[SR-Users] Obscuring SIP traffic and using with NoSIP
Muhammad Shahzad
shaheryarkh at gmail.com
Sun Jul 27 23:38:07 CEST 2014
Hi,
As the mobile voip is getting more and more popular these days, there has
been a strong opposition from GSM operators against mobile voip apps. They
often use tactics like blocking voip ports, or detect and block voip
traffic and in some cases restricting udp traffic altogether to very low
upload and download speeds. See below link for some details,
http://www.linphone.org/eng/blog/linphone-over-3g.html
While not all the problems can be solved right now (especially the limiting
udp traffic, since RTP always uses udp transport) I was wondering if we can
at least handle the sip related problems. The most important of them is SIP
traffic detection. While some forks would suggest using TCP/TLS to encrypt
SIP traffic, it has a few problems, e.g.
1. It requires somewhat high resources on mobile devices, so many low-end
android phones simply can't use it.
2. There is possibility that encryption signature may identify it as SIP
traffic. There exists firewalls (often deployed in middle eastern
countries) which have huge database of encryption signatures and patterns
which although may not decrypt the sip packet but at least identify it as
sip packet and block it.
Also with rough agencies of evil empires spying over millions of users
worldwide makes the current encryption standards pretty much pointless, at
least in terms of user privacy and network security. So there is a strong
need to experiment with new ideas and concepts to regain internet freedom.
Some of such ideas are,
1. Convert sip traffic which is plain text to binary format just before
transmitting it and revert it to plain text upon reception.
2. XOR the sip traffic (pretty much same as binary sip).
3. Use some very lightweight but effective / non-standard encryption
algorithm, e.g.
https://github.com/mshary/itv
All these ideas require that SIP server such as Kamailio is able to adopt
to these, preferably with minimal or no change in native code. The NoSIP
module seems an interesting module in this regard. It provides all traffic
it thinks is not the SIP traffic to configuration script, where we can do
our own parsing and do whatever we want with it. I have two questions about
this,
1. If parsed message is SIP, we can we send it back to kamailio core to get
it processed as if it is a normal SIP message received by kamailio?
2. Can this module or any other module available in kamailio, that can
provide us full sip packet that is about to be transmitted over sip socket,
so we can "encode" it just before it is sent to next hop?
I know this would be like writing a SIP transport in kamailio script which
would be very tough if not impossible to implement in native core. But it
will really help in winning the modern mobile voip challenges.
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140728/fbe1f05c/attachment.html>
More information about the sr-users
mailing list