01-29-2014 12:19 PM
It seems like every other week another high-profile company’s servers are hacked. Last November, for example, Adobe suffered a security breach and as many as 150 million users’ may have been affected. Instead of crying about it, two security researchers are using these data dumps to try to thwart the next attackers, with a clever new method called Honey Encryption, reports MIT Technology Review.
With Honey Encryption, when hackers try to decrypt a secure database, they won’t know if they’ve correctly guessed the encryption key. Normally, an incorrect guess would return a garbled mess. But with Honey Encryption, an incorrect guess will return a fake, but legitimate-looking database that is based in part on the database dumps from previous security breaches.
Security researchers Ari Juels and Thomas Ristenpart developed Honey Encryption because they believed “[decoys] and deception are really underexploited tools in fundamental computer security.”