Security through obscurity

Security through obscurity should not be used as the only security feature of a system.

In security engineering, security through obscurity is the practice of concealing the details or mechanisms of a system to enhance its security. This approach relies on the principle of hiding something in plain sight, akin to a magician's sleight of hand or the use of camouflage. It diverges from traditional security methods, such as physical locks, and is more about obscuring information or characteristics to deter potential threats. Examples of this practice include disguising sensitive information within commonplace items, like a piece of paper in a book, or altering digital footprints, such as spoofing a web browser's version number. While not a standalone solution, security through obscurity can complement other security measures in certain scenarios.[1]

Obscurity in the context of security engineering is the notion that information can be protected, to a certain extent, when it is difficult to access or comprehend. This concept hinges on the principle of making the details or workings of a system less visible or understandable, thereby reducing the likelihood of unauthorized access or manipulation.[2]

  1. ^ Zwicky, Elizabeth D.; Cooper, Simon; Chapman, D. Brent (2000-06-26). Building Internet Firewalls: Internet and Web Security. "O'Reilly Media, Inc.". ISBN 978-0-596-55188-9.
  2. ^ Selinger, Evan and Hartzog, Woodrow, Obscurity and Privacy (May 21, 2014). Routledge Companion to Philosophy of Technology (Joseph Pitt & Ashley Shew, eds., 2014 Forthcoming), Available at SSRN: https://ssrn.com/abstract=2439866