تجزیه و تحلیل عملکرد شبکه های VoIP مبتنی بر پروتکل آغاز جلسه امنیتی

The commercial deployment of voice over internet protocol (VoIP) networks (and associated packet switching technologies) has gathered pace in the recent years. However, a major concern with such networks is the issue of the security of networks based on such open standards. Little research has been carried out into examining the options for securing VoIP networks and, more specifically, the impact which implementing such security architectures and protocols will have on the performance of such secure networks. This paper describes the research, which has been carried out into the development of a realistic model for carrying out simulations of the performance of secure session initiation protocol based VoIP networks. The results of the performance analysis obtained using this model are presented with a discussion of the implications of these results for designers considering implementation of real secure VoIP networks.

Starting as a hobbyist movement five years ago, “Voice over Internet Protocol” is quietly remaking the telephone system worldwide. It is one of the venerable network's biggest overhauls in decades—but not its last by a long way. The Economist, March 2001. The recent years has seen the growth of internet protocol (IP) based networks (e.g. Internet) at a thriving pace. The rapid proliferation and ubiquitous nature of the Internet, for example, has now given rise to strong interest in using IP based networks for carrying non-conventional information like the voice, multimedia, etc. The use of the Internet as a transport network for speech signals is currently in its infancy. The sharing of existing network infrastructure between data applications and voice calls, and the sharing of access and transport services helps in reducing implementation, management and support costs. This also provides an opportunity for new services and applications, which were not feasible with traditional circuit-switched telephony networks, to be developed. Even with all these benefits, wide spread commercial deployment of voice over IP (VoIP) is still restricted [1] due to the challenges posed by the nature of the Internet. However, it is widely accepted that next generation networks will use the Internet Protocol, or some variant thereof, as the networking protocol of choice for supporting multimedia traffic, and voice traffic in particular. There remains a great deal of research, which still needs to be carried out into the particular problems which need to be solved for VoIP networks to be a technical and commercial success. The non-deterministic nature of the Internet, and the impact, which this specifically has on voice traffic, is one major area of concern. Inherent problems with security due to the ‘open’ nature of public IP networks are also of equal importance. This paper focuses on the challenges and impact of employing security services into VoIP networks. The security requirement considerations of VoIP networks are highlighted along with the available security service options for the different VoIP architectures. A simulation model of an IPSec secured session initiation protocol (SIP) based VoIP network is presented along with a discussion of the simulated network performance as obtained from this model. A number of implications for real secure network designers and operators arising from this research are highlighted.

This paper has described an OPNET Modeler® simulation model of an IPSec secured SIP based VoIP network. The performance analysis of secure SIP–VoIP network, aided by this tool has been presented along with results obtained for various IPSec configurations. The most predominant and alarming effect on VoIP network performance was seen in the case where dynamic public key exchange mechanisms, such as IKE was used for establishing shared and authenticated secret keys. The other performance bottleneck observed was the shared encryption engine at edge routers and VoIP–PSTN gateways, which could very well be averted by using multiple encryption engines. As a security option for VoIP, the IPSec framework offers a myriad of choices and options for providing security services. Performance analysis of the different configurations of IPSec for VoIP networks, using simulation models is a prudent method for basing decisions on, when implementing real IPSec secured VoIP networks.