Bitfrost: The Children's Machine XO Security Platform


What computer security will One Laptop Per Child's initial 10 million Children's Machine XO's have? That is a question that Ivan Krstić has wrestled with since his start with OLPC.

olpc bitfrost
Another Droid Army

His OLPC XO development team is worried that evil hackers could create malicious code like rootkits, Trojans, viruses, and worms, which could spread instantly throughout the entire XO laptop distribution, creating a global army of zombie bots.

Also, there is the real danger of Denial of Service (DoS) attacks by those who wish to make the machines downright inoperable.

To counter this treat, they are proactively including computer security systems and reviews in every level of laptop design, including a secure BIOS update method, and Ivan's even invited hackers to test his security systems.

Now he has taken a great leap in implementation and released Bitfrost the OLPC security platform:

We have set out to create a system that is both drastically more secure and provides drastically more usable security than any mainstream system currently on the market.

One result of the dedication to usability is that there is only one protection provided by the Bitfrost platform that requires user response, and even then, it's a simple 'yes or no' question understandable even by young children. The remainder of the security is provided behind the scenes.

But pushing the envelope on both security and usability is a tall order, and it's important to note that we have neither tried to create, nor do we believe we have created, a "perfectly secure" system. Notions of perfect security in the real world are foolish, and we distance ourselves up front from any such claims.

bitfrost olpc $100 laptop
How would you secure this?
Reading the Bitfrost Approach I can only wish that more computer security design professionals, be they specialists in Windows, Apple, or Linux, would follow Ivan Krstić's lead. His five security goals are radical, simple, and long overdue:
  • No user passwords
  • No unencrypted authentication
  • Out-of-the-box security
  • Limited institutional PKI
  • No permanent data loss
If you're the technical type, you can read the full Bitfrost specification on the OLPC Git Repository and:
follow security throughout the life-cycle of the laptop itself, starting from the moment a laptop is produced in the factory, to the moment it first reaches a child, throughout the child's use of the laptop, and finally stopping at the moment a child wishes to dispose of the laptop.
Or better yet, get off your duff, have faith in One Laptop Per Child miracles, and contribute on the OLPC security mailing list.

Related Entries


Its not every day I can beat to an OLPC article. Check out their one hour later version of Bitfrost info here:,72669-0.html?tw=wn_culture_1

Please send me details the OLPC scheme and state if you can supply them for village schools in Central Europe

A Tarcy