The other day at the IET Secure Mobile conference in London, Steve Babbage, Vodafoneâ€™s Group Chief Crypographer (great job title) gave the keynote, and I was fortunate to speak to him afterwards about his ideas. Â One interesting area was â€œsecurity through obscurityâ€, where he maintained that in some situations it makes sense to make an attackerâ€™s job as difficult as possible through the use of secret algorithms. Â I hope I can do the argument justice here.Â
The World has changed today, and generally governments do not try to interfere in the issues of what crypto gets used in commercial mobile networks.Â However, when GSM was born, 40bit encryption was a (rather weak) standard that governments agreed should be used. Â In this environment, Steve Babbage maintains, the cellcos would have been mad to release all the details of the algorithm to the public, since the added obscurity would make it even harder for an attacker to get a foothold. Â In the context of SIM attacks (being physically in contact with the SIM to decrypt it, Â a so-called â€œside-channel attackâ€), sometimes attackers can gain knowledge about the secret key by measuring the power usage of the chip under attack. Â On the other hand, if the algorithm is secret, then it is impossible for an attacker to map power fluctuations against a model, since all he has is a seemingly patternless output from an engine of unknown design.Â
The use of secret algorithms is generally thought of these days as a â€œbad thingâ€, since if the algorithm is openly published it means that academics and researchers can test the thing to death and publish vulnerabilities that they find. Â This should result in better algorithms and fewer defects in the long term. Â Babbage doesnâ€™t argue in favour of â€œcobbling something together in secretâ€, but rather he is saying that if you take a proven good thing like AES/Rijndael, and then add a further secret component to the algorithm, then the intellectual rigour is still there, with an added component to defeat foes. Â
What do you think about security via obscurity?