Effective Security by Obscurity

04/30/2022
by   J. Christian Smith, et al.
0

"Security by obscurity" is a bromide which is frequently applied to undermine the perceived value of a certain class of techniques in security. This usage initially stemmed from applications and experience in the areas of cryptographic theory, and the open vs. closed source debate. Through the perceived absence of true security, the field of security by obscurity has not coalesced into a viable or recognizable approach for security practitioners. The ramifications of this has resulted in these techniques going underused and underappreciated by defenders, while they continue to provide value to attackers, which creates an unfortunate information asymmetry. Exploring effective methods for employing security by obscurity, it can be seen that examples are already embedded unrecognized in other viable security disciplines, such as information hiding, obfuscation, diversity, and moving target defense. In showing that obscurity measures are an achievable and desirable supplement to other security measures, it is apparent that the in-depth defense of an organization's assets can be enhanced by intentional and effective use of security by obscurity.

READ FULL TEXT

page 4

page 10

research
09/04/2020

Evaluating the Security and Economic Effects of Moving Target Defense Techniques on the Cloud

Moving Target Defense (MTD) is a proactive security mechanism which chan...
research
04/10/2023

Helix++: A platform for efficiently securing software

The open-source Helix++ project improves the security posture of computi...
research
09/03/2019

Towards Models for Availability and Security Evaluation of Cloud Computing with Moving Target Defense

Security is one of the most relevant concerns in cloud computing. With t...
research
10/09/2019

An Extended Survey on Vehicle Security

The advanced electronic units with wireless capabilities inside modern v...
research
04/16/2019

On the Impact of Perceived Vulnerability in the Adoption of Information Systems Security Innovations

A number of determinants predict the adoption of Information Systems (IS...
research
09/22/2022

To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild

Recent studies have revealed that 87 cryptographic APIs have a misuse w...

Please sign up or login with your details

Forgot password? Click here to reset