Inside the $100 laptop's security spec

Inside the $100 laptop's security spec

Summary: The One Laptop Per Child project releases Bitfrost, an architecture-level specification covering the $100 notebook's security model.

SHARE:
TOPICS: Security, Laptops
36
SAN FRANCISCO -- Ivan Krsti? mission to make the $100 laptop a monoculture of impossible targets shifted into high gear with the public release of Bitfrost, an architecture-level specification covering the OLPC (One Laptop Per Child) security model.

Krsti? delivered the spec at the RSA security conference here and sounded a call for security research professionals to pick it apart, provide feedback and pitch in to help secure the notebook machines from malicious hackers.  Ivan Krstic

Bitfrost, which gets its name from Norse mythology, provides a comprehensive overview of the security model, which covers everything from use of passwords, hard drive encryption, machine authentication, security updates and data loss prevention.

In an interview following his RSA conference presentation, Krsti? said the spec was created with input from about a dozen well-known security pros. "Let's face it, this project will have enemies. We're shipping these machines to countries with political instability so we're assuming there are real attackers interested in hacking into killing these machines. We had to look at all the potential attack angles," he explained.

Krsti?, who is studying theoretical mathematics and computer science at Harvard University, said the inability to make strong assumptions about Internet connectivity drove many of the decisions around security updates. The spec does not include any mention of how the OLPC machines will be patched but Krsti? said it's a strong possibility that automatic updates will be enabled by default.

"We've figured out how to handle automatic updates. By default, whenever the laptop connects to the Internet, it will ask the school's server if there are patches or updates available. This will be in place even if you're not in contact with the school server, you can ask the OLPC server to push down the update," he explained.

The project's goal is to ship millions of identical, network-attached computers into some of the most remote locations -- all managed by schoolteachers and kids with no computer experience -- so Krsti?'s team had to make sure the security model was as uncomplicated as possible.

The goals of the spec:

No user passwords
With users as young as five years old, the security of the laptop cannot depend on the user's ability to remember a password. Users cannot be expected to choose passwords when they first receive computers.

No unencrypted authentication
Authentication of laptops or users will not depend upon identifiers that are sent unencrypted over the network. This means no cleartext passwords of any kind will be used in any OLPC protocol and Ethernet MAC addresses will never be used for authentication.

Out-of-the-box security
The laptop should be both usable and secure out-of-the-box, without the need to download security updates when at all possible.

Limited institutional PKI
The laptop will be supplied with public keys from OLPC and the country or regional authority (e.g. the ministry or department of education), but these keys will not be used to validate the identity of laptop users. The sole purpose of these keys will be to verify the integrity of bundled software and content. Users will be identified through an organically-grown PKI without a certified chain of trust — in other words, our approach to PKI is KCM, or key continuity management.

No permanent data loss
Information on the laptop will be replicated to some centralized storage place so that the student can recover it in the even that the laptop is lost, stolen or destroyed.

The machine will also feature an anti-theft kill switch that gives school administrators the ability to permanently disable lost laptops. Krsti? said the OLPC received "very strong requests from certain countries" for a powerful anti-theft mechanism, leading to the decision to add a call-home feature that pings an anti-theft server for authentication.

The security process actually starts at the time the machine is manufactured, Krsti? said, pointing out that a randomly generated serial and UUID number is fitted into each laptop at the manufacturing plant. A brand new OLPC machine is largely non-functional unless it it activated with the key and UUID number.

This helps to deal with a potential weakness in the distribution component, when millions of machines are shipped internationally. The OLPC will generate and deliver the keys on a USB key to the schools and, once an OLPC server is installed, the keys for specific laptops can be turned on to bring the machine to life.

The spec assumes the machines will be potential targets for many of the threats on mainstream computes -- from data theft to viruses and malware to botnets -- and Krsti? said the threat model calls for the machine to be resilient even if an attacker is successful.

"For all but the most pathological scenarios, I really think this platform will provide stronger protections than anything you'll find out there in mainstream use. I'm pretty confident that this model will hold up very well," said Krsti?, who spent the last seven months working 16- to 18-hour days on the spec.

As much as he's confident, Krsti? remains nervous. "I won't start sleeping soundly at night until we actually implement all this and see that it works."

Topics: Security, Laptops

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

36 comments
Log in or register to join the discussion
  • Wow....

    I am thoroughly impressed by the attention being paid to the security aspects of this project. Not that I believe the security will be bulletproof for the $100 laptop (any more than it is for $1000 laptops), but it shows a committment to success for the project unusual in recent computing endeavors.

    Funnily enough, my first computer (a Timex-Sinclair 1000) cost $100 (in 1982). I still own it. Like the $100 laptop, the TS1000 was heavy on functionality (although it had a puzzling lack of ability to manage large datasets) and was a splendid tool for teaching the art of computing.

    I can't wait to see how kids all over the world use the $100 laptop to expand their horizons. It's an exciting time, people.
    jlafitte
    • Very little impresses me days, but that did.

      Very little impresses me days, but this did.

      http://tinyurl.com/2w3fkw

      (More details on how Bitfrost works...)

      Security done by people who actually understand what security is all about - a compromise between usability and total lockdown.

      Makes Windows Security look rather pathetic by comparison. Governments and enterprises should be looking to those people for their next generation IT systems, not Microsoft.
      jinko
      • Great planning

        The concept for having high security on children's pc will hopefully carry through to the emphasis on security to kids. There are two routes: one, to have the security high and end up having kids ignore the security measures that should be taken; two having kids realize that security is a essential factor for computer usage and help raise a generation of security minded individuals.
        MD525
    • Totally Agree

      I totally agree. Although you can't make anything completely secure (heck you can't make a completely secure 2000 dollar computer) OLPC is doing a decent job keeping these laptops from just being mass hacked. Tehre will e people who would love to ruin thousands or little poor kids lives and make some super virus that just renders it unusable.

      But hopefully that won't happen.
      aceofspades1217@...
  • Secure yes, usable?

    I mean I can secure a machine too, but it won't be nearly as usable.
    No_Ax_to_Grind
    • But you're not associated with OLPC, so that's OK.

      Questions on OLPC's usability should be directed towards people who have actually tried using one.
      Zogg
      • I have!!!

        I tried one out, and it seemed quite usable to me... I mean, apart from the fact it doesn't have windows (it runs it's own OS, based of linux (or it's an app in linux (I can't remember which))), all you need to do is prevent documents from being stolen... All I see as a threat to them is a terrorist attack, spamming them with insults... :P
        kamahl928
    • Did you bother to read the specs?

      Here they are again:

      http://tinyurl.com/2w3fkw

      No passwords, no user hassle, that's usability by any definition.

      Some people actually do "get" security.
      jinko
      • nothing says security

        like data replication off every one of millions of laptops onto a central server
        that way you don't even have to steal the laptop, you can just hack into the server....
        corticus
    • Jeez Axey

      Shipper had already cold booted prior to me calling in on the Advice of a previous technician.
      I had the shipper run software verification
      Shelendrea
      • cr@p

        that is NOT what I meant to post.

        THIS IS:



        Who said anything about YOU being able to use it?
        This laptop is primarily for children in underdeveloped countries to learn with. It is about bringing a technology to them that they might not have access to otherwise.
        Shelendrea
        • Wow

          you don't play around when you monkey things up, do you? :-)
          swoopee
          • Hee hee

            True enough. That's what I get for multi-tasking. And I am sure no one would have understood what I meant there anyway. The original reply to Axey anyway =-)
            Shelendrea
    • trolling again?

      You know that the device is not targeted to uneducated hicks (those with No_Ax_to_Grind) in the US! The target audience can be as young as 5 years old, in poor nations around the world. Go read the spec's!
      B.O.F.H.
      • I don't think

        reading comprehension is one of Axey's strong points =-)
        Shelendrea
      • He's just peeved...

        that it doesn't ship with a $65 OEM version of Vista installed on it. Of course then it would be a $265 laptop...what with the extra hardware required...
        Cardinal_Bill
        • He's peeved because...

          He's peeved because the world is about to see Microsoft's latest multi billion dollar product upstaged by a $100 Linux laptop.
          jinko
  • OLPC Security

    The project concept is terrific. Don't know if they can pull it off to any significant degree of success but I am hopeful. One amazing thing is the forethought being put into this system especially into the security issue. It seems that Mr. Krstic has put more time into the security issue than all of Microsoft's engineers combined have but into VISTA. But then again Microsoft's attitude has always been to let the end user debug it's products.
    rsutton@...
    • Searching............

      Nope, I can't find Microsoft anywhere in this whole article, yet you obviously must have seen it there as you had to denegrate them with the usual platitudes. What happened, did you forget to bash Bush as well?
      Get a life.
      gsuser
      • What would a troll be...

        without people like you to feed them.
        jasonp@...