5 years, 7 months ago

The logical problem of security architecture

Link: http://www.etc-architect.com/?p=180

In security engineering, security through obscurity is the use of secrecy of the design or implementation to provide security. A system relying on security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that if the flaws are not known, then attackers will be unlikely to find them. A system may use security through obscurity as a defense in depth measure; while all known security vulnerabilities would be mitigated through other measures, public disclosure of products and versions in use makes them early targets for newly discovered vulnerabilities in those products and versions. An attacker’s first step is usually information gathering; this step may be delayed by security through obscurity. The technique stands in contrast with security by design and open security, although many real-world projects include elements of all strategies.

This is why all guidelines will discourage the use of security through obscurity. The problem however with not using obscurity is that to provide real security all users are required to have a high degree of memory remembering many different complex pass phrases that are constantly changing. So in implementation usually there are reset mechanisms build into the system such as sending an email to support and as such reissuing the credentials. Sometimes manager mails are provided to ensure  that the credentials are right. Since every security professional understand the inherit insecurity of email we are are actually relying on the fact that the gaps in resetting and often creating credentials are no discovered by adversaries. AS such usually all of us are relying on security through obscurity even if in the design we make a big point of emphasising how bad it is.

Since the issuing of credentials via non secure media is becoming more and more wide spread even the security through obscurity will fail and the system opened to widespread misses. Once the misuse  gets out of hand the usually stringent measures are implemented, but since they usually will hurt productivity they are often relaxed very soon afterwards. 

So the real underlying problem is that of managing user credentials in not relying on security through obscurity nor create a system that will halt any efficiencies. Usually all real working systems to solve these are therefore build on multi factor authentication, as a diversity of security mechanisms usually makes it much harder to subvert the system. As such good security management relies much more on on simplicity than on a any sophisticated mechanisms and as such there is no real case for the existence of security architecture anymore. 

Related Post