The impact of TLS on SIP server performance: measurement and modeling

Authors:
Charles Shen;Erich Nahum;Henning Schulzrinne;Charles P. Wright
Affiliations:
AT&T Security Research Center, New York, NY;IBM T. J. Watson Research Center, Hawthorne, NY;Department of Computer Science, Columbia University, New York, NY;IBM T. J. Watson Research Center, Hawthorne, NY
Venue:
IEEE/ACM Transactions on Networking (TON)
Year:
2012

Citing 21
Cited 1

Performance Study of COPS over TLS and IPsec Secure Session

DSOM '02 Proceedings of the 13th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Management Technologies for E-Commerce and E-Business Applications
Architectural Impact of Secure Socket Layer on Internet Servers

ICCD '00 Proceedings of the 2000 IEEE International Conference on Computer Design: VLSI in Computers & Processors
"IMS in a Bottle": Initial Experiences from an OpenSER-based Prototype Implementation of the 3GPP IP Multimedia Subsystem

ICMB '06 Proceedings of the International Conference on Mobile Business
Service Provider Implementation of SIP Regarding Security

AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 01
Evaluating SIP server performance

Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Anatomy and Performance of SSL Processing

ISPASS '05 Proceedings of the IEEE International Symposium on Performance Analysis of Systems and Software, 2005
A programmable message classification engine for session initiation protocol (SIP)

Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
SERvartuka: Dynamic Distribution of State to Improve SIP Server Scalability

ICDCS '08 Proceedings of the 2008 The 28th International Conference on Distributed Computing Systems
Voice pharming attack and the trust of VoIP

Proceedings of the 4th international conference on Security and privacy in communication netowrks
One Server Per City: Using TCP for Very Large SIP Servers

Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
Session Initiation Protocol (SIP) Server Overload Control: Design and Evaluation

Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
Implementation and Evaluation of SIP-Based Secure VoIP Communication System

EUC '08 Proceedings of the 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing - Volume 02
Explaining the Impact of Network Transport Protocols on SIP Proxy Performance

ISPASS '08 Proceedings of the ISPASS 2008 - IEEE International Symposium on Performance Analysis of Systems and software
Improving authentication performance of distributed SIP proxies

Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications
Signal-based overload control for SIP servers

CCNC'10 Proceedings of the 7th IEEE conference on Consumer communications and networking conference
SIP server performance on multicore systems

IBM Journal of Research and Development
Proxychain: developing a robust and efficient authentication infrastructure for carrier-scale VoIP networks

USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Comparative Study of Secure vs. Non-secure Transport Protocols on the SIP Proxy Server Performance: An Experimental Approach

ARTCOM '10 Proceedings of the 2010 International Conference on Advances in Recent Technologies in Communication and Computing
On TCP-based SIP server overload control

Principles, Systems and Applications of IP Telecommunications
Security Challenge and Defense in VoIP Infrastructures

IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
SIP security issues: the SIP authentication procedure and its processing load

IEEE Network: The Magazine of Global Internetworking

LAKE: A Server-Side Authenticated Key-Establishment with Low Computational Workload

ACM Transactions on Internet Technology (TOIT)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Securing Voice over IP (VoIP) is a crucial requirement for its successful adoption. A key component of this is securing the signaling path, which is performed by the Session Initiation Protocol (SIP). Securing SIP can be accomplished by using Transport Layer Security (TLS) instead of UDP as the transport protocol. However, using TLS for SIP is not yet widespread, perhaps due to concerns about the performance overhead. This paper studies the performance impact of using TLS as a transport protocol for SIP servers. We evaluate the cost of TLS experimentally using a testbed with OpenSIPS, OpenSSL, and Linux running on an Intel-based server. We analyze TLS costs using application, library, and kernel profiling and use the profiles to illustrate when and how different costs are incurred. We show that using TLS can reduce performance by up to a factor of 17 compared to the typical case of SIP-over-UDP. The primary factor in determining performance is whether and how TLS connection establishment is performed due to the heavy costs of RSA operations used for session negotiation. This depends both on how the SIP proxy is deployed and what TLS operation modes are used. The cost of symmetric key operations such as AES, in contrast, tends to be small. Network operators deploying SIP-over-TLS should attempt tomaximize the persistence of secure connections and will need to assess the server resources required. To aid them, we provide ameasurement-driven cost model for use in provisioning SIP servers using TLS. Our cost model predicts performance within 15% on average.