Security technologies that implements security through "organic-like" obscurity?



  • Are there any advanced security technologies, for example, establishing a secured connection, which first require authentication based on security through organic-like changing obscurity of secrecy?

    I'm not a fan of "regular" security through obscurity, because hackers will eventually discover and bypass the vulnerabilities of "obscurity".

    But what about security through an adaptive, changing, updating organic-like obscurity based on secrecy?

    What this means is that the security is relying on infinite intelligent-like unique obscurities which will always update for a given time period, regardless of being hacked or not.

    It's like organic software fighting off hackers (viruses), a living breathing organism that is alive and adaptive, ** it's not static anymore**.

    The organic-like obscurity will always change on a daily basis.

    This means that hackers are now required to reverse engineer the obscurity algorithm on a daily basis. This also means hackers are now behaving like organic viruses and will be extremely hard for them to reverse engineer the organic-like self-changing obscurity based on secrecy.

    Which also means, if hackers found out vulnerabilities of obscurity, it's completely useless since tomorrow the discovered obscurity will change again and will be more complex and is required to reverse engineer again. No AI can do reverse engineering in a practical manner and no hacker is going to waste hours and years for reverse engineering organic-like obscurity based on secrecy.

    I can have a team of software engineers to do this, but has anyone ever done or thought of doing this before? I bet the future of web security is going to be based on this concept.

    Today there are thousands of companies providing smart AI detection of malicious activity and various security vulnerability detection but I do not think they design the security system which adapt or change due to AI's decisions.

    There are no global authoritative standards that give a practical solution of implementing security through "organic-like" obscurity based on secrecy for simple secured communication between client and server to prevent man-in-the-middle attacks.

    Various algorithmic "secrecies" need to be implemented by the programmers following guided rules required to make a strong obscurity which will be difficult for hackers to reverse engineer in a short period of time before it self updates.

    Obviously, a "trusted" programmer is required and will be needed to tweak and update the secret algorithm once or twice a week to maintain valid and strong security through organic-like obscurity which adapts daily.



  • There might exist, somewhere, something that does what you imagine, but it would never have widespread adoption and it would be a waste of time and resources.

    There are two reasons why:

    Security systems are designed with Kerckhoff's principle in mind, so that the algorithm or process to secure something does not need to be a secret for the system to remain secure.

    We already have "simple secured communication between client and server to prevent man-in-the-middle attacks" through the use of TLS. The encryption key changes with each session. The algorithm doesn't need to change. There is your "constantly changing secure obfuscation".

    Your idea also lacks scalability. You are wanting a "team of software engineers" to come up with new and untested security algorithms "once or twice a week". What we currently have are algorithms designed by the best cryptographers in the world, whose work is tested for years to prove their use in security contexts. You appear to assume that a random collection of programmers can accomplish the same thing.

    So, to answer your question directly: "maybe" something like this exists. But it doesn't matter if it does or not. Because it's the wrong approach.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2