Neha Jain Shashwat Yadav VoIP Encryption Neha Jain Shashwat Yadav ECE 4605 Advanced Internetworking
Context for the Problem VoIP Voice over Internet Protocol Real time transmission of voice signals as packetized data over an IP based network Results from preliminary work indicated Encryption incurs delays Delay not significant enough to affect voice quality What causes encryption delays to worsen. ECE 4605 Advanced Internetworking
ECE 4605 Advanced Internetworking Problem Statement To measure one way delays in a VoIP session, incurred before and after Encryption. Evaluating the effect on VoIP quality under varying conditions which cause increasing delays Increasing bandwidth contention Increasing CPU usage Increasing the application transmission rate ECE 4605 Advanced Internetworking
ECE 4605 Advanced Internetworking Delay Budget Packetization Delay Overhead vs. Delay Codec Delay Bandwidth vs. Quality Jitter buffer delay Collects packets and passes it in a regulated, sequenced order Propagation, Transmission, Queuing delays } Delay Budget 0 – 150 ms: Acceptable 150 – 250 ms: Perceptible, but OK 250 – 400 ms: Low quality >400 ms: Unacceptable Degradation in voice quality if encryption delay exceeds delay budget ECE 4605 Advanced Internetworking
Crypto-engine Bottleneck Scenario - I Scenario - II App. Layer Generates every 50 ms App. Layer Generates every 50 ms Network Layer (IPsec) Network Layer (IPsec) Requires 20ms for encryption algorithm Requires 70ms for encryption algorithm 20 ms additional fixed delay No longer fixed to 20 ms Crypto-engine bottleneck depends upon transmission rate of application layer and on time required for encryption. ECE 4605 Advanced Internetworking
ECE 4605 Advanced Internetworking Work Outline Factors affecting voice quality Delay Budget Crypto-Engine Bottleneck 1) One way delay measurement using Ethereal time-stamp 2) Presence of contending flows in the network 3) Increasing C.P.U utilization 4) Different application transmission rate to network layer ECE 4605 Advanced Internetworking
Work done :One Way Delay Used Ethereal captures to find absolute times Used IP sequence numbers to synchronize the two flows Use of absolute time scales - No synchronizing of clocks required - But it provides only the increase in delay due to encryption. ECE 4605 Advanced Internetworking
ECE 4605 Advanced Internetworking One Way Delay : Result Delay induced after encryption DES = 3.67 ms 3DES = 4.54 ms ECE 4605 Advanced Internetworking
Contending Flows : Result Delay induced after encryption DES= 4.58 ms 3DES = 7.92 ms But, there was a high perceivable delay in voice transmission Change in absolute delay 3DES= 13.42 ms DES= 10.94 ms No= 10.04 ms ECE 4605 Advanced Internetworking
ECE 4605 Advanced Internetworking Delay Analysis Application processing delay Application Layer (VoIP) Application Layer (VoIP) Ideal Measurement Processing Power Transport Layer Transport Layer Network Layer (IPSec) Network Layer (IPSec) Encryption/ Decryption delay MAC Layer (Ethereal) MAC Layer (Ethereal) Measured Delay Explains the discrepancy between measured delay and perceived quality. We only measure network delays ECE 4605 Advanced Internetworking
ECE 4605 Advanced Internetworking Increasing CPU usage CPU usage was kept constant at 100% by running multiple applications First – VoIP call monitored, observed packet loss and significant delays. No Jitter. Used ITG (Internet Traffic Generator) Client – Server traffic generator application for Windows!!! Allows RTT calculation, different bit rates DEMO Second – TCP flow was generated and RTT measured without VoIP (avoid UDP interference). ECE 4605 Advanced Internetworking
ECE 4605 Advanced Internetworking Increasing CPU usage Significant degrade in Voice quality for all 3 cases. DES: 4.947 ms 3DES: 10.775 ms Increase can be attributed to encryption delay, increased by reduced CPU processing power. Still doesn’t take into account delay due to application layer processing. ECE 4605 Advanced Internetworking
Application transmission rate Second test to look into crypto-engine bottleneck As transmission rate increases, it creates a bottleneck at network layer Generated TCP flows at varying rates. Measured Rtt. Rtt increased as sending rate increased. Anomaly in lower sending rates. ECE 4605 Advanced Internetworking
ECE 4605 Advanced Internetworking Implication Delay incurred by turning on encryption doesn’t seem to have an effect. Decreasing the amount of CPU processing power definitely affects voice quality. So when using VoIP phones of a limited capability, this is a problem. IPSec encrypts all traffic, making it a serious bottleneck in event of limited CPU processing power. In future, encrypting only the VoIP application would cut down the delay. ECE 4605 Advanced Internetworking
Spam Over Internet Telephony (SPIT) Encryption prevents eavesdropping. However, no safeguarding against spam. In one of our test runs, we faced one such issue. ECE 4605 Advanced Internetworking
Problems Faced/Future Work Lack of a software that would only encrypt a particular application with varying key size. No way of measuring one-way delays, due to unsynchronized clocks of the two computers. Windows and Linux incompatibility. Future work: Measuring application to application delays. Using gradually increasing CPU processing rates. Using higher encryption key sizes and different algorithms. ECE 4605 Advanced Internetworking