[e2e] security through obscurity *does* work - keep an open mind...

David P. Reed dpreed at reed.com
Mon Feb 13 19:09:28 PST 2006

Scott Boone wrote:

> my slogan-related concern did not have anything to do with how secure  
> the identification of the host itself was.  my remark had more to do  
> with the following issue:
> 1) something somewhere (edge routers, NAT boxes) has to have globally  
> reachable addresses.  these are still attackable.  hiding some IDs  
> doesn't hide all IDs, and is of limited utility.  it is unclear to me  
> how much you will gain by obfuscating a host's IP; my understanding  
> (mostly obtained from a skimming the occasional NANOG and CAIDA  
> presentation) is that serious DDoS attacks tend to impact edge  
> routers and links.
Jon Crowcroft is focused on reducing the ability to do DDoS by making it 
hard to construct "botnets" that can act in concert on a sufficiently 
large scale to pose danger to large targets.   This has nothing to do 
with global reachability of targets, or where the targets are.  It's 
probably impossible to obscure the targets, anyway - the key thing about 
targets is that they must be reachable in order to be useful in their 
day jobs (when not being targets), since many of the most important 
targets must *by definition* be well-known and globally reachable by 
many. Since slowing access or limiting reachability denies service in 
and of itself, it's probably not a good solution to a DDoS risk to 
self-impose denial of service to one's customers.

I apologize for including additional tangential comments regarding 
reasoning by slogans.   However, nothing you've said bears on my main 
point.   It is true that "security by obscurity" is too vague a phrase 
to reason with, and thus really should be avoided if one is attempting 
to come to a valid conclusion based on careful, rational 
argumentation.   As I began my argument: the whole value of cryptography 
is tied precisely to the construction of obscurity - hiding information 
that in principle can be recovered, but at a cost that is thought to be 
prohibitive.  What creates weakness is "security through limited opacity 
easily removed", not "security through 'provably costly to invert' 
obscurity".  Since both are within the scope of meaning of the term 
"obscurity", the use of the phrase "security through obscurity" 
contributes nothing substantial to the discussion.  Quantitative 
reasoning is required, as well as valid assumptions about knowledge 
available to the participants through side channels (again depending on 
ignorance, aka obscurity).

More information about the end2end-interest mailing list