Security through obscurity | EPFL Graph Search

Are you an EPFL student looking for a semester project?

Work with us on data science and visualisation projects, and deploy your project as an app on top of GraphSearch.

Security through obscurity (or security by obscurity) is the reliance on secrecy as the main method of providing security to a system or component, specifically in security engineering, whether on design or implementation. An early opponent of security through obscurity was the locksmith Alfred Charles Hobbs, who in 1851 demonstrated to the public how state-of-the-art locks could be picked. In response to concerns that exposing security flaws in the design of locks could make them more vulnerable to criminals, he said: "Rogues are very keen in their profession, and know already much more than we can teach them." There is scant formal literature on the issue of security through obscurity. Books on security engineering cite Kerckhoffs' doctrine from 1883, if they cite anything at all. For example, in a discussion about secrecy and openness in Nuclear Command and Control: [T]he benefits of reducing the likelihood of an accidental war were considered to outweigh the possible benefits of secrecy. This is a modern reincarnation of Kerckhoffs' doctrine, first put forward in the nineteenth century, that the security of a system should depend on its key, not on its design remaining obscure. Peter Swire has written about the trade-off between the notion that "security through obscurity is an illusion" and the military notion that "loose lips sink ships", as well as on how competition affects the incentives to disclose. There are conflicting stories about the origin of this term. Fans of MIT's Incompatible Timesharing System (ITS) say it was coined in opposition to Multics users down the hall, for whom security was far more an issue than on ITS. Within the ITS culture the term referred, self-mockingly, to the poor coverage of the documentation and obscurity of many commands, and to the attitude that by the time a tourist figured out how to make trouble he'd generally got over the urge to make it, because he felt part of the community. One instance of deliberate security through obscurity on ITS has been noted: the command to allow patching the running ITS system (altmode altmode control-R) echoed as $$^D.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications (26)

Related people (4)

Related units (2)

Related lectures (2)

Planetary-Scale Byzantine Fault Tolerance

Matteo Monti

The scale and pervasiveness of the Internet make it a pillar of planetary communication, industry and economy, as well as a fundamental medium for public discourse and democratic engagement. In stark contrast with the Internet's decentralized infrastructur ...

EPFL2024

Mortgage-backed securities

Andreas Fuster

This paper reviews the mortgage-backed securities (MBS) market, with a particular emphasis on agency residential MBS in the United States. We discuss the institutional environment, security design, MBS risks and asset pricing, and the economic effects of m ...

Edward Elgar2023

Making Classical (Threshold) Signatures Post-quantum for Single Use on a Public Ledger

Serge Vaudenay, Laurane Chloé Angélina Marco, Abdullah Talayhan

The Bitcoin architecture heavily relies on the ECDSA signature scheme which is broken by quantum adversaries as the secret key can be computed from the public key in quantum polynomial time. To mitigate this attack, bitcoins can be paid to the hash of a pu ...

2023

Computer Security: Basics and Vocabulary COM-301: Computer security and privacy

Introduces computer security basics, properties, policy, threat modeling, and key vocabulary for adversarial thinking.

Engineering the Future: Nano-Tera

Explores the Swiss Research Program Nano-Tera and its impact on engineering multi-scale systems for health, security, energy, and the environment.