WIBU-SYSTEMS

Perfection in Protection, Licensing, and Security

Security by Obscurity and the Right to Repair

MarketingWIBU-SYSTEMS AG on June 25, 2019 at 3:56 PM

The right-to-repair movement is gaining traction in the U.S. as many states are considering legislation that would allow consumers and third parties to repair electronic equipment without voiding manufacturer’s warranties. The issue has even crept into presidential politics, as several candidates are taking up the cause, and organizations like securepairs.org are gaining grassroot followers.

The right-to-repair idea itself is pretty simple. Legislation under consideration would require manufacturers to make repair resources — that is, the same manuals and components that authorized service and maintenance partners receive —available to consumers. This would in turn give them the ability to fix their property – be it through parts, software or a network of third-party resources, not just designated manufacturer partners.

Opponents, on the other hand, argue that opening up this proprietary information to the public is an attack on the manufacturers’ Intellectual Property rights and makes them vulnerable to counterfeiting and reverse engineering. They also argue that third-party repairs could be unsafe for consumers and technicians—for example, with respect to repairing electronics that use lithium-ion batteries.

The right to repair legislation "would force all electronics manufacturers to reveal sensitive technical information about thousands of Internet-connected products including security cameras, computers, smart home devices, video game platforms, smartphones and more -- putting consumers and their data at risk," wrote Earl Crane, a senior cybersecurity fellow at the University of Texas, Austin. He added that manufacturers "would have to share codes, tools, and supply chain access to anyone who purchases a product."

Opponents also argue that giving the “keys to the kingdom” to the public opens the door for malicious actors who would then have the ability to tamper with these devices for any number of nefarious purposes.

Securepairs.org refutes that argument by dismissing the notion of security through obscurity, an assumption that obscurity equates or enhances security. A robust system, they say, will still be secure even if people know how it works. Releasing repair manuals and spare parts shouldn’t undermine an already sound smartphone. The group further argues that right-to-repair laws would make devices safer by allowing consumers to quickly replace failing parts or update buggy software.

Their argument against security by obscurity, of course, is based on the core principle of modern information security, first articulated by the Dutch cryptographer Auguste Kerckhoffs. He stated that a “cryptosystem should be secure even if everything about the system, except the key, is public knowledge” (Kerckhoffs’ Principle). Verifiable security is the product of secure design and thorough testing and improvement, not secrecy. Systems that rely on secrecy rather than provable security are destined to fail.

Kerkhoffs’ Principle is well known to Wibu-Systems, as it is the foundation upon which our award-winning Blurry Box cryptography was built to protect software from hackers. The basic principles of Blurry Box cryptography are the use of one or more secure keys in a dongle and the fact that software is typically complex. Its goal is to make the effort required to illicitly copy software higher than the effort needed to completely rewrite the same software. Blurry Box cryptography uses seven published methods that greatly increase the complexity and time required for an attack to be successful. In the end, it would be easier and less expensive for the would-be attacker to develop similar software from scratch.

We don’t know how the Right to Repair movement will progress, but if you would like to know more about Kerckhoffs’ Principle and how it is used to protect software, visit our website or download a white paper, Blurry Box Encryption Scheme and why it Matters to Industrial IoT.

Login or register now and enjoy all the benefits of a community!

To get the whole functionality of IndustryArena Forum you need to login or register. This process is absolutely free.

Password forgotten?
Contact request
Guest Photo
Your message
The controller within the meaning of Art. 4(7) GDPR is: IndustryArena GmbH, Schneiderstr. 6, 40764 Langenfeld, Germany.
You may reach our data protection officer under [email protected].

Purpose of processing
We process your personal data concerning the use of the contact form and the communication with the company of the newsroom as well as the transmission of your data to this company in accordance to Art. 6 (1a) GDPR. This constitutes a legitimate interest for us in accordance to Art. 6 (1f) GDPR.

Recipient of the data
Within our organization, those units gain access to your data, which are necessary to fulfil the above purposes.
Personal data will only be transmitted to third parties if this is necessary for the aforementioned purposes or if another legal basis exists. If necessary, we conclude the corresponding data protection agreements with third parties, in particular pursuant to Art. 28 GDPR.

Data storing
Your data will be transmitted to the company of the newsroom for further processing. The period of storing is the duration of the processing of your request by the respective company.

Select contact person

Newsroom Logo

Design options

  • Title text color:
  • Content background:
  • Content text color:
  • Navigation background:
  • Tab text color:
  • Active tab text color:
  • Link text color:
  • Active link text color:
  • Background image Background color:

    How do you want to position the background-image?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the background image

  • Banner

    How do you like to align the banner?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the banner

  • Skyscraper

    Set the link for the skyscraper

Please note:

Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.