Improving SSL Handshake Performance via Batching
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Scalability in the XFS file system
ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference
Reliable, scalable and interoperable internet telephony
Reliable, scalable and interoperable internet telephony
SERvartuka: Dynamic Distribution of State to Improve SIP Server Scalability
ICDCS '08 Proceedings of the 2008 The 28th International Conference on Distributed Computing Systems
A study of the MD5 attacks: insights and improvements
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (extended abstract)
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
SIP security issues: the SIP authentication procedure and its processing load
IEEE Network: The Magazine of Global Internetworking
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
The impact of TLS on SIP server performance
Principles, Systems and Applications of IP Telecommunications
The impact of TLS on SIP server performance: measurement and modeling
IEEE/ACM Transactions on Networking (TON)
Hi-index | 0.00 |
The performance of SIP proxies is critical for the robust operation of many applications. However, the use of even light-weight authentication schemes can significantly degrade throughput in these systems. In particular, systems in which multiple proxies share a remote authentication database can experience reduced performance due to latency. In this paper, we investigate how the application of parallel execution and batching can be used to maximize throughput while carefully balancing demands for bandwidth and call failure rates. Through the use of a modified version of OpenSER, a high-performance SIP proxy, we demonstrate that the traditional recommendation of simply launching a large number of parallel processes not only incurs substantial overhead and increases dropped calls, but can actually decrease call throughput. An alternative technique that we implement, request batching, fails to achieve similarly high proxy throughput. Through a carefully selected mix of batching and parallelization, we reduce the bandwidth required to maximize authenticated signaling throughput by the proxy by more than 75%. This mix also keeps the call loss rates below 1% at peak performance. Through this, we significantly reduce the cost and increase the throughput of authentication for large-scale networks supporting SIP applications.