Performance analysis: Securing SIP on multi-threaded/multi-core proxy server using public keys on Diffie-Hellman
The rapid replacement of PSTN with VOIP networks indicates the definitive phase-out of the PBX/PABX with smartphone-based VOIP technology that uses WLAN connectivity for local communication; however, security remains a key issue, regardless of the communication coverage area. Session initiation prot...
Gespeichert in:
Veröffentlicht in: | PloS one 2024-01, Vol.19 (1), p.e0293626 |
---|---|
Hauptverfasser: | , , , , , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | |
---|---|
container_issue | 1 |
container_start_page | e0293626 |
container_title | PloS one |
container_volume | 19 |
creator | Bhatti, David Samuel Sidrat, Salbia Saleem, Shahzad Malik, Annas Wasim Suh, BeomKyu Kim, Ki-Il Lee, Kyu-Chul |
description | The rapid replacement of PSTN with VOIP networks indicates the definitive phase-out of the PBX/PABX with smartphone-based VOIP technology that uses WLAN connectivity for local communication; however, security remains a key issue, regardless of the communication coverage area. Session initiation protocol (SIP) is one of the most widely adopted VOIP connection establishment protocols but requires added security. On the Internet, different security protocols, such as HTTPS (SSL/TLS), IPSec, and S/MIME, are used to protect SIP communication. These protocols require sophisticated infrastructure and some pose a significant overhead that may deteriorate SIP performance. In this article, we propose the following: i) avoid using Internet bandwidth and complex Internet protocols for local communication within an organization, but harness WLAN connectivity, ii) use multi-threaded or multicore computer systems to handle concurrent calls instead of installing hardware-based SIP servers, and iii) run each thread in a separate core. Cryptography is a key tool for securely transmitting confidential data for long- and short-range communication, and the Diffie-Hellman (DH) protocol has consistently been a popular choice for secret key exchanges. Primarily, used for symmetric key sharing, it has been proven effective in generating public/private key pairs, sharing public keys securely over public channels, and subsequently deriving shared secret keys from private/public keys. This key exchange scheme was proposed to safeguard VOIP communication within WLANs, which rely on the SIP for messaging and multimedia communication. For ensuring an efficient implementation of SIP, the system was rigorously analyzed using the M/M/1 and M/M/c queuing models. We analyze the behavior of SIP servers with queuing models with and without end-to-end security and increase users' trust in SIP security by providing a transparent sense of end-to-end security as they create and manage their private and public keys instead of relying on the underlying SIP technology. This research implements instant messaging, voice conversation, and secret key generation over DH while implementing and observing the role of multi-threading in multiqueue systems that serve incoming calls. By increasing the number of threads from one to two, the SIP response time improved from 20.23809 to 0.08070 min at an arrival rate of 4250 calls/day and a service rate of three calls/min. Similarly, by adding one to seven threads, |
doi_str_mv | 10.1371/journal.pone.0293626 |
format | Article |
fullrecord | <record><control><sourceid>gale</sourceid><recordid>TN_cdi_gale_incontextgauss_ISR_A780401215</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><galeid>A780401215</galeid><sourcerecordid>A780401215</sourcerecordid><originalsourceid>FETCH-LOGICAL-g995-417e27bb2b21c130a412bdbd0dbe8bcb44cfdd2489e130c1d3037cd3b954bdc33</originalsourceid><addsrcrecordid>eNqFjUlPAkEUhCdGExH9Bx76ZOJhoJdZvRE3SEggQrySXt4MjU33pHvGwL8Xggc8ear3Ul9VRdE9wQPCcjLcuM5bbgaNszDAtGQZzS6iHikZjTOK2eXZfR3dhLDBOGVFlvWiZg6-cn7LrQTEDyX7oMMTWoDsvLY1WkzmyFm07Uyr43btgStQw9MrnQfUeLfbowD-GzzqwjHTdMJoib5gH47ZF11VGuIxGHOYuY2uKm4C3P1qP1q-vS6fx_F09j55Hk3juizTOCE50FwIKiiRhGGeECqUUFgJKIQUSSIrpWhSlHBwJVEMs1wqJso0EUoy1o8eT7U1N7DSVjrbwq6teRfCarL4WI3yAieYUJL-w84-_7IPZ-wauGnXwZmu1c6Gc_AHUNV83w</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Performance analysis: Securing SIP on multi-threaded/multi-core proxy server using public keys on Diffie-Hellman</title><source>DOAJ Directory of Open Access Journals</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><source>Public Library of Science (PLoS)</source><source>PubMed Central</source><source>Free Full-Text Journals in Chemistry</source><creator>Bhatti, David Samuel ; Sidrat, Salbia ; Saleem, Shahzad ; Malik, Annas Wasim ; Suh, BeomKyu ; Kim, Ki-Il ; Lee, Kyu-Chul</creator><creatorcontrib>Bhatti, David Samuel ; Sidrat, Salbia ; Saleem, Shahzad ; Malik, Annas Wasim ; Suh, BeomKyu ; Kim, Ki-Il ; Lee, Kyu-Chul</creatorcontrib><description>The rapid replacement of PSTN with VOIP networks indicates the definitive phase-out of the PBX/PABX with smartphone-based VOIP technology that uses WLAN connectivity for local communication; however, security remains a key issue, regardless of the communication coverage area. Session initiation protocol (SIP) is one of the most widely adopted VOIP connection establishment protocols but requires added security. On the Internet, different security protocols, such as HTTPS (SSL/TLS), IPSec, and S/MIME, are used to protect SIP communication. These protocols require sophisticated infrastructure and some pose a significant overhead that may deteriorate SIP performance. In this article, we propose the following: i) avoid using Internet bandwidth and complex Internet protocols for local communication within an organization, but harness WLAN connectivity, ii) use multi-threaded or multicore computer systems to handle concurrent calls instead of installing hardware-based SIP servers, and iii) run each thread in a separate core. Cryptography is a key tool for securely transmitting confidential data for long- and short-range communication, and the Diffie-Hellman (DH) protocol has consistently been a popular choice for secret key exchanges. Primarily, used for symmetric key sharing, it has been proven effective in generating public/private key pairs, sharing public keys securely over public channels, and subsequently deriving shared secret keys from private/public keys. This key exchange scheme was proposed to safeguard VOIP communication within WLANs, which rely on the SIP for messaging and multimedia communication. For ensuring an efficient implementation of SIP, the system was rigorously analyzed using the M/M/1 and M/M/c queuing models. We analyze the behavior of SIP servers with queuing models with and without end-to-end security and increase users' trust in SIP security by providing a transparent sense of end-to-end security as they create and manage their private and public keys instead of relying on the underlying SIP technology. This research implements instant messaging, voice conversation, and secret key generation over DH while implementing and observing the role of multi-threading in multiqueue systems that serve incoming calls. By increasing the number of threads from one to two, the SIP response time improved from 20.23809 to 0.08070 min at an arrival rate of 4250 calls/day and a service rate of three calls/min. Similarly, by adding one to seven threads, the queue length was reduced by four calls/min. Implementing secure media streaming and reliable AES-based signaling for session confidentiality and integrity introduces a minor 8-ms tradeoff in SIP service performance. However, the advantages of implementing added security outweigh this limitation.</description><identifier>ISSN: 1932-6203</identifier><identifier>EISSN: 1932-6203</identifier><identifier>DOI: 10.1371/journal.pone.0293626</identifier><language>eng</language><publisher>Public Library of Science</publisher><subject>Analysis ; Cable telephony ; Cryptography ; Instant messaging ; Investment analysis ; Multiprocessing ; Safety and security measures ; Smart phones ; Transmission Control Protocol/Internet Protocol (Computer network protocol)</subject><ispartof>PloS one, 2024-01, Vol.19 (1), p.e0293626</ispartof><rights>COPYRIGHT 2024 Public Library of Science</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,777,781,861,27905,27906</link.rule.ids></links><search><creatorcontrib>Bhatti, David Samuel</creatorcontrib><creatorcontrib>Sidrat, Salbia</creatorcontrib><creatorcontrib>Saleem, Shahzad</creatorcontrib><creatorcontrib>Malik, Annas Wasim</creatorcontrib><creatorcontrib>Suh, BeomKyu</creatorcontrib><creatorcontrib>Kim, Ki-Il</creatorcontrib><creatorcontrib>Lee, Kyu-Chul</creatorcontrib><title>Performance analysis: Securing SIP on multi-threaded/multi-core proxy server using public keys on Diffie-Hellman</title><title>PloS one</title><description>The rapid replacement of PSTN with VOIP networks indicates the definitive phase-out of the PBX/PABX with smartphone-based VOIP technology that uses WLAN connectivity for local communication; however, security remains a key issue, regardless of the communication coverage area. Session initiation protocol (SIP) is one of the most widely adopted VOIP connection establishment protocols but requires added security. On the Internet, different security protocols, such as HTTPS (SSL/TLS), IPSec, and S/MIME, are used to protect SIP communication. These protocols require sophisticated infrastructure and some pose a significant overhead that may deteriorate SIP performance. In this article, we propose the following: i) avoid using Internet bandwidth and complex Internet protocols for local communication within an organization, but harness WLAN connectivity, ii) use multi-threaded or multicore computer systems to handle concurrent calls instead of installing hardware-based SIP servers, and iii) run each thread in a separate core. Cryptography is a key tool for securely transmitting confidential data for long- and short-range communication, and the Diffie-Hellman (DH) protocol has consistently been a popular choice for secret key exchanges. Primarily, used for symmetric key sharing, it has been proven effective in generating public/private key pairs, sharing public keys securely over public channels, and subsequently deriving shared secret keys from private/public keys. This key exchange scheme was proposed to safeguard VOIP communication within WLANs, which rely on the SIP for messaging and multimedia communication. For ensuring an efficient implementation of SIP, the system was rigorously analyzed using the M/M/1 and M/M/c queuing models. We analyze the behavior of SIP servers with queuing models with and without end-to-end security and increase users' trust in SIP security by providing a transparent sense of end-to-end security as they create and manage their private and public keys instead of relying on the underlying SIP technology. This research implements instant messaging, voice conversation, and secret key generation over DH while implementing and observing the role of multi-threading in multiqueue systems that serve incoming calls. By increasing the number of threads from one to two, the SIP response time improved from 20.23809 to 0.08070 min at an arrival rate of 4250 calls/day and a service rate of three calls/min. Similarly, by adding one to seven threads, the queue length was reduced by four calls/min. Implementing secure media streaming and reliable AES-based signaling for session confidentiality and integrity introduces a minor 8-ms tradeoff in SIP service performance. However, the advantages of implementing added security outweigh this limitation.</description><subject>Analysis</subject><subject>Cable telephony</subject><subject>Cryptography</subject><subject>Instant messaging</subject><subject>Investment analysis</subject><subject>Multiprocessing</subject><subject>Safety and security measures</subject><subject>Smart phones</subject><subject>Transmission Control Protocol/Internet Protocol (Computer network protocol)</subject><issn>1932-6203</issn><issn>1932-6203</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><recordid>eNqFjUlPAkEUhCdGExH9Bx76ZOJhoJdZvRE3SEggQrySXt4MjU33pHvGwL8Xggc8ear3Ul9VRdE9wQPCcjLcuM5bbgaNszDAtGQZzS6iHikZjTOK2eXZfR3dhLDBOGVFlvWiZg6-cn7LrQTEDyX7oMMTWoDsvLY1WkzmyFm07Uyr43btgStQw9MrnQfUeLfbowD-GzzqwjHTdMJoib5gH47ZF11VGuIxGHOYuY2uKm4C3P1qP1q-vS6fx_F09j55Hk3juizTOCE50FwIKiiRhGGeECqUUFgJKIQUSSIrpWhSlHBwJVEMs1wqJso0EUoy1o8eT7U1N7DSVjrbwq6teRfCarL4WI3yAieYUJL-w84-_7IPZ-wauGnXwZmu1c6Gc_AHUNV83w</recordid><startdate>20240125</startdate><enddate>20240125</enddate><creator>Bhatti, David Samuel</creator><creator>Sidrat, Salbia</creator><creator>Saleem, Shahzad</creator><creator>Malik, Annas Wasim</creator><creator>Suh, BeomKyu</creator><creator>Kim, Ki-Il</creator><creator>Lee, Kyu-Chul</creator><general>Public Library of Science</general><scope>IOV</scope><scope>ISR</scope></search><sort><creationdate>20240125</creationdate><title>Performance analysis: Securing SIP on multi-threaded/multi-core proxy server using public keys on Diffie-Hellman</title><author>Bhatti, David Samuel ; Sidrat, Salbia ; Saleem, Shahzad ; Malik, Annas Wasim ; Suh, BeomKyu ; Kim, Ki-Il ; Lee, Kyu-Chul</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-g995-417e27bb2b21c130a412bdbd0dbe8bcb44cfdd2489e130c1d3037cd3b954bdc33</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Analysis</topic><topic>Cable telephony</topic><topic>Cryptography</topic><topic>Instant messaging</topic><topic>Investment analysis</topic><topic>Multiprocessing</topic><topic>Safety and security measures</topic><topic>Smart phones</topic><topic>Transmission Control Protocol/Internet Protocol (Computer network protocol)</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Bhatti, David Samuel</creatorcontrib><creatorcontrib>Sidrat, Salbia</creatorcontrib><creatorcontrib>Saleem, Shahzad</creatorcontrib><creatorcontrib>Malik, Annas Wasim</creatorcontrib><creatorcontrib>Suh, BeomKyu</creatorcontrib><creatorcontrib>Kim, Ki-Il</creatorcontrib><creatorcontrib>Lee, Kyu-Chul</creatorcontrib><collection>Gale In Context: Opposing Viewpoints</collection><collection>Gale In Context: Science</collection><jtitle>PloS one</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Bhatti, David Samuel</au><au>Sidrat, Salbia</au><au>Saleem, Shahzad</au><au>Malik, Annas Wasim</au><au>Suh, BeomKyu</au><au>Kim, Ki-Il</au><au>Lee, Kyu-Chul</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Performance analysis: Securing SIP on multi-threaded/multi-core proxy server using public keys on Diffie-Hellman</atitle><jtitle>PloS one</jtitle><date>2024-01-25</date><risdate>2024</risdate><volume>19</volume><issue>1</issue><spage>e0293626</spage><pages>e0293626-</pages><issn>1932-6203</issn><eissn>1932-6203</eissn><abstract>The rapid replacement of PSTN with VOIP networks indicates the definitive phase-out of the PBX/PABX with smartphone-based VOIP technology that uses WLAN connectivity for local communication; however, security remains a key issue, regardless of the communication coverage area. Session initiation protocol (SIP) is one of the most widely adopted VOIP connection establishment protocols but requires added security. On the Internet, different security protocols, such as HTTPS (SSL/TLS), IPSec, and S/MIME, are used to protect SIP communication. These protocols require sophisticated infrastructure and some pose a significant overhead that may deteriorate SIP performance. In this article, we propose the following: i) avoid using Internet bandwidth and complex Internet protocols for local communication within an organization, but harness WLAN connectivity, ii) use multi-threaded or multicore computer systems to handle concurrent calls instead of installing hardware-based SIP servers, and iii) run each thread in a separate core. Cryptography is a key tool for securely transmitting confidential data for long- and short-range communication, and the Diffie-Hellman (DH) protocol has consistently been a popular choice for secret key exchanges. Primarily, used for symmetric key sharing, it has been proven effective in generating public/private key pairs, sharing public keys securely over public channels, and subsequently deriving shared secret keys from private/public keys. This key exchange scheme was proposed to safeguard VOIP communication within WLANs, which rely on the SIP for messaging and multimedia communication. For ensuring an efficient implementation of SIP, the system was rigorously analyzed using the M/M/1 and M/M/c queuing models. We analyze the behavior of SIP servers with queuing models with and without end-to-end security and increase users' trust in SIP security by providing a transparent sense of end-to-end security as they create and manage their private and public keys instead of relying on the underlying SIP technology. This research implements instant messaging, voice conversation, and secret key generation over DH while implementing and observing the role of multi-threading in multiqueue systems that serve incoming calls. By increasing the number of threads from one to two, the SIP response time improved from 20.23809 to 0.08070 min at an arrival rate of 4250 calls/day and a service rate of three calls/min. Similarly, by adding one to seven threads, the queue length was reduced by four calls/min. Implementing secure media streaming and reliable AES-based signaling for session confidentiality and integrity introduces a minor 8-ms tradeoff in SIP service performance. However, the advantages of implementing added security outweigh this limitation.</abstract><pub>Public Library of Science</pub><doi>10.1371/journal.pone.0293626</doi><tpages>e0293626</tpages></addata></record> |
fulltext | fulltext |
identifier | ISSN: 1932-6203 |
ispartof | PloS one, 2024-01, Vol.19 (1), p.e0293626 |
issn | 1932-6203 1932-6203 |
language | eng |
recordid | cdi_gale_incontextgauss_ISR_A780401215 |
source | DOAJ Directory of Open Access Journals; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals; Public Library of Science (PLoS); PubMed Central; Free Full-Text Journals in Chemistry |
subjects | Analysis Cable telephony Cryptography Instant messaging Investment analysis Multiprocessing Safety and security measures Smart phones Transmission Control Protocol/Internet Protocol (Computer network protocol) |
title | Performance analysis: Securing SIP on multi-threaded/multi-core proxy server using public keys on Diffie-Hellman |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-18T13%3A52%3A30IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-gale&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Performance%20analysis:%20Securing%20SIP%20on%20multi-threaded/multi-core%20proxy%20server%20using%20public%20keys%20on%20Diffie-Hellman&rft.jtitle=PloS%20one&rft.au=Bhatti,%20David%20Samuel&rft.date=2024-01-25&rft.volume=19&rft.issue=1&rft.spage=e0293626&rft.pages=e0293626-&rft.issn=1932-6203&rft.eissn=1932-6203&rft_id=info:doi/10.1371/journal.pone.0293626&rft_dat=%3Cgale%3EA780401215%3C/gale%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_galeid=A780401215&rfr_iscdi=true |