Ivan Krstić was the security chap working on the One Laptop Per Child scheme, and is now working for Apple.

In 2007 he did a talk about the security spec for the computer, as noted in this website article.

"SAN FRANCISCO — Ivan Krstić mission to make the $100 laptop a monoculture of impossible targets shifted into high gear with the public release of Bitfrost, an architecture-level specification covering the OLPC (One Laptop Per Child) security model.

Krstić delivered the spec at the RSA security conference here and sounded a call for security research professionals to pick it apart, provide feedback and pitch in to help secure the notebook machines from malicious hackers.

Bitfrost, which gets its name from Norse mythology, provides a comprehensive overview of the security model, which covers everything from use of passwords, hard drive encryption, machine authentication, security updates and data loss prevention.

In an interview following his RSA conference presentation, Krstić said the spec was created with input from about a dozen well-known security pros. "Let's face it, this project will have enemies. We're shipping these machines to countries with political instability so we're assuming there are real attackers interested in hacking into killing these machines. We had to look at all the potential attack angles," he explained."


If this is the future for computer security, I wonder how it will affect naughty people who like to gain unauthorised access as well as the nature of malware and networking...
...Especially if coupled with a new and secure internet [as is so commonly the case in cyberpunk literature].

Did you use secure & internet together?!! HAHAHAHA... and I work on some really secure systems, but as long as they are exposed to a network which publically connects, and there are people with the desire to get into places which they aren't supposed to, we'll never have a 100% secureinterweb. In all reality, a good portion comes from training and education, because well... PEBKAC. Until its a world of robots I think we'll have this problem.

As a security professional, I can assure you, this is not going to put me out of the job. Some of these are actually at cross-purposes. Automatically backing up all data supports availability of data, but has a cost in confidentiality. Even if it's encrypted, if I have something like my medical files on my computer, I would rather lose my soft copy than double the risk of their being broken (by hosting it in two sites, one of which is out of my control).

Every time you say that some thing is "Hacker proof", they tend to make a better Hacker. (Same goes for "idiot proof" but that is another rant). There are two things that will always happen in the network security world. First security will always be at least 1/2 step behind the pirates trying to get into your systems, this is because companies don't take a proactive approach to network security (it is too expensive in their eyes). Second social hacking will always be a threat. You have have the best security in the world but if some exec can't think of a better password then "password", someone will still get in (again I could rant about "idiot proof" but that would be a distraction from the topic at hand).

It looks like that today's pirates are highly specialized in one very specific program and as such they tend to be the best at subverting that program in order to get access (no matter what protection you use). Your best defence is to stay up to date, cycle your passwords, use long and effective passwords (mixture of letters and numbers, that are functionally "random"), and report ANY security violation to your security representative (in fact keep reporting it till they do something about it). Remember to keep sensitive data offline if possible (if they can't access it then they can't steal it) and don't complain if corporate information is behind several password protected barriers (corps need to protect the crown jewels).

I own an example of the OLPC hardware platform, so I'm getting a kick out of these replies. Bitfrost isn't a bad system, FWIW. the key is that there's so few OLPCs out there, it really isn't worth subverting them for whatever nefarious purpose you have in mind.

add to the fact that less than half of them have a 24/7 internet connection, it's really not terribly profitable platform to attack.

sociopolitical concerns such as censorship and spying don't really apply to Bit frost, as that is really a network issue, and it will continue to be until OLPC releases a Tor client.

the OLPC project was crippled badly by mismanagement. they tried to be superman, while at the same time excluding all the commercial giants that really could have helped them (Intel). they stuck to their principles, and ended up sinking.

/thing is way underpowered hardware-wise for my tastes. 256mb of ram? seriously?

You can make completely secure systems... but no one would use them. They have to be usable first, usablility and security often conflict thus we end up with something thats a compromise. Theres no magic about it, we just have to live with the more user friendly it is the easier it will be to crack.

Which is why I'm a fan of biometric security. If implemented properly, it is very user friendly (ie I don't have to remember any passwords) and it is bloody hard to hack.
The same trade off between security and user friendliness is mirrored by the trade off between privacy and convenience. I would love to have all my info in a cloud computer so that I can access it from any computer in the world at any time. But doing that automatically means there will be people that have access to my personal info.

And then you get a nasty cut on your thumb or index finger and are locked out of your computer for weeks. Or you go down the gym and can't use your PC for a couple of hours. Thanks, but no thanks.

http://www.youtube.com/watch?v=E20lHqbWqN4

Which isn't much different from losing your key and being locked out of your house/gym locker, losing your passcard and being unable to login, etc.

For most uses, a thumbprint reader is more than sufficient [unique, portable, hard to lose] - but nothing is 100% secure.
As with all things, the ratio of difficulty and benefit and cost is the only thing that matters.

You can decrypt anything, if you want to wait long enough...
...A DNA only needs a few drops of blood/spit/etc to be bypassed...
.....RFID chips for contactless use can be read and cloned with cheap electronics gear.

If you have to kidnap someone or physically remove their eyeballs to be able to impersonate someone, then the security is more than good enough as the bypass is sufficiently difficult enough to deter the casual thief.

If there's one thing I've learned over a long period of time associating with security junkies, it's that any biometric system is only has hard to hack as the weakest point. It may be time-consuming and difficult to hack the biometric portion, but if the software - to say nothing of the locking system itself - can be fooled electronically or via cross-wiring hardware, all of that effort is for nothing.

You could have the world's best DNA scanner, but if the locking mechanism itself can be hotwired, it's worthless.

So how do you revoke the key if the biometric control is compromised?

I.E. If someone has your print, how do you generate a new one?

- J.

Mythbusters covered this quite well....
http://www.youtube.com/watch?v=E20lHqbWqN4

- J.

Delete the old record a take a new scan from a different part of your body, I'd think.

The biometric systems were really bad, but the technology is advancing quickly. Of course though, as smart as we get, the smarter the thieves get.

The best solution is multiple methods of verfication - password, ID/token AND biometrics. Unfortunately, as pointed out, if someone's information is compromised, the only solution is to sand off the person's fingerprints and let them regrow a new print (or alternatively, kill the person). Assuming biometrics is either the ONLY tool to be used, or on the other hand, a tool to be used without backups, is setting things up for a critical security failure.

The added convince and user friendliness of a biometric reader far out ways the current security risks. With time there will be better biometric locks that can't be bypassed with latex. Again you can always add additional layers such as RFID tags, and yes the dreaded PIN. Plus I would like to point out you need to get a person's fingerprint in the first place. A fingerprint on a glass is about as effective as a house key in a Ney York gutter, how do you know what doors it will open? With added paranoia around people stalking you, you can take additional measures to protect stuff. The key is always to make it more trouble then it is worth to get at your valuables. If someone else is an easier target, guess what! the crook will go after them instead.

It is like the story of the two hikers and the bear, I don't need to outrun the bear, I need to outrun the other hiker.

While user-friendliness is an important metric, when it comes to security it cannot hope to compare to actual effectiveness.



If I lift a fingerprint off the plastic case of a laptop or in your home (or office space), I really don't have to make many guesses to figure out what the fingerprint will open.

If your lifting off a fingerprint off a laptop or inside a home, I'm already hooped. You have already either stolen my laptop or broken into my home.

I run openBSD as my desktop, behind two routers, running openBSD, and a managed switch, and I still do not consider myself secure. Security is a lot of giving up convenience, and as long as people want things to be easy, computers will remain insecure.

Maybe, but if your data is encrypted stealing your laptop doesn't matter. Getting the fingerprint to decode it does. The data can be worth more than the hardware, very easily.

So you're saying biometrics are 100% effective, as long as the attacker doesn't have access to the computer.

I can agree with that, at least.

Nothing is 100% effective...
...But it can be realistically 100% effective - it all depends on how much time and effort you want to use, to get the result you want.

Keys, kasswords, etc work because it's easier to use the key than pick the lock, it's why thieves avoid some cars and steal others.

To paraphrase, "I don't have to be the most secure to avoid being a target, just more secure and less of a target than the other guy"

Need access to someone's computer, but it's passworded ??
Let them login, then get them away from their computer [fire alarm is good] - job done.

Need a DNA sample for access ??
Physically bypass the sensor/electronics.

It's why computers tend to have high security between them and other systems, but lesser security internally - the processing load would be such as to make the system almost unusable [which is effectively how DDOS attacks, from what I gather].

dude, stop stealing my links

Crunch mode is not fun.


Uh-huh. So, who's the locksmith for your thumbprint?


Uh-huh. Being locked out of your house/computer whilst you thumb heals from an accident whilst cooking is "convenience". Not being able to go home after lifting weights is "convenience".

Not all biometric systems are bad (especially if you have combination), but I don't enjoy being lock in a bullet proof phone both size room just because I cant get my heart rate to be within tolerance of when they took my bio readings.

Good point, actually.

One of the biggest things against the ID card being forced on us Brits is that although it will be compulsory to have an ID card and there are places to have the biometrics recorded, there are very few places where that info can be read.

So 1) the biometric data is only as good as the recording and 2) it's wasted if the data can't be read.