[sr-dev] [SR-Users] Obscuring SIP traffic and using with NoSIP

Muhammad Shahzad shaheryarkh at gmail.com
Wed Jul 30 16:20:25 CEST 2014


The key purpose of ITV encryption is to avoid making a pattern of any sort.
If you encrypt same text / packet 10 times you will get completely
different encrypted text / packet each time. This happens due to the fact
that the encryption key changes dynamically with each new encryption done,
see the readme file for more details

https://github.com/mshary/itv/blob/master/README.md

Secondly with v2.0, it uses non-deterministic random source as well as
auto-learning, so it can adopt to new symbols and words encountered while
encrypting and update itself to use them. So technically, it can also be
used for binary data such as RTP, however RTP uses UDP which has
possibility of packet loss and thus not suitable for ITV encryption (at
least for now, this is a hot discussion within my researchers circle and we
are actively looking for a solution for this).

See release notes for v2.0 here,

https://github.com/mshary/itv/releases/tag/v2.0

Anyways, the current target is to use kamailio as SIP proxy and doubango as
SIP client for iPhone and Android. Once it is achieved it will be available
free / open source to public and then it can be actually tested against all
possible voip blocking and sniffing scenarios which we hope it would be
able to solve with minimal possible overhead. So far the prototype works
pretty good in a few voip blocked countries and GSM operators where we have
tested it.

Thank you.




On Wed, Jul 30, 2014 at 5:32 PM, Daniel Tryba <daniel at pocos.nl> wrote:

> On Wednesday 30 July 2014 06:37:31 Muhammad Shahzad wrote:
> > Humm, no reply so far, may be because my email was very long and no body
> > bothered to read it all. Anyways, here is the shorter more direct version
> > of it.
>
> I read it all and my only though was: use a VPN.
>
> If someone wants to stop SIP, it has an easy to spot pattern.
> If someone wants to stop VPN, they will drop every non clear connection
> which
> doesn't match a known non-VPN pattern.
>
> If I was afraid of my telco listening in on my SIP dialogs, I'd also want
> to
> encrypt RTP. Which is much more resource intensive than encrypting a few
> SIP
> messages. So if you think standard tls is to intensive you'll also have to
> create some custom lightweight rtp mangling.
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20140730/980d9889/attachment.html>


More information about the sr-dev mailing list