[VOIPSEC] IPSec and VoIP Security

Randell Jesup rjesup at wgate.com
Tue Apr 4 16:31:22 PDT 2006

"Porter, Thomas \(Tom\)" <tporter at avaya.com> writes:
>As a starting point here are some numbers for encryption speeds: 
>An AES encryption, without hardware acceleration, takes about 50
>microseconds, for instance. But the key generation and exchange process
>can last up to 500ms, which is unacceptable for a real-time VoIP

50us and 500ms - on what?  3.0GHz P4?  400MHz PIII?  12MHz 80286?  150MHz
ARM?  600MHz DSP?  PDA?  To talk encryption performance, you have to
specify what your target hardware (minimum!) is.  50us on a 3GHz PC might
be 1ms or more on a low-end hardphone - or it might be less than 50us.

> Overall, establishing a security association with IPSec
>requires anywhere from 2 to 10 seconds. TLS achieves better performance,
>but it still needs approximately 1.5 seconds to form a security
>association. IIRC, these figures are from TI.

For what processor?  Mikey in various non-preshared-key/non-PKI modes would
probably be similar (I think) to TLS (anyone know?)

I agree security startup to avoid excessive delays in accepting calls
is a BIG issue with various public-key-based algorithms.

Randell Jesup, Worldgate (developers of the Ojo videophone), ex-Amiga OS team
rjesup at wgate.com
"The fetters imposed on liberty at home have ever been forged out of the weapons
provided for defence against real, pretended, or imaginary dangers from abroad."
		- James Madison, 4th US president (1751-1836)

More information about the Voipsec mailing list