|
|
|
14 Apr 2009
In the 1883 Journal des Sciences Militaires, Dutch linguist and cryptographer Auguste Kerckhoffs outlined six principles for a secure communication system. Unbelievably, these principles are still valid – and deserve revisiting.
Kerckhoffs stated his second principle as – roughly translated – secrecy must be not be required, even if that means it can still be used if a system falls into enemy hands.
Even if hackers know everything about your system, if they don't have the cryptographic keys you use to encrypt, they can’t unscramble any encrypted information they harvest.
It should be possible for a hacker to know everything about your security systems and remain unable to defeat them unless he or she knows the secrets you use to identify authorised users.
Those secrets could be encryption keys or other secret information, such as a password. So a good security architecture should always be created under the assumption that attackers will know everything about the architecture.
Assume your attackers know what they're attacking. Security through obscurity is bad, and has been known to be bad for 136 years.
This premise seems to have been forgotten by many corporate IT departments, who all too often require security vendors to agree to draconian terms of confidentiality when selling them security products.
And in the information security market, it benefits neither security vendors nor their customers.
Many security products are what economists call ‘experience goods’, which means you can’t easily judge their quality before you buy them.
Some are even ‘credence goods’, which means you generally can never judge their quality, even after they're used. For example, it is very difficult to tell strong encryption from very weak encryption.
Yet knowing whether products are any good before you buy them would surely help the customer.
In 2001, George Akerloff was awarded the Nobel Prize in Economics for his analysis of what are popularly called ‘lemon markets’: how inability to tell a good product from a poor one means high-quality products can be driven from the market, leaving only low-quality products at relatively high prices.
Withholding information about what security products are used and user experiences of them is also probably a step towards a lemon market. It would be easier for users to avoid buying rubbish.
Although exposing the weaknesses in products will make vendors work harder on creating more robust products and fixing existing problems.
Furthermore, enterprise security products are more expensive than they need to be, partly because of the long sales cycle. This cycle could be shortened if better product information was available. Thus the cost of sales could be much lower.
I don't believe that this secrecy offers any additional security. And restricting the flow of information about the quality of security products simply makes things worse for the producers and consumers of security technologies.
Luther Martin is solution architect at Voltage Security
Related articles
In this video find out about the fast-growing Chinese vendor's plans for market domination and how the channel is its route of choice
Find out what gifts Acer has in store for partners for 2012 in this exclusive roundup of its recent conference
CRN's premier networking event is back on 17 May at the Ricoh Arena
Date: Thu 17 May 2012
Channel fighters preparing to square up once more on 24 May
Date: Thu 24 May 2012
The proliferation of endpoint devices within the enterprise has highlighted the shortcomings of one of the traditional approaches to data security
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Dave discovers that rozzers are seemingly living in the technology dark ages
Mark Needham, founder of distributor Widget, argues that John Browett leaves for Apple with Dixons in better shape than when he arrived
|
|
|
Do you agree?
Have your say