[OLPC Security] "Correlating bitfrost and threats"

Ivan Krstić krstic at solarsail.hcs.harvard.edu
Tue Jul 31 15:28:54 EDT 2007 

On Jul 30, 2007, at 7:07 PM, Jameson "Chema" Quinn wrote:
> Not true. As I state in the talk page of the wikipage that started  
> this thread, I could give 4 pieces of key to other random laptops  
> from the same batch, of which any 2 pieces were sufficient.

Secret sharing is too complex for the short term.

> Obviously, a committed big-brother could still twist two kids' arms  
> and convince the rest to ignore the message. But that doesn't scale  
> well to stealing EVERYONE's data and mining it, which is the real  
> threat.

Countries ordering the laptops have control over the bits in their  
software image. If a secret sharing system was put in place to deter  
their snooping and they were intent to snoop, they could trivially  
remove the secret sharing system from the code.

In fact, anything but _obvious_ protection against accidental or  
uncoordinated attacks by the purchasing governments is explicitly  
outside of the threat model, because the purchasing governments can  
simply disable the security system in its entirety, should they so  
choose.

> And what, the server just deletes the key at that moment? And then  
> re-encrypts all the backed-up files and deletes the old copy? Hmmm...

A malicious, compromised server could retain the information  
permanently. This is outside of the threat model; when children  
become old enough to be made uneasy by their key resting on the  
school server, they will be able to use the password mechanism to  
create a new encryption keypair and not share it with the server at all.

> If you want security for your key, you need to have it from day 1,  
> you can't patch it back up later.

You don't need security for your initial key if you can trivially  
generate a new key later.

> I think the extra hassles it introduces are minor, when you  
> consider that without it the kids have NO SUBSTANTIAL PROTECTION  
> WHATSOEVER versus snooping.

This strikes me as obviously false, so please clarify your threat model.

Cheers,

--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org

More information about the Security mailing list