[OLPC Security] Grey Markets and Migratory Fraud Threat

Mike C. Fletcher mcfletch at vrplumber.com
Mon Oct 15 15:00:27 EDT 2007 

This attack vector occurred to me a few days ago and I haven't yet 
figured out what defense we have against it (it may be there, I may have 
just missed it)...

We will have a number of deployment locales where one or both of the 
following situations applies:

    * significant migratory population, via cultural preference,
      refugees and the like
    * poorly functioning school registration system

in each of these situations, there exists an opening for families to 
practice fraud in order to acquire multiple laptops, with the intention 
of selling one or all of them on the black market.

Migratory populations exist, so that's not likely a point of contention, 
wars, famine and culture all produce people who are normally traveling. 
Poorly functioning registration systems may or may not exist in any 
given locale, but anecdotal evidence suggests that some countries do not 
even have a particularly good idea of how many children are enrolled in 
their schools, let alone which particular children have enrolled, or 
what resources have been allocated to them.

The vector of attack is simply described for the migrant case. A family 
moves to a town, enrolls their children in the local school and receives 
a laptop. They then move, enroll their children in the local school, and 
receive another laptop. They may elect to ask to have the laptop 
unlocked, as they are intending to move to another country, but that 
isn't necessary. Because the child is not expected to return to the 
school, their laptop will not get reported stolen, so will continue to 
validate with the country's central server.

The poorly functioning registration system case works in the same basic 
way. A family registers their children at two schools in the area. The 
child receives a laptop from each school and sells one machine. Both 
schools see the child with a laptop when/if they show up, so the second 
laptop is never reported stolen/lost.

Possible mitigation strategies:

    * Use of central registry by:
          o Name (easily circumvented by changing spelling, or just
            giving a different name)
          o Biometrics (too involved, expensive, serious privacy issues)
          o Parent's names, child's names, etceteras (again,
            circumvented easily in most countries where the attack is
            valid, some privacy issues, but not as problematic)
    * No laptops for migrants?
          o Unacceptable
    * Migrant users get laptops from a single source?
          o Hardship and/or significant delay
          o Still need to verify identity, it's just easier to manage
            that verification
    *  Minimum time in a school before getting a laptop?
          o  Reduces frequency with which fraud can run, but cost of the
            laptops is high enough that a family in some countries could
            easily support itself by running the fraud once a month
    *  Only handing out laptops on day x of the school year (country
      wide), and only if the child comes to school for those x days
          o  Reduces possible fraud frequency to once/year
          o Still allows fraud via showing up for y/x days to each of
            two schools
    * Provide a registration system that tracks children's progress
          o Disable laptops that are no longer progressing through
            school and which have not graduated?  (seems incompatible
            with the idea of the children owning them and post-school
            usage of the laptops, assumes functioning school system)

Anyway, just wondering if we have a planned approach on this one...
Mike

-- 
________________________________________________
  Mike C. Fletcher
  Designer, VR Plumber, Coder
  http://www.vrplumber.com
  http://blog.vrplumber.com

More information about the Security mailing list