[OLPC Security] Comments on the security properties of Scott's lease-delegation scheme
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2006 at gmx.net
Wed Jul 9 20:21:16 EDT 2008
On 09.07.2008 21:40, Michael Stone wrote:
> On Wed, Jul 09, 2008 at 02:09:32PM -0400, Benjamin M. Schwartz wrote:
>
>> I find this e-mail is vague to the point of incomprehensibility.
>>
>> Michael Stone wrote:
>> | 1. If the attacker wishes to resell "working" laptops (rather than, say,
>> | components), then deploying this scheme may force attackers to
>> | circumvent theft-deterrence protections more quickly.
>>
>> Vague. What do attackers have to do more quickly? Clearly reprogamming
>> the SPI flash can be done even after all the timeouts expire, so you must
>> be thinking of something else.
>>
>
> Replacing the SPI flash is a means of circumventing the theft-deterrence
> protections. My claim is that the point of the scheme is to force
> attackers who wish to resell laptops running something like our software
> to employ such a circumvention.
> [...]
>
>> | 3. The major security effects derive from rearranging and hopefully
>> | reducing the support costs of the theft-deterrence system (e.g. by
>> | exchanging the cost of providing connectivity to the OLPC GTDS for the
>> | cost of maintaining public key infrastructure) rather than as a result
>> | of any technical improvement in the security afforded by the design or
>> | the software.
>>
>> I would say that the main security effects derive from introducing theft
>> deterrents in places without internet access. Currently, there is no
>> technical deterrent to theft in these schools.
>>
So you both are saying that right now theft deterrence
- can be circumvented easily even without hardware modifications and
- does not even exist in some places.
Ouch.
That's not security, it's a disaster.
I really hope this is not the case.
Regards,
Carl-Daniel
--
http://www.hailfinger.org/
More information about the Security
mailing list