Communications security: Difference between revisions
mNo edit summary |
mNo edit summary |
||
Line 11: | Line 11: | ||
== Security Properties of Communications == |
== Security Properties of Communications == |
||
"Secure communications" can be thought of in terms of |
"Secure communications" can be thought of in terms of the logical security of communications channels, the isolation properties of software engaged in communication on physical nodes, and the physical security of the human carrying a networked laptop. |
||
Here I use "logical security" to refer to issues like "can an attacker forge messages? read confidential communications? modify messages in transit?" and so on. I use "isolation properties" to describe security issues arising from the reification of abstract protocols into real software. Finally, I use "physical security" to denote all that can be inferred about a human operator through surveillance of the operator's laptop. |
|||
* the logical security of communications channels (e.g. can I forge messages, read confidential messages, perform traffic analysis, ...), |
|||
* the isolation properties of the network/node interface, and |
|||
* the physical security of a human carrying a networked laptop (e.g. can the laptop be physically located by analyzing its communications). |
Revision as of 07:06, 16 March 2008
This page documents work that has been done to formulate a good description of OLPC's goals in the field of communications security. To this end, we will begin with some paraphrases and quotes from Bitfrost that seem appropriate, then offer a subdivision of the term "communications security" into more primitive notions, and finally, we will present and reflect on some simple use cases.
Reflections from Bitfrost
- ...the intent of our complete software security model is that it "tries to prevent software from doing bad things": e.g., attempt to damage the machine, compromise the user's privacy, damage the user's information, do "bad things" to people other than the machine's user, and lastly, impersonate the user
- there's no trust mapping between people and software: trusting a friend isn't, and cannot be, the same as trusting code coming from that friend
- the security of the laptop cannot depend on the user's ability to remember a password (though passwords may be used by more advanced users)
- authentication of laptops or users will not depend upon identifiers that are sent unencrypted over the network
- ...users will be identified... without a certified chain of trust
Security Properties of Communications
"Secure communications" can be thought of in terms of the logical security of communications channels, the isolation properties of software engaged in communication on physical nodes, and the physical security of the human carrying a networked laptop.
Here I use "logical security" to refer to issues like "can an attacker forge messages? read confidential communications? modify messages in transit?" and so on. I use "isolation properties" to describe security issues arising from the reification of abstract protocols into real software. Finally, I use "physical security" to denote all that can be inferred about a human operator through surveillance of the operator's laptop.