Forensic Framework for Skype Communication

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 385)


Skype is a secure internet telephonic application which establishes connection between its clients through a peer-to-peer architecture. The connection between Skype client to its server and other clients uses an encrypted channel that uses Transport layer Security (TLS) protocol. At the same time, connection between Skype client and Public Switch telephone Network (PSTN) gateway is accomplished through unencrypted digital channel using Voice over Internet Protocol (VoIP). The encrypted channels in the Skype communication make forensic analysis frameworks to work badly in decrypting the traffic and procuring critical forensic details of the network stream against intruders and cyber criminals. Furthermore, policy violations and unbound usage of Skype VoIP communication over PSTN users waste the network bandwidth. Here we propose a sophisticated Skype forensic framework that collects forensic information by decrypting the Skype client-server communication along with recreating voice content in the Skype to PSTN VoIP communication. We also propose an efficient packet reconstruction algorithm powered by time stamping technique for regenerating malicious content from payloads of the Skype network stream followed by supporting prosecution of policy violators and cyber criminals in the court of law.


Skype Forensic Analysis TLS Skype VoIP Packet reordering Pcap file 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Baset, S.A., Schulzrinne, H.: An analysis of the skype peer-to-peer internet telephony protocol. In: IEEE INFOCOM 2006, pp. 1–11, April 2006Google Scholar
  2. 2.
    Guha, S., Daswani, N.: An an experimental study of skype peer to peer VoIP system. In: IPTPS 2006, pp. 10–16, February 2006Google Scholar
  3. 3.
    Leung, C.-M., Chan, Y.-Y.: Network forensic on encrypted peer-to-peer VoIP traffics and the detection, blocking, and prioritization of skype traffics. In: 16th IEEE International Workshops on Enabling Technologies, pp. 401–408, June 2007Google Scholar
  4. 4.
    Molnar, S., Perenyi, M., Gefferth, A., Trang, D.D.: Skype traffic identification. In: IEEE Global Telecommunications Conference, pp. 399–404, November 2007Google Scholar
  5. 5.
    Ronald, C., Dodge, J.R.: Skype fingerprint. In: IEEE Proceedings of the 41st Annual Hawaii International Conference on System Sciences, pp. 484–452, January 2008Google Scholar
  6. 6.
    Rossi, D., Mellia, M., Meo, M.: Evidences behind skype outage. In: IEEE International Conference on Communications, pp. 1–6, June 2009Google Scholar
  7. 7.
    Tinta, S.P., Wong, J.L.: Characterizing end-to-end packet reordering with UDP traffic. In: IEEE Symposium on Computers and Communications, pp. 321–324, July 2009Google Scholar
  8. 8.
    Molnar, S., Perenyi, M.: On the identification and analysis of skype traffic. In: International Journal of communication systems, pp. 97–117, April 2010Google Scholar
  9. 9.
    Alshammari, R., Halifax, N.S.: An investigation on the identification of VoIP traffic: case study on Gtalk and Skype. In: IEEE ICNS-10, Management, pp. 310–313, October 2010Google Scholar
  10. 10.
    Wu, L., Duan, H.-x.: SSL-DP: a rootkit of network based SSL and TLS traffic decryptor. In: 2nd IEEE CTC-Workshop, pp. 29–33, July 2010Google Scholar
  11. 11.
    Gao, H.: Forensic method analysis involving VoIP crime. In: IEEE Fourth International Symposium on Knowledge Acquisition and Modeling, pp. 241–243, October 2011Google Scholar
  12. 12.
    Manesh, T., Brijith, B., Singh, M.P.: An improved approach towards network forensic investigation of HTTP and FTP protocols. In: PDCTA-11, Springer Heidelberg, pp. 385–392, September 2011Google Scholar
  13. 13.
    Irwin, D., Slay, J.: Extracting evidence related to VoIP calls. In: AICT Conference, pp. 221–228. Springer, Heidelberg, June 2011Google Scholar
  14. 14.
  15. 15.
    Azab, A., Watters, P., Layton, R.: Characterizing network traffic for skype forensics. In: IEEE Third Cybercrime and Trustworthy Computing Workshop, pp. 19–27, October 2012Google Scholar
  16. 16.
    Korczynski, M., Duda, A.: Classifying service flows in the encrypted skype traffic. In: IEEE International Conference on Communications, pp. 1064–1068, June 2012Google Scholar
  17. 17.
    Manesh, T., Brijith, B., Bhraguram, T.M., Rajaram, R.: Network forensic investigation of HTTPS protocol. In: IJMER, vol. 3, no. 5, pp. 3096–3106, October 2013Google Scholar
  18. 18.
    Sinam, T., Lamabam, P., Ngasham, N.: An efficient technique for detecting Skype flows in UDP media streams. In: IEEE ICANTS-13, pp. 1–6, June 2013Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Department of Computer Science and InformationPrince Sattam Bin Abdul Aziz UniversityAl-KharjSaudi Arabia
  2. 2.Shankara Research Centre in Information ScienceAdi Shankara Institute of Engineering and TechnologyKaladyIndia
  3. 3.Faculty of Electronic EngineeringMenoufia UniversityMenoufEgypt

Personalised recommendations