From bc6e6b990d5bb436edb4b2a54276eb3c046263f2 Mon Sep 17 00:00:00 2001 From: stcb <21@stcb.cc> Date: Thu, 27 Feb 2025 15:52:27 +0200 Subject: [PATCH 1/6] Removed language versions, all-in english --- docs/BetaTestPlan_FR.md | 92 ------------------- .../{BetaTestPlan_EN.md => beta_test_plan.md} | 50 ++++++++-- 2 files changed, 42 insertions(+), 100 deletions(-) delete mode 100644 docs/BetaTestPlan_FR.md rename docs/{BetaTestPlan_EN.md => beta_test_plan.md} (67%) diff --git a/docs/BetaTestPlan_FR.md b/docs/BetaTestPlan_FR.md deleted file mode 100644 index b7d3ea5..0000000 --- a/docs/BetaTestPlan_FR.md +++ /dev/null @@ -1,92 +0,0 @@ -# Beta Test Plan - -## Fonctionnalités Principales - -### Protocole Icing -- Poignées de main -- ECDH -- Compression -- Correction d’erreurs audio -- Partage de clé publique pendant l’appel -- Changements de confiance - -### Icing Dialer (basé sur la bibliothèque Kotlin Icing, une implémentation du protocole Icing) -- Appel - - Chiffré si la clé publique est disponible - - Permet aux utilisateurs de partager leurs clés publiques - - Appel normal si les conditions ne sont pas réunies - - Transmission DTMF chiffrée et en clair - - Choix de la carte SIM lors de l’appel - - Historique des appels - -- Contacts - - Création / modification de contacts - - Partage de contacts via QR code / VCF - - Recherche de contacts - - Contacts favoris - - Stockage des clés publiques des utilisateurs - - Numéros bloqués - - Aperçu du contact (photo, numéro, clé publique, etc.) - -- Messagerie vocale visuelle - - Lecture / Pause - - Notification - - Accès rapide pour appeler, envoyer un SMS, bloquer ou partager le numéro - -- Paramètres SIM - - Choix de la SIM par défaut - -- Clés asymétriques - - Stockage sécurisé - - Génération au démarrage en cas d’absence - - Gestion complète des clés - - Génération sécurisée - - Exportation lors de la création (génération non sécurisée) - - Importation - - Changement de confiance - -## Scénarios de Test Bêta -- Appel normal depuis Icing Dialer vers un autre dialer (Google, Apple…) -- Appel normal depuis Icing Dialer vers un autre Icing Dialer -- Appel normal depuis Icing Dialer vers un contact connu pour sa clé publique Icing mais sans Icing Dialer -- Appel chiffré depuis Icing Dialer vers un contact connu utilisant Icing Dialer -- Appel chiffré depuis Icing Dialer vers un contact inconnu utilisant Icing Dialer -- Création / modification / enregistrement d’un contact avec (ou sans) clé publique -- Partage de contact sous forme de QR code / Vcard -- Importation de contact depuis un QR code / Vcard -- Écoute de la messagerie vocale -- Enregistrement d’un appel chiffré et vérification du chiffrement -- Changement de la SIM par défaut - -## Parcours Utilisateurs - -Mathilda, 34 ans, se connecte à son compte PayPal depuis un nouvel appareil. -Pour s’authentifier, PayPal lui envoie un code sur sa messagerie vocale. -Consciente des risques liés à cette technologie, Mathilda a mis en place une authentification Icing robuste avec son fournisseur de réseau en enregistrant une paire de ses clés publiques Icing. -Lorsqu’elle appelle sa messagerie vocale, le protocole Icing se déclenche et vérifie son authentification par clé ; -l’appel échouera si l’interlocuteur ne possède pas les clés Icing requises. -Mathilda est ainsi la seule à obtenir l’accès, et elle peut récupérer son code PayPal en toute sécurité. - -Jeff, 70 ans, appelle sa banque après avoir rencontré un problème sur son application bancaire. -Le conseiller bancaire à distance lui demande de s’authentifier en saisissant son mot de passe sur le téléphone. -En utilisant le protocole Icing, non seulement Jeff et la banque ont la garantie que les informations sont transmises en toute sécurité, -mais aussi que l’appel provient bien du téléphone de Jeff et non d’un imposteur. - -Elise, une reporter intrépide de 42 ans, -après avoir interviewé le leader de l’opposition ukrainienne, se retrouve recherchée dans tout le pays par la SBU (ex-KGB). -Elle se cache dans les montagnes de l’Ouest, près de la Roumanie, et reçoit à peine le réseau cellulaire. -Soupçonnant que sa ligne téléphonique est surveillée, le mieux qu’elle puisse faire pour appeler en toute sécurité pour demander une extraction est d’utiliser son Icing Dialer. - -Paul, un développeur de 22 ans travaillant pour une grande entreprise, décide de partir en vacances en Chine. -Mais tout tourne mal ! Le produit de l’entreprise sur lequel il travaille tombe en panne en plein milieu de la journée et personne n’est -qualifié pour le réparer. Paul n’a pas de WiFi et son forfait téléphonique ne couvre que les appels vocaux en Chine. -Avec Icing Dialer, il peut appeler ses collègues et contribuer à résoudre le problème, en toute sécurité face aux éventuels espions chinois. - -## Critères d’Évaluation -- Une clé privée peut-elle être générée ? -- Un appel normal peut-il être passé ? -- Un appel chiffré peut-il être passé ? -- Un contact peut-il être créé / modifié / importé / exporté ? -- Une messagerie vocale peut-elle être écoutée ? -- Le chiffrement est-il suffisamment rapide et léger pour être utilisable (appel audible) ? -- Le chiffrement est-il suffisamment robuste pour ne pas être déchiffré par un supercalculateur moderne (à partir de 2025) ? diff --git a/docs/BetaTestPlan_EN.md b/docs/beta_test_plan.md similarity index 67% rename from docs/BetaTestPlan_EN.md rename to docs/beta_test_plan.md index 4a1e76f..2a39134 100644 --- a/docs/BetaTestPlan_EN.md +++ b/docs/beta_test_plan.md @@ -1,16 +1,50 @@ # Beta Test Plan -## Core Features +## Core Functionalities -### Icing protocol +--- +### Action Plan review: + +In our previous Action Plan, we listed the following functionnal specifications: +- Phone call encryption between two known pairs, that exchanged keys in person. *Mandatory* +- Phone dialer that is discret and functional, and should not disturb a normal use (clear phone call). *Mandatory* +- Phone call encryption between two unknown pairs, with key exchange on the go. Optional. +- SMS encryption between two known pairs (in person key exchange). Optional. + +We now retain only the two first functional specifications. + +### Core Functionalities + +Based on this review, here are all the core functionnalities we set: + +#### Icing protocol +- Advanced protocol documentation, paving the way for a full RFC. + +The protocol definition will include as completed: +- Peer ping +- Ephemeral key gestion +- Perfect Forward Secrecy - Handshakes -- ECDH -- Compression -- Audio error correction -- In-call pubkey share -- Trust shifts +- Real-time data-stream encryption (and decryption) +- Encrypted stream compression +- Transmission over audio stream +- Minimal error correction in audio-based transmission +- Error handling and user prevention + +And should include prototype or scratches functionalities, among which: +- Embedded silent data transmission (silently transmit light data during an encrypted phone call) +- On-the-fly key exchange (does not require prior key exchange, sacrifying some security) +- Strong error correction + +#### Kotlin Lib ? + +#### The Icing dialer (based on Icing kotlin library, an Icing protocol implementation) + +The Icing dialer should be a fully transparent and almost undistinguishable smartphone dialer. +Any Icing-unaware user should be able to use the dialer smoothly to make calls to anyone. + +The dialer should propose a full set of functionnalities to handle its Icing protocol implementation. -### Icing dialer (based on Icing kotlin library, an Icing protocol implementation) - Call - Encrypted if public key available - Allows users to share their public keys -- 2.45.2 From 191cd2fb6659047e9c54577de64c13f2a73404f8 Mon Sep 17 00:00:00 2001 From: stcb <21@stcb.cc> Date: Thu, 27 Feb 2025 16:49:25 +0200 Subject: [PATCH 2/6] Stuff the features --- docs/beta_test_plan.md | 50 ++++++++++++++++++++++++++++++------------ 1 file changed, 36 insertions(+), 14 deletions(-) diff --git a/docs/beta_test_plan.md b/docs/beta_test_plan.md index 2a39134..e2a6365 100644 --- a/docs/beta_test_plan.md +++ b/docs/beta_test_plan.md @@ -46,20 +46,37 @@ Any Icing-unaware user should be able to use the dialer smoothly to make calls t The dialer should propose a full set of functionnalities to handle its Icing protocol implementation. - Call - - Encrypted if public key available - - Allows users to share their public keys - - Normal call if conditions unment - - Encrypted and clear DTMF transmission + - Ringtone on incoming call + - Incoming and ongoing call notification + - Complete dialer with all numbers, star *, pound # + - Mute button + - Speaker button + - Normal call + - DTMF transmission - SIM choice on call - - Call history + +- Encrypted Call + - Encrypted call if pair public key is known + - Encrypted DTMF transmission + - Data rate indicator + - Data error indicator + - Disable encryption button + +- Call history + - Call details (timedate, duration, ring number) + - Missed calls filter + - Outgoing calls filter + - Incoming calls filter + - Call back function + - Contact modal on history tap + - Block call number - Contacts - - Contact creation / editing + - Sorted contact listing + - Contact creation / editing buttons - Contact sharing via QR code / VCF - - Contact search + - Contact search bar (application wide) - Favorite contacts - - Storage of user public keys - - Blocked number - Contact preview (picture, number, public key...) - Visual voicemail @@ -67,17 +84,22 @@ The dialer should propose a full set of functionnalities to handle its Icing pro - Notification - Quick link to call, text, block, share number... -- SIM settings +- Miscellanous + - Settings menu + - Version number + - Storage of user public keys + - Blocklist gestion (list / add / del / search) - Default SIM choice - Asymetric Keys - Secure storage - Generation at startup if missing - - Full key management - - Secure generation - - Exportation on creation (insecure generation) + - Full key management (list / add / del / search / share) + - Secure generation (Android Keystore generation) + - Insecure generation (RAM generation) + - Exportation on creation (implies insecure generation) - Importation - - Trust shift + - Trust shift (shift trust from contacts) ## Beta Testing Scenarios -- 2.45.2 From dac328fb1b738c9e4c22544dbfe034639cb366b6 Mon Sep 17 00:00:00 2001 From: ange Date: Thu, 27 Feb 2025 15:07:18 +0000 Subject: [PATCH 3/6] btp: Evalutation Criteria --- docs/beta_test_plan.md | 156 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 148 insertions(+), 8 deletions(-) diff --git a/docs/beta_test_plan.md b/docs/beta_test_plan.md index e2a6365..bff58af 100644 --- a/docs/beta_test_plan.md +++ b/docs/beta_test_plan.md @@ -141,11 +141,151 @@ With Icing dialer, he can call his collegues and help fix the problem, safe from potential Chinese spies. ## Evaluation Criteria -- Can a private key be generated -- Can a normal call be made? -- Can an encrypted call be made? -- Can a contact be created / edited / imported / exported? -- Can a voicemail be listened to? -- Is the encryption fast enough, light enough to be usable (audible call) -- Is the encryption strong enough not to be deciphered by a modern (as of 2025) - supercomputer? +### Protocol and lib +1. Security +- Encryption Strength: Ensure that the encryption algorithms used (e.g. + AES-256, RSA, ECC) are up-to-date and secure. +- Key Management: Evaluate the mechanism for generating, distributing, and + storing encryption keys (e.g., public-key cryptography, Diffie-Hellman, or + ECDH). +- Forward Secrecy: Confirm that the protocol supports forward secrecy, meaning + that session keys are discarded after use to prevent future decryption of + past communication. +- End-to-End Encryption Integrity: Verify that no plaintext data is exposed + outside the encryption boundary (client-side only). +- Zero Knowledge: The protocol and library should implement zero-knowledge + principles, ensuring that the server cannot access or decrypt the + communications. +- Authentication and Authorization: Evaluate the authentication method (e.g., + multi-factor authentication) and ensure that only authorized users can + initiate calls. +- Replay Protection: Ensure that mechanisms are in place to prevent replay + attacks (e.g., using nonces or timestamps). + +2. Performance +- Latency: Measure the round-trip time (RTT) for call setup and audio quality + during the call. A good system should aim for low latency to ensure real-time + communication. +- Bandwidth Efficiency: Evaluate the protocol’s ability to minimize bandwidth + usage while maintaining acceptable audio quality. +- Scalability: Ensure that the protocol can handle varying user numbers and + call volumes without degradation in performance. +- Audio Quality (Codec Selection): Assess the choice of audio codecs (e.g., + Opus, G.711) for their impact on call quality at different network + conditions. + +3. Usability +- Ease of Integration: Evaluate how easy it is to integrate the library into an + Android application, including the availability of well-documented APIs and + clear examples. +- Cross-platform Compatibility: Ensure that the protocol supports multiple + platforms (e.g., Android, iOS, desktop) to allow seamless communication + between devices. +- Seamless User Experience: Check for smooth call initiation, handling of + dropped calls, and reconnection strategies. The app should handle background + operation gracefully. +- UI/UX Design: Assess the user interface (UI) of the Android dialer for + intuitiveness, accessibility, and design consistency. +- Error Handling and Recovery: Evaluate how the system handles unexpected + errors (e.g., network issues, connection drops) and recovers from them. + +4. Interoperability +- Support for Multiple Protocols: Verify if the library and protocol can + integrate with existing standards (e.g., SIP, WebRTC) for interoperability + with other services. +- Cross-device Compatibility: Ensure that calls can be initiated and received + across different devices, operating systems, and network conditions. +- Backward Compatibility: Test whether the library is backward compatible with + older versions of protocols or legacy systems where applicable. + +5. Privacy +- Data Storage: Evaluate how the system stores any data (e.g., user details, + call logs). Ensure that sensitive information is encrypted both in transit + and at rest. +- Data Minimization: Ensure that only the minimum necessary data is collected + for the protocol to function. +- No Call Metadata Storage: Ensure that no metadata (e.g., call logs, duration, + timestamps) is stored unless necessary, and, if stored, it should be + encrypted. + +6. Compliance and Standards +- Regulatory Compliance: Ensure that the protocol adheres to privacy and + security regulations, such as GDPR, HIPAA (if relevant), and other + region-specific laws. +- Open Standards: Verify whether the protocol adheres to recognized open + standards for secure voice communications (e.g., ZRTP, DTLS). + +7. Reliability +- Connection Stability: Test the stability of the connection during real-world + use cases (e.g., fluctuating network conditions, roaming, mobile data). +- Error Logging and Monitoring: Assess the logging system to track errors, + anomalies, or potential security threats. The system should have proper + monitoring to help with diagnosing issues. +- Redundancy and Failover: Ensure that the system can handle server failures or + network issues gracefully with proper redundancy mechanisms in place. + +8. Maintainability +- Code Quality: Review the library for clarity, readability, and + maintainability of the code. It should be modular and well-documented. +- Documentation: Ensure that the protocol and library come with thorough + documentation, including how-to guides, API references, and troubleshooting + resources. +- Active Development and Community: Check the active development of the + protocol and library (e.g., open-source contributions, GitHub repository + activity). + +### Dialer +1. User Interface +- Design and Layout: Ensure that the dialer interface is simple, intuitive, and + easy to navigate. Buttons should be appropriately sized, and layout should + prioritize accessibility. +- Dialer Search and History: Ensure there’s an efficient contact search, + history logging, and favorites integration. +- Visual Feedback: Verify that the app provides visual feedback for actions + such as dialling, incoming calls, and call termination. + +2. Call Management +- Call Initiation: Test the ease of initiating a call from contacts, recent + call logs, or direct number input. +- Incoming Call Handling: Verify the visual and audio prompts when receiving + calls, including notifications for missed calls. +- Call Hold/Transfer/Forward: Ensure the dialer supports call hold, transfer, + and forwarding features. +- Audio Controls: Check whether the app allows users to adjust speaker volume, + mute, and switch between earpiece/speakerphone. +- Call Waiting: Verify that call waiting functionality works, allowing users to + switch between active calls. +- Call Recording: If supported, check whether the call recording feature works + in compliance with privacy regulations and user consent. + +3. Integration with System Features +- Permissions: Ensure the app requests and manages necessary permissions (e.g., + microphone, camera for video calls). +- Integration with Contacts: Ensure that the app seamlessly integrates with the + Android contacts and syncs correctly with the address book. +- Bluetooth Support: Test whether the app supports Bluetooth devices such as + headsets and car kits. +- Notifications: Ensure that call notifications work even when the app is in + the background or the phone is locked. + +4. Battery and Resource Management +- Battery Usage: Evaluate the dialer app’s impact on battery life during active + calls and idle periods. +- Resource Efficiency: Ensure the app doesn’t excessively consume CPU or memory + while operating, especially during idle times. + +5. Security and Privacy +- App Encryption: Ensure that any stored data (e.g., contacts, call logs) is + encrypted. +- Secure Call Handling: Verify that calls are handled securely through the + encrypted voice protocol. +- Minimal Permissions: The app should ask for the least amount of permissions + necessary to function (e.g., no unnecessary location or contacts access). + +6. Reliability +- Crash Resistance: Test for the app’s stability, ensuring it doesn't crash or + freeze during use. +- Network Resilience: Test how the dialer handles varying network conditions + (e.g., switching between Wi-Fi and mobile data). +- Reconnect and Retry Mechanisms: Ensure that the dialer can gracefully handle + dropped calls and reconnect automatically. -- 2.45.2 From 1a6845760fc7e34c932d7e11802936fbe4ccf68d Mon Sep 17 00:00:00 2001 From: stcb <21@stcb.cc> Date: Fri, 28 Feb 2025 17:56:39 +0200 Subject: [PATCH 4/6] Minor changes --- docs/Delivrables_EN.md | 57 ------------------------------------------ docs/Delivrables_FR.md | 57 ------------------------------------------ docs/beta_test_plan.md | 5 ++-- 3 files changed, 2 insertions(+), 117 deletions(-) delete mode 100644 docs/Delivrables_EN.md delete mode 100644 docs/Delivrables_FR.md diff --git a/docs/Delivrables_EN.md b/docs/Delivrables_EN.md deleted file mode 100644 index 00166d5..0000000 --- a/docs/Delivrables_EN.md +++ /dev/null @@ -1,57 +0,0 @@ -# Project Deliverables - ---- - -## Common - -### Develop and retain a user community - -We plan to create a user community where users can share their experiences with the project and provide feedback on some social platforms such as Telegram, Discord, or Matrix. - -The goal is to promote our project in different open-source and security and privacy-focused communities to gather experienced users capable of interesting feedbacks. - -As we do not focus on selling a product to anyone, but rather to develop an open-source protocol, user retention is not a priority, and it will be more of a KPI of the project's pertinence than a goal; this means we will focus on listening and taking into account good feedback rather than publishing funny posts on social media. - -### Work on user experience - -We will work on making the dialer user-friendly and easy to use. - -We are confident in our current UX development path, and user feedback will be taken into account. - ---- - -## Specifications - -### Enhance credibility and grow project's reputation - -- **Transparent Development:** - Maintain a public roadmap and changelog to document every update and decision during the project's lifecycle. - -- **Security Audits:** - We will rely on our automatic tests and community experts to have organic and constant auditing. - -- **Community Engagement:** - Actively involve our user community in discussions, bug reports, and feature requests. Regularly update the community on progress and upcoming changes. - -- **Open Source Best Practices:** - Adhere to industry-standard coding practices, thorough documentation, and continuous integration/deployment pipelines to ensure high-quality, maintainable code. - -- **Visibility in Key Forums:** - Present and share our work in open-source, cybersecurity, and privacy-focused conferences and events to enhance credibility and attract constructive feedback. - -### Establish strategic partnership - -- **Academic Collaborations:** - Partner with academic institutions for research initiatives and validation of our protocol, leveraging their expertise for further improvements. - -- **Industry Alliances:** - Seek partnerships with established players in the open-source software industry to benefit from their wide community coverage, such as AOSP / GrapheneOS / LineageOS. - -- **Integration Opportunities:** - Explore collaborations with mobile operating systems (e.g., AOSP) and VoIP providers to integrate Icing into existing communication infrastructures. - -- **Joint Innovation Projects:** - Engage in co-development efforts that align with our mission, ensuring that both parties contribute to and benefit from technological advancements. - -- **Funding and Support:** - Identify and pursue grants, sponsorships, and research funding that align with the project's objectives, ensuring sustainable development. diff --git a/docs/Delivrables_FR.md b/docs/Delivrables_FR.md deleted file mode 100644 index 852d5ab..0000000 --- a/docs/Delivrables_FR.md +++ /dev/null @@ -1,57 +0,0 @@ -# Livrables du Projet - ---- - -## Commun - -### Développer et fidéliser une communauté d’utilisateurs - -Nous prévoyons de créer une communauté d’utilisateurs où ceux-ci pourront partager leurs expériences avec le projet et fournir des retours sur des plateformes sociales telles que Telegram, Discord ou Matrix. - -L’objectif est de promouvoir notre projet dans différentes communautés open-source, ainsi que celles axées sur la sécurité et la confidentialité, afin de rassembler des utilisateurs expérimentés capables d’apporter des retours pertinents. - -Comme nous ne nous concentrons pas sur la vente d’un produit à qui que ce soit, mais plutôt sur le développement d’un protocole open-source, la fidélisation des utilisateurs n’est pas une priorité ; elle constituera davantage un indicateur de pertinence du projet qu’un objectif en soi. Cela signifie que nous nous concentrerons sur l’écoute et la prise en compte de bons retours plutôt que sur la publication de messages ludiques sur les réseaux sociaux. - -### Travailler sur l’expérience utilisateur - -Nous travaillerons à rendre le dialer convivial et facile à utiliser. - -Nous avons confiance dans notre démarche actuelle de développement de l’UX et les retours des utilisateurs seront pris en compte. - ---- - -## Spécifications - -### Renforcer la crédibilité et accroître la réputation du projet - -- **Développement transparent :** - Maintenir une feuille de route et un changelog publics pour documenter chaque mise à jour et décision durant le cycle de vie du projet. - -- **Audits de sécurité :** - Nous nous appuierons sur nos tests automatisés et sur des experts de la communauté afin d’assurer des audits organiques et constants. - -- **Engagement de la communauté :** - Impliquer activement notre communauté d’utilisateurs dans les discussions, rapports de bugs et demandes de fonctionnalités. Mettre régulièrement la communauté au courant des avancées et des changements à venir. - -- **Bonnes pratiques de l’open-source :** - Adhérer aux pratiques de codage reconnues dans l’industrie, à une documentation approfondie, et à des pipelines d’intégration/déploiement continus afin de garantir un code de haute qualité et facile à maintenir. - -- **Visibilité sur les forums clés :** - Présenter et partager notre travail lors de conférences et d’événements axés sur l’open-source, la cybersécurité et la confidentialité pour renforcer la crédibilité et attirer des retours constructifs. - -### Établir des partenariats stratégiques - -- **Collaborations académiques :** - S’associer avec des institutions académiques pour des initiatives de recherche et la validation de notre protocole, en tirant parti de leur expertise pour de futures améliorations. - -- **Alliances industrielles :** - Rechercher des partenariats avec des acteurs reconnus dans le domaine des logiciels open-source afin de bénéficier de leur large couverture communautaire, tels que AOSP, GrapheneOS ou LineageOS. - -- **Opportunités d’intégration :** - Explorer des collaborations avec des systèmes d’exploitation mobiles (par exemple, AOSP) et des fournisseurs de VoIP pour intégrer Icing dans les infrastructures de communication existantes. - -- **Projets d’innovation communs :** - S’engager dans des efforts de co-développement en accord avec notre mission, afin que les deux parties contribuent et bénéficient des avancées technologiques. - -- **Financement et soutien :** - Identifier et rechercher des subventions, des parrainages et des financements de recherche en adéquation avec les objectifs du projet, garantissant ainsi un développement durable. diff --git a/docs/beta_test_plan.md b/docs/beta_test_plan.md index bff58af..0b4ede4 100644 --- a/docs/beta_test_plan.md +++ b/docs/beta_test_plan.md @@ -36,15 +36,14 @@ And should include prototype or scratches functionalities, among which: - On-the-fly key exchange (does not require prior key exchange, sacrifying some security) - Strong error correction -#### Kotlin Lib ? - #### The Icing dialer (based on Icing kotlin library, an Icing protocol implementation) The Icing dialer should be a fully transparent and almost undistinguishable smartphone dialer. Any Icing-unaware user should be able to use the dialer smoothly to make calls to anyone. - The dialer should propose a full set of functionnalities to handle its Icing protocol implementation. +Here is the list of all the functionnalities our dialer will integrate: + - Call - Ringtone on incoming call - Incoming and ongoing call notification -- 2.45.2 From 872db575229a14c4a9dbeeed5d18e92da738c90a Mon Sep 17 00:00:00 2001 From: stcb <21@stcb.cc> Date: Fri, 28 Feb 2025 18:42:49 +0200 Subject: [PATCH 5/6] Big clean --- docs/beta_test_plan.md | 121 +++++++++-------------------- docs/non-functional_delivrables.md | 62 +++++++++++++++ 2 files changed, 100 insertions(+), 83 deletions(-) create mode 100644 docs/non-functional_delivrables.md diff --git a/docs/beta_test_plan.md b/docs/beta_test_plan.md index 0b4ede4..dfefa39 100644 --- a/docs/beta_test_plan.md +++ b/docs/beta_test_plan.md @@ -129,9 +129,9 @@ By using the Icing protocol, not only would Jeff and the bank be assured that th but also that the call is coming from Jeff's phone and not an impersonator. Elise is a 42 years-old extreme reporter. -After interviewing Ukrainian opposition's leader, the SBU (ex KGB) are looking for her accross the whole country. -She hides in western moutains near Romania, and she barely receive cellular network. -She suspects her phone line to be monitored, so the best she can do to call for extraction safely, is to use her Icing dialer. +After interviewing Russians opposition's leader, the FSB is looking to interview her. +She tries to stay discreet and hidden, but those measures constrains her to barely receive cellular network. +She suspects her phone line to be monitored, so the best she can do to call safely, is to use her Icing dialer. Paul, a 22 years-old developer working for a big company, decides to go to China for vacations. But everything goes wrong! The company's product he works on, is failling in the middle of the day and no one is @@ -142,96 +142,63 @@ problem, safe from potential Chinese spies. ## Evaluation Criteria ### Protocol and lib 1. Security -- Encryption Strength: Ensure that the encryption algorithms used (e.g. - AES-256, RSA, ECC) are up-to-date and secure. +- Encryption Strength: Ensure that the encryption algorithms used (AES-256, ECC) + are up-to-date and secure. - Key Management: Evaluate the mechanism for generating, distributing, and - storing encryption keys (e.g., public-key cryptography, Diffie-Hellman, or - ECDH). + storing encryption keys (P-256 keys, ECDH). - Forward Secrecy: Confirm that the protocol supports forward secrecy, meaning that session keys are discarded after use to prevent future decryption of - past communication. -- End-to-End Encryption Integrity: Verify that no plaintext data is exposed + past communication, and that future sessions are salted with a pseudo-random salt + resulting or derived from the past calls. +- End-to-End Encryption Integrity: Verify that no clear data is exposed outside the encryption boundary (client-side only). -- Zero Knowledge: The protocol and library should implement zero-knowledge - principles, ensuring that the server cannot access or decrypt the - communications. -- Authentication and Authorization: Evaluate the authentication method (e.g., - multi-factor authentication) and ensure that only authorized users can - initiate calls. -- Replay Protection: Ensure that mechanisms are in place to prevent replay - attacks (e.g., using nonces or timestamps). +- Replay Protection: Ensure that the protocol includes strong mechanisms to prevent replay + attacks. 2. Performance - Latency: Measure the round-trip time (RTT) for call setup and audio quality - during the call. A good system should aim for low latency to ensure real-time - communication. -- Bandwidth Efficiency: Evaluate the protocol’s ability to minimize bandwidth + during the call. The system should aim for the lowes latency possible. +- Bandwidth Efficiency: Evaluate the protocol’s ability to optimize bandwidth usage while maintaining acceptable audio quality. -- Scalability: Ensure that the protocol can handle varying user numbers and - call volumes without degradation in performance. -- Audio Quality (Codec Selection): Assess the choice of audio codecs (e.g., - Opus, G.711) for their impact on call quality at different network - conditions. +- Audio Quality: Assess the audio quality during calls, including clarity, + consistency, and minimal distortion. 3. Usability - Ease of Integration: Evaluate how easy it is to integrate the library into an Android application, including the availability of well-documented APIs and clear examples. -- Cross-platform Compatibility: Ensure that the protocol supports multiple - platforms (e.g., Android, iOS, desktop) to allow seamless communication - between devices. - Seamless User Experience: Check for smooth call initiation, handling of dropped calls, and reconnection strategies. The app should handle background operation gracefully. -- UI/UX Design: Assess the user interface (UI) of the Android dialer for - intuitiveness, accessibility, and design consistency. +- UI/UX Design: Assess the user interface (UI) of the Android dialer for intuitiveness, + accessibility, and if it could be a drop-in replacement for the original dialer. - Error Handling and Recovery: Evaluate how the system handles unexpected errors (e.g., network issues, connection drops) and recovers from them. 4. Interoperability -- Support for Multiple Protocols: Verify if the library and protocol can +- Support for Multiple Protocols: Verify if the protocol can integrate with existing standards (e.g., SIP, WebRTC) for interoperability with other services. -- Cross-device Compatibility: Ensure that calls can be initiated and received +- Cross-device Compatibility: Ensure that calls encryption can be initiated and received across different devices, operating systems, and network conditions. -- Backward Compatibility: Test whether the library is backward compatible with - older versions of protocols or legacy systems where applicable. +- Backward Compatibility: Test whether the protocol is backward compatible. 5. Privacy -- Data Storage: Evaluate how the system stores any data (e.g., user details, - call logs). Ensure that sensitive information is encrypted both in transit - and at rest. -- Data Minimization: Ensure that only the minimum necessary data is collected +- Data Storage: Evaluate how the system stores any data (user details, identities). + Ensure that sensitive information is encrypted. +- Data Minimization: Ensure that only the minimum necessary data is used for the protocol to function. - No Call Metadata Storage: Ensure that no metadata (e.g., call logs, duration, timestamps) is stored unless necessary, and, if stored, it should be encrypted. -6. Compliance and Standards -- Regulatory Compliance: Ensure that the protocol adheres to privacy and - security regulations, such as GDPR, HIPAA (if relevant), and other - region-specific laws. -- Open Standards: Verify whether the protocol adheres to recognized open - standards for secure voice communications (e.g., ZRTP, DTLS). - -7. Reliability -- Connection Stability: Test the stability of the connection during real-world - use cases (e.g., fluctuating network conditions, roaming, mobile data). -- Error Logging and Monitoring: Assess the logging system to track errors, - anomalies, or potential security threats. The system should have proper - monitoring to help with diagnosing issues. -- Redundancy and Failover: Ensure that the system can handle server failures or - network issues gracefully with proper redundancy mechanisms in place. - -8. Maintainability +6. Maintainability - Code Quality: Review the library for clarity, readability, and maintainability of the code. It should be modular and well-documented. - Documentation: Ensure that the protocol and library come with thorough - documentation, including how-to guides, API references, and troubleshooting - resources. + documentation, including how-to guides and troubleshooting resources. - Active Development and Community: Check the active development of the - protocol and library (e.g., open-source contributions, GitHub repository - activity). + protocol and library (open-source contributions, GitHub repository activity). ### Dialer 1. User Interface @@ -240,51 +207,39 @@ problem, safe from potential Chinese spies. prioritize accessibility. - Dialer Search and History: Ensure there’s an efficient contact search, history logging, and favorites integration. -- Visual Feedback: Verify that the app provides visual feedback for actions - such as dialling, incoming calls, and call termination. +- Visual Feedback: Verify that the app most usefull buttons provides visual feedback for actions, + such as dialling, calls available interactions for example. 2. Call Management -- Call Initiation: Test the ease of initiating a call from contacts, recent - call logs, or direct number input. +- Call Initiation: Test the ease of initiating a call from contact list, recent + call logs, contact search or direct number input. - Incoming Call Handling: Verify the visual and audio prompts when receiving calls, including notifications for missed calls. - Call Hold/Transfer/Forward: Ensure the dialer supports call hold, transfer, and forwarding features. - Audio Controls: Check whether the app allows users to adjust speaker volume, mute, and switch between earpiece/speakerphone. -- Call Waiting: Verify that call waiting functionality works, allowing users to - switch between active calls. -- Call Recording: If supported, check whether the call recording feature works - in compliance with privacy regulations and user consent. 3. Integration with System Features -- Permissions: Ensure the app requests and manages necessary permissions (e.g., - microphone, camera for video calls). +- Permissions: Ensure the app requests and manages necessary permissions + (microphone, camera for scanning QR codes, contacts, call history, local storage). - Integration with Contacts: Ensure that the app seamlessly integrates with the Android contacts and syncs correctly with the address book. -- Bluetooth Support: Test whether the app supports Bluetooth devices such as - headsets and car kits. -- Notifications: Ensure that call notifications work even when the app is in +- Notifications: Ensure that call notifications and ringtone works even when the app is in the background or the phone is locked. -4. Battery and Resource Management -- Battery Usage: Evaluate the dialer app’s impact on battery life during active - calls and idle periods. +4. Resource Management - Resource Efficiency: Ensure the app doesn’t excessively consume CPU or memory - while operating, especially during idle times. + while operating, during idle times or on call. 5. Security and Privacy -- App Encryption: Ensure that any stored data (e.g., contacts, call logs) is - encrypted. +- App Encryption: Ensure that any stored and sensitive data is + encrypted, or protected. - Secure Call Handling: Verify that calls are handled securely through the encrypted voice protocol. - Minimal Permissions: The app should ask for the least amount of permissions - necessary to function (e.g., no unnecessary location or contacts access). + necessary to function. 6. Reliability - Crash Resistance: Test for the app’s stability, ensuring it doesn't crash or freeze during use. -- Network Resilience: Test how the dialer handles varying network conditions - (e.g., switching between Wi-Fi and mobile data). -- Reconnect and Retry Mechanisms: Ensure that the dialer can gracefully handle - dropped calls and reconnect automatically. diff --git a/docs/non-functional_delivrables.md b/docs/non-functional_delivrables.md new file mode 100644 index 0000000..a090b6e --- /dev/null +++ b/docs/non-functional_delivrables.md @@ -0,0 +1,62 @@ +# Project Deliverables + +--- + +## Common + +### Develop and retain a user community + +We plan to create a user community where users can share their experiences with the project and provide feedback on some social platforms such as Telegram, Discord, or Matrix. + +The goal is to promote our project in different open-source and security and privacy-focused communities to gather experienced users capable of interesting feedbacks. + +As we do not focus on selling a product to anyone, but rather to develop an open-source protocol, user retention is not a priority, and it will be more of a KPI of the project's pertinence than a goal; this means we will focus on listening and taking into account good feedback rather than publishing funny posts on social media. + +### Work on user experience + +We will work on making the dialer user-friendly and easy to use. + +We are confident in our current UX development path, and user feedback will be taken into account. + +--- + +## Specifications + +### Enhance credibility and grow project's reputation + +- **Transparent Development:** + Maintain a public roadmap and changelog to document every update and decision during the project's lifecycle. + +- **Security Audits:** + We will rely on our automatic tests and community experts to have organic and constant auditing. + +- **Community Engagement:** + Actively involve our user community in discussions, bug reports, and feature requests. Regularly update the community on progress and upcoming changes. + +- **Open Source Best Practices:** + Adhere to industry-standard coding practices, thorough documentation, and continuous integration/deployment pipelines to ensure high-quality, maintainable code. + +- **Visibility in Key Forums:** + Present and share our work in open-source, cybersecurity, and privacy-focused conferences and events to enhance credibility and attract constructive feedback. + +### optimize relationships with the target audience + + + +### Establish strategic partnership + +- **Academic Collaborations:** + Partner with academic institutions for research initiatives and validation of our protocol, leveraging their expertise for further improvements. + +- **Industry Alliances:** + Seek partnerships with established players in the open-source software industry to benefit from their wide community coverage, such as AOSP / GrapheneOS / LineageOS. + +- **Integration Opportunities:** + Explore collaborations with mobile operating systems (e.g., AOSP) and VoIP providers to integrate Icing into existing communication infrastructures. + +- **Joint Innovation Projects:** + Engage in co-development efforts that align with our mission, ensuring that both parties contribute to and benefit from technological advancements. + +- **Funding and Support:** + Identify and pursue grants, sponsorships, and research funding that align with the project's objectives, ensuring sustainable development. + -- 2.45.2 From 2bb8b170a83d65b289ca72624d07ebd71da7d2bf Mon Sep 17 00:00:00 2001 From: stcb <21@stcb.cc> Date: Fri, 28 Feb 2025 18:44:12 +0200 Subject: [PATCH 6/6] Minor indications --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index ec30be8..76bb4d2 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Icing +## Encrypting phone calls on an analog audio level + An Epitech Innovation Project *By* @@ -8,6 +10,12 @@ An Epitech Innovation Project --- The **docs** folder contains documentation about: + +#### Epitech +- The Beta Test Plan +- The Delivrables + +#### Icing - The project - A user manual - Our automations -- 2.45.2