[SR-Users] Obscuring SIP traffic and using with NoSIP

[Daniel Tryba]

[remove dev from cc]

> The key purpose of ITV encryption is to avoid making a pattern of any sort.

The pattern is in SIP itself, regardless of encryption.

-OPTIONS keepalives and response at regular intervals of nearly fixed size.
-INVITE and its predictable responses of nearly fixed sizes per type followed 
by a steady stream of upd on random ports with the same bandwidth flowing both 
sides.

Unless this random utp traffic is encrypted it is obvious you are using rtp 
with something like SIP. Even if it is encrypted the symmetric streams give 
away clues. A simple xor isn't enough, silences will result in the same 
pattern.

Daniel(-Constanting) already suggested interval randomizing (which is to be 
applied to any response) and padding of all data. 

But I wouldn't trust any non vetted encryption scheme, it is much easier to 
fix timing/padding with the standard tls scheme. Which brings me to the 
question: what kind of device on the market capable of running apps isn't fast 
enough for TLS?