The 7 Things I Know About Cyber Security After 25 Years | April 2024
Honey encryption
1. Honey Encryption: Encryption beyond the Brute-Force
Barrier
by Ari Juels and Thomas Ristenpart
Presented by
Sahadeb Barman
April, 2020
by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
3. Introduction
Created by Ari Juels and Thomas Ristenpart in 2014.
Honey encryption is a type of data encryption that ”produces a cipher
text, which, when decrypted with an incorrect key as guessed by the
attacker, presents a plausible-looking yet incorrect plain text password
or encryption key.
by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
4. Background: Problems with Password-Based Encryption
Most widely used encryption technique.
Consist of two main functions, encryption and decryption function.
Let M is a message to be encrypt, E()is encrption function, D() is
dcryption function and K is key used for encryption and decryption.
CipherText, C = E(M, K)
PlainText, M = D(C, K)
Authenticated if password is correct.
Gives an error message or failed message if password is incorrect.
Gives hint to the attackers about the key.
by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
5. Background: The Vulnerability of Weak Passwords
User created passwords are easy to remember and easy to guess.
A study by Moshe Zviran William J. Haga suggested that
characteristics of user created passwords did not change in the
internet era over the time. Passwords are still weak and easy to guess,
mainly because users keep employing predictable patterns and
common words such as names, birth date.
For example weak passwords are name@YearOfBirth,
name@MobileNumber etc.
Venerable for brute force attacks
by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
6. Background: Password Cracking Tool
Password cracking tools are used to crack password from password
hash.
Depending on the working principle, there are many password
cracking tools are available for free to use, like Hydra, John The
Ripper, Rainbow-Crack etc.
knowledge of how users typically compose their passwords
by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
7. Honey Encryption: Why to use Honey Encryption
Protects from brute force attacks.
Honey Encryption(HE) generates valid looking but fake output on
every incorrect key used.
This makes difficult for an attacker who is carrying out a brute force
attack to know if he has correctly guessed a password or encryption
key
by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
8. Honey Encryption: DTE
Distribution Transforming Encoders(DTE), the hurt of Honey
Encryption
It maps the message space into seed space
To maps the message space, DTE consider the probability distribution
of the message space.
According to probability distribution, it assigns a corresponding ratio
of bit strings to the message.
Every message should maps to at least one seed value.
by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
9. Honey Encryption: Constructing DTE
Suppose Bob wants to encrypt his favorite ice cream flavor
M=”chocolate”, to send to Alice as a hint for his birthday.
Bob looks up surveys on favorite ice cream flavors and finds that
one-half of the respondents favored vanilla, one-fourth chose
chocolate and one-fourth preferred strawberry.
Bob thus constructs a favorite-ice-cream DTE that maps messages
{”Vanilla”,”Chocolate”, ”Strawberry”} into the space of two bit
string {00,01,10,11}
by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
10. Honey Encryption: Algorithms
Encryption
HEncrypt(M, K) :
S ← HEncode(M)
R ← {0, 1}n
¯S ← H(R, K)
C ← ¯S ⊕ S
Return R, C
Decryption
HDcrypt(K, (R, C)) :
¯S ← H(R, K)
S ← C ⊕ ¯S
M ← HDcode(S)
Return M
.
by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
11. Honey Encryption: Examples
Examples
From Figure 1 DTE table, message M=”Chocolate” and seed
S ← HEncode(”Chocolate”)=01 , assume key K=1001.
Encryption by Bob
HEncrypt(M, K) :
R ← {0, 1}4 = 1000
¯S ← H(1000, 1001) = 10
C ← ¯S ⊕ S = (10 ⊕ 01) = 11
Decryption by Alice
HDcrypt(K, (R, C)) :
¯S ← H(1000, 1001) = 10
S ← C ⊕ ¯S = 11 ⊕ 10 = 01
M ← HDcode(S) = HDecode(01) =
”Chocolate” .
Decryption by Eve
HDcrypt(K, (R, C)) :
¯S ← H(1000, 1101) = 11
S ← C ⊕ ¯S = 11 ⊕ 11 = 00
M ← HDcode(S) = HDecode(00) = ”Strawberry”
by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
12. Honey Encryption:Advantages and Disadvantages
Advantages
The main advantage of the honey encryption over the tradition PBE
is that the honey encryption avoids the brute force attack completely.
It generates plausible-looking but wrong output on every incorrect key.
Makes attacker confuse between valid and invalid output.
Which stops attacker for further trying for brute-force attacks.
Disadvantages
Some times it may leaks sensitive data from message space.
by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
13. Honey Encryption: Conclusion
The current Password Based Encryption technique is not more secure
from Brute-Force attacks as modern computer powers are increasing
day by day.
It is easy for an attacker to determine whether the guessed key is
correct or not by looking at the output of the decryption process.
Honey Encryption countermeasures the problem by producing valid
looking but vogues output on every incorrect key entered by advisory.
by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020