It’s the most brilliant idea in computer security yet and a deviously clever way to defend from hackers attempting to steal personal information.
Give them what they want.
Ari Juels, independent researcher and former chief scientist at RSA, the computer security company, along with Thomas Ristenpart of the University of Wisconsin, has come up with a new encryption system that has a touch of mischief.
How it works is this. The new system, which follows an approach known as Honey Encryption, will produce and deliver to hackers fake pieces of data for every incorrect attempt to guess a password or decrypt protected information.
Typically, hackers know when they have correctly decoded encrypted information. It’s easy to tell because a correct guess will produce a recognizable piece of data while incorrect attempts yield only a garbled mess of code.
However, with Honey Encryption, each guess produces what appears to be a legitimate piece of data. Making it difficult for hackers to know which, if any, piece of data is the real one correctly decrypted.
For example, were a hacker to attempt to decrypt a credit card number, each attempt would return a different card number. Each of the numbers would be fake, but each would look plausible as a real one with nothing to say it isn’t.
Honey encryption will not work as a viable security system for every piece of technology in the world and of course it does have downfalls. One of the most obvious being it won’t take hackers long to realize they are being duped.
If a hacker uses a program to rapidly make 10,000 attempts to decrypt one piece of data and it produces 10,000 positive results, obviously some, if not all, of the results are fake. Hackers won’t be able to tell the difference between the fake and real data, but they will know the system is Honey Encrypted.
But, perhaps that in itself is a deterrent. Hackers are looking for an easy way in to obtain data, and may just move on to the next piece when they realize the one they are working on is Honey Encrypted, and that is not such a bad thing at all.
Often, we see in movies, books and other stories how the heroes deal with the villain by “Giving him more of x than he can handle,” yet seldom does this strategy work in the real world.
It certainly works for hackers though and it has a certain poetic justice to it that makes seem all the more sweet and clever.
It seems such a fitting solution it’s a wonder no one has thought of it before.