1/12/2023 0 Comments Security obscurity![]() ![]() From here, they can better determine whether or not security through obscurity as a sole method of security is bad, and if they should implement other security measures that would both minimise the risk of attack and reduce its impact. However, developers know their system better than anyone else, and must consider the following what is the likelihood that their system will be attacked, and what would the impact of that attack be. Without such trust, there is no security. There is a heavy reliance on trust within the team and others that have access to such system secrets to ensure that security through obscurity works. In other words, if an attacker finds the key, or is given the secrets of the system, the system is compromised. Security through obscurity can be a good security tactic when used in conjunction with other methods, but when used as the sole method of securing a system, developers risk losing the system to an attack should secrets be revealed. If the secrets of the system were to get out, the entire system would be at risk. ![]() Some believe that STO is a great security tactic, whilst others believe that it should never be used as a sole tactic. In theory, the system is secure as long as these secrets don’t get out. The method is primarily based on hiding important information that could make the system vulnerable, and enforcing secrecy. Security through obscurity (STO) is a security method used by some software developers and systems engineers to secure their network, system, or app by using secrecy as their main and, sometimes, sole tactic. Read on to learn more about security through obscurity, and if it can ever be a good security method. If developers use STO as their sole security method, however, everything on the network is at risk if an attacker can access their network. So, what is security through obscurity, and why is it bad? Security through obscurity (STO) is a process that developers use to secure their network by enforcing secrecy as the main security method. ![]() In this article we discuss whether or not security through obscurity is inherently bad, or if it has a place amongst other security procedures. After all, once an attacker can access the network, they can access everything. Others disagree, claiming that developers are enhancing their network’s risk of attack. Let's take a look at another example and try to find the hidden message in steganography.By using security through obscurity as a means of securing a network, some people think that they are minimising the risk of attack. The hidden message comes from taking the first letters of each word which says secret inside. You would want to click the pause button to do so. In this example, the text reads, "Since everyone can read, encoding text in neutral sentences is doubtfully effective." Now, I want you to think about this and pause for a second. Below the picture is another example of steganography where there is a hidden message. Another example is hiding messages using the least significant bits of digital image or source files. The ancient Greek having hidden messages on the messenger's head which will be hidden by the hair that is grown after encryption. Examples of steganography approaches are the invisible ink. Many steganographic implementations practice security by obscurity and their security is breached once the concealment method is known to the attacker. Although, steganography focus more on concealing the presence of the message and can incorporate active measures to do so. Steganography is related to security by obscurity. For such defense build on security by obscurity, it no longer becomes secure once the attacker learns about the how to's of the system. And sometimes these protocols rely on the fact that the system information is not spelled out to the attacker and use that fact for security. Some of the proprietary protocols do not make the descriptions publicly available or explicitly state the details of the protocols. In contrast to Kerckhoffs' principle, security by obscurity approaches rely on the attacker not knowing the algorithm protocol or the system execution. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |