There’s massive confusion in the security community around Security Through Obscurity.
In general, most people know it’s bad, but they can’t say exactly why. And because of this, people tend to think the “Obscurity” in “Security Through Obscurity” equates to secrecy, meaning if you hide anything, it’s Security Through Obscurity.
This is incorrect, and Dead Drops are a great example.
Of this type.
There are two pieces to a good security system.
- The security mechanism
- The security key
Security Through Obscurity is in fact bad, but it’s bad becuase it hides the first one—the mechanism—not the key. Keys are always kept secret!
A Dead Drop is a proven security system for two spies exchanging information and items without being caught. It works by placing a sensitive item within a very large public place, sharing that location with the other person, and then having them go pick it up.
Let’s say it’s the KGB doing this, in New York City. And let’s say the CIA suspects it.
Security Through Obscurity is when you hide the mechanism, and then when someone figures it out, the whole system is broken. It’s captured well in Kerckhoff’s Principal, which comes from cryptography. It’s paraphrased as:
A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
Cool, that’s cryptosystems. What about other types of security system?
Well, in cryptography the “system” is the encryption algorithm, and the key is the…well, the key.
In a Dead Drop system, the system is the Dead Drop mechanism, which is hiding something in a very large area—such as a city or a giant park. And the key is the actual location it was hidden.
This is solid security for one simple reason: The CIA can know a Dead Drop is being used but still not be able to break the system because they don’t know the location of the drop!
Sure, it’s in New York City, or in Central Park, but those are big places.
It’s the same with camouflage. You can know that other people are using it, but if you can’t see them in battle you still have to shoot everywhere. Which would be like checking everywhere in New York City for a drop.
In other words, brute force.
Assuming you have a sufficiently large area that needs to be covered.
And that’s fine for a security system. If the attacker has to try all key combinations, even after they know how your system works, that means you have a strong system.
So, here’s how you know if something is Security Through Obscurity or not…
- Separate out the mechanism from the key.
- If the mechanism can be known without compromising the security, you have a good system.
- KEY UNDER DOORMAT: Secure: No, Reason: There is no seperate “key”; once you know the mechanism (key under mat), you have broken the whole thing.
- CAMOUFLAGE: Secure: Yes, Reason: They still need to find you before they can shoot you, even if they know you’re using it.
- SSH ON ALT PORT: Secure: Yes, Reason: It takes time and energy to try various attacks against all ports vs. just one. Note: this is much stronger against general attacks than against targeted ones where the brute force is worth the energy.
- TRENCHES IN WARFARE: Secure: Yes, Reason: They still make it harder to hit the enemy with bullets and artillery, even if the enemy knows you’re using trenches.
- DEAD DROPS: Secure: Yes, Reason: Even if you know someone is using a Dead Drop you still have to check everywhere, which is brute force, which means it’s a good system. Note: this gets less effective if the space is smaller, i.e., somewhere in a small bedroom.