We developed an open-source tool written in ANSI C lan- guage that takes an input ... quality, we used network monitor tools provided by Linux to analyze more ...
Management of VoWLAN Security Parameters using a QoS Tool Alexandre Passito, Arlen Nascimento, Regeane Aguiar, Edjair Mota, Edson Nascimento
Ilias Biris, Eduardo Valentin
Federal University of Amazonas (UFAM) Computer Science Department (DCC) VoIP and Embedded Systems Laboratory (VoES) Manaus - AM - Brazil Email: {passito, aon1, rba, edjair, edson}@dcc.ufam.edu.br
Abstract— Voice over IP is becoming an important application for wireless networks based in the IEEE 802.11 standard, but many problems must be addressed for the success of this combination, such as providing high number of connections with acceptable speech quality and minimal level of security. This paper presents the results related with a QoS evaluation tool implementation and its utilization in a VoWLAN environment in order to evaluate the performance of the VoIP system with the IPSec used to guarantee confidentiality. In addition, we demonstrate how this QoS tool can be deployed inside the network operation to assist network nodes on selecting more accurate IPSec parameters to reduce the security impact on the real-time traffic.
I. I NTRODUCTION Voice over IP (VoIP) is one of the fastest growing Internet applications today and supporting reliable real-time service is one of its major concerns for widely deployment in IP-based networks. The success of VoIP is due to the possibility to create new services and applications based in the combination of voice and data, and the current progress in improving quality of service. Wireless Local Area Networks (WLANs) are being progressively used to implement VoIP services. This trend happens due to WLAN capability to offer mobility and high-speed access to VoIP users, despite this convergence depends on the solution of several technical problems [1]. We are convinced that, besides the problem of channel capacity and quality of service, the security of VoIP systems is a main concern. The problem of offering security to VoWLANs is that security does not come for free and, security and efficiency are conflicting requirements. As we see in this paper, the introduction of a security mechanism such as the IETF IPSec impacts directly in speech quality and channel capacity of the network. Another concern is how to address the problem of selecting security parameters in order to decrease the impact on the real-time traffic. This paper concerns the implementation of a typical VoWLAN (802.11b) environment protected by IPSec and an investigation of the security impact in speech quality and channel capacity. The speech quality was evaluated with a QoS tool derived from the computational model E-Model [2].
Nokia Institute of Technology (INdT) Laboratory of Embedded Linux (10LE) Manaus - AM - Brazil Email: {ilias.biris, eduardo.valentin}@indt.org.br
Based on the results and the QoS tool we proposed a solution to be introduced in the network infrastructure in order to support network nodes to analyze the VoIP system performance and select the best security parameters depending on the level of security required. The solution suggests that the evaluation tool implementation could predict MOS value decrease and could indicate to the system to change automatically security parameters, such as encryption algorithms, or even VoIP system parameters such as codec type. Previous works on VoIP over IPSec are presented in [3] and [4] and the encryption system when applied to real-time traffic was analyzed, indicating that in wired networks the transmission delay and the effective bandwidth are affected leading to poor VoIP calls. This work differs from [5] because uses an objective evaluating tool, a more realistic scenario and different VoIP system parameters, such as codecs and encryption algorithms. In [6] are presented preliminary results about our implementation but it did not propose a solution of how this tool could be used to assist network management. The rest of the paper is organized as follows: section II presents the background in VoWLAN including the need for security in our environment. Section III describes the conducted experiments. Section IV presents measurements results. Section V introduces the proposed architecture based on the QoS tool to manage network security. Finally, section VI presents our conclusions about this work. II. BACKGROUND A. Voice over IP VoIP is a technology where voice data is transmitted over the Internet Protocol. In VoIP systems the voice signals are encoded and compressed into a low-rate packet stream by codecs. The codecs generate bit-rate audio frames consisting of IP/UDP/RTP headers followed by a relatively small payload. The packet is sent over the network and when it arrives at the destination the analog signal is reconstructed. Two VoIP standards are being developed by the community. H.323 is an umbrella recommendation suite, which defines audio, video, and data communication across IP-based networks.
SIP (Session Initiation Protocol) is a simple protocol which provides advanced signaling and control functionality for a wide variety of multimedia services. Due to its real-time behavior, VoIP is highly sensitive to several network factors such as packet loss, packet delay and delay jitter. Other factors that contribute to VoIP quality are compression schemes, transducers, echo cancellation algorithms, and voice activity detection at VoIP clients. Another issue is that security mechanisms consume an intensive computational power and can introduce one more delay layer to VoIP applications. This delay can become the one-way delay for approximate toll quality unacceptable. In addition to network delay, some security architectures impose packet header overhead what can impact in the performance related to channel capacity and packet loss. Voice can be easily implemented over WLANs. Most of the existing WLANs use IEEE 802.11b standard in the link layer to provide wireless access. IEEE 802.11b standard supports data rates up to 11Mb/s. IEEE is working in several other standards such as 802.11g, 802.11e (QoS support) and 802.11i (security support), but only 802.11b is widely deployed. Clients are installed at the end-points of the wireless network and start to establish VoIP calls between pairs in the same network or external networks by means of acess points. This architecture can be used to provide enterprise WLAN or public WLAN hotspot access to VoIP users. The WLAN architecture must support several number of VoIP connections at the same time. [1] investigated the VoWLAN capacity and the results showed a capacity of 12 connections using GSM 6.10 codec. We evaluated this capacity based on MOS score and the results can be viewed in the following sections. It is expected that with the adoption of 802.11e the performance of VoWLANs will be improved. B. Security issues of VoWLANs The IEEE 802.11b standard introduces a large-scale security risk to VoWLANs. Communications over such a wireless network is potentially insecure. All data traffic is unprotected and can be easily eavesdropped on or even spoofed [7]. The prevention of non-authorized network access can hinder several forms of attacks, such as information theft, DoS attacks, non-authorized location of users and jamming. Among proposals to implement security in WLANs are Wired Equivalent Privacy (WEP) scheme and the use of Virtual Private Networks. The WEP protocol is inherent to 802.11b standard and its function is to offer authentication and encryption to the link layer. Major flaws were reported in [8], [9] and [10], which turn the protocol insecure. Virtual Private Networks has become an important solution to address the security flaws in 802.11b standard. VPNs offer security by means of the integration of authentication, encryption, access control and session management. VPN provides a secure communication tunnel between the users as if they were at the same network. VPNs use encryption techniques to
prevent the interception and analysis of datagrams while they are in the public network. IETF IPSec [11] is the most deployed standard for VPNs because provides a much higher level of security. The IPSec is constituted by some protocols: Authentication Header (AH), Encapsulating Security Payload (ESP) and the Internet Key Exchange (IKE). IPSec supports various encryption and authentication algorithms and the major are implemented in Linux kernel version 2.6 used for our experiments. IPsec is a complex combination of various protocols. While it is possible to achieve secure communication using IPSec, it requires careful selection of implementation details and tuning of the various parameters. In the case of VoWLAN, this selection becomes more complex because an incorrect or inefficient configuration can impact in the quality of service. C. Assessing VoIP quality Our security management architecture performs its function based on real-time analysis of the VoWLAN. The analysis are related with the speech quality and channel capacity variation during an established call. In order to obtain these values from the network we used the computational model E-Model which is an objective method to evaluate speech quality in VoIP systems. The mathematical background of E-Model is detailed in [12]. The major concern is that it is a complex calculation with network and VoIP parameters as input and its numerical result can be converted to the MOS score. The output of the E-Model is the factor R, which can be determined by R = 93.4 − Id (Ta ) − Ie (codec, loss), where Id is a function of the absolute one-way delay and Ie is, in short, a function of the used codec type and the packet loss rate. The R factor ranges from 0 (poor) to 100 (excellent). After the calculation of R factor, the conversion is done by the relation between R factor and M OS rating: For R < 6.5 : M OS = 1 For 6.5 ≤ R ≤ 100 : M OS = 1 + 0.035R + 7.10−6 R(R − 60)(100 − R) For R > 100 : M OS = 4.5 (1) The final MOS score ranges from 1 (worst case) to 5 (excellent quality) and calls with scores less than 3.5 are not considered good. Once the codec is well-known (Ie ), we need to capture network (delay and loss) and application (dejitter buffer delay and used codec) statistics in order to estimate speech quality by means of the R factor expression. III. E XPERIMENTS A. QoS Tool Implementation The preliminary idea of the management architecture was to build a QoS tool which could be incorporated to the network and measure how the actual security mechanism setup is impacting the speech quality and channel capacity.
This measurement tool was presented at [6] and was modified in this work to the last developments on the E-Model calculation. We developed an open-source tool written in ANSI C language that takes an input file containing delay, loss, codec type and frame duration information for each packet exchanged between two endpoints. The output is a file with Id , Ie , delay, loss, R factor and MOS rate. To be sure about the real delay and loss for each packet, the trace must be collected after the dejitter buffer and not at the network interface. Since it adds an additional delay before the packets can be played and late packets can be discarded in the dejitter buffer. The software used to establish the VoIP calls was callgen323 [13] due to its feature of complete trace generation and statistical information. Since the tool is implement in ANSI C, it can be easily incorporated to VoIP clients to evaluate the QoS and, as we will see later in this paper, to manage the actual communication. B. Test Environment The objective of this test environment is to create a real implementation of a VoWLAN. The first part of the implementation was to setup a WLAN consisting of several laptops with 802.11b wireless cards and two 802.11b access points. The tests were deployed using an infrastructure-based WLAN. Fig. 1 presents the scenario used in our experiments. Two access points were connected through a LAN and IP address were given by DHCP protocol. The wireless cards attached to laptops, were made to operate in infrastructure mode. A computer with an Ethernet interface was attached to the LAN in order to connect it with mobile users in both WLANs. Ohphone + QoS tool Switch
LAN
Ethernet Switch
IPSec Tunnel Access Point
Access Point
LAN WAN
WAN Ohphone + QoS tool
Callgen323
one endpoint to the other one. As we can see in Fig. 1, the sender was configured with callgen323 and the receiver was configured with ohphone. The ohphone was upgraded with the QoS tool. All voice traffic inside this VoWLAN were received and transmitted through an IPSec tunnel between mobile stations on WLAN1, WLAN2 and LAN. C. Experimental Parameters The voice extracted from the .wav file was coded by callgen323 with G.711 µ-Law codec, in frames of 30ms per packet. The G.711 bit rate is 64kbps, without headers. RTP, UDP and IP headers sums a total of 40 bytes. The bandwidth required by each voice channel was about 75kbps. The IPSec was prepared to use the following encryption algorithm parameters: AES (Advanced Encryption Standard) with 192 key length, 3DES(triple-Data Encryption Standard) with 192 key length. The key was distributed manually between the nodes. In order to perform authentication we used HMAC-SHA1 scheme. The WEP protocol was disabled in both WLANs. D. Experimental Procedure The first step was to establish calls between a node in WLAN1 and a node in WLAN2. Callgen generated voice data in WLAN1 that was received at WLAN2 through both access points. We collected 100 samples of 5 minutes calls. After, we established 100 calls between a node in WLAN1 and a node in the LAN. Besides the QoS tool implementation to evaluate speech quality, we used network monitor tools provided by Linux to analyze more precisely how the E-Model can be sensible to security impact. In a second moment, we evaluated the performance associated with the number of simultaneous calls between the pairs. Callgen323 implements an efficient option to generate simultaneous calls. We tested several combinations of number of calls to evaluate how IPSec decreases the capability of the network to establish simultaneous calls. Notice that sometimes callgen323 does not establish all requested calls due to channel saturation. These simultaneous calls were performed between a node in WLAN1 and a node in WLAN2. IV. E XPERIMENTAL R ESULTS
WLAN1
WLAN2
Fig. 1. Test Environment: VoWLAN and LAN stations voice communication.
Laptops and LAN computer run on Debian GNU/Linux kernel 2.6.8. We used the implementation of IPSec available in this Linux kernel version. For our setup we have chosen the ESP protocol in tunnel mode, allowing an wide range of ciphers and message digest algorithms believed to be secure. In order to implement the voice service in the secure WLAN, we used a H.323 VoIP client in each station. The tests were taken by playing a 5 minutes recorded audio file from
A. Measurements Results The use of IPSec tunnel between mobile stations from WLAN1 and WLAN2 increases the delay and bandwidth of VoIP traffic. The voice packet header can be highly increased due to the utilization of ESP header. In our experiments we notice that, for example, the packet size increase for a voice packet encrypted by 3DES-CBC is around 20%. Fig. 2 presents the results related to the impact evaluated by means of E-Model. The figure shows the average MOS score obtained by each combination of IPSec parameter and sender and receiver location for 100 sample calls.
5
4 3.5 3 2.5 2 1.5 1
5
Without Security AES−CBC 3DES−CBC
4.5
MOS Score
The voice communication without IPSec between WLAN1 and LAN obtained a very good result with MOS score equal to 4.25, a better result then the communication between WLAN1 and WLAN2, 4.10. When IPSec is used with AES-CBC, the MOS score decreases to 3.91 in the WLAN1 to LAN environment. This value decreases down to 3.72 if the communication path is between WLAN1 and WLAN2. If 3DES-CBC encryption algorithm is used as parameter to IPSec, this value is 3.67 and 3.39, respectively to WLAN1 to LAN and WLAN1 to WLAN2 setup.
2
4
6
WLAN1 to LAN
8
10 12 14 16 Nr. Simultaneous Calls
18
20
22
24
4.5 WLAN1 to WLAN2
Fig. 3.
MOS Score by the Number of Simultaneous Calls.
MOS Score
4 3.5 3 2.5 2 1.5 1
Without IPSec
AES−CBC
3DES−CBC
Fig. 2. MOS score results for two IPSec combinations and without security.
The manner that IPSec treats voice packets, adding new headers, and the time that is spent by the crypto-engine where the lighter the computation of the algorithm, the higher the throughput value achieved, explain the difference between implementations with AES and 3DES. Time spent by the crypto-engine influences the calculation of R factor. Id is derived from all delays in the VoIP system. A higher delay in the crypto-engine increases Id final value, which decreases the R score, leading to lower MOS values. The overhead in packet headers introduced by IPSec influenced the calculation of the Ie . This overhead affected the packet loss rate resulting in higher values of the parameter loss, reducing the MOS final score. This packet loss analysis was conducted with network measurement tools helped identify the difference between packet loss rate for implementations with and without security. The difference between average MOS in both scenarios, pointing to a better performance in the scenario where WLAN1 is connected with LAN, is because in WLAN1 to WLAN2 scenario, voice packets go two times through a wireless channel. B. Results with Simultaneous Calls In the Fig. 3 we plotted the average MOS score as a function of number of simultaneous calls. This experiment was carried out only between WLAN1 and WLAN2 to evaluate the channel capacity with IPSec. It can be observed that the average MOS decreases as the number of simultaneous calls is increased. The average MOS
for 2 simultaneous calls without security mechanisms is 4.21. The MOS decreases until 1.60 with 24 calls being established. When IPSec is used the initial MOS score for 2 simultaneous calls is 3.52 and decreases until 1.55 when 18 simultaneous calls are established. If AES is applied this value is 3.90 and 1.30 for 2 and 24 calls respectively. The calculation of standard deviation remains acceptable for whole range of values. It is worthwhile to emphasize that the callgen323 tries to establish the maximum number of calls, but due to different overheads caused by both combinations, the average number of established calls is different. Fig. 3 plots the real amount of simultaneous calls which can be established. The results showed that for 3DES combination we can establish up to six calls. For AES and the configuration without security this number is, respectively, eight and ten calls. Table I resumes the results related with simultaneous calls. TABLE I OVERVIEW OF CHANNEL CAPACITY G.711 µ-Law (30ms)
MOS score for max.
Without IPSec
10
3.54
AES-CBC
8
3.53
3DES-CBC
6
3.50
Reference [14] shows that for codec G.711 with frame size equal to 30ms and BER = 10−4 , the number of maximum simultaneous calls that can be established is nine, what is a very approximate result to the one obtained in our experiments. The worst result related to 3DES and AES is due to the utilization of IPSec and header overhead. V. S ECURITY M ANAGEMENT BASED ON Q O S As we see in this paper, the implemented QoS tool based on E-Model is efficient in the quantification of the security impact to VoIP traffic which have several real-time requirements. We believe that it is not enough only to assess the impact but we need the development of an architecture where based
on this result it is possible to manage security parameters in order to optimize network quality of service. In this paper we do not propose this architecture yet. We just present the parameters which could be evaluated by this QoS tool, how this evaluation could be used to manage the network and we present other parameters that can increase this optimization based on some network characteristics.
Control Node
WAN Softphone + QoS tool Softphone + QoS tool
A. Security and Network Parameters Obviously, that the first parameter this QoS tool could set is the encryption algorithm. As we saw in this paper, different encryption algorithms have different impacts in the VoIP traffic. Other parameters are the authentication algorithm, scheme of message digest and digital signatures. The length of the security key can be another issue because introduces higher delay. The performance of these mechanisms depends on the machine computational power where the encryption-engine is running. This observation leads to the next parameter: hardware characteristics. Nowadays handheld devices or other clients with limited computational power are being used to implement softphones. This trend will occur in VoWLAN networks too, and there is the necessity to choose an implementation especially optimized for these types of hardware. If a slower device process voice data encryption with a high consume algorithm, a great delay can occur in the link. Channel capacity can be also used. We will always use an algorithm that can allow more simultaneous calls occurring, but if the network is idle we will prefer to use a more secure algorithm. All these choices depends on the level of quality of service we are achieving in the moment. B. Proposed Architecture In order to provide desirable VoIP service to the user, the behavior of applications must be monitored to ensure that QoS requirements are being met. The first step to implement a dynamic management system is the introduction of our QoS tool in the application and control nodes. The applications are the softphones configured in the VoWLAN mobile nodes. The control node is a network entity in charge of measurements and parameters controlling. In our architecture the control node must be implemented in the access point, as we can see in Fig 4. The preliminary idea is to implement the QoS tool as an extended report system for the RTP (Real-Time Protocol) [12] and every mobile stations will have the information about QoS. Mobile stations will register in the control node before establishing any call in order to provide their hardware specification. In the establishment of the call, each node will receive from the control node the encryption algorithm and authentication algorithm that fulfill all initial quality of service requirements for VoIP. This control is based on previous measurements in VoWLAN networks and device hardware specification. Computers with low computing resources are requested to use low consume algorithms.
Softphone + QoS tool
VoWLAN
Fig. 4.
Proposed architecture: real-time control.
When a call is established, both mobile stations must monitor periodically the MOS score of the conversation by means of the QoS tool. If the MOS score is in a acceptable value (more than 3.5), the process continues without any chance. If the value decreases to less than 3.5 a control message is sent to the control node which decides what algorithm or security combination could be used to optimize the VoIP system and decrease the impact. Therefore, the nodes need to change the IPSec parameter based on the control node. The control node can monitor network capability. Since it receives information each time a dialog is established and keeps track of network saturation it can perform computations to decide what IPSec combination could be sent to mobile stations in order to maximize network capacity in order to accept more connections. If the network capacity is not saturated, all actual nodes can continue with their normal combinations. An implementation of the control node requires an interface to receive information from nodes and a system to learn about the several combinations of security and VoIP necessity. This learning system can be based on current studies in intelligent agents for networks. The choice for keeping a control node is that this is the only manner to it know about every node in the network and collect data about channel saturation. C. Constraints of the Architecture Two major constraints can be pointed and must be addressed before the architecture implementation. After deciding the parameter for VoWLAN nodes, the problem is how to change it without stopping the current call. Maybe the solution is to pass this control to signaling which will be in charge of the call parameters renegotiation. Another issue is how to address the problem of reducing security level to increase QoS. There are situations where the user prefer quality of service instead of a high level of security. This can be accomplished creating an user profile determining the level of security and QoS required and let in charge of the control node to balance both parameters and the current state of the VoWLAN.
VI. C ONCLUSIONS The QoS tool based on E-Model is an efficient and objective manner to evaluate the impact of security mechanism on VoIP. This tool can be easily used in a VoWLAN environment where the measurement of speech quality is specially required due to the wireless channel behavior. A simple controlling architecture where the QoS tool was introduced in the network to manage quality of service and security parameters was proposed. We already implemented this QoS tool using SIP (Session Initiation Protocol) and further work should investigate the implementation of the architecture using this one in a real or simulated environment. ACKNOWLEDGMENT The authors would like to thank VoES laboratory students by their support with experiments. R EFERENCES [1] W.Wang and S.Liew and V.Li, Solutions to Performance problems in VoIP Over a 802.11 Wireless LAN.IEEE Transactions on Vehicular Technology, Vol.54, No.1. 2005. [2] MedQoS Evaluation Tool.http://sourceforge.net/projects/medqos [3] R. Barbieri and D. Bruschi and E. Rost, Voice over IPSec: Analysis and Solutions.Proceedings of 18th Annual Computer Security Applications Conference (ACSAC). 2002. [4] A. Passito, et al, Performance evaluation of VoIP traffic using IPSecurity protocol.Proceedings of I Workshop on Computer Science and Information Systems. Florianopolis, Brazil. 2004 (in portuguese). [5] J.Klaue and A. Hess, On the Impact of IPSec on Interactive Communications.Proceedings of the IEEE Parallel and Distributed Processing Symposium. 2005. [6] A. Passito, et al, Using An E-Model Implementation to Evaluate Speech Quality in Voice over 802.11b Networks with VPN/IPSec.Proceedings of the International Conference on Wireless Communications, Networking and Mobile Computing.(WCNM). 2005. [7] J. Eisinger and P.Winterer and B.Becker, Securing Wireless Networks in a University Environment.Proceedings of the Conference on Pervasive Computing and Communications Workshops. 2005. [8] N. Borisov and I. Goldberg and D. Wagner, Intercepting Mobile Communications: The insecurity of 802.11. 2001.Hosted at http://www.isaac.cs.berkeley.edu/isac [9] S. Fluhrer and I. Martin and A. Shamir, Weaknesses in the scheduling algorithm of RC4, Proceedings of Selected Areas in Cryptography. 2001. [10] H. Boland, Security issues of the IEEE 802.11b wireless LAN, Proceedings of Canadian Conference on Electrical and Computer Engineering. 2004. [11] S. Kent and R. Atkinson, Security Architecture for the Internet Protocol, IETF RFC 2401. 1998.http://www.ietf.org/rfc/rfc2401.txt [12] L. Carvalho, An E-Model implementation for objective speech quality evaluation of VoIP Communication Networks.Master Thesis. Sep. 2004 (in portuguese). [13] OpenH323 Project. http://www.openh323.org/ [14] D. Hole and F. Tobagi, Capacity of an IEEE 802.11b wireless LAN supporting VoIP, Proceedings of IEEE International Conference on Communications. 2004, pp. 196-201.
