[ipv6hackers] Pros and Cons of Address Randomization

Jim Small jim.small at cdw.com
Mon Dec 3 03:27:55 CET 2012 

Hi Mark,

Thanks for responding.

> > I would like to develop a list of talking points around the merits of IPv6
> > address randomization.
> >
> > * To some degree this appears like security through obscurity - I read the
> > defense in depth part but I'm still having a hard time getting past this
> 
> Obscurity is quite a reasonable security mechanism. Zebras having stripes is a
> security through obscurity mechanism, so that they blend into the
> background, as is military camouflage.
> 
> The main issue with obscurity is that if it is the only security mechanism you
> have, then once it is breached you're quite vulnerable, and need to have
> other security mechanisms to rely on. That's why Zebras can also run and
> kick, and why the military also supply their solders with guns. People who
> place an excessive amount of value in obscurity (e.g. IPv4 NAPT), are likely to
> not put appropriate effort into having other security mechanisms in place if
> their obscurity is breached. The people who are concerned (horrified
> perhaps?) by IPv6's end-to-end addressing are likely to be the ones who've
> placed too much security value in their IPv4 NAPT based obscurity. They
> probably don't realise that they themselves may breach their obscurity
> principle when they connect without any concern or consideration their
> labtop or smartphone to untrusted wireless networks like 3G/4G or
> public/hotel wifi.
> 
> The mantra "there's no security in obscurity" is actually derived from
> Kerckhoff's principle, which was specifically talking about crypto systems, not
> information or network security in general. If obscurity wasn't a useful
> security mechanism, natural selection would have killed it off 10 000s of years
> ago in nature. Since it has been robust enough in nature to survive, it's quite
> reasonable to use in computer networking.
> 
> http://en.wikipedia.org/wiki/Kerckhoffs%27_principle

So following this link I also found this which discusses the pros and cons of security through obscurity:
http://en.wikipedia.org/wiki/Security_through_obscurity

I agree with what you're saying in principle.  If it's used as an additional secondary defense mechanism a case can be made that there is some value.  The danger though is just like we see all too often with NAT - instead of being used as a secondary layer it is used as one of the primary defense mechanisms.  I think this is why I have a hard time with this approach.

Good discussion,
  --Jim

More information about the Ipv6hackers mailing list