[OLPC Security] "Chilling Effects" paper at USENIX

Steffen Schulz pepe_ml at gmx.net
Wed Apr 9 16:32:32 EDT 2008 

Hi all,

If you ask me(I know you didn't), I think the paper is a little too
pessimistic.

Going to a conference like that with all these issues that mostly build
up on a incomplete/problematic spec of P_IDENT...I don't know..
Although it's of course the right approach to assume the worst when the
product is shipping while the security spec and implementation is not
finished..


Anyway. I wrote up some more detailed comments, but it doesn't really
make sense to speculate on plans and implementations. So the main
points of the paper, I think, that need to be adressed, are:

o reduce trust into backup servers
  Don't publish prv keys of created identities at all. Instead:
   - one could trust the server to do encryption as it sees fit
   - the client can optionally password-protect the backup
   - data gets a salted HMAC, not a signature
   - the data is transmitted on a channel with mutual auth+enc

o useful P_IDENT
  Obviously, not everything can and be signed+encrypted(think http).
  A useful approach may be to
   - allow every app to use protected channels, e.g. by asking a key
     negotiation service to create ephermal strong enc+auth keys.(eg IKE)
   - support authentication via key continuity management
   - have a seperate sign() capability for apps that want to sign
     documents(e.g. homework), with optional pw-protection

  This will of course allow impersonation of users if someone else uses
  their laptop, but this is a very obvious concept that kids will
  understand. They will also understand that a Password may help here.

o explicit support for anonymity+privacy
  If the above issues are solved, anon+priv are not *that* much of a
  problem. But still, I like idea of explicity supporting privacy in
  local and global communication.  This heavily depends on the appl.
  protocols, the easiest solution would probably be to just install a
  tor client that can be activated on demand.  This may be a problem
  for governments that would otherwise like to buy the laptop, so it
  should probably be optional.


The very first issue of the paper is the very rough specification. If
you would give more details on how you plan to do things, eg showing
real protocol details, referring to existing standards etc, it would be
much easier to comment, suggest and implement. Or maybe I just missed
the wiki page or IRC channel where this is done?


Best regards,
Steffen

More information about the Security mailing list