Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Through Obscurity: When It Works, When It Doesn’t Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.

Similar presentations


Presentation on theme: "Security Through Obscurity: When It Works, When It Doesn’t Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007."— Presentation transcript:

1 Security Through Obscurity: When It Works, When It Doesn’t Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007

2 Dueling Slogans Open Source mantra: “No Security Through Obscurity” Secrecy does not work (or at least we shouldn’t depend on it) Secrecy does not work (or at least we shouldn’t depend on it) Disclosure is good (“virtuous”) Disclosure is good (“virtuous”) Military motto: “Loose Lips Sink Ships” Secrecy is essential Secrecy is essential Disclosure is bad (“treason”) Disclosure is bad (“treason”) Both can’t be true at the same time

3 Overview Three papers complete, at search “Swire” 1. A model for when each approach is correct -- assumptions for the Open Source & military approaches Key reasons computer & network security often differ from earlier security problems Key reasons computer & network security often differ from earlier security problems 2. “A Theory of Disclosure for Security & Competitive Reasons: Open Source, Proprietary Software, and Government Agencies” 3. “Privacy & Information Sharing in the War Against Terrorism” All concern when disclosure helps security

4 I. Model for When Disclosure Helps Security  Identify chief costs and benefits of disclosure Effect on attackers Effect on attackers Effect on defenders Effect on defenders  Describe scenarios where disclosure of a defense likely to have net benefits or costs  (Economics & computer security, not law)

5 Open Source Perspective & Disclosure Helps Defenders  Attackers learn little or nothing from public disclosure  Disclosures prompts designers to improve the defense -- learn of flaws and fix  Disclosure prompts other defenders/users of software to patch and fix Net: Costs of disclosure low. Bens high. Net: Costs of disclosure low. Bens high.  [This is not a discussion of proprietary v. Open Source – focus is on when disclosure improves security]

6 Military Base & Disclosure Helps Attackers  It is hard for attackers to get close enough to learn the physical defenses  Disclosure teaches the designers little about how to improve the defenses  Disclosure prompts little improvement by other defenders. Net: Costs from disclosure high but few benefits. Net: Costs from disclosure high but few benefits.

7 Effects of Disclosure Low Help Attackers High Open Source Military/Intelligence Help Defenders Low High

8 Effects of Disclosure -- II Military/Intelligence Public Domain Information Sharing (e.g., watch lists) Open Source Low Help Attackers High Help Defenders Low High

9 Why Computer & Network Attacks More Often Benefit From Disclosure  Hiddenness helps for pit or for mine field  Hiddenness & the first-time attack N = number of attacks N = number of attacks L = learning from attacks L = learning from attacks C = communicate with other attackers C = communicate with other attackers  Hiddenness works much less well for Mass-market software Mass-market software Firewalls Firewalls Encryption algorithms (Diffie’s point about keys and cryptosystems) Encryption algorithms (Diffie’s point about keys and cryptosystems)

10 What Is Different for Cyber Attacks?  Many attacks (high N) Each attack is low cost on firewalls, etc. Each attack is low cost on firewalls, etc. By contrast, more costly to find out location of mines By contrast, more costly to find out location of mines  Attackers learn from previous attacks (high L) This trick got me root access This trick got me root access  Attackers communicate about vulnerabilities (C)  Because of attackers’ knowledge, disclosure often helps defenders more than attackers for cyber attacks

11 III. Incentives to Disclose  “A Theory of Disclosure for Security & Competitive Reasons: Open Source, Proprietary Software, and Government Agencies” Security reasons to disclose or not Security reasons to disclose or not Competitive reasons to disclose or not Competitive reasons to disclose or not Actual disclosure is a function of both Actual disclosure is a function of both Distinct models needed to analyze security & competitive incentives Distinct models needed to analyze security & competitive incentives

12 ProducerSecurityCompetition Open Source Ideologically open; Some “secret sauce” (Case 1) Ideologically open; Apparently high use of trade secrets (Case 2) ProprietarySoftware Monopolist on source code; disclosure based on monopsony and market power (Case 3) Monopolist on source code; disclosure based on how open standards help profits (Case 4) Government Information sharing dilemma (help attackers & defenders); public choice model (Case 5) Turf maximization, e.g., FBI vs. local police for the credit (Case 6)

13 Incentives to Disclose  Themes for private sector: A lot of secrecy in Open Source software A lot of secrecy in Open Source software A lot of openness in proprietary software A lot of openness in proprietary software Significant convergence, especially recently Significant convergence, especially recently  Incentives for government to disclose are often far less than seems optimal So, need FOIA and other mechanisms to compensate So, need FOIA and other mechanisms to compensate

14 III. Information Sharing & Privacy in the War Against Terrorism  Intelligence reform and many calls in DC for more “information sharing” Assumption that more sharing is good Assumption that more sharing is good  My view: information sharing is a hard case E.g., tell watch list to all customs agents E.g., tell watch list to all customs agents High benefits if info goes to the good guys High benefits if info goes to the good guys High costs if info goes to the bad guys High costs if info goes to the bad guys Often, limited ability to do one & not the other Often, limited ability to do one & not the other

15 Info Sharing & War on Terror  I propose “due diligence” list for analysis of new info sharing programs 10-point list 10-point list First – will sharing tip off your adversaries? First – will sharing tip off your adversaries? Second – does propose measure further security? Cost-effectively? Second – does propose measure further security? Cost-effectively? Have presented to ODNI, WH Privacy & Civil Liberties Board Have presented to ODNI, WH Privacy & Civil Liberties Board Attempt to give practical way to do “due diligence” on new info sharing programs Attempt to give practical way to do “due diligence” on new info sharing programs

16 Conclusion  Economics-based approach to when disclosure good for the ecosystem, and when have incentives to disclose  Identifies the variables that would drive the analysis  Warmly invite additional research into the empirics or interesting cases – when the variables should result in disclosure or not


Download ppt "Security Through Obscurity: When It Works, When It Doesn’t Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007."

Similar presentations


Ads by Google