Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Performance Study of COPS over TLS and IPsec Secure Session
DSOM '02 Proceedings of the 13th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Management Technologies for E-Commerce and E-Business Applications
Architectural Impact of Secure Socket Layer on Internet Servers
ICCD '00 Proceedings of the 2000 IEEE International Conference on Computer Design: VLSI in Computers & Processors
ICMB '06 Proceedings of the International Conference on Mobile Business
Evaluating SIP server performance
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Anatomy and Performance of SSL Processing
ISPASS '05 Proceedings of the IEEE International Symposium on Performance Analysis of Systems and Software, 2005
A programmable message classification engine for session initiation protocol (SIP)
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
SERvartuka: Dynamic Distribution of State to Improve SIP Server Scalability
ICDCS '08 Proceedings of the 2008 The 28th International Conference on Distributed Computing Systems
Voice pharming attack and the trust of VoIP
Proceedings of the 4th international conference on Security and privacy in communication netowrks
One Server Per City: Using TCP for Very Large SIP Servers
Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
Implementation and Evaluation of SIP-Based Secure VoIP Communication System
EUC '08 Proceedings of the 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing - Volume 02
Explaining the Impact of Network Transport Protocols on SIP Proxy Performance
ISPASS '08 Proceedings of the ISPASS 2008 - IEEE International Symposium on Performance Analysis of Systems and software
Improving authentication performance of distributed SIP proxies
Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications
SIP server performance on multicore systems
IBM Journal of Research and Development
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Security Challenge and Defense in VoIP Infrastructures
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
SIP security issues: the SIP authentication procedure and its processing load
IEEE Network: The Magazine of Global Internetworking
Proceedings of the first ACM SIGCOMM workshop on Green networking
Transaction-based authentication and key agreement protocol for inter-domain VoIP
Journal of Network and Computer Applications
Hi-index | 0.00 |
Securing VoIP is a crucial requirement for its successful adoption. A key component of this is securing the signaling path, which is performed by SIP. Securing SIP is accomplished by using TLS instead of UDP as the transport protocol. However, using TLS for SIP is not yet widespread, perhaps due to concerns about the performance overhead. This paper studies the performance impact of using TLS as a transport protocol for SIP servers. We evaluate the cost of TLS experimentally using a testbed with OpenSIPS, OpenSSL, and Linux running on an Intel-based server. We analyze TLS costs using application, library, and kernel profiling, and use the profiles to illustrate when and how different costs are incurred, such as bulk data encryption, public key encryption, private key decryption, and MAC-based verification. We show that using TLS can reduce performance by up to a factor of 17 compared to the typical case of SIP-over-UDP. The primary factor in determining performance is whether and how TLS connection establishment is performed, due to the heavy costs of RSA operations used for session negotiation. This depends both on how the SIP proxy is deployed (e.g., as an inbound or outbound proxy) and what TLS options are used (e.g., mutual authentication, session reuse). The cost of symmetric key operations such as AES, in contrast, tends to be small.