Bitfrost
Bitfrost is the security platform of the $ 100 laptops for children in developing countries. The first public specification was released in February 2007.
Bitfrost architecture
The Bitfrost architecture was largely elaborated by Ivan Krstic, until 2008 a project participant at One Laptop per Child, who has worked 11 May 2009 for Apple. It contains by its own account in the literature known concepts. As a further development, however, is the connection of these previously separate concepts to be considered a functioning overall system. This novel compound of security concepts to specify computer security to unprecedented levels.
The concept is currently implemented only partially in the XO laptop and therefore still subject to change.
Passwords
After Bitfrost concept is no input of passwords carried out to access the computer, or content. From past experience it is known that the typical user uses either insecure passwords that can be easily guessed by an attacker, on the other hand is a password system for toddlers who are possibly still illiterate, not usable.
The aim is to reduce to a minimum security queries. The system is self- assess the dangerousness of the background and decide if necessary. This will be achieved through a coherent concept. Unless an exception, the user must decide the dialogues should be clearly worded and reduced to a simple yes / no decision. The aim of the concept is to relieve the user as much as possible.
Individualization of the laptop
To ensure the children use laptop for a particular person is individualized. To this end, before transfer to the student, the first time the laptop, from the students by means of the built-in video camera shot a digital image and its first and last name entered by the supervisor. In addition, a digital key is generated for this student who establishes a connection between the student and the MAC address of the notebook.
Each time you restart the image of the student and his first and last name will be displayed during the boot process, together with notice that this person is the authorized user. This individualization is firmly integrated in the operating system and can be reversed only through a digital signature of a particular beneficiary. A complete reinstall of the operating system with override of personal data is also possible only after entering the digital signature.
Anti-theft device
Each laptop checked at certain intervals its status to a server. If a laptop is reported stolen, it is registered in a database of the laptop as stolen. If the review reveals that it is a stolen laptop, the laptop shuts down and can no longer be activated. This lock can then be removed only by the employee.
Whether or how often such a loss report is checked, can be determined by the respective country of use at its discretion. A check is recommended after every one to three months.
The laptops are designed for a service life of up to five years. After this period of five years, the anti-theft device is switched off and deleted a possible lock out of the system.
Rights Management
When you install the required permissions as read, write access, access to a printer or video camera be logged in to the operating system. In general, the rights required during installation by the program are automatically registered. Optionally, however, can also be done afterwards by the user himself a rights extension or restriction for a single program. These rights enlargement takes place via special menu in the operating system.
For the installed program a sandbox is set up automatically. In this intimate setting the current program is not or only to a very limited can damage the operating system. Likewise, the program has no uncontrolled access to the operating system to make themselves assign access and use rights in secret.
By default, the system prohibits certain combinations of accesses, for example access to the video camera and the Internet. This is intended to protect the privacy of the user. But an exception, certain bad combinations are automatically logged by the software. However, the program and its registration rights must be digitally signed by an authorized body in order to prevent abuse.
System modifications
The user can customize the operating system of the laptop, a special version of Fedora Linux with the new interface, Sugar, .
In contrast, have corrupted applications or even Trojans, who want to manipulate the operating systems, only limited access to the files of the operating system. Each running program is " wrapped " in its own virtual machine. Thus it has not had full access to the files of GNU / Linux. At runtime, an application receives only limited system resources such as computing power or memory allocated so that a corrupted application, the computer system can not "freeze". If the harmful program ended, the virtual machine is deleted.
To protect against malicious or accidental destruction of the software by the user a copy of the operating system and the software package is stored as an emergency system on a non-modifiable memory area. Only by a developer key, a user can customize the background copy of the system and the BIOS. This developer key is valid only for a single machine.
This emergency system can be activated every time the XO laptops by a certain key combination is pressed during the boot process. In this case, the existing Linux operating system with its software package is replaced by the intact emergency system. The user data and other adjustments are already integrated in the emergency system, the personal data stored on another storage partition and therefore can not be lost. The new installation requires approximately two to three minutes, then the newly installed software is booted.
In the event of failure of the automatic emergency procedure new software or a copy of the emergency system can be installed via a USB stick. During the boot process will automatically search for such an external backup system. If such a place, again starts the emergency procedure; the emergency system in the USB flash drive is copied to the laptop. However, before the external emergency response system needs its integrity and thus prove his freedom from viruses by digital signature.
Microphone and camera
The camera and microphone are hard-wired with LEDs, so the user always knows if they work. This is not controllable by software.
Backup
Data loss is to be prevented by a server 's own data is automatically backed up automatically on contact. The backup will take place mainly via Wi-Fi and automatically in the background. If a data loss on your laptop before, this data should be written back to the laptop while wireless contact with the backup server.
The WLAN is transmitted via tap-proof Wi-Fi. For reasons of data protection is considered to encrypt the personal data on the server.
Others
The name " Bitfrost " is an allusion to Bifrost, in Norse mythology, the bridge between the mortal world and the land of the gods. The bridge was built tough, yet they will break eventually. The bridge is a very early recognition of the idea that there is no perfect security system.
For this reason, its developer Ivan Krstic called on the entire open source community to consider this concept to potential vulnerabilities and if necessary to report on the official mailing list. Several published conceptual weaknesses were ignored; the official specification is unchanged since the publication of the first draft.