« Previous Topics December 2009Future Topics »

One Laptop Per Child Impact

For Real OLPC Impact, We Need Infrastructure

Reflections on the Success of OLPC in Education

OLPC Showed Childrens Computer Security is Possible

Winter

Computer malware is a big problem to society. When this is discussed in relation to children and the Internet (or politicians or parents), the advice has always been: updates, AV software, and firewalls for the computer and rules, restrictions, and filters for the children. With a special emphasis on installing more software and more updating. Illustrations of this attitude can be found in:

• Child Safety Online – Prevention Guidelines
• Cyber Security Tip ST05-002: Keeping Children Safe Online
• Computer Security for Children

But, is user education working? Obviously, primary school children (and older) cannot be made responsible for installing and managing security updates, AV software, and firewalls. In this view, getting millions of children in developing countries on-line on laptops they have to use unsupervised at home seems to be nothing short of a crime against humanity. Yet, is it really impossible to create a computer environment that can not only be used safely by children, but also managed safely by children?

All these security advices are very sensible given the current ICT landscape. But, these advices can also be seen as blaming the victim by the commercial software industry. This has been doubly insulting as most security problems, eg, the mere existence of computer viruses, is the result of the (very) bad coding practices and short sighted design decisions of commercial software companies. As a result, the complete AV industry catering to end-users is widely mistrusted. Its very existence has been seen as a stopgap for irresponsible coding practices

So it was a pleasant surprise to see the OLPC security model, Bitfrost.

Bitfrost was a design that started with a “the user cannot do wrong” approach to security. It showed how you could actually build a user-friendly computer that gave children full control over their laptop and, at the same time, made the laptop as secure as any security professional’s private laptop could ever be. Here is a summary of the principles and goals of the Bitfrost design from the wikipage.

Bitfrost Principles:

• Open design:The laptop’s security must not depend upon a secret design implemented in hardware or software
• No lockdown: Though in their default settings, the laptop’s security systems may impose various prohibitions on the user’s actions, there must exist a way for these security systems to be disabled
• No reading required: Security cannot depend upon the user’s ability to read a message from the computer and act in an informed and sensible manner
• Unobtrusive security: Whenever possible, the security on the machines must be behind the scenes, making its presence known only through subtle visual or audio cues, and never getting in the user’s way

Bitfrost Goals

• No user passwords: With users as young as 5 years old, the security of the laptop cannot depend on the user’s ability to remember a password.
• No unencrypted authentication: Authentication of laptops or users will not depend upon identifiers that are sent unencrypted over the network
• Out-of-the-box security: The laptop should be both usable and secure out-of-the-box, without the need to download security updates when at all possible
• Limited institutional PKI: The laptop will be supplied with public keys from OLPC and the country or regional authority (e.g. the ministry or department of education), but these keys will not be used to validate the identity of laptop users
• No permanent data loss: Information on the laptop will be replicated to some centralized storage place so that the student can recover it in the event that the laptop is lost, stolen or destroyed.

These are all rather common sense starting points for any security system. And anyone who has experienced the trials and tribulations of securing an off-the-shelve computer system will immediately ask why this is not implemented in all computer systems sold? This is not the placed to go down that road. Suffice it to say that the Bitfrost principles and goals are all feasible with todays technology.

The implementation details might seem rather arcane, but they follow logically from the above lists. The Bitfrost document is a good read for anyone who wants to get a feeling how computer security should be done. Below there are some other links for further reading on this subject.

Further Reading:

• The Next 50 Years of Computer Security: An Interview with Alan Cox
• Aligning Security and Usability
• Reusability of Functionality-Based Application Confinement Policy Abstractions
• Bitfrost: The One Laptop per Child Security Model
• Understanding Android Security

Ivan Krstić must be recommended for creating a design that includes most of the state-of-the-art security knowledge but is still feasible on a small device. The security models for Apple’s iPod and Google’s Android and Chrome OS follow a similar design (Ivan Krstić currently works for Apple), but Bitfrost is even less forgiving to security breaches.

I think that Bitfrost will be one of the lasting legacies of the OLPC. As evidence that you can design a computer platform from the ground up that is both secure out of the box, and can be used and managed with ease, even by a child. There is no excuse anymore not to produce usable and secure software stacks.

Written by Winter on December 14, 2009 in One Laptop Per Child Impact.
Tagged: Authentication Bitfrost Child Safety Cyber Security firewall Ivan Krstić malware OLPC Security Model Porn security Winter | Trackbacks