[OLPC Security] Comments on the security properties of Scott's lease-delegation scheme

Discussion:

Michael Stone

2008-07-09 17:51:42 UTC

Scott recently proposed that we extend our theft-deterrence lease scheme
with delegation features so that we can generate short leases on demand
from locally available infrastructure like school servers. This feature
permits countries to deploy theft-deterrence features more broadly
WITHOUT concurrently deploying global connectivity to the OLPC Global
Theft Deterrence Server (GTDS). Here are my thoughts on the security
implications of the proposal (and on what, _exactly_, we are proposing
to offer to our clients.)

1. If the attacker wishes to resell "working" laptops (rather than, say,
components), then deploying this scheme may force attackers to
circumvent theft-deterrence protections more quickly.

- Note: the scheme DOES NOT increase the cost to circumvent
existing protections.

2. As more trust is placed in local infrastructure, it becomes easier to
circumvent theft-deterrence protections.

- We now trust, for example, that the school server (XS) can keep
secrets from its users.

- If, in the future, the XS begins to generate time data trusted by
the XOs, then we will also be forced to trust that the XS can keep
correct time where, formally, we only trusted that XOs and the
GTDS could do so.

- We introduce change into a trusted code base. This change could
potentially fix latent bugs but seems more likely to me to
introduce new bugs.

3. The major security effects derive from rearranging and hopefully
reducing the support costs of the theft-deterrence system (e.g. by
exchanging the cost of providing connectivity to the OLPC GTDS for the
cost of maintaining public key infrastructure) rather than as a result
of any technical improvement in the security afforded by the design or
the software.

Comments?

Michael

P.S. - Aspects of this mail incorporate personal feedback given to me by
Ivan.

Benjamin M. Schwartz

2008-07-09 18:09:32 UTC

Permalink

I find this e-mail is vague to the point of incomprehensibility.

Michael Stone wrote:
| 1. If the attacker wishes to resell "working" laptops (rather than, say,
| components), then deploying this scheme may force attackers to
| circumvent theft-deterrence protections more quickly.

Vague. What do attackers have to do more quickly? Clearly reprogamming
the SPI flash can be done even after all the timeouts expire, so you must
be thinking of something else.

| 2. As more trust is placed in local infrastructure, it becomes easier to
| circumvent theft-deterrence protections.

In places without an internet uplink, there is presently no
theft-deterrence protection to circumvent. This would introduce some.
Schools with internet access need not alter their operations at all.

| 3. The major security effects derive from rearranging and hopefully
| reducing the support costs of the theft-deterrence system (e.g. by
| exchanging the cost of providing connectivity to the OLPC GTDS for the
| cost of maintaining public key infrastructure) rather than as a result
| of any technical improvement in the security afforded by the design or
| the software.

I would say that the main security effects derive from introducing theft
deterrents in places without internet access. Currently, there is no
technical deterrent to theft in these schools.

Calling this an exchange of connectivity for PKI is bizarre. There is
only an "exchange" if schools that would have had internet access will be
denied it as a result of this infrastructure. From my contact with
deployment teams, that seems tremendously unlikely.

- --Ben

Michael Stone

2008-07-09 19:40:25 UTC

Permalink

Post by Benjamin M. Schwartz
I find this e-mail is vague to the point of incomprehensibility.
| 1. If the attacker wishes to resell "working" laptops (rather than, say,
| components), then deploying this scheme may force attackers to
| circumvent theft-deterrence protections more quickly.
Vague. What do attackers have to do more quickly? Clearly reprogamming
the SPI flash can be done even after all the timeouts expire, so you must
be thinking of something else.

Replacing the SPI flash is a means of circumventing the theft-deterrence
protections. My claim is that the point of the scheme is to force
attackers who wish to resell laptops running something like our software
to employ such a circumvention.

Post by Benjamin M. Schwartz
| 2. As more trust is placed in local infrastructure, it becomes easier to
| circumvent theft-deterrence protections.
In places without an internet uplink, there is presently no
theft-deterrence protection to circumvent. This would introduce some.

False. Leases can be delivered by any means capable of conveying bits;
in particular USB courier.

Post by Benjamin M. Schwartz
Schools with internet access need not alter their operations at all.

Perhaps. In the presence of delgation, can attacks on a school server at
one school lower the cost of stealing laptops from another source?

Post by Benjamin M. Schwartz
| 3. The major security effects derive from rearranging and hopefully
| reducing the support costs of the theft-deterrence system (e.g. by
| exchanging the cost of providing connectivity to the OLPC GTDS for the
| cost of maintaining public key infrastructure) rather than as a result
| of any technical improvement in the security afforded by the design or
| the software.
I would say that the main security effects derive from introducing theft
deterrents in places without internet access. Currently, there is no
technical deterrent to theft in these schools.

As described above, regular internet access is not necessary for
deploying passive-kill. It is necessary for deploying active-kill. It
permits you to issue leases with shorter lifetimes which, it is argued,
will raise the cost of selling stolen laptops (and hence deter laptop
theft.)

Post by Benjamin M. Schwartz
Calling this an exchange of connectivity for PKI is bizarre. There is
only an "exchange" if schools that would have had internet access will be
denied it as a result of this infrastructure. From my contact with
deployment teams, that seems tremendously unlikely.

I believe that would be an exchange of benefits. I was talking about
simple change in the nature of the kind (and hopefully scale) of costs
that must be paid off in order deploy a theft deterrence system with
short leases.

Michael

Carl-Daniel Hailfinger

2008-07-10 00:21:16 UTC

Permalink

Post by Michael Stone

So you both are saying that right now theft deterrence
- can be circumvented easily even without hardware modifications and
- does not even exist in some places.
Ouch.
That's not security, it's a disaster.

I really hope this is not the case.

Regards,
Carl-Daniel

--
http://www.hailfinger.org/

C. Scott Ananian

2008-07-10 11:15:05 UTC

Permalink

There is no perfect security. All "security" is a measure of 'cost to
circumvent', and those costs are evaluated over many axes, with
different evaluation functions in different places. Delegations are
bound to a serial number, so they do not affect security unless you
decide to employ them for a particular laptop. There may be contexts
in which the school server cannot be trusted; don't delegate to that
school server, then. But in some places, you can trade off greater
required school server security for the ability to issue shorter
leases, and there are "cost functions" for which this results in
improved "security".

As Martin says, theft-deterrence will always be an ongoing cat and
mouse game. This is just the next step, which allows us to explore
corners of the tradeoff space we couldn't previously.
--scott

--
( http://cscott.net/ )