Skip to main content
Unpublished Paper
Effective Security by Obscurity
(2011)
  • John Christian Smith, Southern Methodist University
Abstract

"Security by obscurity" is a bromide which is frequently applied to undermine the perceived value of a certain class of techniques in security. This usage initially stemmed from applications and experience in the areas of cryptographic theory, and the open vs. closed source debate. Through the perceived absence of true security, the field of security by obscurity has not coalesced into a viable or recognizable approach for security practitioners. Consequently, this has resulted in these techniques going under-used and under-appreciated by defenders, while they continue to provide value to attackers, which creates an unfortunate information asymmetry. Exploring effective methods for employing security by obscurity, it can be seen that examples are already embedded unrecognized in other viable security disciplines, such as information hiding, obfuscation, diversity, and moving target defense. In showing that obscurity measures are an achievable and desirable supplement to other security measures, it is apparent that the in-depth defense of an organization's assets can be enhanced by intentional and effective use of security by obscurity.

Keywords
  • Network security,
  • security theory,
  • cryptography,
  • open source,
  • information hiding,
  • steganography,
  • obfuscation,
  • metamorphism,
  • diversity,
  • moving target
Publication Date
December 9, 2011
Citation Information
J. Christian Smith. 2011. "Effective Security by Obscurity". The Selected Works of John Christian Smith. Available at: http://works.bepress.com/j_c_smith/2