ange
df8cd1ea54
Co-authored-by: stcb <21@stcb.cc> Reviewed-on: #7 Co-authored-by: ange <ange@yw5n.com> Co-committed-by: ange <ange@yw5n.com>
3.5 KiB
Icing
An Epitech Innovation Project
By Bartosz Michalak - Alexis Danlos - Florian Griffon - Ange Duhayon - Stéphane Corbière
Summary
Introduction to Icing
Icing is the name of our project, which is divided in two interconnected goals:
- Provide an end-to-end (E2E) encryption code library, based on Eliptic Curve Cryptography (ECC), to encrypt phone-calls on an analog audio level.
- Provide a reference implementation in the form of a totally seamless Android smartphone dialer application, that anybody could use without being aware of its encryption feature.
This idea came naturally to our minds, when we remarked the lack of such tool.
Where "private messaging" and other "encrypted communication" apps flourish, nowadays, they all require an internet access to work.
Privacy and security in telecoms should not depend on internet availability.
We are conscious that ourselves, and our surroundings, grew up in Global North, with simple and cheap internet and telecommunication access, but we should not forget that on a global point of view, it is estimated that less than 20% of the world's stepable land is covered with 3G/4G/+ network. Standard "low-tech" GSM network coverage is almost twice that.
So in a real-world, stressful and harsh condition, affording privacy or security in telecommunication is usually too much of a luxury; and we should change that.
Our solution is for the every-man that is not even aware of its smart phone weakness, as well as for the activists or journalists surviving in hostile environment around the globe.
Setting a new security standard
"There is no way to create a backdoor that only the good guys can walk through"
(Meredith Whittaker - President of Signal Fundation - July 2023, Channel 4)
If the police can listen to your calls with a mandate, hackers can, without mandate.
Many online platforms, such as online bank accounts, uses phone calls, or voicemails to drop security codes needed for authentication. The idea is to bring extra security, by requiring a second factor to authenticate the user, but most voicemails security features have been obsolete for a long time now.
But this could change with globalized end-to-end encryption.
This not only enables obfuscation of the transmitted audio data, but also hard peer authentication. This means that if you are in an important call, where you could communicate sensitive information such as passwords, or financial orders, using Icing protocol you and your peer would know that there is no man in the middle, listening and stealing information, and that your correspondent really is who it says.
Icing's strategy
We focus on FOSS community as a primary target.
Our reference implementation, the Iced dialer, is destined to replace any stock dialer app from any android smartphone.
Alternative open-source and privacy-focused Android distributions, such as GrapheneOS, are major targets.
Their community are thriving, and could help our open-source development.
Technology choices
We chose to code with Flutter, the Dart framework. Even though this choice gives us quick-delivery capabilities, we will need to switch language for lower levels development, such as sound stream caption, encryption, compression, encoding, and transmission.
The language for these manoeuvres is not determined yet, but Go, Rust, Kotlin and Java are good candidates.