BitFrost Overview

Introduction to Bitfrost

  • The XO is capable of connecting both to the internet and other XOs using mesh networking
  • We hope to be able to take advantage of these capabilities to develop interesting and useful networked applications
  • A solid security API and methodology is required to provide these networked interactions with reliable security that is highly compatible and unobtrusive
  • In order to achieve this we have chosen the BitFrost approach to networked OLPC coding

Principles of BitFrost

  • Open design : The laptop's security must not depend upon a secret design implemented in hardware or software.
  • No lockdown : Though in their default settings, the laptop's security systems may impose various prohibitions on the user's actions, there must exist a way for these security systems to be disabled. When that is the case, the machine will grant the user complete control.
  • No reading required : Security cannot depend upon the user's ability to read a message from the computer and act in an informed and sensible manner. While disabling a particular security mechanism ''may'' require reading, a machine must be secure out of the factory if given to a user who cannot yet read.
  • Unobtrusive security : Whenever possible, the security on the machines must be behind the scenes, making its presence known only through subtle visual or audio cues, and never getting in the user's way. Whenever in conflict with slight user convenience, strong unobtrusive security is to take precedence, though utmost care must be taken to ensure such allowances do not seriously or conspicuously reduce the usability of the machines. As an example, if a program is found attempting to violate a security setting, the user will not be prompted to permit the action; the action will simply be denied. If the user wishes to grant permission for such an action, she can do so through the graphical security center interface.

Goals of BitFrost

  • No user passwords : With users as young as 5 years old, the security of the laptop cannot depend on the user's ability to remember a password. Users cannot be expected to choose passwords when they first receive computers.
  • No unencrypted authentication : Authentication of laptops or users will not depend upon identifiers that are sent unencrypted over the network. This means no cleartext passwords of any kind will be used in any OLPC protocol and Ethernet MAC addresses will never be used for authentication.
  • Out-of-the-box security : The laptop should be both usable and secure out-of-the-box, without the need to download security updates when at all possible.
  • Limited institutional PKI : The laptop will be supplied with public keys from OLPC and the country or regional authority (e.g. the ministry or department of education), but these keys will not be used to validate the identity of laptop users. The sole purpose of these keys will be to verify the integrity of bundled software and content. Users will be identified through an organically-grown PKI without a certified chain of trust — in other words, our approach to PKI is KCM, or key continuity management.
  • No permanent data loss : Information on the laptop will be replicated to some centralized storage place so that the student can recover it in the event that the laptop is lost, stolen or destroyed.

The full BitFrost Specification can be found here

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License