1 / 16

Security Through Obscurity: When It Works, When It Doesn’t

Security Through Obscurity: When It Works, When It Doesn’t. Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007. Dueling Slogans. Open Source mantra: “No Security Through Obscurity” Secrecy does not work (or at least we shouldn’t depend on it)

anoush
Download Presentation

Security Through Obscurity: When It Works, When It Doesn’t

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Through Obscurity: When It Works, When It Doesn’t Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007

  2. Dueling Slogans Open Source mantra: “No Security Through Obscurity” • Secrecy does not work (or at least we shouldn’t depend on it) • Disclosure is good (“virtuous”) Military motto: “Loose Lips Sink Ships” • Secrecy is essential • Disclosure is bad (“treason”) Both can’t be true at the same time

  3. Overview Three papers complete, at www.ssrn.com, search “Swire” 1. A model for when each approach is correct -- assumptions for the Open Source & military approaches • Key reasons computer & network security often differ from earlier security problems 2. “A Theory of Disclosure for Security & Competitive Reasons: Open Source, Proprietary Software, and Government Agencies” 3. “Privacy & Information Sharing in the War Against Terrorism” All concern when disclosure helps security

  4. I. Model for When Disclosure Helps Security • Identify chief costs and benefits of disclosure • Effect on attackers • Effect on defenders • Describe scenarios where disclosure of a defense likely to have net benefits or costs • (Economics & computer security, not law)

  5. Open Source Perspective & DisclosureHelps Defenders • Attackers learn little or nothing from public disclosure • Disclosures prompts designers to improve the defense -- learn of flaws and fix • Disclosure prompts other defenders/users of software to patch and fix • Net: Costs of disclosure low. Bens high. • [This is not a discussion of proprietary v. Open Source – focus is on when disclosure improves security]

  6. Military Base & Disclosure Helps Attackers • It is hard for attackers to get close enough to learn the physical defenses • Disclosure teaches the designers little about how to improve the defenses • Disclosure prompts little improvement by other defenders. • Net: Costs from disclosure high but few benefits.

  7. Effects of Disclosure Help Defenders Low High

  8. Low Help Attackers High Open Source Information Sharing (e.g., watch lists) Public Domain Military/ Intelligence Effects of Disclosure -- II Help Defenders Low High

  9. Why Computer & Network Attacks More Often Benefit From Disclosure • Hiddenness helps for pit or for mine field • Hiddenness & the first-time attack • N = number of attacks • L = learning from attacks • C = communicate with other attackers • Hiddenness works much less well for • Mass-market software • Firewalls • Encryption algorithms (Diffie’s point about keys and cryptosystems)

  10. What Is Different for Cyber Attacks? • Many attacks (high N) • Each attack is low cost on firewalls, etc. • By contrast, more costly to find out location of mines • Attackers learn from previous attacks (high L) • This trick got me root access • Attackers communicate about vulnerabilities (C) • Because of attackers’ knowledge, disclosure often helps defenders more than attackers for cyber attacks

  11. III. Incentives to Disclose • “A Theory of Disclosure for Security & Competitive Reasons: Open Source, Proprietary Software, and Government Agencies” • Security reasons to disclose or not • Competitive reasons to disclose or not • Actual disclosure is a function of both • Distinct models needed to analyze security & competitive incentives

  12. Incentives to Disclose • Themes for private sector: • A lot of secrecy in Open Source software • A lot of openness in proprietary software • Significant convergence, especially recently • Incentives for government to disclose are often far less than seems optimal • So, need FOIA and other mechanisms to compensate

  13. III. Information Sharing & Privacy in the War Against Terrorism • Intelligence reform and many calls in DC for more “information sharing” • Assumption that more sharing is good • My view: information sharing is a hard case • E.g., tell watch list to all customs agents • High benefits if info goes to the good guys • High costs if info goes to the bad guys • Often, limited ability to do one & not the other

  14. Info Sharing & War on Terror • I propose “due diligence” list for analysis of new info sharing programs • 10-point list • First – will sharing tip off your adversaries? • Second – does propose measure further security? Cost-effectively? • Have presented to ODNI, WH Privacy & Civil Liberties Board • Attempt to give practical way to do “due diligence” on new info sharing programs

  15. Conclusion • Economics-based approach to when disclosure good for the ecosystem, and when have incentives to disclose • Identifies the variables that would drive the analysis • Warmly invite additional research into the empirics or interesting cases – when the variables should result in disclosure or not

More Related