Securing media streams in an Asterisk-based environment and evaluating the resulting performance cost
- Authors: Clayton, Bradley
- Date: 2007 , 2007-01-08
- Subjects: Asterisk (Computer file) , Computer networks -- Security measures , Internet telephony -- Security measures
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4647 , http://hdl.handle.net/10962/d1006606 , Asterisk (Computer file) , Computer networks -- Security measures , Internet telephony -- Security measures
- Description: When adding Confidentiality, Integrity and Availability (CIA) to a multi-user VoIP (Voice over IP) system, performance and quality are at risk. The aim of this study is twofold. Firstly, it describes current methods suitable to secure voice streams within a VoIP system and make them available in an Asterisk-based VoIP environment. (Asterisk is a well established, open-source, TDM/VoIP PBX.) Secondly, this study evaluates the performance cost incurred after implementing each security method within the Asterisk-based system, using a special testbed suite, named DRAPA, which was developed expressly for this study. The three security methods implemented and studied were IPSec (Internet Protocol Security), SRTP (Secure Real-time Transport Protocol), and SIAX2 (Secure Inter-Asterisk eXchange 2 protocol). From the experiments, it was found that bandwidth and CPU usage were significantly affected by the addition of CIA. In ranking the three security methods in terms of these two resources, it was found that SRTP incurs the least bandwidth overhead, followed by SIAX2 and then IPSec. Where CPU utilisation is concerned, it was found that SIAX2 incurs the least overhead, followed by IPSec, and then SRTP.
- Full Text:
- Date Issued: 2007
- Authors: Clayton, Bradley
- Date: 2007 , 2007-01-08
- Subjects: Asterisk (Computer file) , Computer networks -- Security measures , Internet telephony -- Security measures
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4647 , http://hdl.handle.net/10962/d1006606 , Asterisk (Computer file) , Computer networks -- Security measures , Internet telephony -- Security measures
- Description: When adding Confidentiality, Integrity and Availability (CIA) to a multi-user VoIP (Voice over IP) system, performance and quality are at risk. The aim of this study is twofold. Firstly, it describes current methods suitable to secure voice streams within a VoIP system and make them available in an Asterisk-based VoIP environment. (Asterisk is a well established, open-source, TDM/VoIP PBX.) Secondly, this study evaluates the performance cost incurred after implementing each security method within the Asterisk-based system, using a special testbed suite, named DRAPA, which was developed expressly for this study. The three security methods implemented and studied were IPSec (Internet Protocol Security), SRTP (Secure Real-time Transport Protocol), and SIAX2 (Secure Inter-Asterisk eXchange 2 protocol). From the experiments, it was found that bandwidth and CPU usage were significantly affected by the addition of CIA. In ranking the three security methods in terms of these two resources, it was found that SRTP incurs the least bandwidth overhead, followed by SIAX2 and then IPSec. Where CPU utilisation is concerned, it was found that SIAX2 incurs the least overhead, followed by IPSec, and then SRTP.
- Full Text:
- Date Issued: 2007
DRAPA-a flexible framework for evaluating the quality of VoIP components
- Clayton, Bradley, Terzoli, Alfredo, Irwin, Barry V W
- Authors: Clayton, Bradley , Terzoli, Alfredo , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428213 , vital:72494 , https://d1wqtxts1xzle7.cloudfront.net/3456214/No_268_-_Clayton-libre.pdf?1390832682=andresponse-content-disposi-tion=inline%3B+filename%3DDRAPA_a_flexible_framework_for_evaluatin.pdfandExpires=1714742712andSignature=FTQ3UMH7w9KMXeuld-NbnboBP9kqza7jDnVI2AJMFrhV6fkW56bPgPZKVAY-bKJFqJP-jq4h4JwRhWVuCA-oIIA4ckbhKHA4OoL4X5DYtlujkhkombcp-B5fVR02AioXBazDtfnTGvZLE21wluH0BnkBL9OAQSen7YJDzDsYtNH2pFIn06Nmg9-kDaJoRmW9KWlQs8BwyaXml4-pG~FrpiGCRclANXBSpmsxYSdJyZAnHq2ZZNqx9pEHigaYHUUgllDq64dp8C8R84xAbbbRcvt-XNhuQ~fU2AkJILms4FUkJSjGI0E-TOKhh7vQiVIh5KzZX8MOiS~rEuBH6ekx8g__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: When adding to or altering a VoIP system, the overall performance and quality of the system is at risk. For example, adding confidentiality, in-tegrity and authentication (CIA) would incur an overhead for each addi-tional security method. A method of measuring the performance of a VoIP system after a change or addition is needed. This paper describes a framework and testbed (DRAPA) which provides a flexible base from which VoIP performance analysis systems can be built. DRAPA gener-ates and collects data from any part of a VoIP system within a real do-main. This paper also discusses the flexibility of DRAPA. While security is our primary focus, DRAPA allows the user to configure the testbed and change the type and nature of data to be collected.
- Full Text:
- Date Issued: 2006
- Authors: Clayton, Bradley , Terzoli, Alfredo , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428213 , vital:72494 , https://d1wqtxts1xzle7.cloudfront.net/3456214/No_268_-_Clayton-libre.pdf?1390832682=andresponse-content-disposi-tion=inline%3B+filename%3DDRAPA_a_flexible_framework_for_evaluatin.pdfandExpires=1714742712andSignature=FTQ3UMH7w9KMXeuld-NbnboBP9kqza7jDnVI2AJMFrhV6fkW56bPgPZKVAY-bKJFqJP-jq4h4JwRhWVuCA-oIIA4ckbhKHA4OoL4X5DYtlujkhkombcp-B5fVR02AioXBazDtfnTGvZLE21wluH0BnkBL9OAQSen7YJDzDsYtNH2pFIn06Nmg9-kDaJoRmW9KWlQs8BwyaXml4-pG~FrpiGCRclANXBSpmsxYSdJyZAnHq2ZZNqx9pEHigaYHUUgllDq64dp8C8R84xAbbbRcvt-XNhuQ~fU2AkJILms4FUkJSjGI0E-TOKhh7vQiVIh5KzZX8MOiS~rEuBH6ekx8g__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: When adding to or altering a VoIP system, the overall performance and quality of the system is at risk. For example, adding confidentiality, in-tegrity and authentication (CIA) would incur an overhead for each addi-tional security method. A method of measuring the performance of a VoIP system after a change or addition is needed. This paper describes a framework and testbed (DRAPA) which provides a flexible base from which VoIP performance analysis systems can be built. DRAPA gener-ates and collects data from any part of a VoIP system within a real do-main. This paper also discusses the flexibility of DRAPA. While security is our primary focus, DRAPA allows the user to configure the testbed and change the type and nature of data to be collected.
- Full Text:
- Date Issued: 2006
Integrating Secure RTP into the Open Source VoIP PBX Asterisk
- Clayton, Bradley, Irwin, Barry V W, Terzoli, Alfredo
- Authors: Clayton, Bradley , Irwin, Barry V W , Terzoli, Alfredo
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428735 , vital:72532 , https://d1wqtxts1xzle7.cloudfront.net/84872934/66_Paper-libre.pdf?1650920302=response-content-disposi-tion=inline%3B+filename%3DIntegrating_Secure_RTP_into_the_Open_Sou.pdfExpires=1714744382Signature=PijjCGW0qcvkqRe-2R55HocKLvz9Ljw8jmhQvRQEi9YqJl7eWSiYnvs9CogY4u4bmDTYTLpvkA-nlfbiszg-s7Cq2nbLn3PUdfJ5cA11ujboi~i7oSoem7smuN1YCVZlg7FnZRd6mOXdTry9UAh8TlWyndF6pY1RXtc7bgb5cWeK4ggJ7~bM0HUXEbUKKa-abCZnGNrAZ59JIdL6CNx1Sht3o5mZTcyRL3PNVSOz17lldXi4FsAOEUwsVV-uv04hzp6pe6Qv5WbAP6tqk7deyoLUwk58A9F-PaJlOLy2gDAVLnbKT8RrxYg8tqv8SuBhPWb32CefBxv486N3F6izZw__Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: Implementations of Voice over Internet Protocol (VoIP) have focused, up to now, mainly on the need to transport data in real-time, often at the expense of security. The neglect of secure VoIP is often intentional, as developers are striving to minimise overheads and delays. The Secure Real-Time Protocol (SRTP) has the potential to secure real-time streams without exacting too high a performance price. SRTP is the addition of security to the audio/video profile used in the Real-Time Transport Protocol (RTP). SRTP adds confidentiality, integrity and op-tionaly authenticity to RTP media streams. This paper focuses on the integration of SRTP into Asterisk, an open-source VoIP PBX. SRTP support has recently been added to Asterisk by Mikael Magnusson. This paper analyses Magnusson’s implementation, contrasting it to a proof-of-concept implementation developed independently at Rhodes University. The interoperability of SRTP implementations cannot be taken for granted, given the relatively recent standardization of the pro-tocol, and so Magnusson’s implementation is tested against another SRTP implementation. Finally, the paper highlights a major shortcoming in Magnusson’s implementation, namely that the exchange of encryp-tion keys is done in the clear. It concludes by proposing possible solu-tions, such as TLS, IPSec and MIkey.
- Full Text:
- Date Issued: 2006
- Authors: Clayton, Bradley , Irwin, Barry V W , Terzoli, Alfredo
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428735 , vital:72532 , https://d1wqtxts1xzle7.cloudfront.net/84872934/66_Paper-libre.pdf?1650920302=response-content-disposi-tion=inline%3B+filename%3DIntegrating_Secure_RTP_into_the_Open_Sou.pdfExpires=1714744382Signature=PijjCGW0qcvkqRe-2R55HocKLvz9Ljw8jmhQvRQEi9YqJl7eWSiYnvs9CogY4u4bmDTYTLpvkA-nlfbiszg-s7Cq2nbLn3PUdfJ5cA11ujboi~i7oSoem7smuN1YCVZlg7FnZRd6mOXdTry9UAh8TlWyndF6pY1RXtc7bgb5cWeK4ggJ7~bM0HUXEbUKKa-abCZnGNrAZ59JIdL6CNx1Sht3o5mZTcyRL3PNVSOz17lldXi4FsAOEUwsVV-uv04hzp6pe6Qv5WbAP6tqk7deyoLUwk58A9F-PaJlOLy2gDAVLnbKT8RrxYg8tqv8SuBhPWb32CefBxv486N3F6izZw__Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: Implementations of Voice over Internet Protocol (VoIP) have focused, up to now, mainly on the need to transport data in real-time, often at the expense of security. The neglect of secure VoIP is often intentional, as developers are striving to minimise overheads and delays. The Secure Real-Time Protocol (SRTP) has the potential to secure real-time streams without exacting too high a performance price. SRTP is the addition of security to the audio/video profile used in the Real-Time Transport Protocol (RTP). SRTP adds confidentiality, integrity and op-tionaly authenticity to RTP media streams. This paper focuses on the integration of SRTP into Asterisk, an open-source VoIP PBX. SRTP support has recently been added to Asterisk by Mikael Magnusson. This paper analyses Magnusson’s implementation, contrasting it to a proof-of-concept implementation developed independently at Rhodes University. The interoperability of SRTP implementations cannot be taken for granted, given the relatively recent standardization of the pro-tocol, and so Magnusson’s implementation is tested against another SRTP implementation. Finally, the paper highlights a major shortcoming in Magnusson’s implementation, namely that the exchange of encryp-tion keys is done in the clear. It concludes by proposing possible solu-tions, such as TLS, IPSec and MIkey.
- Full Text:
- Date Issued: 2006
- «
- ‹
- 1
- ›
- »