parent
1a6845760f
commit
872db57522
@ -129,9 +129,9 @@ By using the Icing protocol, not only would Jeff and the bank be assured that th
|
||||
but also that the call is coming from Jeff's phone and not an impersonator.
|
||||
|
||||
Elise is a 42 years-old extreme reporter.
|
||||
After interviewing Ukrainian opposition's leader, the SBU (ex KGB) are looking for her accross the whole country.
|
||||
She hides in western moutains near Romania, and she barely receive cellular network.
|
||||
She suspects her phone line to be monitored, so the best she can do to call for extraction safely, is to use her Icing dialer.
|
||||
After interviewing Russians opposition's leader, the FSB is looking to interview her.
|
||||
She tries to stay discreet and hidden, but those measures constrains her to barely receive cellular network.
|
||||
She suspects her phone line to be monitored, so the best she can do to call safely, is to use her Icing dialer.
|
||||
|
||||
Paul, a 22 years-old developer working for a big company, decides to go to China for vacations.
|
||||
But everything goes wrong! The company's product he works on, is failling in the middle of the day and no one is
|
||||
@ -142,96 +142,63 @@ problem, safe from potential Chinese spies.
|
||||
## Evaluation Criteria
|
||||
### Protocol and lib
|
||||
1. Security
|
||||
- Encryption Strength: Ensure that the encryption algorithms used (e.g.
|
||||
AES-256, RSA, ECC) are up-to-date and secure.
|
||||
- Encryption Strength: Ensure that the encryption algorithms used (AES-256, ECC)
|
||||
are up-to-date and secure.
|
||||
- Key Management: Evaluate the mechanism for generating, distributing, and
|
||||
storing encryption keys (e.g., public-key cryptography, Diffie-Hellman, or
|
||||
ECDH).
|
||||
storing encryption keys (P-256 keys, ECDH).
|
||||
- Forward Secrecy: Confirm that the protocol supports forward secrecy, meaning
|
||||
that session keys are discarded after use to prevent future decryption of
|
||||
past communication.
|
||||
- End-to-End Encryption Integrity: Verify that no plaintext data is exposed
|
||||
past communication, and that future sessions are salted with a pseudo-random salt
|
||||
resulting or derived from the past calls.
|
||||
- End-to-End Encryption Integrity: Verify that no clear data is exposed
|
||||
outside the encryption boundary (client-side only).
|
||||
- Zero Knowledge: The protocol and library should implement zero-knowledge
|
||||
principles, ensuring that the server cannot access or decrypt the
|
||||
communications.
|
||||
- Authentication and Authorization: Evaluate the authentication method (e.g.,
|
||||
multi-factor authentication) and ensure that only authorized users can
|
||||
initiate calls.
|
||||
- Replay Protection: Ensure that mechanisms are in place to prevent replay
|
||||
attacks (e.g., using nonces or timestamps).
|
||||
- Replay Protection: Ensure that the protocol includes strong mechanisms to prevent replay
|
||||
attacks.
|
||||
|
||||
2. Performance
|
||||
- Latency: Measure the round-trip time (RTT) for call setup and audio quality
|
||||
during the call. A good system should aim for low latency to ensure real-time
|
||||
communication.
|
||||
- Bandwidth Efficiency: Evaluate the protocol’s ability to minimize bandwidth
|
||||
during the call. The system should aim for the lowes latency possible.
|
||||
- Bandwidth Efficiency: Evaluate the protocol’s ability to optimize bandwidth
|
||||
usage while maintaining acceptable audio quality.
|
||||
- Scalability: Ensure that the protocol can handle varying user numbers and
|
||||
call volumes without degradation in performance.
|
||||
- Audio Quality (Codec Selection): Assess the choice of audio codecs (e.g.,
|
||||
Opus, G.711) for their impact on call quality at different network
|
||||
conditions.
|
||||
- Audio Quality: Assess the audio quality during calls, including clarity,
|
||||
consistency, and minimal distortion.
|
||||
|
||||
3. Usability
|
||||
- Ease of Integration: Evaluate how easy it is to integrate the library into an
|
||||
Android application, including the availability of well-documented APIs and
|
||||
clear examples.
|
||||
- Cross-platform Compatibility: Ensure that the protocol supports multiple
|
||||
platforms (e.g., Android, iOS, desktop) to allow seamless communication
|
||||
between devices.
|
||||
- Seamless User Experience: Check for smooth call initiation, handling of
|
||||
dropped calls, and reconnection strategies. The app should handle background
|
||||
operation gracefully.
|
||||
- UI/UX Design: Assess the user interface (UI) of the Android dialer for
|
||||
intuitiveness, accessibility, and design consistency.
|
||||
- UI/UX Design: Assess the user interface (UI) of the Android dialer for intuitiveness,
|
||||
accessibility, and if it could be a drop-in replacement for the original dialer.
|
||||
- Error Handling and Recovery: Evaluate how the system handles unexpected
|
||||
errors (e.g., network issues, connection drops) and recovers from them.
|
||||
|
||||
4. Interoperability
|
||||
- Support for Multiple Protocols: Verify if the library and protocol can
|
||||
- Support for Multiple Protocols: Verify if the protocol can
|
||||
integrate with existing standards (e.g., SIP, WebRTC) for interoperability
|
||||
with other services.
|
||||
- Cross-device Compatibility: Ensure that calls can be initiated and received
|
||||
- Cross-device Compatibility: Ensure that calls encryption can be initiated and received
|
||||
across different devices, operating systems, and network conditions.
|
||||
- Backward Compatibility: Test whether the library is backward compatible with
|
||||
older versions of protocols or legacy systems where applicable.
|
||||
- Backward Compatibility: Test whether the protocol is backward compatible.
|
||||
|
||||
5. Privacy
|
||||
- Data Storage: Evaluate how the system stores any data (e.g., user details,
|
||||
call logs). Ensure that sensitive information is encrypted both in transit
|
||||
and at rest.
|
||||
- Data Minimization: Ensure that only the minimum necessary data is collected
|
||||
- Data Storage: Evaluate how the system stores any data (user details, identities).
|
||||
Ensure that sensitive information is encrypted.
|
||||
- Data Minimization: Ensure that only the minimum necessary data is used
|
||||
for the protocol to function.
|
||||
- No Call Metadata Storage: Ensure that no metadata (e.g., call logs, duration,
|
||||
timestamps) is stored unless necessary, and, if stored, it should be
|
||||
encrypted.
|
||||
|
||||
6. Compliance and Standards
|
||||
- Regulatory Compliance: Ensure that the protocol adheres to privacy and
|
||||
security regulations, such as GDPR, HIPAA (if relevant), and other
|
||||
region-specific laws.
|
||||
- Open Standards: Verify whether the protocol adheres to recognized open
|
||||
standards for secure voice communications (e.g., ZRTP, DTLS).
|
||||
|
||||
7. Reliability
|
||||
- Connection Stability: Test the stability of the connection during real-world
|
||||
use cases (e.g., fluctuating network conditions, roaming, mobile data).
|
||||
- Error Logging and Monitoring: Assess the logging system to track errors,
|
||||
anomalies, or potential security threats. The system should have proper
|
||||
monitoring to help with diagnosing issues.
|
||||
- Redundancy and Failover: Ensure that the system can handle server failures or
|
||||
network issues gracefully with proper redundancy mechanisms in place.
|
||||
|
||||
8. Maintainability
|
||||
6. Maintainability
|
||||
- Code Quality: Review the library for clarity, readability, and
|
||||
maintainability of the code. It should be modular and well-documented.
|
||||
- Documentation: Ensure that the protocol and library come with thorough
|
||||
documentation, including how-to guides, API references, and troubleshooting
|
||||
resources.
|
||||
documentation, including how-to guides and troubleshooting resources.
|
||||
- Active Development and Community: Check the active development of the
|
||||
protocol and library (e.g., open-source contributions, GitHub repository
|
||||
activity).
|
||||
protocol and library (open-source contributions, GitHub repository activity).
|
||||
|
||||
### Dialer
|
||||
1. User Interface
|
||||
@ -240,51 +207,39 @@ problem, safe from potential Chinese spies.
|
||||
prioritize accessibility.
|
||||
- Dialer Search and History: Ensure there’s an efficient contact search,
|
||||
history logging, and favorites integration.
|
||||
- Visual Feedback: Verify that the app provides visual feedback for actions
|
||||
such as dialling, incoming calls, and call termination.
|
||||
- Visual Feedback: Verify that the app most usefull buttons provides visual feedback for actions,
|
||||
such as dialling, calls available interactions for example.
|
||||
|
||||
2. Call Management
|
||||
- Call Initiation: Test the ease of initiating a call from contacts, recent
|
||||
call logs, or direct number input.
|
||||
- Call Initiation: Test the ease of initiating a call from contact list, recent
|
||||
call logs, contact search or direct number input.
|
||||
- Incoming Call Handling: Verify the visual and audio prompts when receiving
|
||||
calls, including notifications for missed calls.
|
||||
- Call Hold/Transfer/Forward: Ensure the dialer supports call hold, transfer,
|
||||
and forwarding features.
|
||||
- Audio Controls: Check whether the app allows users to adjust speaker volume,
|
||||
mute, and switch between earpiece/speakerphone.
|
||||
- Call Waiting: Verify that call waiting functionality works, allowing users to
|
||||
switch between active calls.
|
||||
- Call Recording: If supported, check whether the call recording feature works
|
||||
in compliance with privacy regulations and user consent.
|
||||
|
||||
3. Integration with System Features
|
||||
- Permissions: Ensure the app requests and manages necessary permissions (e.g.,
|
||||
microphone, camera for video calls).
|
||||
- Permissions: Ensure the app requests and manages necessary permissions
|
||||
(microphone, camera for scanning QR codes, contacts, call history, local storage).
|
||||
- Integration with Contacts: Ensure that the app seamlessly integrates with the
|
||||
Android contacts and syncs correctly with the address book.
|
||||
- Bluetooth Support: Test whether the app supports Bluetooth devices such as
|
||||
headsets and car kits.
|
||||
- Notifications: Ensure that call notifications work even when the app is in
|
||||
- Notifications: Ensure that call notifications and ringtone works even when the app is in
|
||||
the background or the phone is locked.
|
||||
|
||||
4. Battery and Resource Management
|
||||
- Battery Usage: Evaluate the dialer app’s impact on battery life during active
|
||||
calls and idle periods.
|
||||
4. Resource Management
|
||||
- Resource Efficiency: Ensure the app doesn’t excessively consume CPU or memory
|
||||
while operating, especially during idle times.
|
||||
while operating, during idle times or on call.
|
||||
|
||||
5. Security and Privacy
|
||||
- App Encryption: Ensure that any stored data (e.g., contacts, call logs) is
|
||||
encrypted.
|
||||
- App Encryption: Ensure that any stored and sensitive data is
|
||||
encrypted, or protected.
|
||||
- Secure Call Handling: Verify that calls are handled securely through the
|
||||
encrypted voice protocol.
|
||||
- Minimal Permissions: The app should ask for the least amount of permissions
|
||||
necessary to function (e.g., no unnecessary location or contacts access).
|
||||
necessary to function.
|
||||
|
||||
6. Reliability
|
||||
- Crash Resistance: Test for the app’s stability, ensuring it doesn't crash or
|
||||
freeze during use.
|
||||
- Network Resilience: Test how the dialer handles varying network conditions
|
||||
(e.g., switching between Wi-Fi and mobile data).
|
||||
- Reconnect and Retry Mechanisms: Ensure that the dialer can gracefully handle
|
||||
dropped calls and reconnect automatically.
|
||||
|
||||
62
docs/non-functional_delivrables.md
Normal file
62
docs/non-functional_delivrables.md
Normal file
@ -0,0 +1,62 @@
|
||||
# Project Deliverables
|
||||
|
||||
---
|
||||
|
||||
## Common
|
||||
|
||||
### Develop and retain a user community
|
||||
|
||||
We plan to create a user community where users can share their experiences with the project and provide feedback on some social platforms such as Telegram, Discord, or Matrix.
|
||||
|
||||
The goal is to promote our project in different open-source and security and privacy-focused communities to gather experienced users capable of interesting feedbacks.
|
||||
|
||||
As we do not focus on selling a product to anyone, but rather to develop an open-source protocol, user retention is not a priority, and it will be more of a KPI of the project's pertinence than a goal; this means we will focus on listening and taking into account good feedback rather than publishing funny posts on social media.
|
||||
|
||||
### Work on user experience
|
||||
|
||||
We will work on making the dialer user-friendly and easy to use.
|
||||
|
||||
We are confident in our current UX development path, and user feedback will be taken into account.
|
||||
|
||||
---
|
||||
|
||||
## Specifications
|
||||
|
||||
### Enhance credibility and grow project's reputation
|
||||
|
||||
- **Transparent Development:**
|
||||
Maintain a public roadmap and changelog to document every update and decision during the project's lifecycle.
|
||||
|
||||
- **Security Audits:**
|
||||
We will rely on our automatic tests and community experts to have organic and constant auditing.
|
||||
|
||||
- **Community Engagement:**
|
||||
Actively involve our user community in discussions, bug reports, and feature requests. Regularly update the community on progress and upcoming changes.
|
||||
|
||||
- **Open Source Best Practices:**
|
||||
Adhere to industry-standard coding practices, thorough documentation, and continuous integration/deployment pipelines to ensure high-quality, maintainable code.
|
||||
|
||||
- **Visibility in Key Forums:**
|
||||
Present and share our work in open-source, cybersecurity, and privacy-focused conferences and events to enhance credibility and attract constructive feedback.
|
||||
|
||||
### optimize relationships with the target audience
|
||||
|
||||
|
||||
|
||||
### Establish strategic partnership
|
||||
|
||||
- **Academic Collaborations:**
|
||||
Partner with academic institutions for research initiatives and validation of our protocol, leveraging their expertise for further improvements.
|
||||
|
||||
- **Industry Alliances:**
|
||||
Seek partnerships with established players in the open-source software industry to benefit from their wide community coverage, such as AOSP / GrapheneOS / LineageOS.
|
||||
|
||||
- **Integration Opportunities:**
|
||||
Explore collaborations with mobile operating systems (e.g., AOSP) and VoIP providers to integrate Icing into existing communication infrastructures.
|
||||
|
||||
- **Joint Innovation Projects:**
|
||||
Engage in co-development efforts that align with our mission, ensuring that both parties contribute to and benefit from technological advancements.
|
||||
|
||||
- **Funding and Support:**
|
||||
Identify and pursue grants, sponsorships, and research funding that align with the project's objectives, ensuring sustainable development.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user