Honey Encryption, this is the name for a new approach to encryption to deceive attackers by presenting them with fake data presented by the independent researcher Ari Juels. Ari Juels, who has worked as chief scientist at computer security company RSA, proposed a new approach for cryptography to improve protection of sensitive data based on deception. He has already worked to similar project with the mythic Ron Rivest, one of the inventors of the RSA, for the development of the Honey Words, a system to protect password databases by also padding them with fake passwords.
“Decoys and deception are really underexploited tools in fundamental computer security,” said Juels.
Juels in collaboration with Thomas Ristenpart of the University of Wisconsin, has developed a new encryption system, which implements a deception technique by serving up fake data in response to every incorrect guess of the password or encryption key. If the attacker fails to provide the decryption key the original data should will be disguised, the method avoids, in case of a data breach, that hackers decrypt the encrypted stashes of sensitive data.
“Each decryption is going to look plausible,” “The attacker has no way to distinguish a priori which is correct.” says Juels.
A particular attention must be reserved to the protection of password manager applications, these software are used to store the entire collection of user’s password, but user use to protect them with a weak master password easy to guess with a password cracker tool. Principal doubts on the Honey Encryption relate to its capability to generate believable fakes for every set of data.
“Not all authentication or encryption systems yield themselves to being ‘honeyed.’” said Hristo Bojinov, CEO and founder of mobile software company Anfacto.
The honey Encryption technique will be presented at the next Eurocrypt cryptography conference by the two researchers.
(Security Affairs – Honey Encryption, encryption)
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
This website uses cookies.