Research Kerckhoffs’ Principal, and read the segment in the text titled “Never Trust Proprietary Algorithms”. I think we can all agree that having open protocols is considered critical in cryptography. But what about other areas of IT? Should we also demand open protocols in other areas of IT? How might the use of proprietary versus open protocols affect IT security in other areas?
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Jason A Lindsley says
From my wikipedia research, I see Auguste Kerckhoffs published articles in the late 1800s on cryptographic principles that still apply today. The one that stands out the most in today’s age of cryptographic computers is the concept that that a cryptosystem, with the exception of the key, “should not require secrecy, and it should not be a problem if it falls into enemy hands.” Proprietary cryptosystems typically rely on security by obscurity and if the algorithm code is not published, there is a risk that the developers can break the encryption. As our Network Security Bible book put it, the only way to reasonably secure algorithms is to give the code to the smart people and allow them to try and break it.
As we’ve discussed in class, use of open source systems (e.g. libraries, protocols) can help to improve security because it allows the user and developer community to inspect and scrutinize the source code to identify vulnerabilities and rapidly fix them. With proprietary protocols, it becomes much more challenging to identify vulnerabilities because large conglomerates (e.g. Apple, Microsoft) control many aspects of the system and do not publish the source code. Also, with open systems, legacy systems can more easily be updated because they typically do not rely on complex support agreements and “end of life / end of support” risks. If you think back to the EternalBLUE exploit used in WannaCry, Windows technically did not need to apply a patch for Windows XP and Windows 2003 because support had been sunset. They ultimately released patches for these legacy systems, but in an open source environment the community could have addressed these vulnerabilities without the bureaucracy involved with a commercial software vendor.
Fred Zajac says
Jason,
You mention a great point about proprietary companies (Apple / Microsoft) controlling certain systems and privatizing the code with copyright protections. This is great for making money but we are finding out it causes a problem with security because it is a Pay for Play model. We have to rely on these companies to properly patch vulnerabilities, and when they put the product out of support, it forces you to upgrade. This is causes a security risk to companies who fail to upgrade to the latest versions, with latest patches.
The discussion behind open source and private systems has always fascinated me. I actually believe having an open system where everyone can see the code is way too confusing for “normal” people, and may even be a less secure for “normal” people. Meaning… people who use computers but don’t want / care to know about coding / networking. My personal example is car repairs. I know nothing about car repairs and really don’t care to… I would be considered a “normal” car owner.
1. Too confusing… People like ease and quickness. In an open source system, you are asking people to monitor their own system, and repair it themselves. This is funny to me… I could only imagine me trying to fix something other than a flat tire or an oil change. May end up breaking it more.
2. Not as secure… Again, you are asking people to fix it themselves. You can tell someone that they have a vulnerability, but they may not prioritize it, forget about it, or just neglect to do it. Also, what happens if a bad person finds the vulnerability first and attacks before the “good” guys looking at the open code finds it?
3. Copyright / Profit… You may say, this won’t happen because the “open source” community will find and fix the problem, and push down the updates. Okay, well how long do you think that will last. eventually, I think the open source program will get “boring” and no one will care… Meaning… the “open source” product goes out of support.
The point is… Yes, I do agree open source systems may be more secure, but I wouldn’t say that this is a fact. And, I don’t think a normal person is ever going to want an “open” type system. Why do you think Apple and Microsoft are so popular? They cost more than Google product, which is open source?
Why, because Android is a developers system (Open Source) and more confusing. People think they know what they are doing, make mistakes, give up, and leave themselves more vulnerable. iOS is for the “normal” user because it is easy to use and only apple approved products are allowed, which in my opinion is more secure than an open system. Call me a cynic, but there are bad people out there and believe open source systems should be “play” systems. They should never be used in for a critical business system. Private systems should be used in these cases. Which, in my opinion is why Microsoft rules the business world. It is easy to use, very effective, and secure… If you pay them for support.
Just my opinion…
Neil Y. Rushi says
Jason, I like what you said about Kerckhoff’s method and the other side to that is Kerckhoff’s principle is when keeping things secret, make sure it has low value or can be replaced. Secrets can be open because with cryptography if someone who’s evil gets it, they may not know what’s it’s for because keys can be randomized and changed with the correct algorithm(s).
Younes Khantouri says
Jason,
Your answer explain it all. Proprietary protocols helps to protect more systems and makes it hard to attack them, however it makes it hard for developers to add their touches to increase the security. In the other hand, open protocols help to develop and increase the security level because they give chance to develop better secured code, but it remains unsecured and can be attacked easily since everyone knows the code source.
Donald Hoxhaj says
There is a fine line that is the missing puzzle here i.e. what level of information can have open protocols and what level of information requires security. Kerckhoff’s principle says that a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. But, this is quite subjective and depends largely on the impact of open protocols and information exchange on the Criticality of a business. Needless to say, this cannot be narrowed down for IT systems too. Example, Network Communication, an important domain of IT requires utmost level of security considerations because of the massive amount of data that is generated each day.
Jason mentioned about a point of an Open source environment for systems. Though I have to appreciate that it is quite a novel thought, but in practicality, such systems functional smoothly assuming that the open source environment consists of experts who are ethically and morally sound to protect the data and make good use of it. In short, organizations need to decide on the level of arbitration required and the level of abstraction needed in systems where open protocols and open architecture seem beneficial.
Younes Khantouri says
Donald,
I believe that we should demand some space on certain IT protocols to add our touches to secure our IT architectures. For example, Apple should give us the ability to customize our security dependent to our needs, that won’t only provide a better security, but it will help Apple to increase its sales numbers because more organizations will purchase apple products.
Younes Khantouri says
Research Kerckhoffs’ Principal, and read the segment in the text titled “Never Trust Proprietary Algorithms”. I think we can all agree that having open protocols is considered critical in cryptography. But what about other areas of IT? Should we also demand open protocols in other areas of IT? How might the use of proprietary versus open protocols affect IT security in other areas?
Kerckhoffs published an article about the cryptographic principles which is surprisingly still working until now days. The cryptosystem is one of the concepts that still applied until this time since the 18th century which is related to the cryptographic computers.
When you have a companies such as apple such as Apple and Microsoft that use a very private codes to develop their systems and software to protect their systems and make more money, we face as consumers and developers a big problem because we are always dependent to their patching to be protected. This is not a good way to protect work on creating and modifying those companies codes to protect a better security.
I believe that we should demand some space on certain IT protocols to add our touches to secure our IT architectures. For example, Apple should give us the ability to customize our security dependent to our needs, that won’t only provide a better security, but it will help Apple to increase its sales numbers because more organizations will purchase apple products.
As a conclusion, proprietary protocols helps to protect more systems and makes it hard to attack them, however it makes it hard for developers to add their touches to increase the security. In the other hand, open protocols help to develop and increase the security level because they give chance to develop better secured code, but it remains unsecured and can be attacked easily since everyone knows the code source.
Ahmed A. Alkaysi says
As you stated Younes, it goes both ways. If you open up protocols, this gives developers the opportunity to increase security, but by opening it up, you are also inviting more attackers. However, if a company is diligent and tighten things down when developing the propriety protocol, they will be able to restrict many attacks. Personally, I believe everything is hackable. This is pretty much a fact. I prefer the open-source method as it allows the collaboration of all individuals to increase security. This also promotes white hat hackers who will have the potential able to discover additional security flaws before the bad actors do.
Fraser G says
Kerckhoffs’s principle is an ideal that works in a perfect world, however as we have discovered in this class and others, cryptographic systems often have vulnerabilities. Some of these aren’t discovered for years (See the latest WPA2 crack). This problem is philosophical – mankind is not perfect, therefore we could never design a perfect cryptographic system (perhaps AI can help).
The debate boils down to this: Open source means everyone can see how it works, and everyone can find vulnerabilities, you almost crowd source vulnerability and bug detection when open source. Proprietary is closed source, no one knows if the system is actually secure except for the vendor who created it. This can be helpful, as security through obscurity can be effective (blackbox vs whitebox) however this has several issues, notably 1)Protection from State/NGO that have access to source code and vulnerabilities (See NSA, FSB) 2)Patching is not necessarily a priority.
I think we should demand open protocols when it is supported, in all areas of IT. Security is fundamentally a process and not a product. As we have seen in case studies like that Target hack, software won’t save you if you don’t know how to use it properly (e.g. ignoring Fireeye warnings). By using open source, we “outsource” some of the burden of code review, vulnerability patching and contribute to building an ecosystem around a piece of software or system. Relying on proprietary software introduces an element of unknown that we can’t control for in implementation.
In life, we should strive to figure out:
1) Known knowns (what we know that we know)
2) Known unknowns (what we know that we don’t know)
3) Unknown knowns (what we don’t know that we know)
4) Unknown unknowns (what we don’t know that we don’t know)
When using proprietary software we greatly increase #4. Open source gives us and others greater visibility into all 4 of these categories.
Brent Hladik says
Basically what Kerckhoffs’s principle was saying was that anything that was to be secure via cryptography and all should remain secure even while everything else about the product is public knowledge. Personally I don’t think that proprietary algorithms are a good idea period. As they are not fully trusted as an industry standard and there is no guarantee that they are hack proof. I wouldn’t trust any proprietary cryptography in any part of my business as there is no proof that they are 100% secure.
Shi Yu Dong says
Kerckhoffs’ guideline is a perfect that works ideally, however as we have found in this class and others, cryptographic frameworks regularly have vulnerabilities. Some of these aren’t found for a considerable length of time (See the most recent WPA2 break). This issue is philosophical – humanity isn’t flawless, subsequently we would never outline an immaculate cryptographic framework.
The civil argument comes down to this: Open source implies everybody can perceive how it functions, and everybody can discover vulnerabilities, you nearly swarm source weakness and bug discovery when open source. Exclusive is shut source, nobody knows whether the framework is really secure with the exception of the seller who made it. This can be useful, as security through indefinite quality can be compelling (blackbox versus whitebox) however this has a few issues, quite 1)Protection from State/NGO that approach source code and vulnerabilities (See NSA, FSB) 2)Patching isn’t really a need.
Ronghui Zhan says
It’s more about philosophy. It’s a lasting fight between open source and closed source. In my opinion, nothing is unbreakable. What it matters is how much time it takes to break it. So we expect it to be secure for certain amount of time. Under my assumption of everything is breakable, it doesnt matter if is open source or closed source. People will find it and break it. Even for quantum communication, scientist states it’s theoretical unbreakable. Who knows?
Matt Roberts says
In general, I think this principle can translate into most areas technology. With a proprietary protocol or software, only the developers have reviewed the code and may be limited when it comes to recognizing weaknesses as they are “too close” to it. Open protocols tend to be more secure over time as more people can examine it in depth, and more eyes on it makes it much more likely that flaws and vulnerabilities will be discovered and addressed. In short, a wider variety of knowledge and experience (provided by vast communities of developers) applied to protocol and software development makes for not only more secure, but more innovative and dynamic systems, protocols, and applications in almost any context.
Oby Okereke says
Kerckhoffs’ Principal which can be summarized as “The strength of an encryption algorithm does not reside in the secrecy of the algorithm.” And the corollary: “The strength of an encryption algorithm is not measurable unless the algorithm is known.” Jason’s comment captures the whole essence of this guideline. Though certain areas of IT may call for a proprietary technology, I support the use of open protocols because it attracts a larger community of IT experts to contribute to its advancement resulting in more newer technologies that it strengthen its use and adoption. Take Android mobile devices for instance, it has advanced further than apple and windows alike because its an open source technology. Windows mobile devices continues to struggle compared to its other counterparts.
Brent Hladik says
I think open sourced protocols would be ideal in some situations as it would allow some companies, governments etc to make modifications as needed to meet potential security needs as they see fit. If they don’t then they are basically left with what ever is the standard and stuck with any risks that may impact anyone else using those non open source protocols.
Ryan P Boyce says
Certainly, as the text states, using proprietary algorithms presents security concerns. If a company expresses to use its own, proprietary version of algorithm, this means that this piece of technology has not been tested in the “wild”. Open source crypto-algorithms have. In order for some piece of security technology to actually be considered secure, it needs to have been able to hold up against attacks of all different types. Even with that being said, I think proprietary crypto-algorithms and proprietary security technology in general can be a good thing. I think the trade-off has to be a measure of time, however. What I mean by this is, if a new proprietary piece of technology comes out, it will (in theory) have never been seen before by anyone including hackers. For a time, then, this technology will be secure. The difficult thing is to say for how long, but it will certainly be secure.
Sachin Shah says
In my line of work in healthcare, it is too dangerous to go open-source. There are HIPPA violations and patient care issues. I am at a big hospital and we have a mix of Open source and proprietary. Our emergency medical record is propritary and created by a large scale vendor. It is rough as we need them to have fixes, updates, changes in code and secure it in our environment. Yet we have open-source applications that have less patient information but more related to billing, demographics and data analysis. This is good as we can secure it ourselves and change code as needed.