Measuring the Effect of AES Encryption on VoWLAN QoS
Mohammed M. Alani
Assistant Professor
Department of Computer Engineering and Information Systems,
College of Computer Engineering and Sciences
Gulf University, Kingdom of Bahrain.
Email: m.alani@d-crypt.org
Abstract: This paper focuses on the quality parameters of Voice
over Wireless Local Area Network (VoWLAN) and how they
are affected by the addition of end-to-end encryption using
Advanced Encryption Standard (AES) of 128-bits and 256-bits
block sizes. An experimental setup was made to evaluate mean
and maximum delay and jitter, and packet loss. These quality
parameters were measured for non-encrypted streams, AES
128-bit encrypted streams, AES 256-bit encrypted streams for
the CODECs; G,711, G.729, and G.723.1. The encryption was
applied to Real-time Transport Protocol (RTP) payload.
The tests showed that encryption affects the delay noticeably for
high-bit-rate CODECs, such as G.711. G.729 streams delay was
less affected, and the delay of G.723.1 streams was even less
affected. Jitter and packet loss were not highly affected by the
addition of encryption. The results also showed that 256-bit AES
encryption causes less delay despite the fact that it needs longer
calculations that the 128-bit AES. This is due to the fact that
larger block size causes less number of repetitions to encrypt a
complete payload field of an RTP packet. It was also concluded
that the use of G.723.1 with AES encryption is more
recommended in VoWLAN because it has better quality
measures.
1. INTRODUCTION
The quality of VoIP services is an essential concern for
any individual or corporation seeking the use of such service.
It is an ongoing challenge to provide acceptable quality of
VoIP services especially over the Internet. More challenges
arise when the services are moved into a wireless medium.
Wireless medium is more challenging because it implies
more security constraints that affect the quality in many
ways.
The encryption provided by the wireless technologies is
not sufficient to secure the VoIP traffic from one End-Point
(EP) to the other. Wi-fi Protected Access (WPA) and WPA2
security, even when employing AES encryption, provides
encryption from the wireless EP to the access point and the
data should travel from the access point to the destination EP
relying on the security of the VoIP service not on the wireless
encryption. This is the reason having end-to-end encryption is
essential in VoIP services.
Implementing end-to-end encryption by VoIP EPs affects
the overall quality parameters in a way that sometimes render
the VoIP service unusable.
1.1 VoIP QoS Parameters
Three important VoIP quality indicators are delay, jitter,
and packet loss. Delay is defined as the amount of time that a
packet takes to travel from the sender's application to the
receiver's destination application. The components that
contribute to the end-to-end delay include: (a) compression
and transmission delay at the sender (b) propagation,
processing and queuing delay in the network and (c)
buffering and decompression delay at the receiver. It is
recommended that delay bounds for the various grades of
perceived performance in terms of human interaction can be
defined as: Good (0ms-150ms), Acceptable (150ms-300ms),
Poor (> 300ms) [1].
Jitter is defined as the variation in the delay of the packets
arriving at the receiving end. It is caused due to congestion at
various points in the network, varying packet sizes that result
in irregular processing times of packets, out of order packet
delivery, and other such factors. Excessive jitter may cause
packet discards or loss in the playback buffer at the receiving
end. The playback buffer is used to deal with the variations in
delay and facilitate smooth playback of the audio and video
streams. The following jitter values are considered to be
reasonably reliable estimates to determine the grade of
perceived performance: Good (0ms-20ms), Acceptable
(20ms-50ms), Poor (> 50ms) [1].
Finally, loss is defined as the percentage of transmitted
packets that never reach the intended destination. These
packets are either deliberately discarded packets (RED,
TTL=0), or non-deliberately discarded by intermediate links
(layer-1), nodes (layer-3) and end-systems (discards due to
late arrivals at the application). Though popular experience
suggests loss levels greater than 1% can severely affect
audiovisual quality, there have not been well defined loss
bounds in terms of the various grades of H.323 application
performance. The following loss values are thought to be
reasonably reliable estimates to determine the grade of
perceived performance: Good (0%-0.5%), Acceptable (0.5%-
1.5%), Poor (> 1:5%) [1].
1.2 Previous Research
Being a rapidly developing area, VoIP security witnessed
many changes during the last five years. Many VoIP security
papers did not focus on the impact of security measures
applied to VoIP systems on the quality of the provided
services.
In 2007, a study of experiences in VoIP security policy in
the University of Applied Sciences in Berlin was published in
[2]. This paper focused mostly on testing the security policy
without testing the quality parameters. Another study of
security design patterns in VoIP systems was published in
2009 [3].
After the publishing of ITU-T recommendation P.800.1
[4], two important studies were published in [5] and [6]. The
first paper discussed the quality challenges in secure VoIP
systems. The second paper analyzed the Secure RTP
protocol.
1.3 Paper Organization
The following section describes the call model
implemented in this paper. Section three views the
implementation environment, while section four presents the
calculated QoS parameters. Sections five and six present the
results and conclusions.
2. IMPLEMENTED CALL MODEL
The VoIP protocol set chosen to implement the test was
H.323 model with no GateKeeper (GK). The choice of
Session Initiation Protocol (SIP) or H.323 is not a major
concern in this paper because what we are trying to measure
is the change of QoS parameters caused by applying AES
encryption to the payload of VoIP traffic. This payload,
whether we used SIP or H.323 for call control and signaling,
is carried by RTP and this is where we implemented AES
encryption.
The choice of H.323 with no GK was based on the fact that
the GK will not be a part of the encryption and/or decryption
processes for the traffic carried by RTP from one EP to the
other. This implies that the existence of GK is not necessary.
Figure 1 shows a schematic diagram of the call model used.
Figure 1 - Implemented H.323 Call Model
3. IMPLEMENTATION ENVIRONMENT
Ekiga softphone was used as the H.323 client software and
was installed, after the encryption modification, on both
computers that were considered as EPs[7]. Figure 2 shows
the implemented system layout. An 802.11g access point was
used to provide wireless networking environment with
54Mbps connections speed. The connection between EP2 and
the Ethernet switch was at the speed of 100Mbps.
AES was implemented in Cipher Block-Chaining (CBC)
mode. The choice of this mode was made to prevent, as
possible, the production of similar ciphertext blocks
corresponding to similar plaintext blocks.
Since the implementation of H.323, as any other VoIP
protocol, involves the choice of a CODEC to be used for
encoding/decoding the voice signal into digital data stream,
three choices were made for CODECs. The implemented
CODECs were G.711, G.729, and G.723.1. This choice of
CODECs was based on two points; first, these CODECs
consume different amounts of bandwidth, and second, these
three CODECs have the highest Mean Opinion Scores
(MOS) according to International Telecommunications Union
[4].
Since these CODECs have different data rates, measuring
QoS parameters for these different rates give a clearer view
of the effect of adding encryption to the VoIP part of the
system.
For each CODEC, the streams were captured using
WireShark software for off-line analysis [8]. The streams
consisted of 50,000 RTP packets per direction for plain, AES
128-bit encrypted, and AES 256-bit encrypted RTP payload.
4. CALCULATED QUALITY PARAMETERS
Five parameters were calculated to provide a reasonable
indication of the quality of the VoIP stream from one EP to
the other. These parameters were Mean Delay, Maximum
Delay, Mean Jitter, Maximum Jitter, and Packet Loss.
Since there is no well-defined way to calculate the end-to-
end delay in a VoIP system, the delay calculated was the
delay caused by the encryption process only. An additional
time-stamp was added to the RTP packet. This time-stamp is
different from the one used in RTP as defined by the
RFC3550 in the manner that it records the current time of the
sending device [9]. After adding this time stamp to the RTP
packet, the payload is encrypted with AES. After inserting
the encrypted payload instead of the plain payload, another
time stamp is added to record the current time. The delay
caused by the encryption process is simply calculated by
subtracting the second time stamp from the first one. Both
time stamps are removed from the RTP packet prior to
sending to evade the misinterpretation that can happen to this
non-standard addition. The results obtained from this
calculation is not exact because this measurement method is
 Figure 2 - Implemented System Layout

intrusive and there is a small amount of time wasted on the Table 1- .Quality parameters for G.711 CODEC.
process of recording both time-stamps before and after
encryption. Mean Max. Mean Max. Packet
To get approximate values for delay, an estimation method RTP
Delay Delay Jitter Jitter Loss
for the VoWLAN packets transmission delay was adopted Payload
(ms) (ms) (ms) (ms) (%)
[10]. This estimation method requires assumption of some
parameters such as the number of concurrent VoIP users in
the WLAN. These assumptions were made for small Plain 112.02 180.38 13.83 24.38 0
networks with average number of users of 10. Another
important delay is the CODEC delay, some times referred to
as the compression delay. The average values of this type of 128-bit
delay for the CODECs used in this paper were used [11]. The AES 251.34 332.62 12.86 54.51 0
composite delay is expected to be a good approximate of the Encrypted
actual end-to-end delay. The accumulated results were
tabulated in the following section as the Delay. 256-bit
Jitter was calculated in accordance with the RTP AES 229.78 289.76 12.63 56.34 0
RFC3550. Packet loss was calculated through the RTP Encrypted
sequence number field by calculating the percentage of
missing packets from the whole stream. Both Jitter and
Packet Loss were calculated through capturing the RTP Table 2 - Quality parameters for G.729 CODEC.
traffic stream and analyzing it with the aid of WireShark
software.
Mean Max. Mean Max. Packet
RTP
5. RESULTS Delay Delay Jitter Jitter Loss
Payload
(ms) (ms) (ms) (ms) (%)
In total, nine H.323 streams were analyzed; plain-text
stream, 128-bit AES encrypted stream, and 256-bit AES Plain 123.88 144.36 5.56 16.83 0
encrypted stream for each of the three CODECs. As
mentioned earlier, each stream consisted of 50,000 RTP
packets per direction. Thus, 100,000 RTP packets were 128-bit
analyzed for each of the implemented eight cases. AES 228.81 270.62 15.64 17.08 0
Five parameters were calculated for each of the streams Encrypted
resembling mean and maximum delay, mean and maximum
jitter, and packet loss. These results can be seen in tables 1, 2, 256-bit
and 3 for CODECs G.711, G.729, and G.723.1 respectively. AES 203.20 263.09 15.65 19.56 0
Encrypted
 Table 3 - Quality parameters for G.723.1 CODEC. REFERENCES

Mean Max. Mean Max. Packet [1] Prasad Calyam, Mukundan Sridharan, Weiping
RTP Mandrawa, and Paul Schopis, Performance Measurement
Delay Delay Jitter Jitter Loss
Payload and Analysis of H.323 Traffic, Ohio state university, 2003.
(ms) (ms) (ms) (ms) (%)
[2] V. Iossifov, T. Totev, and A. Tochatschek, Experiences
in VoIP telephone network security policy at the University
Plain 139.08 161.70 23.83 24.37 0 of Applied Sciences (FHTW) Berlin. In Proceedings of the
2007 international Conference on Computer Systems and
Technologies, Bulgaria, June 14 - 15, 2007.
128-bit [3] N. A. Chavhan, and S. A. Chhabria, Multiple design
AES 201.82 237.61 23.79 56.01 0 patterns for voice over IP security. In Proceedings of the
Encrypted international Conference on Advances in Computing,
Communication and Control, Mumbai, India, January 23 -
256-bit 24, 2009.
AES 181.82 208.33 23.83 27.62 0 [4] ITU-T recommendation P.800.1, http://www.itu.int
Encrypted [5] Md. Z. Fadlullah, T. Taleb, N. Nasser, and N. Kato,
Exploring the security requirements for quality of service in
combined wired and wireless networks, In Proceedings of the
2009 international Conference on Wireless Communications
6. CONCLUSIONS
and Mobile Computing: Connecting the World Wirelessly
The use of VoWLAN is expanding rapidly and the use of ,Leipzig, Germany, June 21 - 24, 2009.
encryption is becoming one of its most integral parts. [6] A. Passito, and E. Mota, Analysis of the secure RTP
However, encryption provides security and compromises protocol on voice over wireless networks using extended
quality. The quality of the voice transmission is of essential MedQoS, In Proceedings of the 2009 ACM Symposium on
importance to the existence of such services. Applied Computing ,Honolulu, Hawaii,2009.
In this paper we focus on quality parameters of VoWLAN [7] http://www.ekiga.org
systems and how they are affected by the addition of [8] http://www.wireshark.org
encryption into the system. An experimental setup was made [9] IETF RFC3550, http://tools.ietf.org/rfcmarkup?rfc=3550
to evaluate mean and maximum delay, mean and maximum [10] Alfonso Fernandez-Durn and Jos I. Alonso,
jitter, and packet loss. These quality parameters were Approach for voice quality and throughput estimation in
measured for non-encrypted streams, AES 128-bit encrypted wireless convergent networks., Wireless Networks , Vol. 15
streams, AES 256-bit encrypted streams for the three , Nr. 2 (2009) , p. 227-239.
CODECs; G,711, G.729, and G.723.1. [11] M. Lutzky, G. Schuller, M.Gayer, U. Kraemer, S.
The tests showed that encryption affects the delay Wabnik, A guideline to audio codec delay, presented at the
noticeably for high-bit-rate CODECs, such as G.711. The 116th AES convention, Berlin, May 2004.
impact of encryption was less on the delay of G.729 stream,
and even less on the delay of G.723.1 stream. Jitter and
packet loss were not highly affected by the addition of
encryption to the system and both of these parameters
remained in the good range. The results also showed that
256-bit AES encryption causes less delay despite the fact that
it needs longer calculations that the 128-bit AES. This is due
to the fact that larger block size causes less number of
repetitions to encrypt a complete payload field of an RTP
packet. From the results of this paper, we conclude that the
use of G.723.1 CODEC with AES encryption is more
recommended in VoWLAN because it has better quality
measures.