Re: Security By Obscurity = Ignorance Is Strength

[David Farber <dave () farber net>]

Begin forwarded message:

From: Peter John Hill <peterjhill () mac com>
Date: September 3, 2008 6:13:50 PM EDT
To: dave () farber net
Cc: ip <ip () v2 listbox com>
Subject: Re: [IP] Re:   Security By Obscurity = Ignorance Is Strength

> From: Peter Swire <peter () peterswire net>
> I tend to agree that the gag orders are wrong-headed.  But it's  
> wrong to think that secrecy never helps.
>
> Openness often improves security.  Sometimes it doesn't.  I've tried  
> to explain how this works in "A Model for When Disclosure Helps  
> Security: What is Different About Computer and Network Security?"   
> It's recently been included in at least one computer security  
> textbook:
>
> http://ssrn.com/abstract=531782
>
> "This Article asks the question: When does disclosure actually help  
> security? The discussion begins with a paradox. Most experts in  
> computer and network security are familiar with the slogan that  
> there is no security through obscurity. The Open Source and  
> encryption view is that revealing the details of a system will  
> actually tend to improve security, notably due to peer review. In  
> sharp contrast, a famous World War II slogan says loose lips sink  
> ships. Most experts in the military and intelligence areas believe  
> that secrecy is a critical tool for maintaining security. Both  
> cannot be right - disclosure cannot both help and hurt security."   
> Then, the paper gives an analytic way to figure out when obscurity  
> either does or does not help.

As a Navy veteran and a Network Engineer I think that both statements  
can be correct. Loose lips sink ships because knowing in advance when  
a ship is moving into or out of port allows an enemy to get their  
submarine or whatever in place. The intelligence community, despite  
what some current officials think, relies on the secrecy of who is a  
spy and who is not to conduct covert operations.

When it comes to things like encryption or computer/network security  
protocols, an open protocol allows it to be analyzed for weaknesses by  
the greatest number of people as possible. There is a risk that "bad  
people" will find a vulnerability before a "good person" does. Thus is  
born the zero-day attack. On the other hand, there are many many many  
research groups who are working to find the bugs before the "bad  
people" do.

Without the source code, the good and bad guys both need to rely on  
finding bugs by interacting with the software and seeing what breaks  
it.. This is probably the only "research" method a "script kiddie" can  
use to find bugs. With the source code, you have a somewhat smaller  
set of bad people compared to the good people that can actually  
analyze the source code for problems.

YMMV

peter




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com