Bitfrost – Wikipedia
Bitfrost is the security platform of the $ 100 laptop for children in developing countries. The first public specification was published in February 2007.
The Bitfrost architecture was largely developed by Ivan Krstic, until 2008 a project participant at One Laptop via Child, who has been working for Apple since May 11, 2009. According to its own statements, it contains known concepts in the specialist literature. However, the connection of these separate concepts to a functioning overall system can be regarded as a further development. This new connection of the security concepts is intended to provide a level of computer security that has not yet been achieved.
The concept is currently only partially realized in the XO laptop and is therefore still subject to changes.
Password [ Edit | Edit the source text ]
According to the Bitfrost concept, passwords should not be entered to access the computer or content. From previous experience it is known that the typical user either uses insecure passwords that can easily be guessed by an attacker, on the other hand, a password system for toddlers who are still illiterate is not usable.
The aim is to reduce security queries to a minimum. The system should assess the danger in the background and, if necessary, decide. This is to be achieved by a conclusive concept. Insofar as the user has to decide in exceptional cases, the dialogues should be formulated in an understandable manner and reduced to a simple yes/no decision. The aim of the concept is to relieve the user as far as possible.
Individualization of the laptop [ Edit | Edit the source text ]
In order to secure children’s use, the laptop is individualized for a specific person. For this purpose, a digital image is shot by the supervisor at the first start of the laptop, by the student by means of the built-in video camera and entering his first and last name by the supervisor. In addition, a digital key is generated for this student, which establishes a connection between the student and the Mac address of the notebook.
With each restart, the image of the student and his first and last name are displayed during the boat process, combined with the indication that this person is the legitimate user. This individualization is firmly integrated in the operating system and can only be reversed via a digital signature of a particularly justified person. A complete reinstallation of the operating system with overwriting the personal data is also only possible after the digital signature is entered.
Theft fuse [ Edit | Edit the source text ]
Each laptop checks its status over a server at certain intervals. If a laptop is registered as stolen, the laptop is entered as stolen in a database. If the review shows that it is a stolen laptop, the laptop switches off and can then no longer be activated. This lock can then only be canceled by the beneficiary.
Whether or how often such a loss report is checked can be determined by the respective country of use at its own discretion. A review is recommended after one to three months.
The laptops are intended for a service life of up to five years. After these five years, the theft fuse is switched off and a possible lock is deleted from the system.
Rights management [ Edit | Edit the source text ]
During installation, the required rights such as writing, reading access, access to printers or video camera are registered compared to the operating system. As a rule, the required rights are automatically registered during installation by the program. If necessary, however, a rectangular expansion or restriction for a single program can also be subsequently made by the user. This right of rights is expanded via special menu in the operating system.
A sandbox is automatically set up for the installed program. In this shielded environment, the ongoing program should no longer be able to damage the operating system or only very limited. Likewise, the program does not have an uncontrolled access to the operating system in order to be secretly assigned to access and usage rights.
By default, the system prohibits certain combinations of access, for example access to the video camera and the Internet. This should serve to protect the user’s privacy. In exceptional cases, problematic combinations can also be automatically registered using software. However, the program and its rights registration must be digitally signed by an authorized body to prevent abuse.
System modifications [ Edit | Edit the source text ]
The user can adjust the operating system of the laptop, a special version of Fedora-Linux with the new Sugar user interface.
In contrast, corrupt applications or even Trojans who want to manipulate the operating systems only have limited access to the files of the operating system. Each running program is “packed” into its own virtual machine. This means that it has no unrestricted access to the files from GNU/Linux. At runtime, an application is only assigned to a limited system resources such as computing capacity or main memory, so that a corrupt application cannot “freeze” the computer system. If the damaging program is ended, the virtual machine is also deleted.
To protect against willful or accidental destruction of the software by the user, a copy of the operating system and the software package as a emergency system is stored on an unexplained storage area. Only using a developer key can a user adapt the background copy of the system and the BIOS. This developer key is only valid for one machine.
This emergency system can be activated with every restart of the XO laptop by pressing a certain key combination during the boot process. In this case, the existing Linux operating system with its software package is replaced by the intact emergency system. The user information and other adjustments are already integrated in the emergency system, the personal data are stored on a different storage partition and can therefore not be lost. The new installation takes about two to three minutes, then the newly installed software is raised.
In the event of a failure of the automatic emergency procedure, new software or a copy of the emergency system can be recorded via a USB stick. During the boot process, it is automatically searched for such an external emergency system. If one is found, the emergency procedure starts again; The emergency system on the USB stick is copied into the laptop. Before that, however, the external emergency system must demonstrate its integrity and thus its freedom of virus by digital signature.
Microphone and camera [ Edit | Edit the source text ]
The camera and the microphone are firmly wired with status LEDs, so that the user always knows whether they work. This cannot be controlled by software.
data backup [ Edit | Edit the source text ]
Data loss should be prevented by automatically securing your own data when contacting a server. The data backup should be mainly via WLAN and automatically in the background. If there is a data loss on your own laptop, this data should be returned to the laptop when contacting WLAN contact with the backup server.
WLAN transmission takes place via cancellation-proof WLAN. For reasons of data protection, it is considered to encrypt the personal data on the server.
The name “Bitfrost” is an allusion to Bifröst, in Nordic mythology the bridge between the world of mortals and the land of the gods. The bridge was built extremely stable, but it will ultimately break. The bridge is a very early recognition of the idea that there is no perfect security system.
For this reason, his developer Ivan Krstic called the entire open source community to check this concept for possible weak points and, if necessary, report them to the official mailing list. Several published conceptual weaknesses were ignored; The official specification [first] has been unchanged since the first draft was published.
- ↑ Ivan Krstic: Change protocol of the official bit frost specification ( Memento of the Originals from November 16, 2007 in Internet Archive ) Info: The archive link has been used automatically and not yet checked. Please check original and archive link according to the instructions and then remove this note. Stand 20. November 2008
Recent Comments