More Web Proxy on the site http://driver.im/

research-article

Improving authentication performance of distributed SIP proxies

Authors:

Vijay Balasubramaniyan,

Mustaque Ahamad,

Patrick TraynorAuthors Info & Claims

IPTComm '09: Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications

Article No.: 1, Pages 1 - 11

https://doi.org/10.1145/1595637.1595639

Published: 07 July 2009 Publication History

Abstract

The performance of SIP proxies is critical for the robust operation of many applications. However, the use of even light-weight authentication schemes can significantly degrade throughput in these systems. In particular, systems in which multiple proxies share a remote authentication database can experience reduced performance due to latency. In this paper, we investigate how the application of parallel execution and batching can be used to maximize throughput while carefully balancing demands for bandwidth and call failure rates. Through the use of a modified version of OpenSER, a high-performance SIP proxy, we demonstrate that the traditional recommendation of simply launching a large number of parallel processes not only incurs substantial overhead and increases dropped calls, but can actually decrease call throughput. An alternative technique that we implement, request batching, fails to achieve similarly high proxy throughput. Through a carefully selected mix of batching and parallelization, we reduce the bandwidth required to maximize authenticated signaling throughput by the proxy by more than 75%. This mix also keeps the call loss rates below 1% at peak performance. Through this, we significantly reduce the cost and increase the throughput of authentication for large-scale networks supporting SIP applications.

References

[1]

Introduction to linux traffic control. http://linux-ip.net/articles/traffic-control-howto/intro.html.

[2]

Mysql ab - the world's most popular open source database. http://www.mysql.com/.

[3]

SIPp: traffic generator for the SIP protocol. http://sipp.sourceforge.net/.

[4]

A. Adya, W. Bolosky, M. Castro, R. Chaiken, G. Cermak, J. Douceur, J. Howell, J. Lorch, M. Theimer, and R. Wattenhofer. Farsite: Federated, available, and reliable storage for an incompletely trusted environment, 2002.

[5]

V. Balasubramaniyan, A. Acharya, M. Ahamad, M. Srivatsa, I. Dacosta, and C. Wright. SERvartuka: Dynamic Distribution of State to Improve SIP Server Scalability. Distributed Computing Systems, 2008. ICDCS '08. The 28th International Conference on, pages 562--572, June 2008.

Digital Library

[6]

J. Black, M. Cochran, and T. Highland. A Study of the MD5 Attacks: Insights and Improvements. In Fast Software Encryption, 2006.

Digital Library

[7]

D. Boneh and H. Shacham. Improving SSL Handshake Performance via Batching. In RSA '2001, Lecture Notes in Computer Science, Vol. 2020, Springer-Verlag, pages pp. 28--43, 2001.

[8]

M. Cortes, J. R. Ensor, and J. O. Esteban. On SIP Performance. Bell Labs Technical Journal, 9(3):155--172, 2004.

[9]

M. Cortes, J. O. Esteban, and H. Jun. Towards Stateless Core: Improving SIP Proxy Scalability. In Global Telecommunications Conference, 2006. GLOBECOM '06. IEEE, pages 1--6, 2006.

[10]

T. Eyers and H. Schulzrinne. Predicting Internet Telephony Call Setup Delay. In Proc. 1st IP-Telephony Wksp, 2000.

[11]

J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, and L. Stewart. RFC 2617: HTTP authentication: Basic and digest access authentication, 1999.

Digital Library

[12]

L. Guernsey. Keeping the Lifelines Open. The New York Times, http://www.nytimes.com/2001/09/20/technology/circuits/20INFR.html, September 2001.

[13]

J. Janak. Sip proxy server effectiveness. Master's Thesis, Department of Computer Science, Czech Technical University, Prague, Czech, 2003.

[14]

J. Kim, A. Biryukov, B. Preneel, and S. Hong. On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1. In Security and Cryptography for Networks, 2006.

Digital Library

[15]

R. Lemos. Cyber attacks disrupt Kyrgyzstan's networks. securityfocus. http://www.securityfocus.com/brief/896, January 2009.

[16]

H. Liu. Applying Queuing Theory to Optimizing the Performance of Enterprise Software Applications. In CMG-CONFERENCE-, volume 1, page 457. Computer Measurement Group; 1997, 2006.

[17]

E. M. Nahum, J. Tracey, and C. P. Wright. Evaluating SIP server performance, 2007.

[18]

K. Ono and H. Schulzrinne. One Server Per City: Using TCP for Very Large SIP Servers. In The 2nd LNCS Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm'08), Heidelberg, Germany, jul 2008.

Digital Library

[19]

OpenSER. OpenSER - the Open Source SIP Server. http://www.openser.org/.

[20]

M. Richtel. Inauguration Crowd Will Test Cellphone Networks. The New York Times, http://www.nytimes.com/2009/01/19/technology/19cell.html, 2009.

[21]

J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler. RFC 3261: SIP: Session Initiation Protocol, 2002.

Digital Library

[22]

S. Salsano, L. Veltri, and D. Papalilo. SIP security issues: the SIP authentication procedure and its processing load. Network, IEEE, 16(6):38--44, 2002.

Digital Library

[23]

H. Schulzrinne, S. Narayanan, J. Lennox, and M. Doyle. SIPstone-Benchmarking SIP Server Performance. 2002.

[24]

C. Shen, H. Schulzrinne, and E. Nahum. Session Initiation Protocol (SIP) Server Overload Control: Design and Evaluation. In IPTComm 2008, pages 149--173.

Digital Library

[25]

K. Singh and H. Schulzrinne. Failover and load sharing in SIP telephony. International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), Philadelphia, PA, July, 2005.

[26]

K. Singh, H. Schulzrinne, and J. Lennox. SIP Server Scalability, 2005.

[27]

K. N. Singh. Reliable, Scalable and Interoperable Internet Telephony. PhD thesis, COLUMBIA UNIVERSITY, 2006.

Digital Library

[28]

A. Sweeney, D. Doucette, W. Hu, C. Anderson, M. Nishimoto, and G. Peck. Scalability in the xfs file system. In ATEC '96: Proceedings of the 1996 annual conference on USENIX Annual Technical Conference, pages 1--1, Berkeley, CA, USA, 1996. USENIX Association.

Digital Library

[29]

X. Wang and H. Yu. How to Break MD5 and Other Hash Functions. In Proceedings of EUROCRYPT, 2005.

Digital Library

Cited By

Xie TTu GYin BLi CPeng CZhang MLiu HLiu X(2021)The Untold Secrets of WiFi-Calling Services: Vulnerabilities, Attacks, and CountermeasuresIEEE Transactions on Mobile Computing10.1109/TMC.2020.299550920:11(3131-3147)Online publication date: 1-Nov-2021
https://doi.org/10.1109/TMC.2020.2995509
Hong YHuang CYan J(2013)A Comparative Study of SIP Overload Control AlgorithmsNetwork and Traffic Engineering in Emerging Distributed Computing Applications10.4018/978-1-4666-1888-6.ch001(1-20)Online publication date: 2013
https://doi.org/10.4018/978-1-4666-1888-6.ch001
Hong YHuang CYan J(2013)Modelling chaotic behaviour of SIP retransmission mechanismInternational Journal of Parallel, Emergent and Distributed Systems10.1080/17445760.2011.64791228:2(95-122)Online publication date: 1-Apr-2013
https://dl.acm.org/doi/10.1080/17445760.2011.647912
Show More Cited By

Index Terms

Improving authentication performance of distributed SIP proxies
1. Security and privacy
  1. Network security

Recommendations

Improving Authentication Performance of Distributed SIP Proxies

The performance of SIP proxies is critical for the robust operation of many applications. However, the use of even light-weight authentication schemes can significantly degrade throughput in these systems. In particular, systems in which multiple ...
A study of performance and scalability metrics of a SIP proxy server - a practical approach

In recent years, Internet Protocol (IP) telephony has been a real alternative to the traditional Public Switched Telephone Networks (PSTN). IP telephony offers more flexibility in the implementation of new features and services. The Session Initiation ...
Comparative Study of Secure vs. Non-secure Transport Protocols on the SIP Proxy Server Performance: An Experimental Approach
ARTCOM '10: Proceedings of the 2010 International Conference on Advances in Recent Technologies in Communication and Computing

The wide scale deployment of Internet combined with several advancements in hardware and software technologies created opportunities for several Internet based applications such as Voice Over IP (VoIP) that involves the delivery of voice, video and data ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

IPTComm '09: Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications

July 2009

140 pages

ISBN:9781605587677

DOI:10.1145/1595637

Conference Chairs:
Mustaque Ahamad
Georgia Tech
,
Dorgham Sisalem
Tekelec
,
Program Chairs:
Eric Chen
NTT
,
Charles Consel
INRIA

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACM: Association for Computing Machinery

In-Cooperation

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 July 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

IPTComm '09

Sponsor:

ACM

IPTComm '09: Principles, Systems and Applications of IP Telecommunications

July 7 - 8, 2009

Georgia, Atlanta

Acceptance Rates

Overall Acceptance Rate 18 of 62 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
122
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Xie TTu GYin BLi CPeng CZhang MLiu HLiu X(2021)The Untold Secrets of WiFi-Calling Services: Vulnerabilities, Attacks, and CountermeasuresIEEE Transactions on Mobile Computing10.1109/TMC.2020.299550920:11(3131-3147)Online publication date: 1-Nov-2021
https://doi.org/10.1109/TMC.2020.2995509
Hong YHuang CYan J(2013)A Comparative Study of SIP Overload Control AlgorithmsNetwork and Traffic Engineering in Emerging Distributed Computing Applications10.4018/978-1-4666-1888-6.ch001(1-20)Online publication date: 2013
https://doi.org/10.4018/978-1-4666-1888-6.ch001
Hong YHuang CYan J(2013)Modelling chaotic behaviour of SIP retransmission mechanismInternational Journal of Parallel, Emergent and Distributed Systems10.1080/17445760.2011.64791228:2(95-122)Online publication date: 1-Apr-2013
https://dl.acm.org/doi/10.1080/17445760.2011.647912
Hong YHuang CYan J(2012)Modeling and design of a Session Initiation Protocol overload control algorithmSIMULATION10.1177/003754971244392088:11(1294-1315)Online publication date: 3-May-2012
https://doi.org/10.1177/0037549712443920
Shen CNahum ESchulzrinne HWright C(2012)The impact of TLS on SIP server performanceIEEE/ACM Transactions on Networking10.1109/TNET.2011.218092220:4(1217-1230)Online publication date: 1-Aug-2012
https://dl.acm.org/doi/10.1109/TNET.2011.2180922
Fragkiadakis AAskoxylakis ITragos EVerikoukis C(2011)Ubiquitous robust communications for emergency response using multi-operator heterogeneous networksEURASIP Journal on Wireless Communications and Networking10.1186/1687-1499-2011-132011:1Online publication date: 15-Jun-2011
https://doi.org/10.1186/1687-1499-2011-13
Hong YHuang CYan J(2011)Design of a PI Rate Controller for Mitigating SIP Overload2011 IEEE International Conference on Communications (ICC)10.1109/icc.2011.5963029(1-5)Online publication date: Jun-2011
https://doi.org/10.1109/icc.2011.5963029
Hong YHuang CYan J(2011)Controlling Retransmission Rate for Mitigating SIP Overload2011 IEEE International Conference on Communications (ICC)10.1109/icc.2011.5962532(1-5)Online publication date: Jun-2011
https://doi.org/10.1109/icc.2011.5962532
Zacchi AGoulart AMagnussen W(2011)A framework for securing the signaling plane in the emergency services IP network (ESINet)2011 IEEE Consumer Communications and Networking Conference (CCNC)10.1109/CCNC.2011.5766525(515-516)Online publication date: Jan-2011
https://doi.org/10.1109/CCNC.2011.5766525
Dacosta ITraynor P(2010)ProxychainProceedings of the 2010 USENIX conference on USENIX annual technical conference10.5555/1855840.1855850(10-10)Online publication date: 23-Jun-2010
https://dl.acm.org/doi/10.5555/1855840.1855850
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents