[VOIPSEC] IPSec and VoIP Security

Mark Baugher mbaugher at cisco.com
Tue Apr 4 19:22:47 CDT 2006 

Tom,
   You need to distinguish three types of performance epochs.  The  
first is when the device starts.  The second is when a session/call  
begins.  The third is when a packet arrives.

Mark
On Apr 4, 2006, at 2:06 PM, Porter, Thomas ((Tom)) wrote:

> As a starting point here are some numbers for encryption speeds:
>
> An AES encryption, without hardware acceleration, takes about 50  
> microseconds, for instance. But the key generation and exchange  
> process can last up to 500ms, which is unacceptable for a real-time  
> VoIP application. Overall, establishing a security association with  
> IPSec requires anywhere
> from 2 to 10 seconds. TLS achieves better performance, but it still  
> needs approximately 1.5 seconds to form a security association.  
> IIRC, these figures are from TI.
>
> Best, Tom
>
> Thomas Porter, PHD | Senior Security Architect - Business  
> Communications Consulting | Contact Center Practice | Consulting &  
> Systems Integration | Avaya Global Services | Office: 919-967-2909  
> | [Mobile - USA] 919-593-3130 | [Mobile - DE] +49-0163-5050427 |  
> [SIP] s00227694 at voicepulse.com | [IM] AvayaTPorter | Email:  
> tporter at avaya.com
>
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec- 
> bounces at voipsa.org] On Behalf Of Alexandre Passito
> Sent: Tuesday, April 04, 2006 10:50 PM
> To: Voipsec at voipsa.org
> Subject: [VOIPSEC] IPSec and VoIP Security
>
> Hi ALL,
>
> I'd like to start a discussion about using IPSec for end-to-end  
> security in VoIP Systems. I have read some papers about the subject  
> and it seens that IPSec is not completely suitable for this kind of  
> task due to two reasons:
> damage to some QoS metrics and the problem with management (key  
> sharing, user permissions and etc). I'd like to hear some ideas  
> about it, future trends and if there are well deployed solutions  
> being tested.
>
> Best regards,
>
> Passito
>
> --
> --
> Alexandre Passito - Estudante de Mestrado Universidade Federal do  
> Amazonas (UFAM) Departamento de Ciência da Computação (DCC)
> --
> Alexandre Passito - M.Sc. Student
> Federal University of Amazonas (UFAM)
> Computer Science Department (DCC)
> --
> E-mail: passito at dcc.ufam.edu.br
> Web: www.dcc.ufam.edu.br/~passito
> Manaus - AM - Brasil
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list