Communications security: Difference between revisions

This page documents work that has been done to formulate a good description of OLPC's goals in the field of communications security. To this end, we will begin with some paraphrases and quotes from Bitfrost that seem appropriate, then offer a subdivision of the term "communications security" into more primitive notions, and finally, we will present and reflect on some simple use cases.

Reflections from Bitfrost

• ...the intent of our complete software security model is that it "tries to prevent software from doing bad things": e.g., attempt to damage the machine, compromise the user's privacy, damage the user's information, do "bad things" to people other than the machine's user, and lastly, impersonate the user
• there's no trust mapping between people and software: trusting a friend isn't, and cannot be, the same as trusting code coming from that friend
• the security of the laptop cannot depend on the user's ability to remember a password (though passwords may be used by more advanced users)
• authentication of laptops or users will not depend upon identifiers that are sent unencrypted over the network
• ...users will be identified... without a certified chain of trust

Security Properties of Communications

"Secure communications" can be thought of in terms of

• the logical security of communications channels (e.g. can I forge messages, read confidential messages, perform traffic analysis, ...),
• the isolation properties of the network/node interface, and
• the physical security of a human carrying a networked laptop (e.g. can the laptop be physically located by analyzing its communications).