Performance Study of COPS over TLS and IPsec Secure Session
نویسندگان
چکیده
This paper evaluates the performance of COPS over secure TLS and IPsec connections. For large size data, when we apply authentication and encryption, the throughput degrades compared with the throughput without authentication or encryption. COPS has native security mechanisms, but it also has limitations. As defined in RFC 2478, COPS includes no standard key management and no data privacy hop-by-hop security. To be deployed, it needs to support access control models. Based on our comparison of the performance of the implementation of COPS, COPS over TLS and COPS over IPsec, we propose a strategic approach to secure COPS.
منابع مشابه
Limitations and Differences of using IPsec, TLS/SSL or SSH as VPN-solution
Virtual private networks (VPNs) [1] [6] provide low-cost and secure access between hosts and/or networks. IPsec, TLS/SSL and SSH are popular technologies used to create VPNs. This article will point out some of the differences and limitations of using IPsec, TLS/SSL or SSH as VPN-solution.
متن کاملBare PC SIP User Agent Implementation and Performance for Secure VoIP
Bare PC systems, which run applications without using any operating system (OS) or kernel, are immune to attacks targeting a specific OS. They also perform better than conventional systems due to their reduced overhead. We describe the design, implementation and performance of a SIP user agent (UA) for secure VoIP on a bare PC system. In particular, we discuss SIP functions and message handling...
متن کاملCommon Open Policy Service (COPS) Over Transport Layer Security (TLS)
Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This document describes how to u...
متن کاملVerified Contributive Channel Bindings for Compound Authentication
Compound authentication protocols, such as EAP in IKEv2 or SASL over TLS, bind application-level authentication to a transport-level authenticated channel in order to obtain strong composite authentication under weak trust assumptions. Despite their wide deployment, these protocols remain poorly understood, leading to several credential forwarding man-in-themiddle attacks. We present formal mod...
متن کاملVoIP Networks Performance Analysis with Encryption Systems
The VoIP networks as alternative method to traditional PSTN system has been implemented in a wide variety of structures with multiple protocols, codecs, software and hardware–based distributions. The use of cryptographic techniques let the users to have a secure communication, but the calculate throughput as well as the QoS parameters are affected according to the used algorithm. This paper ana...
متن کامل