WEB3.0 WALLET/SMSLOCKR

[jumezurike]

Open Grant Proposal: LokDon - Anti phishing; anti cache hacking; SMS/wallet security token on Filecoin IPFS and NFT storage

** Name of Project: WEB3.0 SMSLOCKR

Proposal Category: app-dev

Proposer: @jumezurike

Do you agree to open source all work you do on behalf of this RFP and dual-license under MIT and APACHE2 licenses? Yes

Description of the project (WEB3.0 WALLET/SMSLOCKR)

We understand that filecoin does not use much encryption at this time: This a conclusion we surmised from talking to one of our clients. However, the process of making sure that the right data is stored in the right location by the right entity at the right time is something we find interesting. The hashing proof is golden because it allow the right person to pull or download that data later on following the URI. This fits very well with a solution we will like to build. Simply put, Data Access Security and Recovery solution (DASARS). In the future this approach could be used on the filecoin network for providing cost effective covert channels between nodes.

Problem: Mobile devices have a great weakness when it comes to the use of SMS amongst other things. Most decentralized app have a larger market penetration power when deployed on mobile devices e.g smartphones.

• 83% of USA teens rely on SMS for communication. An average person sends over 13 sms per day. This person is mostly unaware of the dangers of SMS thus they also send sensitive information via SMS. Check the statistical information .
• Crypto wallets sits on the same devices with SMS. By association cyber attacks are prevalent on mobile devices via phishing and cache hacks.
• It is really convenient to send seed phrases and private keys via SMS thus one unknowingly exposes them to the world. Both custodial and non-custodial wallets have no immunity to this. Hot and cold wallets do not have immunity to this and this makes it a very big problem. It is shocking to know that many people thought it was alright to send these master keys via SMS.

Solution: The fix is very straight to the point. We protect the wallet by plugging the SMS inroad cyber attacks. We do it using encryption on all the relevant key or phrases as well as sharable information. On-demand with key less end-to-end security can give us a much better result in-lieu of link encryption. This will work perfectly well for Filecoin which by design will become a secure, decentralized record keeper for all sharable user data in all transactions. This will bring a dimension to both custodial and non-custodial wallets. There will be options for users to hold their communication exchange object locally or externally for global reach.

• On-demand ---------------- Encryption is on demand
• Keyless ---------------- No keys are moved, stored, reused, and managed.
• End-to end ---------------- No link encryption and no third parties.
• Timeless security ------------ It is a quantum resistant cryptography variant.

PREREQUISITE

• A. Core code; runtime engine (ECSMID)
• B. SDK
• C. API
• D. Libraries
• E. Filecoin IPFS and NFT storage All these we packages as images to build SMSLockr using filecoin IPFS and NFT storage as the proper decentralized file stores or DB. Some of the prerequisite are preexisting as proprietary.

Find the flow diagram from figma

LokDon ECSMID V 1.0.0 USE CASES / FUNCTIONALITIES

WALK THROUGH VIDEO ECSMID V 1.0.0

AWS ec2 free tier ECSMID V 1.0.0

Docker ECSMID V 1.0.0

Value

• What are the benefits to getting this right? This project will: Improve the developer experience and security for Filecoin and drive more adoption. Increase the value of Filecoin as the distributed storage will be needed to sharing data. Generate many insights on how to improve performance data control and business pace on Filecoin. Drive improvement of state actors related to DID for origin identification Bring new members to the Filecoin community for the purpose of data access security and recovery solution (DASARS). This will remove user hardware requirement, providing easy backp and recovery ow wallet in emergency or loss of life. This will drive users to do with their information what they see fit since they have absolute control absent third parties.- Adding to Filecoin web 3.0 status. FIL wallet privacy and security will be protected with quantum resistant cryptography: On-demand key less end-to-end encryption.
  • What are the risks if you don't get it right? Expensive retrieval deals may scare away some developers. Clients or providers may waste FIL if data transfers aren't properly executed. A failed attempt at developing a successful SMS/wallet locker may decrease the community's confidence in Filecoin becoming a major storage solution for web 3.0. Failure to heed guidance of well architected framework may lead to dead ends, wasting of time which could decimmate funds to finish the project.
  • What are the risks that will make executing on this project difficult? This is a complex technical project with many moving parts. The proposed architecture is new but we need to proceed gradually and iterate in order to figure it out. We need to spend more time on ipfs and hope that it will update and sync data from many entities in a record time.

Deliverables

Step to solving the problem of SMS phishing attacks targeting wallet seed phrases and private keys.

1. Design SMS dapp flow diagram, story adn/or journey a. ui/ux

2. Prepare the infrastructure following well architectural framework (non-monolith or micro services)

3. Hybrid development solution flutter is used to develop the SMS application first run (First month of Q1) a. Build communication exchange object with user data (avatar or pic, PIN, primary authentication device, DID or sTruedid, UWA) or use PIN and NFT login as enhanced password system. b. wallet security added to establish secure login and destroy cache attacks c. Data vault setup for security of private keys and seedphrases including related sensitive information. d. Settings

4. Threat model with MS tool kit amd mobsf (Middle of Q1). We invite public testers after this.

5. Integrate decentralized storage of DB like(filecoin ipfs) currently we can use individual cloud.

6. Deploy Alpha in staging: QA and security testing (Second month of Q1: second iteration)

7. Integrate with NFT local minting of assets on local devices.

8. Integrate local data store or communication exchange object or sent them to filecoin IPFS (nft storage): This is the second iteration v2 (Third month of Q1)

9. Provide a competitive pricing at $1.00-$2 in-app subscription for android and ios

10. Push it to production by launching on google play store and ios play store. a. Publish on product hunt and mirror.xyz (Last month of Q1)

Development Roadmap

January 1 - February 13 2023 (Q1)

1. Software and Technical design diagram SDD/TDD for SMS dapp A. UI/UX; flow diagram, story and/or journey B. secure Software development lifecycle (used all through the process stages)

i. Requirement -------------------------- Risk assessment ii. design -------------------------- Threat model design review iii. development -------------------------- Static analysis iv. Testing -------------------------- Security testing and code review v. Deployment -------------------------- Security assessment and secure configuration vi. CI/CD --------------------------- CI/CD

2. Prepare the infrastructure following well architectural framework (non-monolith or micro services): Filecoin nodes and NFT storage.

3. Hybrid development solution flutter is used to develop the SMS application first run (First month of Q1) a. Build communication exchange object with user data (avatar or pic, PIN, primary authentication device, struedid, UWA) or use PIN and NFT login as enhanced password system. b. wallet security added to establish secure login and destroy cache attacks c. Data vault setup for security of private keys and seed phrases including related sensitive information. d. Settings

4. Threat model with MS tool kit amd mobsf (Middle of Q1). We invite public testers after this.

February 14 - February 29 2023 (Q1)

5. Integrate decentralized storage of DB like(filecoin ipfs) currently we can use individual cloud.

6. Deploy Alpha in staging: QA and security testing (Second month of Q1: second iteration)

7. Integrate with NFT local minting of assets on local devices.

March 1 - March 31 2023 (Q1)

8. Integrate local data store or communication exchange object or sent them to filecoin IPFS (nft storage): This is the second iteration v2 (Third month of Q1)

9. Provide a competitive pricing at $1.00-$2 in-app subscription for android and ios

10. Push it to production by launching on google plays tore and ios plays tore.

11. Publish on Filecoin community, product hunt and mirror.xyz (Last month of Q1)

Total budget requested

• Budget will cover 5 engineers and 1 Security solution architect living expenses for the duration of the project 3 months of sprint development - $45K
• Infrastructure for running multiple Filecoin nodes: 3 months of billings - $7K
• Total: $52K

Maintenance and Upgrade Plans

The mobile application will be powered by filecoin and ECSMID. We will continue to maintain and improve them as the dapp evolves moving forward.

Team

Team Members

Joisah Umezurike - Application Security Engineer / Solution Architect
Nahom Wosenu Bogale - Principal Engineer
Alexander Ibekason - Backend Engineer
Utkarsh Jaiswal - Frontend developer / UI-UX designer
Faraz Naliwar - Mobile Application developer (Flutter dart/android)
Alend Jarjis - Project manager/QA
Ubong Ndoh - React native developer

Team Member LinkedIn Profiles

• https://www.linkedin.com/in/josiah-umezurike/
• https://www.linkedin.com/in/nahom-wosenu-80a234160/
• https://www.linkedin.com/in/alexander-ibekason/
• https://www.linkedin.com/in/utkarshjaiswal1997/
• https://www.linkedin.com/in/faraznilawar/
• https://www.linkedin.com/in/alend-jarjis-95b6b6144/
• https://www.linkedin.com/in/ubongndoh/

Team Website

https://lokdon.com

Relevant Experience

We have over 40 years experience as a team. Strong background cyber security. We have worked together for at least 2 years on an average. We know the vision and what we need done. I am my co-founder have been working together for 5 years.

Team code repositories

http: https://kodelab.apilokdon.com/utkarshJ/smslockerapp.git https://kodelab.apilokdon.com/lokdon/lokdonx.git

Additional Information

You can find our research paper on Researgate

[jumezurike]

This my proposal for smslockr

[jumezurike]

[jumezurike]

Utkarsh do not change the proposer at all. They need it the way it is now. Just github account.

[jumezurike]

@realChainLife I wanted to know if there is something wrong with our grant application. We have not heard from you. Let us know if there is something amiss. Thanks.

[ErinOCon]

Hi @jumezurike, our review was on hold over the holidays and is resuming this week. We will be in touch once more information is available!

[jumezurike]

@ErinOCon How are you? Great new year, wishing you all the best. When do you think we can hear from you? We need to get this going it will help Filecoin as well as us. Especially our cceNFT protocol.

[ErinOCon]

Hi @jumezurike, I am very sorry you did not receive a timely reply to this application. It seems this proposal was resolved in our system prior to sending you a status update. Unfortunately, this project was not approved for a grant during its review cycle.

If you have an interest in applying for a grant in the future, please feel welcome to contact our team with questions at grants@fil.org.