[VOIPSEC] [CAnet - news] Assessing Skype's network impact

Lee Dilkie lee_dilkie at mitel.com
Tue Dec 20 09:56:09 CST 2005 

Simon Horne wrote:

>At 05:35 PM 20/12/2005, AVM wrote:
>  
>
>>On 12/19/05, Thomas Skora <voip at skora.net> wrote:
>>    
>>
>>>"Christopher A. Martin" <chris at InfraVAST.com> writes:
>>>
>>>      
>>>
>>>>>The G.729 codec in fact uses only 6.4 - 11.8kbps bandwidth per call, and
>>>>>is a much better demonstration to customers of VoIP potential (there's
>>>>>nothing like a dropped call/low audio quality to send a customer
>>>>>running, screaming out the door!) I have found that codecs like G.711
>>>>>(which is 64kbps) can only manage about 2 concurrent calls before audio
>>>>>quality takes a severe nose dive.
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>One other point to note is that the overhead includes encryption with
>>>>skype, as well as firewall traversal.
>>>>        
>>>>
>>>Both task have never take place in the media stream. Look at SRTP, how
>>>many overhead the encryption causes here.
>>>
>>>Thomas
>>>      
>>>
>>Hello,
>>As Thomas pointed out, encryption would take place in the system before it
>>leaves the system. As far as the symmetric encryption is not going to any
>>overhead in the bandwidth except padding at the last block and few bytes of
>>header information.
>>    
>>
>
>The encryption is not the problem it is the authentication (signing) 
>component, this adds a lot of overhead.  In theory to encrypt a G.711 frame 
>with AES256 should only add 0.5 kb/s to the actual bandwidth but the 
>authentication component is over and above that which is why SRTP adds 
>quite a bit more bandwidth.
>The method we adopted only encrypts the payload (no authentication 
>component) of the RTP frame leaving the header intact, allowing it to be 
>handled by legacy equipment. We are able to get very efficient ciphering 
>with low latency with very low bandwidth increase.
>
>
>Simon
>
>
>  
>

Actually. if you check the SRTP rfc (3711), you'll see that they use AES 
in "counter mode". In that mode, no padding is required at all. The 
length of the ciphertext is the same as the length of the plaintext. If 
you use SRTP without the authentication/integrity header then the rtp 
packet does not change size (and b/w) at all.

-lee

More information about the Voipsec mailing list