Communications of the ACM
'honey Encryption' Will Bamboozle Attackers With Fake Secrets
Honey Encryption, a new approach to cryptography, makes it difficult for hackers to determine when they have correctly deciphered a password or encryption key.
Credit: Matt Chase
Independent researcher Ari Juels and the University of Wisconsin's Thomas Ristenpart have developed an approach to cryptography called Honey Encryption that makes it difficult for hackers to determine when they have correctly deciphered a password or encryption key. If an incorrect key is used, the Honey Encryption software produces fake data that looks similar to actual data.
"Decoys and deception are really underexploited tools in fundamental computer security," Juels says.
Conventional cryptographic systems enable hackers to immediately recognize an incorrect guess because the key will generate a string of gibberish.
Juels also is developing a Honey Encryption-based system to guard password manager services, which store all of a person's various passwords in an encrypted form and rely on a single master password to automatically enter users into websites.
Juels says many users do not choose secure passwords for password manager services, making them an appealing target for hackers. Although some experts warn that it is not always possible to know the encrypted data in sufficient detail to produce believable fakes, Juels says adequate leaked password collections exist to create convincing alternatives.
He is now developing a fake password vault generator required to protect password managers using Honey Encryption.
From Technology Review
View Full Article
Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA
No entries found