ROLE OF CODEC SELECTION ON THE PERFORMANCE OF IPSEC SECURED VOIP Emmanuel Antwi-Boasiako, Eric Kuada, Kwasi Boakye-Boateng Email: abeantwi@gimpa.edu.gh, ekuada@gimpa.edu.gh, kwasi.boakye-boateng@gimpa.edu.gh School of Technology Ghana Institute of Management and Public Administration Abstract—Current research works have looked at improving the IPsec secured VoIP by arbitrarily increasing bandwidth which is a very limited resource and cannot just be increased in real environments except under laboratory conditions. Also, in most earlier works, codec has been kept constant and the IPsec impact analysed. The results of such works undoubtedly show the devastating impact IPsec has on VoIP which cannot be generalized because much attention has not been given to bandwidth utilization of the IPsec secured VoIP through the proper choice of codecs. In this paper, we have quantitatively justified the impact of IPsec on VoIP in terms of packet loss, jitter and MOS percentages in scenarios where a high bandwidth consuming codecs such G.711 is used as well as scenarios for Speex, a low bandwidth codec. Our results show that irrespective of the impact of IPsec on a VoIP network in terms of packet loss and jitter, a better choice of codec enhances quality of voice output and there would not be the need to arbitrarily increase bandwidth. Keywords: VoIP,IPsec,Codecs I. BACKGROUND Voice over Internet Protocol(VoIP) broadly refers to the protocols used in communication, technologies, methodologies as well as techniques that are used to transmit voice and other multimedia sessions over the Internet Protocol (IP) networks such as the Internet or private networks [1] [2]. The IP network or Internet which conveys the voice signals was originally developed to enhance reliable file exchange but not for security [1]. Also the Internet was designed to offer best effort services. Therefore, using this infrastructure to transmit voice has its own security issues or concerns. In [3] Butcher et al. outlined some security issues of Internet which makes the transmission of voice over IP unsecured. These security issues can be classified into those that affect the two main protocols used in VoIP: the Session Initiation Protocol (SIP) and the Real Time Transport Protocol (RTP). Denial of service attack, redirection of call and caller identification (ID) impersonation are vulnerabilities of SIP. The vulnerabilities of RTP are eavesdropping and alteration of voice stream (man-in-the middle attack). These security challenges could be summarised with three key words: confidentiality, Integrity and availability. IPsec, S/MIME and Session Initiation Protocol Security (SIPS) have been suggested for signalling security and Secured Real Time Transport Protocol (SRTP), IPsec and Zimmermann Real Time Transport Protocol (ZRTP) for media stream security [4]. In [2] [5] [6] [7], it is well established that IPsec could be used to secure both the signalling as well as the media stream protocols used in VoIP communications. This special ability of IPsec has made it a suitable protocol to secure a VoIP conversation. Irrespective of this and other advantages of IPsec, concerns have always been on the overhead cost associated with it as well as the bandwidth it consumes and research have currently been directed at improving secured VoIP calls. It is an unarguable fact that security with IPsec in a VoIP environment introduces more overhead since extra headers are added to the IP packet. As a result,more bandwidth is consumed. This singles out bandwidth as a metric worth looking into especially when IPsec is to be employed in VoIP. Voznak et al.(2010); Radmand et al.(2011); and Radman et al.(2010) all asserted that security with IPsec increases overhead cost, hence would require a change in the bandwidth allocation [8] [9] [10]. Thus they focused on varying band- width within the secured VoIP environment. Should increasing bandwidth really be the best way out in such an IPsec VoIP environment? Bandwidth allocation has always been limited and one basically works with what he or she has especially in most developing countries. Also, other applications are being run, and other application traffic will also be sharing the same bandwidth with VoIP applications. Furthermore, the Internet uses the best effort and merely increasing or adjusting bandwidth would not solve the problem since other routers at the network core may not necessarily support a given bandwidth. Our contribution is to suggest another way of managing bandwidth so that secured VoIP calls could be sent and still get better VoIP output. Codecs are used at encoding and transport stage of a conversation to reduce the size of the transmitted voice data. Instead of arbitrarily altering bandwidth as done in earlier works, our investigation would be carried out by rather analyzing two different codecs to find out the extent to which a choice of codec really impacts the IPsec secured VoIP. We havent explored all codecs yet but we have chosen two to aid us in our investigation, G.711 a high bandwidth codec and speex, a lower bandwidth codec. In this study, the performance of the secured VoIP would be measured against packet loss and jitter for all scenarios to ascertain the extent to which a particular choice of codec really impacts the IPsec secured VoIP. Since this is a test bed experiment, in addition to packet loss and jitter, MOS would also be used to assess all scenarios.