1. Field of the Invention.
This invention relates in general to Internet Protocol (IP) telephony, and more particularly to a method and apparatus to provide encryption and authentication of a mini-packet in a multiplexed real time protocol (RTP) payload.
2. Description of Related Art.
Traditionally, voice has been carried over circuit switched networks (CSN) that are designed especially for transmitting voice, e.g. PSTN and GSM. During the past twenty years, telephone systems have steadily improved and changed as businesses became dependent upon reliable communication that could overcome barriers of time and distance. As a result, enterprise-wide communications platforms have been developed to deliver a broad range of telephony services. The networking services available on these platforms include automatic least-cost routing and class-of-service routing, and applications such as voice mail, mobility and call centers.
During this same time period, packet switching also grew to provide reliable and easy-to-use file transfer, transaction processing and information access. Packet switching systems were first implemented as proprietary systems running over private lines. However, today packet switching has evolved into standards-based, virtual-circuit networks, e.g., frame relay and Asynchronous Transfer Mode (ATM), and the Internet. The development and wide implementation of Ethernet in the 1980s led to bridges and routers and, more recently, local area network (LAN) switching. Transfer speeds have increased, prices have decreased and there are now more than 200 million Internet and Ethernet users worldwide.
Currently, there is a lot of interest for the transmission of voice over packet switched networks (PSN). The next big development in telecommunications will be combining the Internet with mobile phones and other devices such as personal digital assistants (PDAs). Soon consumers will be using small communication devices that combine features such as mobile telephones, Internet terminals, music systems, video systems, cameras, etc. Further, the Internet and the growing convergence around the Internet Protocol (IP) present great opportunities for businesses to capture new markets, serve customers better, reduce costs and improve productivity.
The biggest challenge facing IP telephony will be accommodating business-critical applications. They include call centers, Interactive Voice Response (IVR), and other speech-activated applications, mobility and single-number roaming services, and unified messaging.
These types of applications accentuate the need for IP telephony to address the difficult issue of transmission quality. Over time, the telephone network has become very reliable and delivers consistently high-quality service. In contrast, on today's intranets and the public Internet, the quality of service is virtually nonexistent. File download times and the time required to pull up a web site varies, and the time for e-mail to reach its intended destination is dependent upon many network factors. Increasing the bandwidth of Internet links has been the focus of most efforts to improve the quality of service. However, increasing bandwidth is only a partial fix for the short term. In the long run, other strategies are required.
At present, IP networks offer a single class of service called best effort, which can not guarantee any Quality of Service (QoS) to applications. To support delay sensitive applications such as voice and interactive multimedia, there have been many proposals submitted to the Internet Engineering Task Force (IETF) on how to integrate QoS in IP networks. These proposals include differentiated service (diff-serv), Integrated services (Int-serv) and Multi Protocol Label Switching (MPLS). Despite these efforts, QoS in IP is still elusive and could take some time before it is deployed over global Internet.
As suggested above, IP telephony has emerged as a potential application to challenge the traditional phone companies by offering long distance telephone service over Internet for low prices. There are a large number of equipment vendors offering IP telephone gateways and accessories to provide IP telephony service to corporate customers and Internet Service Providers (ISPs). IP telephone standards such as H.323, H.225 and H.245 have been standardized to enhance the rapid deployment of IP telephone services in the global Internet. Even though, IP telephone is not a reality in the public Internet today, it has been more successful in Intranet and Virtual Private Networks (VPN) environments.
In trials, IP telephone services have been demonstrated to have the potential to match the voice quality offered by traditional telephone networks. As a result, the growth of IP telephone gateways in corporate and ISP environments is expected to increase exponentially in the coming years. IP telephone gateways act as an interface between the existing PSTN and PBX networks and IP networks. This method allows one PSTN user to call another PSTN user connected through IP telephone gateways. thus eliminating the need for long distance telephone network.
In a IP telephony connection, two sides of the PSTN/PBX users (two branches of the same company) are interconnected by IP telephone gateways. In such application, a telephone call between PSTN/PBX users located at either side of the gateways is carried by a separate Real-time Transport Protocol/User Datagram Protocol/Internet Protocol (RTP/UDP/IP) connection. RTP is an Internet protocol for transmitting real-time data such as audio and video. RTP itself does not guarantee real-time delivery of data, but it does provide mechanisms for the sending and receiving applications to support streaming data. Typically, RTP runs on top of the UDP protocol, although the specification is general enough to support other transport protocols. The User Datagram Protocol is a connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network.
IP telephony gateways provide an interface between the existing circuit switched telephone networks (such as PSTN and GSM) and the packet switched IP data networks. In traditional IP telephony applications, telephone calls between PSTN users interconnected by a pair of IP telephony gateways to compress incoming PSTN speech samples generate packets with sizes ranging from 5 to 20 bytes per speech sample.
For example, G.723.1 (the most popular IP telephony codec and the International Multimedia Teleconferencing Consortium's (IMTC) Voice over IP (VoIp) mandatory low bit-rate codec), generates a 20 byte speech packet at 30 ms intervals. Many codecs used in cellular environment generate less than 10 byte packet per speech sample. Small size packets are subjected to large overhead when transferred using the Real time Transport Protocol (RTP). The RTP/UDP/IP overhead is 40 bytes (12+8+20) for a simple speech packet. For example, a 10 byte packet transferred via RTP/UDP/IP increases the overhead to 80% (40 byte overhead/50 byte overhead plus packet). In addition, for each call request a single UDP/IP connection (a pair of UDP ports) is established between the gateways requiring a large state (memory) to be maintained at the telephony gateways, thereby making these less scaleable.
Congestion in IP networks results in packet loss at routers and UDP does not have any retransmission mechanism to recover lost packets. Also, real time applications such as speech is intolerant to delay caused by retransmission. In traditional RTP method, each individual speech packet is transmitted as a IP packet, which generates a large number of packets between gateways. This heavy traffic volume is a potential situation for congestion and packet loss at IP routers.
To overcome these this problem, an efficient real-time transport protocol multiplexing method and apparatus for transporting compressed speech between IP telephony gateways has been proposed in co-pending and commonly-assigned U.S. patent applications Ser. No. 09/137,276, by Baranitharan Subbiah, entitled “METHOD AND APPARATUS FOR PROVIDING EFFICIENT USER MULTIPLEXING IN A REAL-TIME PROTOCOL PAYLOAD FOR TRANSPORTING COMPRESSED SPEECH BETWEEN IP TELEPHONY GATEWAYS, herein referred to as “Subbiah.” Subbiah describes a protocol that eliminates bandwidth usage inefficiencies in transporting short packets between nodes connected by an IP network, wherein the method and apparatus enables a number of users to share a single RTP/UDP/IP connection. The protocol includes creating a header for a plurality of data packets, each header providing identification of a user associated with a packet, adding each header to the data packet associated therewith to form mini-IP payloads, multiplexing the mini-IP payloads into a RTP payload and transmitting the RTP payload over a single RTP/UDP/IP connection.
While Subbiah disclose a method and apparatus for providing application layer multiplexing in IP networks to overcome the problem of high header overhead for packets with small payloads, some problems remain. For example, within a multiplexed RTP packet, several mini-IP packets are multiplexed into the same RTP payload. Each of these mini-IP packets may belong to the same stream, or, more likely, to different steams. However, it is desirable to provide different security services to each of the mini-IP packets.
Block encryption schemes require that the packet size be an integral multiple of block size. If a packet size does not equal an integral multiple of the block size then padding bytes need to be added to the packet. The block size itself is dependent on the encryption algorithm being used. For instance, the block size in DES is 64 bits. Block based symmetric encryption encompasses the most common schemes in use today. These include DES, triple-DES, IDEA, Blowfish etc. When such schemes are used in certain modes (ECB, CBC), they require the input to be an integral multiple of the block size.
Currently, there exist mechanisms for providing encryption at the IP level and at the RTP level. These mechanisms have taken into account the fact that block encryption schemes require the input to be an integral multiple of the block size. This has been made possible by suitable padding schemes. However, in an environment where several mini-packets are multiplexed into an TRP packet, no suitable encryption (and corresponding padding) mechanism has been proposed. Since the different mini-packets may belong to different streams, it may be desirable to apply different encryption schemes to the different mini-packets. Similarly, there exist mechanisms for authentication of packets at the IP level, but no such mechanism has been proposed to date for authentication at the mini-packet level.
It can be seen then that there is a need to provide padding and encryption on a mini-packet basis.
It can also be seen that there is a need for a mechanism to perform padding and encryption at the mini-packet level.
It can also be seen then that there is a need for a mechanism to perform authentication at the mini-packet level.