IFIP Logo
Sign in for Members and Observers

IFIP WG1.3 Foundations of System Specification


Talk "New directions in security by obscurity "

by Dusko Pavlovic

Sun, 04 September 2011 at 11:00 am in Winchester, United Kingdom

Abstract: Shannon sought security against the attacker with unlimited computational powers: *if an information source conveys some information, then Shannon's attacker will surely extract that information*. In their seminal paper "New directions in cryptography", Diffie and Hellman refined Shannon's attacker model by taking into account the fact that the real attackers are computationally limited. This idea was the stepping stone into modern cryptography. Shannon also sought security against the attacker with unlimited logical and observational powers, expressed through the maxim that "the enemy knows the system". This view is still fully endorsed in modern cryptography. The popular formulation, going back to Kerckhoffs, is that "there is no security by obscurity", meaning that the algorithms cannot be kept obscured from the attacker, and that security should only rely upon the secret keys. In fact, modern cryptography goes even further than Shannon or Kerckhoffs in tacitly assuming that *if there is an algorithm that can break the system, then the attacker will surely find that algorithm*. The attacker is not viewed as an omnipotent computer any more, but he is still construed as an omnipotent programmer. Attempting to lift the Diffie-Hellman refinement step from attacker's computational powers, to attacker's programming powers leads to questions of *logical complexity* of specification transformations, such as: Can we formally characterize logical complexity of the task involved of transforming one specification (e.g. of a system and its security requirements) into another specification (e.g. of an attack on that system, breaching the security requirements)?

Slides