Intel's "redundant prefix issue"
Intel's "redundant prefix issue"
Posted Nov 15, 2023 21:21 UTC (Wed) by dullfire (guest, #111432)In reply to: Intel's "redundant prefix issue" by pizza
Parent article: Intel's "redundant prefix issue"
Posted Nov 15, 2023 21:54 UTC (Wed)
by jccleaver (guest, #127418)
[Link] (4 responses)
Security through obscurity works until it doesn't. But what a lot of idealists miss is that first part: It works.
Things that are less secure than they could/should be should be fixed, but that doesn't mean you have to make it easier for others to hack.
Posted Nov 15, 2023 22:39 UTC (Wed)
by pizza (subscriber, #46)
[Link] (3 responses)
That should be "security _only_ by obscurity"
> Things that are less secure than they could/should be should be fixed, but that doesn't mean you have to make it easier for others to hack.
Exactly. The more information you provide a would-be attacker, the easier job they'll have attacking you. Providing as little information as possible/necessary is always a good/sane tactic. Make them work for _everything_.
Posted Nov 16, 2023 12:30 UTC (Thu)
by yaap (subscriber, #71398)
[Link] (1 responses)
Common Criteria (CC) certification requires keeping the design confidential for example. Why? Because it forces an attacker into reverse engineering the particular device design, which is not impossible but definitely costly. And this will deter many attackers, all those who cannot justify the effort. In most cases security is not a binary proposition, it's an economic equation between cost of attack and cost of defense. And then obscurity makes perfect sense as a way to increase the cost of attack.
Everybody agrees "security by obscurity" is bad for algorithm and protocols. These are long lived, and we want the more review possibly to ensure strength and lasting protection.
But when it comes to a specific implementation, some amount of obscurity can be good, and can even be a requirement (see the CC spec)
For CC, I don't remember at which level it kicks in but for EAL4+ and above design secrecy is a requirement for sure, with requirements on how to control access and enforce this too. So you want to do an EAL4+ system? You must show your offices are properly secured for example, and that there are protection against tampering the design over the whole chain, from design to manufacturing to production. And most of this must be confidential, with proper access control.
So yes, I wish people would stop pushing "security through obscurity = bad" as if it were insightful. First, when it applies (algos & protocols) it is no longer insightful, everybody knows. And then there are plenty legitimate cases where it does NOT apply.
Posted Nov 16, 2023 16:17 UTC (Thu)
by Wol (subscriber, #4433)
[Link]
When I did some stuff like this, the security I designed (they didn't use it) was pretty rudimentary. But the logic was very simple:
"This stuff has an economic life of about 6 months. If it takes them six months to reverse engineer what we've done, the results will be worthless".
Yes, of course I built in all the security I could, with every *obvious* hardening trick I could think of. But at the end of day, the stuff I was protecting wasn't worth throwing loads of money at.
Cheers,
Posted Nov 16, 2023 13:57 UTC (Thu)
by brunowolff (guest, #71160)
[Link]
Posted Nov 15, 2023 22:01 UTC (Wed)
by pizza (subscriber, #46)
[Link] (3 responses)
Okay. Please let me know the address of your residence, entry points, what security system protects them (eg locks, alarms, trigger mechanisms), and where you keep your valuables/secrets.
If you object to that, then you agree that security-by-obscurity has its place.
Posted Nov 15, 2023 22:55 UTC (Wed)
by Kamilion (subscriber, #42576)
[Link] (1 responses)
Posted Nov 15, 2023 23:30 UTC (Wed)
by halla (subscriber, #14185)
[Link]
I deleted a lot of things I wrote before I pressed the "preview comment" button, but...
Posted Nov 16, 2023 8:55 UTC (Thu)
by LtWorf (subscriber, #124958)
[Link]
Intel's "redundant prefix issue"
Intel's "redundant prefix issue"
Intel's "redundant prefix issue"
Intel's "redundant prefix issue"
Wol
Intel's "redundant prefix issue"
By hiding how the system works, you forgo reviews that might find and/or fix issues. Whether or not that trade off is good is going to depend on the situation.
The other issue is that there can be multiple parties involved, whose threat models aren't aligned. While a sellar of a product might not want their competitors to be able to reproduce their product, buyers aren't going to care about that, but might have limited trust in the sellar and may want to be able to verify that the sellar isn't compromising their security. The sellar might also want to retain some control over the product after sale, while buyers will generally want full control of what they buy.
Sellars also care about making sales, so if buyers aren't buying their product because of obfusication, they need to balance that against how they benefit from obfusication.
Intel's "redundant prefix issue"
Intel's "redundant prefix issue"
Intel's "redundant prefix issue"
Intel's "redundant prefix issue"