Performance Study of COPS over TLS and IPsec Secure Session
DSOM '02 Proceedings of the 13th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Management Technologies for E-Commerce and E-Business Applications
Architectural Impact of Secure Socket Layer on Internet Servers
ICCD '00 Proceedings of the 2000 IEEE International Conference on Computer Design: VLSI in Computers & Processors
ICMB '06 Proceedings of the International Conference on Mobile Business
Service Provider Implementation of SIP Regarding Security
AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 01
Evaluating SIP server performance
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Anatomy and Performance of SSL Processing
ISPASS '05 Proceedings of the IEEE International Symposium on Performance Analysis of Systems and Software, 2005
A programmable message classification engine for session initiation protocol (SIP)
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
SERvartuka: Dynamic Distribution of State to Improve SIP Server Scalability
ICDCS '08 Proceedings of the 2008 The 28th International Conference on Distributed Computing Systems
Voice pharming attack and the trust of VoIP
Proceedings of the 4th international conference on Security and privacy in communication netowrks
One Server Per City: Using TCP for Very Large SIP Servers
Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
Session Initiation Protocol (SIP) Server Overload Control: Design and Evaluation
Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
Implementation and Evaluation of SIP-Based Secure VoIP Communication System
EUC '08 Proceedings of the 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing - Volume 02
Explaining the Impact of Network Transport Protocols on SIP Proxy Performance
ISPASS '08 Proceedings of the ISPASS 2008 - IEEE International Symposium on Performance Analysis of Systems and software
Improving authentication performance of distributed SIP proxies
Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications
Signal-based overload control for SIP servers
CCNC'10 Proceedings of the 7th IEEE conference on Consumer communications and networking conference
SIP server performance on multicore systems
IBM Journal of Research and Development
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
ARTCOM '10 Proceedings of the 2010 International Conference on Advances in Recent Technologies in Communication and Computing
On TCP-based SIP server overload control
Principles, Systems and Applications of IP Telecommunications
Security Challenge and Defense in VoIP Infrastructures
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
SIP security issues: the SIP authentication procedure and its processing load
IEEE Network: The Magazine of Global Internetworking
LAKE: A Server-Side Authenticated Key-Establishment with Low Computational Workload
ACM Transactions on Internet Technology (TOIT)
Hi-index | 0.00 |
Securing Voice over IP (VoIP) is a crucial requirement for its successful adoption. A key component of this is securing the signaling path, which is performed by the Session Initiation Protocol (SIP). Securing SIP can be accomplished by using Transport Layer Security (TLS) instead of UDP as the transport protocol. However, using TLS for SIP is not yet widespread, perhaps due to concerns about the performance overhead. This paper studies the performance impact of using TLS as a transport protocol for SIP servers. We evaluate the cost of TLS experimentally using a testbed with OpenSIPS, OpenSSL, and Linux running on an Intel-based server. We analyze TLS costs using application, library, and kernel profiling and use the profiles to illustrate when and how different costs are incurred. We show that using TLS can reduce performance by up to a factor of 17 compared to the typical case of SIP-over-UDP. The primary factor in determining performance is whether and how TLS connection establishment is performed due to the heavy costs of RSA operations used for session negotiation. This depends both on how the SIP proxy is deployed and what TLS operation modes are used. The cost of symmetric key operations such as AES, in contrast, tends to be small. Network operators deploying SIP-over-TLS should attempt tomaximize the persistence of secure connections and will need to assess the server resources required. To aid them, we provide ameasurement-driven cost model for use in provisioning SIP servers using TLS. Our cost model predicts performance within 15% on average.