Session Initiation Protocol is the Internet Engineering Task Force (IETF) standard for IP telephony. SIP is one of the currently receiving much attention and seems to be the most promising signaling protocol for the current and future IP telephony services. For the realization of such a scenario, there is an obvious need to provide a certain level of quality and security, comparable to that provided by the traditional telephone systems. The problem of security is strictly related to the signaling mechanisms and the service provisioning model. For this reason, security support is a very hot topic in the SIP and IP telephony standardization. In our research, we focus on the problem of authentication providing a short tutorial on the solution under standardization. The architecture of a possible commercial IP telephony service including user authentication is also described. Finally, we focus on performance issues and analysis some security features. By means of a real testbed implementation, we provide an experimental performance analysis of the SIP security mechanisms, based on our source C# implementation of a SIP authentication server.