[OLPC Security] Anti-theft and Anti-Sale ideas for Nepal
Bipin Gautam
bipin.gautam at gmail.com
Sun Feb 18 13:52:48 EST 2007
On 2/18/07, Simson Garfinkel <simsong at acm.org> wrote:
> >
> > like... the laptop should compulsarily register itself to the villege
> > server (say, as n school attendance/roll call) in say every 1 month
> > atlest. And the village server will send it a SIGNED digital
> > certificate as its attendance token that will expire in 1 month. Say,
> > the attendance can be done manually or automatically. In this case
> > say... if the laptop misses attendance for more than 1 month the
> > laptop will automatically be de-activated. The laptop reported as sold
> > or stolen wont get the certificate token. Kernel and firmware
> > modification can only be done by proper validiation of personal
> > identity by teachers etc on request immidiately or the person has to
> > wait for atlest say 3 months before he/she gets a developer key.
> >
> > Looks like n foolproof theory to me lol ;)
>
> Hi, Bipin. It is somewhat difficult for me to understand your text
> above.
>
> However, I'm pretty sure that the system that OLPC has designed is
> the same as the system that you have proposed above.
>
>
Hie Simson,
again on second reading of P_THEFT protection mechanism it is pritty
much same except the intranet thing for authenciation instead of
internet. ;(
I'm sure such problem is NOT just for Nepal. In that case instead of
having internet for authenciation wouldnt it be better if OLPC has an
mechanism to inforce P_THEFT mechanism through P2P?
say a P2P daemon would run in every XO. It will make request to other
XO in negbourhood for the latest cryptographic token for that region.
Say, XO can automatically download and anounce the availibility of new
toke in negbourhood. The token will have activation for another 21
days. The cryptographic token will also have known signatures for
known stolen/sold laptops. P_THIEF daemon will also monitor for any
tampering (or skew) in system time and make an adjustment accordingly.
(maybe roughly based on timestamp of the new cryptographic token and
warn users to make approperiate date/time adjustments as we cant have
a centralized NTP server
views?
-bipin
More information about the Security
mailing list