Security Through Obscurity: When It Works, When It Doesnt

1
Security Through Obscurity When It Works, When
It Doesnt

• Peter P. Swire
• The Ohio State University
• DIMACS, Rutgers
• January 18, 2007

2
Dueling Slogans

• Open Source mantra No Security Through
  Obscurity
• Secrecy does not work (or at least we shouldnt
  depend on it)
• Disclosure is good (virtuous)
• Military motto Loose Lips Sink Ships
• Secrecy is essential
• Disclosure is bad (treason)
• Both cant be true at the same time

3
Overview

• Three papers complete, at www.ssrn.com, search
  Swire
• 1. A model for when each approach is correct --
  assumptions for the Open Source military
  approaches
• Key reasons computer network security often
  differ from earlier security problems
• 2. A Theory of Disclosure for Security
  Competitive Reasons Open Source, Proprietary
  Software, and Government Agencies
• 3. Privacy Information Sharing in the War
  Against Terrorism
• All concern when disclosure helps security

4
I. Model for When Disclosure Helps Security

• Identify chief costs and benefits of disclosure
• Effect on attackers
• Effect on defenders
• Describe scenarios where disclosure of a defense
  likely to have net benefits or costs
• (Economics computer security, not law)

5
Open Source Perspective DisclosureHelps
Defenders

• Attackers learn little or nothing from public
  disclosure
• Disclosures prompts designers to improve the
  defense -- learn of flaws and fix
• Disclosure prompts other defenders/users of
  software to patch and fix
• Net Costs of disclosure low. Bens high.
• This is not a discussion of proprietary v. Open
  Source focus is on when disclosure improves
  security

6
Military Base Disclosure Helps Attackers

• It is hard for attackers to get close enough to
  learn the physical defenses
• Disclosure teaches the designers little about how
  to improve the defenses
• Disclosure prompts little improvement by other
  defenders.
• Net Costs from disclosure high but few benefits.

7
Effects of Disclosure
Help Defenders Low High
8
Effects of Disclosure -- II
Help Defenders Low High
9
Why Computer Network Attacks More Often Benefit
From Disclosure

• Hiddenness helps for pit or for mine field
• Hiddenness the first-time attack
• N number of attacks
• L learning from attacks
• C communicate with other attackers
• Hiddenness works much less well for
• Mass-market software
• Firewalls
• Encryption algorithms (Diffies point about keys
  and cryptosystems)

10
What Is Different for Cyber Attacks?

• Many attacks (high N)
• Each attack is low cost on firewalls, etc.
• By contrast, more costly to find out location of
  mines
• Attackers learn from previous attacks (high L)
• This trick got me root access
• Attackers communicate about vulnerabilities (C)
• Because of attackers knowledge, disclosure often
  helps defenders more than attackers for cyber
  attacks

11
III. Incentives to Disclose

• A Theory of Disclosure for Security
  Competitive Reasons Open Source, Proprietary
  Software, and Government Agencies
• Security reasons to disclose or not
• Competitive reasons to disclose or not
• Actual disclosure is a function of both
• Distinct models needed to analyze security
  competitive incentives

12
(No Transcript)
13
Incentives to Disclose

• Themes for private sector
• A lot of secrecy in Open Source software
• A lot of openness in proprietary software
• Significant convergence, especially recently
• Incentives for government to disclose are often
  far less than seems optimal
• So, need FOIA and other mechanisms to compensate

14
III. Information Sharing Privacy in the War
Against Terrorism

• Intelligence reform and many calls in DC for more
  information sharing
• Assumption that more sharing is good
• My view information sharing is a hard case
• E.g., tell watch list to all customs agents
• High benefits if info goes to the good guys
• High costs if info goes to the bad guys
• Often, limited ability to do one not the other

15
Info Sharing War on Terror

• I propose due diligence list for analysis of
  new info sharing programs
• 10-point list
• First will sharing tip off your adversaries?
• Second does propose measure further security?
  Cost-effectively?
• Have presented to ODNI, WH Privacy Civil
  Liberties Board
• Attempt to give practical way to do due
  diligence on new info sharing programs

16
Conclusion

• Economics-based approach to when disclosure good
  for the ecosystem, and when have incentives to
  disclose
• Identifies the variables that would drive the
  analysis
• Warmly invite additional research into the
  empirics or interesting cases when the
  variables should result in disclosure or not