[VOIPSEC] IPSec and VoIP Security

Mark Teicher mht3 at earthlink.net
Wed Apr 5 06:28:22 PDT 2006


I have a few questions regarding the starting point on some of the numbers for encryption speeds ?? Who conducted these tests ?? Where were the tests conducted ?? Where the results verified by a 3rd party or established performance lab ?  What type of network infrastructure was used ?? What was the network speed (1 m, 10 m, 100 m, 1 GB, full mesh).. What type of traffic was utilized in the background (HTTP, FTP, TFTP, RCP, SCP)?  How were the results compared to other available encryption algorithms?  If from TI, was that in a test environment, and were the results actually verified in a real product 

hopefully the original can clarify his initial post and answer some of the basic questions asked

thanks

-----Original Message-----
>From: Randell Jesup <rjesup at wgate.com>
>Sent: Apr 4, 2006 7:31 PM
>To: "Porter, Thomas (Tom)" <tporter at avaya.com>
>Cc: Voipsec at voipsa.org
>Subject: Re: [VOIPSEC] IPSec and VoIP Security
>
>"Porter, Thomas \(Tom\)" <tporter at avaya.com> writes:
>>As a starting point here are some numbers for encryption speeds: 
>>
>>An AES encryption, without hardware acceleration, takes about 50
>>microseconds, for instance. But the key generation and exchange process
>>can last up to 500ms, which is unacceptable for a real-time VoIP
>>application.
>
>50us and 500ms - on what?  3.0GHz P4?  400MHz PIII?  12MHz 80286?  150MHz
>ARM?  600MHz DSP?  PDA?  To talk encryption performance, you have to
>specify what your target hardware (minimum!) is.  50us on a 3GHz PC might
>be 1ms or more on a low-end hardphone - or it might be less than 50us.
>
>> Overall, establishing a security association with IPSec
>>requires anywhere from 2 to 10 seconds. TLS achieves better performance,
>>but it still needs approximately 1.5 seconds to form a security
>>association. IIRC, these figures are from TI.
>
>For what processor?  Mikey in various non-preshared-key/non-PKI modes would
>probably be similar (I think) to TLS (anyone know?)
>
>I agree security startup to avoid excessive delays in accepting calls
>is a BIG issue with various public-key-based algorithms.
>
>-- 
>Randell Jesup, Worldgate (developers of the Ojo videophone), ex-Amiga OS team
>rjesup at wgate.com
>"The fetters imposed on liberty at home have ever been forged out of the weapons
>provided for defence against real, pretended, or imaginary dangers from abroad."
>		- James Madison, 4th US president (1751-1836)
>
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org





More information about the Voipsec mailing list