[VOIPSEC] IPSec and VoIP Security

Gupta, Sachin s-gupta2 at ti.com
Tue Apr 4 16:31:07 CDT 2006 

For Media encryption , IPSec, unlike SRTP, has much more header overhead. 
NAT with IPSec adds more header overhead. This might not be acceptable particularly if you are using the Low Bit rate codecs.

Sachin

 

-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On Behalf Of Porter, Thomas (Tom)
Sent: Tuesday, April 04, 2006 5:07 PM
To: Alexandre Passito; Voipsec at voipsa.org
Subject: Re: [VOIPSEC] IPSec and VoIP Security

As a starting point here are some numbers for encryption speeds: 

An AES encryption, without hardware acceleration, takes about 50 microseconds, for instance. But the key generation and exchange process can last up to 500ms, which is unacceptable for a real-time VoIP application. Overall, establishing a security association with IPSec requires anywhere from 2 to 10 seconds. TLS achieves better performance, but it still needs approximately 1.5 seconds to form a security association. IIRC, these figures are from TI.

Best, Tom

Thomas Porter, PHD | Senior Security Architect - Business Communications Consulting | Contact Center Practice | Consulting & Systems Integration | Avaya Global Services | Office: 919-967-2909 | [Mobile - USA] 919-593-3130 | [Mobile - DE] +49-0163-5050427 | [SIP] s00227694 at voicepulse.com | [IM] AvayaTPorter | Email: tporter at avaya.com


-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On Behalf Of Alexandre Passito
Sent: Tuesday, April 04, 2006 10:50 PM
To: Voipsec at voipsa.org
Subject: [VOIPSEC] IPSec and VoIP Security

Hi ALL,

I'd like to start a discussion about using IPSec for end-to-end security in VoIP Systems. I have read some papers about the subject and it seens that IPSec is not completely suitable for this kind of task due to two reasons:
damage to some QoS metrics and the problem with management (key sharing, user permissions and etc). I'd like to hear some ideas about it, future trends and if there are well deployed solutions being tested.

Best regards,

Passito

--
--
Alexandre Passito - Estudante de Mestrado Universidade Federal do Amazonas (UFAM) Departamento de Ciência da Computação (DCC)
--
Alexandre Passito - M.Sc. Student
Federal University of Amazonas (UFAM)
Computer Science Department (DCC)
--
E-mail: passito at dcc.ufam.edu.br
Web: www.dcc.ufam.edu.br/~passito
Manaus - AM - Brasil
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org



_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list