Security Decoys
It’s the biggest nightmare of anyone who uses e-commerce, e-banking, or simply surfs the Internet…criminals decrypting passwords and accessing sensitive information. Now a new encryption system uses a simple, but effective, method to foil would-be hackers at their own game – deception.
Typically, hackers use software programs to generated thousands of “guesses” to passwords or cryptographic keys. A wrong guess sends back garbled information, but a correct one produces a recognizable piece of data, which tells them they’ve unlocked the key.
Known as Honey Encryption, the new approach “fakes out” the software by generating a recognizable (but fake) piece of data every time an attempt is made. In other words, if an attacker tries 10,000 times to access your credit card number, they’ll get 10,000 fake numbers back, with no way of telling whether or not they’re real. The same concept could be applied to password vaults, where unlocking a single password could grant a hacker access to a number of secure locations.
For information: Ari Juels; email: ajuels@gmail.com; Web site: www.ariuels.com
Thomas Ristenpart, University of Wisconsin, Department of Computer Science, 7387 Computer Sciences & Statistics, 1210 Dayton Street, Madison, WI 53706; phone: 608-262-7971; email: rist@cs.wisc.edu; Web site: www.wisc.edu