Performance analysis of secure session initiation protocol based VoIP networks Mohan Krishna Ranganathan * , Liam Kilmartin Communication and Signal Processing Research Unit, Department of Electronic Engineering, National University of Ireland, University Road, Galway, Ireland Received 19 February 2002; revised 18 June 2002; accepted 25 June 2002 Abstract The commercial deployment of voice over internet protocol (VoIP) networks (and associated packet switching technologies) has gathered pace in the recent years. However, a major concern with such networks is the issue of the security of networks based on such open standards. Little research has been carried out into examining the options for securing VoIP networks and, more specifically, the impact which implementing such security architectures and protocols will have on the performance of such secure networks. This paper describes the research, which has been carried out into the development of a realistic model for carrying out simulations of the performance of secure session initiation protocol based VoIP networks. The results of the performance analysis obtained using this model are presented with a discussion of the implications of these results for designers considering implementation of real secure VoIP networks. q 2002 Elsevier Science B.V. All rights reserved. Keywords: Voice over internet protocol; Security; IP Security; Security protocol performance analysis 1. Introduction Starting as a hobbyist movement five years ago, “Voice over Internet Protocol” is quietly remaking the telephone system worldwide. It is one of the venerable network’s biggest overhauls in decades—but not its last by a long way. The Economist, March 2001. The recent years has seen the growth of internet protocol (IP) based networks (e.g. Internet) at a thriving pace. The rapid proliferation and ubiquitous nature of the Internet, for example, has now given rise to strong interest in using IP based networks for carrying non- conventional information like the voice, multimedia, etc. The use of the Internet as a transport network for speech signals is currently in its infancy. The sharing of existing network infrastructure between data applications and voice calls, and the sharing of access and transport services helps in reducing implementation, management and support costs. This also provides an opportunity for new services and applications, which were not feasible with traditional circuit-switched telephony networks, to be developed. Even with all these benefits, wide spread commercial deployment of voice over IP (VoIP) is still restricted [1] due to the challenges posed by the nature of the Internet. However, it is widely accepted that next generation networks will use the Internet Protocol, or some variant thereof, as the networking protocol of choice for supporting multimedia traffic, and voice traffic in particular. There remains a great deal of research, which still needs to be carried out into the particular problems which need to be solved for VoIP networks to be a technical and commercial success. The non-deterministic nature of the Internet, and the impact, which this specifically has on voice traffic, is one major area of concern. Inherent problems with security due to the ‘open’ nature of public IP networks are also of equal importance. This paper focuses on the challenges and impact of employing security services into VoIP networks. The security requirement considerations of VoIP networks are highlighted along with the available security service options for the different VoIP architectures. A simulation model of an IPSec secured session initiation protocol (SIP) based VoIP network is presented along with a discussion of the simulated network performance as Computer Communications 26 (2003) 552–565 www.elsevier.com/locate/comcom 0140-3664/03/$ - see front matter q 2002 Elsevier Science B.V. All rights reserved. PII: S0140-3664(02)00146-9 * Corresponding author. Tel.: þ 353-91-750326; fax: þ 353-91-750511. E-mail address: mohan.krishna@nuigalway.ie (M.K. Ranganathan).