Showing posts with label obscurity. Show all posts
Showing posts with label obscurity. Show all posts

Thursday, July 31, 2008

Security through obscurity - is it useless?

For a few weeks now I've been thinking about security through obscurity (STO). It is a common wisdom that it's a bad way to build security of anything. But, this doesn't have to be necessarily true, as I'll explain in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 moment. What made me write this post is that a similar comment about usefulness of STO was given in a Matt Bishop's artice in IEEE Security & Privacy journal (About Penetration Testing, November/December 2007, pp 84-87). He notes that:

Contrary to widespread opinion, this defense [STO] is valid, providing that it’s used with several defensive mechanisms (“defense in depth”). In this way, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attacker must still overcome ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r defenses after discovering cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information. That said, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conventional wisdom is correct in that hiding information should never be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 only defensive mechanism.
His note goes right to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 point. So, to explain this point, first I'll explain what STO is and why it is problematic. Then I'll explain what actually security is, and finally, how in this context STO can be actually useful.

STO is a principle that you are secure if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attacker doesn't know how you protect yourself. For example, if you invent new crypto algorithm and don't tell anyone how it works, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 one that invented algorithm believes it's more secure. Instead of crypto algorithm, you can take almost anything you want. Good example would be communication protocol. Now, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem with this approach was that usually crypto algorithms, or protocols, were very poorly desinged! So, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 moment someone reverse engineered those he was able to break in! Now, think for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 moment if this secret algorithm is actually AES? Would discovery of algorithm mean that STO is bad? I suppose not, and so should you, but let us first see what security is.

Security is complex topic, and I believe we could discuss it for days without reaching it's true definition. But, one key point about security is that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no such thing as perfect security. You are always vulnerable, that is, in any real world situation. So, to be secure actually means too hard for attacker to break in. When attacker breaks in, he doesn't attack from some void, but he has to have some information. So, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 more information attacker has about it's target, it's more likely he'll succeed.

Now, how this goes along with STO? Imagine to implementations, completly identical, apart from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first implementation beeing secret. In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first case attacker has first to find information about implementation and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n he can try some attack, while in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second case cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attacker can immediately start attack.

So, STO can make security better, but with precautions. First, it must not be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 only way of protection, i.e. bad algorithm/protocol/implementation. Second, you have to be ceratin that sooner or later someone will reverse engineer your secret, depending on how popular your implementation is.

To conclude, STO could help make security better, but only if used with caution. What you can be almost certain, is that if you go to invent new crypto algorithm, new protocol, or something similar you'll certainly make an error that will make cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 design, as well as implementation, very weak! Thus, this was of using STO might be usefull only for biggest ones with plenty of resources and skills, like e.g. NSA. :)

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive