Honey Encryption deceives attackers with fake data

  • 13 February 2014
  • 0 replies
  • 226 views

Userlevel 7
Badge +52
Honey Encryption is the name of a new approach to encryption, elaborated by the independent researcher Ari Juels, based on misleading results.

Honey Encryption, this is the name for a new approach to encryption to deceive attackers by presenting them with fake data presented by the independent researcher Ari Juels. Ari Juels, who has worked as chief scientist at computer security company RSA, proposed a new approach for cryptography to improve protection of sensitive data based on deception. He has already worked to similar project with the mythic Ron Rivest, one of the inventors of the RSA, for the development of the Honey Words, a system to protect password databases by also padding them with fake passwords.
 
“Decoys and deception are really underexploited tools in fundamental computer security,” said Juels.
 
Juels in collaboration with Thomas Ristenpart of the University of Wisconsin, has developed a new encryption system, which implements a deception technique by serving up fake data in response to every incorrect guess of the password or encryption key. If the attacker fails to provide the decryption key the original data should will be disguised, the method avoids, in case of a data breach, that hackers decrypt the encrypted stashes of sensitive data.

The hackers use automated tools to guess passwords, usually wrong key produces a “garbled mess, not a recognizable piece of raw data”, but adopting the Honey Encryption data appears as legitimate deceiving the criminals. The principle behind the Honey Encryption software is the generation of a piece of fake data resembling the legitimate data. The Honey Encryption could invalidate the brute forcing practice, for each attempt the method provides a false set of data impossible to distinguish from the original.
Full Article

0 replies

Be the first to reply!

Reply