[OLPC Security] Grey Markets and Migratory Fraud Threat
Mike C. Fletcher
mcfletch at vrplumber.com
Mon Oct 15 15:00:27 EDT 2007
This attack vector occurred to me a few days ago and I haven't yet
figured out what defense we have against it (it may be there, I may have
just missed it)...
We will have a number of deployment locales where one or both of the
following situations applies:
* significant migratory population, via cultural preference,
refugees and the like
* poorly functioning school registration system
in each of these situations, there exists an opening for families to
practice fraud in order to acquire multiple laptops, with the intention
of selling one or all of them on the black market.
Migratory populations exist, so that's not likely a point of contention,
wars, famine and culture all produce people who are normally traveling.
Poorly functioning registration systems may or may not exist in any
given locale, but anecdotal evidence suggests that some countries do not
even have a particularly good idea of how many children are enrolled in
their schools, let alone which particular children have enrolled, or
what resources have been allocated to them.
The vector of attack is simply described for the migrant case. A family
moves to a town, enrolls their children in the local school and receives
a laptop. They then move, enroll their children in the local school, and
receive another laptop. They may elect to ask to have the laptop
unlocked, as they are intending to move to another country, but that
isn't necessary. Because the child is not expected to return to the
school, their laptop will not get reported stolen, so will continue to
validate with the country's central server.
The poorly functioning registration system case works in the same basic
way. A family registers their children at two schools in the area. The
child receives a laptop from each school and sells one machine. Both
schools see the child with a laptop when/if they show up, so the second
laptop is never reported stolen/lost.
Possible mitigation strategies:
* Use of central registry by:
o Name (easily circumvented by changing spelling, or just
giving a different name)
o Biometrics (too involved, expensive, serious privacy issues)
o Parent's names, child's names, etceteras (again,
circumvented easily in most countries where the attack is
valid, some privacy issues, but not as problematic)
* No laptops for migrants?
* Migrant users get laptops from a single source?
o Hardship and/or significant delay
o Still need to verify identity, it's just easier to manage
* Minimum time in a school before getting a laptop?
o Reduces frequency with which fraud can run, but cost of the
laptops is high enough that a family in some countries could
easily support itself by running the fraud once a month
* Only handing out laptops on day x of the school year (country
wide), and only if the child comes to school for those x days
o Reduces possible fraud frequency to once/year
o Still allows fraud via showing up for y/x days to each of
* Provide a registration system that tracks children's progress
o Disable laptops that are no longer progressing through
school and which have not graduated? (seems incompatible
with the idea of the children owning them and post-school
usage of the laptops, assumes functioning school system)
Anyway, just wondering if we have a planned approach on this one...
Mike C. Fletcher
Designer, VR Plumber, Coder
More information about the Security