Improving authentication performance of distributed SIP proxies

Authors:
Italo Dacosta;Vijay Balasubramaniyan;Mustaque Ahamad;Patrick Traynor
Affiliations:
Georgia Tech Information Security Center (GTISC), Atlanta, GA;Georgia Tech Information Security Center (GTISC), Atlanta, GA;Georgia Tech Information Security Center (GTISC), Atlanta, GA;Georgia Tech Information Security Center (GTISC), Atlanta, GA
Venue:
Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications
Year:
2009

Citing 8
Cited 4

Improving SSL Handshake Performance via Batching

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Scalability in the XFS file system

ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference
Reliable, scalable and interoperable internet telephony

Reliable, scalable and interoperable internet telephony
SERvartuka: Dynamic Distribution of State to Improve SIP Server Scalability

ICDCS '08 Proceedings of the 2008 The 28th International Conference on Distributed Computing Systems
A study of the MD5 attacks: insights and improvements

FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (extended abstract)

SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
SIP security issues: the SIP authentication procedure and its processing load

IEEE Network: The Magazine of Global Internetworking

Proxychain: developing a robust and efficient authentication infrastructure for carrier-scale VoIP networks

USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
The impact of TLS on SIP server performance

Principles, Systems and Applications of IP Telecommunications
The impact of TLS on SIP server performance: measurement and modeling

IEEE/ACM Transactions on Networking (TON)
Modeling and design of a Session Initiation Protocol overload control algorithm

Simulation

Quantified Score

Hi-index	0.00

Visualization

Abstract

The performance of SIP proxies is critical for the robust operation of many applications. However, the use of even light-weight authentication schemes can significantly degrade throughput in these systems. In particular, systems in which multiple proxies share a remote authentication database can experience reduced performance due to latency. In this paper, we investigate how the application of parallel execution and batching can be used to maximize throughput while carefully balancing demands for bandwidth and call failure rates. Through the use of a modified version of OpenSER, a high-performance SIP proxy, we demonstrate that the traditional recommendation of simply launching a large number of parallel processes not only incurs substantial overhead and increases dropped calls, but can actually decrease call throughput. An alternative technique that we implement, request batching, fails to achieve similarly high proxy throughput. Through a carefully selected mix of batching and parallelization, we reduce the bandwidth required to maximize authenticated signaling throughput by the proxy by more than 75%. This mix also keeps the call loss rates below 1% at peak performance. Through this, we significantly reduce the cost and increase the throughput of authentication for large-scale networks supporting SIP applications.