Ivan Krstić's ShmooCon OLPC Security Update

   
   
   
   
   
OLPC focus
Everyone's focus: OLPC XO

Shmoocon's focus is security; and Ivan Krstić, the architect of OLPC's Bitfrost security, presented on his revolutionary security plan and received criticism from the other panelists as well as the audience. A lot of ground was covered in a short time, and more questions than answers resulted.

The common concern among the security crowd seems to be the potential of distributing up to 150 million identical laptops, and having these all turn into a humongous botnet for distributed denial of service attacks or other maliciousness. The response to this from Ivan is that there are built in traffic throttling and packet-shaping security to reduce this as a threat (unless of course this capability is also subverted).

There were a group of hardware/design questions revolving around the crypto keys that OLPC developers use to access the internal software of the laptop (potentially also used for remote security updates?) - they are present in the hardware, so if a key gets "out," it cannot be revoked. I remember this being tried before with DVDs, which failed to work well. On the crypto note, there are potential export restrictions, as cryptography does remain classified as a munition.

Sean Coyne, a panelist from VulnerableMinds.com, also noted the similar capabilities between the US Army's goals for their Advanced War Fighter program and the OLPC - could it be a tool of a malicious government to use for their army, or for child soldiers? This may be a bit extreme, but with mesh networking, a 30fps camera and VOIP or text-chat communication, it's not totally left-field.

On the roll-out, this is a huge deployment of the new IPv6 standard, which is needed, but it, combined with the mesh network based on unformalized specifications, open up new and unique attack possibilities and denial of service risks. What if your house is the only link between a one server per school (and thus the Internet) and a large portion of your classmates' homes? What is the social side of mesh.

OLPC hackers
OLPC XO: a hacking holiday

The view-source key, which also allows interactive editing of the code itself, is of course a huge vector for attacks and annoyance. You can not only edit your own code, but you can also share it with your friends. I can only being to imagine the mass chaos this could lead to (thankfully there's a reboot-and-restore function!)

Security of course is heavily a social problem. It's hard enough to keep US computer users from clicking on emailed viruses, forwarding chain-mail, and not responding to 419 scams; we're about to bring millions of kids online and expose them to phishing problems, spam, an army of captcha-solvers, and all sorts of other potential malicious activity.

The same properties which could help web servers determine if a laptop is an OLPC to serve it potentially customized content for its unique screen properties reveal that the user of the remote machine is probably a child, who has an Internet connection, a camera and a microphone. There are definite concerns for online predation and exploitive (but potentially very profitable) child sex work.

Finally, there's a risk that the OLPC will succeed and create a worldwide surplus of skilled ICT professionals. What happens when there's no market to absorb this glut? Are we training a generation of hackers? This is a real problem, but we'll have a few years to prepare for it if OLPC ends up working - definitely something to keep an eye on.

Related Entries

10 Comments


--Begin Quote--
Finally, there's a risk that the OLPC will succeed and create a worldwide surplus of skilled ICT professionals. What happens when there's no market to absorb this glut? Are we training a generation of hackers?
--End Quote--

I can't believe you are seriously saying this!
Do you realize that what you are proposing is the equivalent of: 'lets keep people in developing countries illiterate so that they don't compete with the developed world'!!!

you should really be ashamed of yourself!

This was a concern brought up at shmoocon by an audience member. I think it brings up a valid point of basic econ - if you increase the supply of trained workers, either your demand must rise to meet it or the wages will fall, or unemployment will rise. I'd never argue what you posit; rather I'd say that if we have a project that's going to create a generation of highly skilled potential employees, then countries implementing such a project should also start working on policies to open up job opportunities for this upcoming generation. Whether the new jobs will be in existing traditional sectors, or through policies making it easier for them to set up entrepreneurial firms in the host countries, you have to provide a full-spectrum approach.

Its a big stretch of the imagination to think that just by supplying laptop computers to kids in developing countries that we'll end up with a surplus of 'skilled ICT professionals'.

Remember its an 'Education' project not a 'Laptop' project. The idea is to give students the ability to study any available course material which includes Maths, Art, Science, Biology, Chemistry, Music and many other less mainstream study fields.

Notice I didnt mention anything about IT?

Just as you look at a school in a wealthy country and see students studying diverse paths of learning you'll also see probably a similar percentage in poor countries. More likely they'll study subjects that will help them help their own people like aquaculture, agrarian farming, socio-economic reforms or even teaching...just to close the loop.

Its conceited to think that just because someone uses a laptop they'll automatically become ICT specialists.
More likely there'll be a suplus of intelligent and knowledgeable people.

"The idea is to give students the ability to study any available course material which includes Maths, Art, Science, Biology, Chemistry, Music and many other less mainstream study fields."

Be nice if there was any. Right now all they have is Squeak and Wikipedia.

1. It's an educational project.

2. Wikipedia already includes Maths, Art, Science, Biology, Chemistry, Music and many other less mainstream study fields not to mention of Squeak.

3. Newly born educated people will take birth of their own market.

In Korean saying...구더기 무서워서 장 못담그나?

The DVD example is sheer nonsense. No, there are no keys to "get out" in the XO, and no, the mechanisms we use have basically no similarities whatsoever to DVD/CSS protections, other than they both use crypto. CSS was doomed to fail from the start, as was obvious to much of the security field.

Ivan - Can you explain or recommend a source that talks more about the "developer key" situation? Scott Roberts I believe is who brought this up at Shmoocon, that there are keys (or perhaps hashes?) in the XO hardware, meaning that key revocation for these is difficult, to say the least. Perhaps he misrepresented something or I misunderstood (and lamentably the plenary wasn't long enough for all the questions).

The Bitfrost spec covers this. I think Scott misunderstood what the developer keys do, or how they work. There are no per-laptop keys of any kind in the hardware.

Ah! excellent; I did q quick grep through the spec and didn't get a good sense of the mysterious "developer keys," so thanks for clearing that up. After all the mind-bending work you explained for the security system, hardware keys seemed at best out of character.

As an armchair security enthusiast ( is there any other kind? ;) ), I want to point out that, at the end of the day, social engineering is still the best way to swindle people.

However, in this case, the use of our lovely machine ensures that its users (the kids) do become a lot lot smarter, thereby making them less susceptible to any kind of attack.

So it actually is the ultimate meta-security model - ensuring that continued use of the device makes the user less likely to make security errors.

Close