up holes in the company's firewalls? Could hackers use the data stream carrying a phone call to infiltrate corporate or other networks? Could a supernode be taken over by a malicious operator? Skype claims that's not the case, although last October it had to fix some vulnerabilities; and so far no abuse has been reported. But many organizations are being very cautious. Business Week reports for example that some companies such as pharma giant Novartis, banker Goldman Sachs and chemical multinational Degussa have banned it, as have universities from Oxford to Texas to Minnesota. In September, says the magazine, the French government recommended universities and labs to avoid Skype. And a very significant institution banning Skype is here in Geneva (I'm nearby today): the CERN. That's the place where the Web was invented... Here is from their internal "restrictions on software":

Skype P2P telephony software is not permitted on CERN's computing or network facilities. The privacy policy of Skype violates CERN's Computing Rules by bypassing firewall protections and offering services to others.

Skype is now being installed into mobile phones and wireless devices, which opens up a whole new pan of the discussion. There certainly will be more coming, and it's almost as certainly going to get quite technical (see the comments on Paul Kedrosky's post).
Maybe I will call in at the guys at CERN and see if I can get more details from them. For now however, I will keep using Skype. As the CIO of a big company says in that BW story: "If I were GWBush, I wouldn't talk on it; but it should be fine for anybody else".

UPDATE (8 Feb 06) - Why CERN keeps Skype out

Comments

Thanks for this interesting post.
As far as I understand, supernodes are allocated based on the attributes you mentioned, but also based on the supernode's idle time, similarly to the utility computing model. I don't believe Skype is usurping the supernode's cpu power, regardless of the node's workload. And if it's just the idle cycles, then my question is: why not? a very human principle of give n' take. Don't you agree?

Posted by: Muli | January 18, 2006 at 04:05 PM

I do agree. Totally actually. I've been following the developments of the "grid" for a while, and projects such as SETI@home (http://setiathome.ssl.berkeley.edu/) have demonstrated the value and potential of this approach. The idea that idle CPU time can be networked and turned into supernode activity is at the core of Skype's design. The delta here is between the "limited" usage requested by Skype in the user's licence and saturating a user's connection (users and their companies, most of them anyway, pay for their bandwidth), which seems to happen under certain circumstances.

Posted by: BG | January 18, 2006 at 04:39 PM

I noticed recently that my CPU useage was very high, although no program was listed as using it (System Idle Process). By trial and error I discovered the culprit was Skype. On the one hand, it did not seem to slow me down for the most part, but on the other hand it had me worried that I had a rootkit somewhere. After reading this, I figured out Skype was using me as a supernode. Which I suppose I did agree to.

Posted by: Scott | December 27, 2006 at 09:47 AM