briar issueshttps://code.briarproject.org/groups/briar/-/issues2020-11-21T19:08:20Zhttps://code.briarproject.org/briar/briar/-/issues/319Distinguish between transient, recoverable and permanent DB exceptions2020-11-21T19:08:20ZakwizgranDistinguish between transient, recoverable and permanent DB exceptionsThis would be useful for message delivery hooks and any other operation that should be retried if the failure is temporary, or cancelled if it's permanent.This would be useful for message delivery hooks and any other operation that should be retried if the failure is temporary, or cancelled if it's permanent.https://code.briarproject.org/briar/briar/-/issues/303Use Bluetooth LE for peer discovery2022-01-26T13:50:35ZakwizgranUse Bluetooth LE for peer discoverySome newer Android devices support Bluetooth LE peripheral mode, which allows them to send beacons advertising their presence. This could be used as a low-energy and privacy-preserving alternative to polling for device pairs that support...Some newer Android devices support Bluetooth LE peripheral mode, which allows them to send beacons advertising their presence. This could be used as a low-energy and privacy-preserving alternative to polling for device pairs that support it.
https://altbeacon.github.io/android-beacon-library/beacon-transmitter-devices.html
Related to #44, #62.https://code.briarproject.org/briar/briar/-/issues/301Replace jars with Gradle dependencies2020-11-21T19:23:37ZakwizgranReplace jars with Gradle dependencies* ~~weupnp: https://bintray.com/bintray/jcenter/org.bitlet%3Aweupnp/view (upgrade from 0.1.3-SNAPSHOT to 0.1.4)~~
* bluecove and bluecove-gpl: https://bintray.com/bintray/jcenter/net.sf.bluecove%3Abluecove/view (downgrade from 2.1.1-SNAP...* ~~weupnp: https://bintray.com/bintray/jcenter/org.bitlet%3Aweupnp/view (upgrade from 0.1.3-SNAPSHOT to 0.1.4)~~
* bluecove and bluecove-gpl: https://bintray.com/bintray/jcenter/net.sf.bluecove%3Abluecove/view (downgrade from 2.1.1-SNAPSHOT to 2.1.0, check whether Briar patch is still needed)
* ~~jna: https://bintray.com/bintray/jcenter/net.java.dev.jna%3Ajna/view and https://bintray.com/bintray/jcenter/net.java.dev.jna%3Ajna-platform/view~~
* jssc: https://bintray.com/bintray/jcenter/org.scream3r%3Ajssc/view (upgrade from 0.9, see #64)
* ~~jsocks: no suitable artifact available, see #228~~
* jtorctl: no suitable artifact available, patch required until merged upstream, see https://github.com/guardianproject/jtorctl/pulls
* jnotify: no suitable artifact available, patch required, see #25https://code.briarproject.org/briar/briar/-/issues/265Fuzzing tests for message validators2021-02-10T15:10:26ZakwizgranFuzzing tests for message validatorsUse fuzzing to ensure the message validators reject invalid messages without crashing. Record any messages that trigger crashes.
We can either look for a suitable fuzzing library or write our own fuzzer, starting from valid messages and...Use fuzzing to ensure the message validators reject invalid messages without crashing. Record any messages that trigger crashes.
We can either look for a suitable fuzzing library or write our own fuzzer, starting from valid messages and applying random mutations (delete/replace/repeat).https://code.briarproject.org/briar/briar/-/issues/219Use builder pattern for factories with optional/default arguments2020-11-21T19:35:25ZakwizgranUse builder pattern for factories with optional/default argumentshttps://code.briarproject.org/briar/briar/-/issues/170Use Argon2 for password-based key derivation2020-11-21T19:40:11ZakwizgranUse Argon2 for password-based key derivationArgon2 won the password hashing competition and has a number of advantages over PBKDF2.
In this case it makes sense to wrap a native implementation even if there's a Java implementation available.Argon2 won the password hashing competition and has a number of advantages over PBKDF2.
In this case it makes sense to wrap a native implementation even if there's a Java implementation available.https://code.briarproject.org/briar/briar/-/issues/152Merge patches upstream2020-11-21T19:42:04ZakwizgranMerge patches upstreamDetermine which of the patches in the /patches dir should be merged upstream and contact the upstream developers.
Related: #25, #64, #115Determine which of the patches in the /patches dir should be merged upstream and contact the upstream developers.
Related: #25, #64, #115https://code.briarproject.org/briar/briar/-/issues/64Upgrade jSSC to 2.8.02022-04-18T09:40:48ZakwizgranUpgrade jSSC to 2.8.0jSSC, the serial port library used by the dialup modem plugin, is at version 2.8.0 but we're still using version 0.9. Upgrade to the current version, amending or discarding our thread safety patch as appropriate.jSSC, the serial port library used by the dialup modem plugin, is at version 2.8.0 but we're still using version 0.9. Upgrade to the current version, amending or discarding our thread safety patch as appropriate.https://code.briarproject.org/briar/briar/-/issues/63Prevent tag length from being used for active probing2021-01-25T17:55:11ZakwizgranPrevent tag length from being used for active probingOn some transports it may be possible to use the fixed tag length to probe a transport endpoint to determine whether it's likely to be accepting BTP traffic: the endpoint will always accept (tag length - 1) random bytes but close the tra...On some transports it may be possible to use the fixed tag length to probe a transport endpoint to determine whether it's likely to be accepting BTP traffic: the endpoint will always accept (tag length - 1) random bytes but close the transport connection after (tag length) bytes.
It may be possible to address this by picking a random number for each incoming transport connection and reading that many bytes before deciding whether to accept the connection. The number could be anywhere between (tag length) and (tag length + stream header length). The number could be drawn from a distribution supplied by the TAP profile, allowing the distribution to be tailored to the transport.https://code.briarproject.org/briar/briar/-/issues/62Reduce information leaked by polling2022-01-26T13:47:24ZakwizgranReduce information leaked by pollingPolling for connections to contacts may reveal the number of contacts and their identities to a local observer. For example, anyone monitoring Bluetooth traffic near a Briar device will see periodic bursts of connection attempts from the...Polling for connections to contacts may reveal the number of contacts and their identities to a local observer. For example, anyone monitoring Bluetooth traffic near a Briar device will see periodic bursts of connection attempts from the device's MAC address to certain other MAC addresses. The observer will learn how many contacts the device has, and if the observer knows who owns any of the other MAC addresses then contact relationships will be revealed.
There are several techniques we can use to reduce information leaks.
1) Poll at random intervals
Instead of polling all contacts at regular intervals, poll each contact at exponentially distributed intervals.
This should reduce the information about contacts leaked to a local observer. The shorter the observation period, the less likely it is that connection attempts to all contacts will be observed.
2) Don't poll unreachable contacts
Plugins should store contextual information to help them decide which contacts may be reachable, and contacts who are unreachable should not be polled. Contacts who are rarely reachable via a given transport may be polled less frequently.
3) Don't poll at all
Polling probably contributes to Briar's battery and bandwidth consumption, and for short-range transports it may not be the most efficient way of connecting to nearby contacts. The user knows when contacts are nearby, and may be able to connect to them more quickly by triggering a scan manually than by waiting for the next poll.
To reduce the amount of information leaked by a manual or automatic scan, the scan should detect nearby contacts and then try to connect to any that are nearby, as opposed to the current approach of trying to connect to all contacts. The rationale for the current approach is that we can't make an Android device permanently discoverable via Bluetooth, and making the device temporarily discoverable requires confirmation from the user each time. But if the scan is triggered manually, user confirmation may be acceptable. It may be possible to make a device permanently discoverable via Bluetooth LE or Wi-Fi Direct, in which case we could scan multiple transports with a single manual trigger.https://code.briarproject.org/briar/briar/-/issues/61Ratcheting2020-11-21T20:16:11ZakwizgranRatchetingBriar's forward secrecy is based on periodic key rotation rather than ratcheting because we need to ensure forward secrecy even if no communication occurs for a long period, or communication only occurs in one direction. However, we coul...Briar's forward secrecy is based on periodic key rotation rather than ratcheting because we need to ensure forward secrecy even if no communication occurs for a long period, or communication only occurs in one direction. However, we could also use ratcheting opportunistically, so that the exposure of a transport key doesn't expose all future transport keys (the reverse of forward secrecy).
It would make sense to have a separate ratchet for each transport so that the ratchets for low-latency transports can advance quickly, but the ratchet keys for each transport could be synced over any transport.https://code.briarproject.org/briar/briar/-/issues/60Close idle transport connections2020-11-21T20:16:40ZakwizgranClose idle transport connectionsFor some transports keeping a connection open is expensive (especially if we're sending padding) -- but for other transports creating a new connection may be expensive. Idle connections should be closed after a transport-dependent amount...For some transports keeping a connection open is expensive (especially if we're sending padding) -- but for other transports creating a new connection may be expensive. Idle connections should be closed after a transport-dependent amount of time.https://code.briarproject.org/briar/briar/-/issues/59Traffic analysis prevention layer2022-11-01T14:51:18ZakwizgranTraffic analysis prevention layerThe traffic analysis prevention (TAP) layer is responsible for preventing an observer from determining the volume and timing of data carried by a BTP stream.
What should the interfaces between BTP, TAP and the transport plugin look like...The traffic analysis prevention (TAP) layer is responsible for preventing an observer from determining the volume and timing of data carried by a BTP stream.
What should the interfaces between BTP, TAP and the transport plugin look like? Does the plugin need to be able to ask for a specific stream length, other than setting an upper bound? Are there any transports for which sending data as quickly as possible is preferable (from a TAP point of view) to sending it at a limited rate?
The TAP layer could adjust the transmission rate, increasing it if there's data waiting and decreasing it if not. What could the adversary learn by observing changes in the transmission rate and/or manipulating congestion?
Padding could be handled at the BTP layer by choosing a padding multiplier for each stream. The TAP layer would then sit between BTP and the transport and handle chopping and delaying the stream -- that is, segmenting the encrypted, padded stream according to some segment size distribution, and writing segments to the transport according to some inter-segment delay distribution.
The padding, size and delay distributions can be used to produce a characteristic traffic 'shape' for each device or pair of devices:
http://www.cs.kau.se/philwint/pdf/wpes2013.pdf
We can conceal traffic bursts by throttling the output of the TAP layer so that bursts are smoothed out. However, we should make good use of intermittently available transports -- if we send too slowly, the transport connection may be lost before we finish.https://code.briarproject.org/briar/briar/-/issues/58Use double MAC technique for checking MACs2020-11-21T20:17:47ZakwizgranUse double MAC technique for checking MACsComparing a received MAC to the expected MAC in constant time is tricky in high-level languages because the compiler, runtime and JIT may optimise the comparison code so that it no longer runs in constant time. The adversary may be able ...Comparing a received MAC to the expected MAC in constant time is tricky in high-level languages because the compiler, runtime and JIT may optimise the comparison code so that it no longer runs in constant time. The adversary may be able to use the timing of the comparison to discover how many bytes of the received MAC match the expected MAC.
To avoid revealing this information, the recipient can calculate another MAC over each MAC and compare the outer MACs. The adversary can use the timing of the comparison to learn the position at which the outer MACs differ, but that doesn't reveal the position at which the inner MACs differ.
https://www.isecpartners.com/blog/2011/february/double-hmac-verification.aspx
The MAC is being used as a PRF. It seems like this technique could also be used for validating signatures -- the validator can use any MAC key (not necessarily shared with the signer) to calculate MACs over the received and expected signatures, then compare the MACs.https://code.briarproject.org/briar/briar/-/issues/56Handle fatal errors2020-11-21T20:18:34ZakwizgranHandle fatal errorsWe should decide how to handle various errors that prevent the app from starting or continuing. Right now these are handled in ad hoc ways such as throwing an Error, which crashes the app. Situations we need to handle include:
* Can't o...We should decide how to handle various errors that prevent the app from starting or continuing. Right now these are handled in ad hoc ways such as throwing an Error, which crashes the app. Situations we need to handle include:
* Can't open the database
* Services fail to start
* Out of disk space
* Clock moves backwards
* Database state is inconsistent (DbStateException)
This is a UX issue as much as a programming issue. How do we communicate these errors to the user and what do we advise them to do?https://code.briarproject.org/briar/briar/-/issues/54Support simplex transports where the recipient makes the connection2020-11-21T20:19:22ZakwizgranSupport simplex transports where the recipient makes the connectionFor the simplex transports we've considered so far, such as USB sticks and radio broadcasts, the sender of a stream is the one who creates the underlying transport connection. But it's possible for a transport to operate the other way ro...For the simplex transports we've considered so far, such as USB sticks and radio broadcasts, the sender of a stream is the one who creates the underlying transport connection. But it's possible for a transport to operate the other way round: the recipient opens a connection and receives a stream. Downloading from a web server would be an example.
The plugin architecture should support such transports. This can be deferred until we actually want to implement such a transport.https://code.briarproject.org/briar/briar/-/issues/51Can we trigger the TRIM command on Android?2020-11-16T11:04:26ZakwizgranCan we trigger the TRIM command on Android?Android 4.3 uses the TRIM command to erase blocks of flash that are unused by the filesystem. This could improve our chances of securely deleting data on Android.
MountService issues the TRIM command once every 24 hours if the device is...Android 4.3 uses the TRIM command to erase blocks of flash that are unused by the filesystem. This could improve our chances of securely deleting data on Android.
MountService issues the TRIM command once every 24 hours if the device is idle and charged, as determined by `IdleMaintenanceService`:
https://android.googlesource.com/platform/frameworks/base/+/master/services/java/com/android/server/IdleMaintenanceService.java
Investigate whether we can broadcast any of the intents issued by `IdleMaintenanceService` to cause a TRIM on demand, e.g. in a panic button situation after deleting the database.
We can broadcast an intent with the action `"com.android.server.IdleMaintenanceService.action.FORCE_IDLE_MAINTENANCE"`, but it's not clear whether that has any effect - nothing shows up in the logs on a Galaxy Nexus with Android 4.3 when the intent is broadcast.
When `IdleMaintenanceService` decides (due to receiving the above intent or otherwise) that it's time to run idle maintenance tasks, it broadcasts an intent with the action `"android.intent.action.ACTION_IDLE_MAINTENANCE_START"`. According to the `Intent` javadoc, that intent "can only be sent by the system":
https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/content/Intent.java
Alternatively, we might be able to invoke `android.app.ActivityManagerNative.getDefault().performIdleMaintenance()` via reflection. The method in question was added in September 2013:
https://android.googlesource.com/platform/frameworks/base/+blame/master/core/java/android/app/ActivityManagerNative.java
It's included in the `kitkat-release` branch but not the `jb-release` branch, so we'd need a phone with 4.4 to test this.https://code.briarproject.org/briar/briar/-/issues/50Test Briar on Android devices outside the Google ecosystem2020-11-21T20:22:13ZakwizgranTest Briar on Android devices outside the Google ecosystemVarious manufacturers produce Android devices outside the Google ecosystem, including Blackberry, Xiaomi, Amazon and Nokia. Test Briar on as many of these platforms as possible to ensure it's compatible with whatever modifications they'v...Various manufacturers produce Android devices outside the Google ecosystem, including Blackberry, Xiaomi, Amazon and Nokia. Test Briar on as many of these platforms as possible to ensure it's compatible with whatever modifications they've made.https://code.briarproject.org/briar/briar/-/issues/49Test the effect of clearing background processes2020-11-21T20:22:30ZakwizgranTest the effect of clearing background processesSamsung's task manager has a 'Clear memory' feature that clears inactive and background processes. Test what effect this has when Briar is running. Does it kill the Briar process and/or the Tor process? Does it call BriarService's `onLow...Samsung's task manager has a 'Clear memory' feature that clears inactive and background processes. Test what effect this has when Briar is running. Does it kill the Briar process and/or the Tor process? Does it call BriarService's `onLowMemory()` callback?https://code.briarproject.org/briar/briar/-/issues/48Test the effect of restricting background data2020-11-21T20:22:58ZakwizgranTest the effect of restricting background dataAndroid has settings to prevent individual apps or all apps from using background data. "Restricting background data usage for individual apps can sometimes be a useful way to reduce your overall data usage. However, this is a drastic me...Android has settings to prevent individual apps or all apps from using background data. "Restricting background data usage for individual apps can sometimes be a useful way to reduce your overall data usage. However, this is a drastic measure that may also affect the app's performance or cause it to malfunction."
https://support.google.com/nexus/answer/2819524
Test how these settings affect Briar.