Cryptographically transparent Session Initiation Protocol (SIP) proxies

Proxies provide important rendezvous service in the Session Initiation Protocol (SIP), but it comes at a cost to privacy. A SIP proxy is privy to all of the signaling exchanged between two user agents, even if that signaling is performed over a secure channel (e.g., a Transport Layer Security channel.) This paper proposes and evaluates a mechanism that allows the proxies to create an overlay network between the user agents for rendezvous, and once that is done, the proxies become transparent traffic forwarders. From then onwards, user agents can authenticate each other directly and exchange cryptographically secure signaling traffic over the overlay network created by the proxies. This mechanism is applicable to traditional client/server SIP as well as Peer-to-Peer SIP.