INCREASED SECURITY THROUGH OPEN SOURCE Submitted by Akshay Kumar Rumalla 0592568

DESIGN vs. IMPLEMENTATION Kerckhoffs' principle : a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. Past – system design similar to implementation Present – complex system designs SECURITY THROUGH OBSCURITY SECURITY THROUGH OPENSOURCE DESIGN LIMITED SCOPE FOR MORE ADDITION IMPLEMENTATION LIMITED VARIED

Kerckhoffs' principle : a cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

Past – system design similar to implementation

Present – complex system designs

SECURITY, RISK AND EXPOSURE Risk is defined as a combination of the likelihood of a successful attack on the system together with the damage to assets resulting from it. Security of a system is an objective measure of the number of its vulnerabilities and their severity Exposure = security + likelihood Risk = exposure + damage sustained by attack Source does not change the security of a system

Risk is defined as a combination of the likelihood of a successful attack on the system together with the damage to assets resulting from it.

Security of a system is an objective measure of the number of its vulnerabilities and their severity

Exposure = security + likelihood

Risk = exposure + damage sustained by attack

Source does not change the security of a system

OPEN vs. CLOSED SOURCE OPEN CLOSED Source is available for inspection, use, modification and redistribution. 1. Source is hidden from public 2. Users are allowed to rebuild the system. 2. Users cannot modify the system 3. Gives attacker the wealth of information to search for vulnerabilities and/or bugs and thus increases the exposure of the system. 3. Prevents the attacker from having easy access to information that may be helpful to successfully launch an attack 4. Open source can be freeware, shareware, among others. 4. Closed source is proprietary software

Source is available for inspection, use, modification and redistribution.

OPEN SOURCE FOR SECURITY Keeping the Source Closed Keeping the source open 1. Opening the source gives unfair advantage to the attacker Opening the source makes is easier to identify the bugs the code which were not identified by the developers. Ex: Diebold voting machine 2. Making the source public does not guarantee the improvement of the source. 2. Exposure of the software eventually becomes higher because more third party companies and users test it. 3. The quality of software depends on the programmers skills who developed it. 3. Patches to the software can be released by anyone who uses the software. 4.Closed source severely limits the user to evaluate its security for or by himself. 4. Open source allows the user to evaluate its code and the security it provides 5. Closed source is protected from hackers as they cannot add malicious content to the code. 5. Open source forces developer communities to be more careful and use the best possible tools to secure their system.

Opening the source makes is easier to identify the bugs the code which were not identified by the developers.

Ex: Diebold voting machine

Conclusion OPENENNESS OF THE SOURCE WILL INCREASE ITS SECURITY

OPENENNESS OF THE SOURCE WILL

INCREASE ITS SECURITY