[remove dev from cc]
The key purpose of ITV encryption is to avoid making a pattern of any sort.
The pattern is in SIP itself, regardless of encryption.
-OPTIONS keepalives and response at regular intervals of nearly fixed size. -INVITE and its predictable responses of nearly fixed sizes per type followed by a steady stream of upd on random ports with the same bandwidth flowing both sides.
Unless this random utp traffic is encrypted it is obvious you are using rtp with something like SIP. Even if it is encrypted the symmetric streams give away clues. A simple xor isn't enough, silences will result in the same pattern.
Daniel(-Constanting) already suggested interval randomizing (which is to be applied to any response) and padding of all data.
But I wouldn't trust any non vetted encryption scheme, it is much easier to fix timing/padding with the standard tls scheme. Which brings me to the question: what kind of device on the market capable of running apps isn't fast enough for TLS?