‘Honey Encryption’ bamboozles hackers with fake data

A new form of encryption called “Honey Encryption” protects data with an added deceptive security mechanism. Fake data that looks like valid information is presented to cybercriminals upon each failed password attempt.

The encryption software, developed by independent researcher and former RSA chief scientist Ari Juels and University of Wisconsin researcher Thomas Ristenpart, generates a piece of fake data resembling the user’s real information each time a hacker fails to access an account, as is common in brute-force hacking. The idea behind “Honey Encryption” is that if the intruder does ultimately enter the correct password and breach the account, the real data will be indistinguishable from the fake data.

“Decoys and deception are really underexploited tools in fundamental computer security,” Juels told MIT Technology Review. “Each decryption is going to look plausible. The attacker has no way to distinguish which is correct.”

Traditional encryption methods obfuscate the data, or make it look unintelligible, so hackers need to make sense of the garbled data after accessing it. At RSA, Juels previously worked on a precursor to “Honey Encryption” called “Honeywords,” which added additional fake passwords to the already encrypted password in a given account.

Juels and Ristenpart will present their paper, “Honey Encryption: Security Beyond the Brute-Force Bound,” at the 2014 Eurocrypt Conference, which takes place on May 11-15 in Copenhagen, Denmark.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s