[VOIPSEC] SIP B2BUA and Digest Authentication using

Simon Horne s.horne at packetizer.com
Mon Nov 7 23:42:19 CST 2005 

At 11:34 AM 8/11/2005, Randell Jesup wrote:
>Simon Horne <s.horne at packetizer.com> writes:
>
> >At 02:43 PM 6/11/2005, Christopher A. Martin wrote:
> >>Question, for your product, has this introduced any of the items that
> >>people in the past have claimed would be a detriment? e.g, PKI would slow
> >>things down too much for people to accept the delays caused by it during
> >>call setup...
> >
> >No not all, even to me this was initially surprising. Their is virtually no
> >noticeable delay in call setup (under 1 sec). The implementation from the
> >start was designed and effort put in to avoid delays. All key management is
> >handled multi threaded and quite separate from call processing. The TLSv1
> >negotiation is compressed into 2 messages, 1 in each direction and the
> >encryption engine uses assembler routines.to speed up
> >ciphering/deciphering. Also since the session encryption key (using
> >diffie-hellman) is negotiated prior to the caller answering, there is no
> >2-3 sec delay at the start of the call.
>
>         Negotiating the DH key prior to call setup may lead to DoS
>vulnerabilities, at a random guess.

The DH half key is embedded in the first setup message. This is of course 
may create a DoS volubility, the X.509 authentication mechanism is executed 
prior to the DH so it does offer some protection, if the security policy 
requires a X.509 cert and one is not present then the call is denied quite 
early so the mechanism may actually improve DoS protection.


>         1 second (on what?) is good - except when users expect way less
>than 1 second delays.  From what I've seen, 200-300ms would seem to be
>the upper bound for a hardphone given user's expectiations.  It's a lot
>better than 2-3 seconds, of course.

The setup time is for full X.509 Authentication and D-H session key 
negotiation. Unlike standard TLSv1 which requires several messages to 
obtain SA (security association), we have compressed these into 2 messages, 
1 in each direction, greatly reducing setup time.

The authentication/encryption setup time is very dependent on the hardware, 
4-500ms is achievable with P4 3.2Ghz boxes . The exchange is done before 
either party receives a ring notification, basically in the "connecting" 
space. People have come to expect 1 to 2 sec from dialing a number to 
receiving information that the remote phone is ringing. This is of course 
quite different to answering the call where near instant connection is 
expected.

Simon


Simon Horne
Director
Packetizer Labs
www.packetizer.com/labs

More information about the Voipsec mailing list