Sir
I'm beginning to wonder if it's possible to utilise part of the udp/tcp header flags as part of the encryption/decryption process - there are quite a few fields that aren't used much.
You could also use port numbers in the process, mix up udp and tcp connections to obfuscate the stream further. That might mean you lose the odd connection, but it might make it trickier to intercept.
Last but not least, wrap it all up in what appears to be a typical unencrypted http session - that just happens to contain what appears to be random data. Imagine the overhead in trying to not only capture the data, but also the headers, and then work out if the payload is encrypted or not. Lots of extra CPU :)
There are bound to be flaws, I'm just speculating off the top of my head.