SlideShare a Scribd company logo

Honey encryption

S
SahadebBarman

The new ara of password-based encryption.

Technology
1 of 14
Download to read offline
Honey Encryption: Encryption beyond the Brute-Force Barrier by Ari Juels and Thomas Ristenpart Presented by Sahadeb Barman April, 2020 by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
Content Introduction Background Honey Encryption Advantage and Disadvantages Conclusion by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
Introduction Created by Ari Juels and Thomas Ristenpart in 2014. Honey encryption is a type of data encryption that ”produces a cipher text, which, when decrypted with an incorrect key as guessed by the attacker, presents a plausible-looking yet incorrect plain text password or encryption key. by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
Background: Problems with Password-Based Encryption Most widely used encryption technique. Consist of two main functions, encryption and decryption function. Let M is a message to be encrypt, E()is encrption function, D() is dcryption function and K is key used for encryption and decryption. CipherText, C = E(M, K) PlainText, M = D(C, K) Authenticated if password is correct. Gives an error message or failed message if password is incorrect. Gives hint to the attackers about the key. by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
Background: The Vulnerability of Weak Passwords User created passwords are easy to remember and easy to guess. A study by Moshe Zviran William J. Haga suggested that characteristics of user created passwords did not change in the internet era over the time. Passwords are still weak and easy to guess, mainly because users keep employing predictable patterns and common words such as names, birth date. For example weak passwords are name@YearOfBirth, name@MobileNumber etc. Venerable for brute force attacks by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
Background: Password Cracking Tool Password cracking tools are used to crack password from password hash. Depending on the working principle, there are many password cracking tools are available for free to use, like Hydra, John The Ripper, Rainbow-Crack etc. knowledge of how users typically compose their passwords by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
Honey Encryption: Why to use Honey Encryption Protects from brute force attacks. Honey Encryption(HE) generates valid looking but fake output on every incorrect key used. This makes difficult for an attacker who is carrying out a brute force attack to know if he has correctly guessed a password or encryption key by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
Honey Encryption: DTE Distribution Transforming Encoders(DTE), the hurt of Honey Encryption It maps the message space into seed space To maps the message space, DTE consider the probability distribution of the message space. According to probability distribution, it assigns a corresponding ratio of bit strings to the message. Every message should maps to at least one seed value. by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
Honey Encryption: Constructing DTE Suppose Bob wants to encrypt his favorite ice cream flavor M=”chocolate”, to send to Alice as a hint for his birthday. Bob looks up surveys on favorite ice cream flavors and finds that one-half of the respondents favored vanilla, one-fourth chose chocolate and one-fourth preferred strawberry. Bob thus constructs a favorite-ice-cream DTE that maps messages {”Vanilla”,”Chocolate”, ”Strawberry”} into the space of two bit string {00,01,10,11} by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
Honey Encryption: Algorithms Encryption HEncrypt(M, K) : S ← HEncode(M) R ← {0, 1}n ¯S ← H(R, K) C ← ¯S ⊕ S Return R, C Decryption HDcrypt(K, (R, C)) : ¯S ← H(R, K) S ← C ⊕ ¯S M ← HDcode(S) Return M . by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
Honey Encryption: Examples Examples From Figure 1 DTE table, message M=”Chocolate” and seed S ← HEncode(”Chocolate”)=01 , assume key K=1001. Encryption by Bob HEncrypt(M, K) : R ← {0, 1}4 = 1000 ¯S ← H(1000, 1001) = 10 C ← ¯S ⊕ S = (10 ⊕ 01) = 11 Decryption by Alice HDcrypt(K, (R, C)) : ¯S ← H(1000, 1001) = 10 S ← C ⊕ ¯S = 11 ⊕ 10 = 01 M ← HDcode(S) = HDecode(01) = ”Chocolate” . Decryption by Eve HDcrypt(K, (R, C)) : ¯S ← H(1000, 1101) = 11 S ← C ⊕ ¯S = 11 ⊕ 11 = 00 M ← HDcode(S) = HDecode(00) = ”Strawberry” by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
Honey Encryption:Advantages and Disadvantages Advantages The main advantage of the honey encryption over the tradition PBE is that the honey encryption avoids the brute force attack completely. It generates plausible-looking but wrong output on every incorrect key. Makes attacker confuse between valid and invalid output. Which stops attacker for further trying for brute-force attacks. Disadvantages Some times it may leaks sensitive data from message space. by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
Honey Encryption: Conclusion The current Password Based Encryption technique is not more secure from Brute-Force attacks as modern computer powers are increasing day by day. It is easy for an attacker to determine whether the guessed key is correct or not by looking at the output of the decryption process. Honey Encryption countermeasures the problem by producing valid looking but vogues output on every incorrect key entered by advisory. by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
Thank you

Recommended

Honey Encryption
Honey EncryptionHoney Encryption
Honey Encryptionshiriskumar
 
Cryptography
CryptographyCryptography
CryptographySagar Janagonda
 
Overview of cryptography
Overview of cryptographyOverview of cryptography
Overview of cryptographyRoshan Chaudhary
 
Cryptography
CryptographyCryptography
Cryptographyokolo chukwudumebi prince
 
Cryptography
CryptographyCryptography
Cryptographysubodh pawar
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithmBob Landstrom
 
Cryptography
CryptographyCryptography
Cryptographyjayashri kolekar
 
substitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptxsubstitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptxGauriBornare1
 

Recommended

Honey Encryption
Honey EncryptionHoney Encryption
Honey Encryptionshiriskumar
 
Cryptography
CryptographyCryptography
CryptographySagar Janagonda
 
Overview of cryptography
Overview of cryptographyOverview of cryptography
Overview of cryptographyRoshan Chaudhary
 
Cryptography
CryptographyCryptography
Cryptographyokolo chukwudumebi prince
 
Cryptography
CryptographyCryptography
Cryptographysubodh pawar
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithmBob Landstrom
 
Cryptography
CryptographyCryptography
Cryptographyjayashri kolekar
 
substitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptxsubstitution and transposition techniques_ppt.pptx
substitution and transposition techniques_ppt.pptxGauriBornare1
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
Cryptography
CryptographyCryptography
CryptographyShivanand Arur
 
Cryptography
CryptographyCryptography
CryptographyKalyani Government Engineering College
 
Cryptography
CryptographyCryptography
CryptographyIGZ Software house
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking pptHarsh Kevadia
 
Basic cryptography
Basic cryptographyBasic cryptography
Basic cryptographyPerfect Training Center
 
Cryptography
CryptographyCryptography
Cryptographyresearch30
 
cryptography
cryptographycryptography
cryptographyAbhijeet Singh
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptkusum sharma
 
Ch11 Basic Cryptography
Ch11 Basic CryptographyCh11 Basic Cryptography
Ch11 Basic CryptographyInformation Technology
 
Information security
Information security Information security
Information security AishaIshaq4
 
Encryption
EncryptionEncryption
Encryptionvasanthimuniasamy
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Symmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.pptSymmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.pptHassanAli980906
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolschrizjohn896
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 

More Related Content

What's hot

Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking pptHarsh Kevadia
 
Information security
Information security Information security
Information security AishaIshaq4
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Symmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.pptSymmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.pptHassanAli980906
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolschrizjohn896
 

What's hot (20)

Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking ppt
 
Basic cryptography
Basic cryptographyBasic cryptography
Basic cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
cryptography
cryptographycryptography
cryptography
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Ch11 Basic Cryptography
Ch11 Basic CryptographyCh11 Basic Cryptography
Ch11 Basic Cryptography
 
Information security
Information security Information security
Information security
 
Encryption
EncryptionEncryption
Encryption
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
 
Symmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.pptSymmetric and Asymmetric Encryption.ppt
Symmetric and Asymmetric Encryption.ppt
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Password Attack
Password Attack Password Attack
Password Attack
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
 

Recently uploaded

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Recently uploaded (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Honey encryption

  • 1. Honey Encryption: Encryption beyond the Brute-Force Barrier by Ari Juels and Thomas Ristenpart Presented by Sahadeb Barman April, 2020 by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
  • 2. Content Introduction Background Honey Encryption Advantage and Disadvantages Conclusion by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
  • 3. Introduction Created by Ari Juels and Thomas Ristenpart in 2014. Honey encryption is a type of data encryption that ”produces a cipher text, which, when decrypted with an incorrect key as guessed by the attacker, presents a plausible-looking yet incorrect plain text password or encryption key. by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
  • 4. Background: Problems with Password-Based Encryption Most widely used encryption technique. Consist of two main functions, encryption and decryption function. Let M is a message to be encrypt, E()is encrption function, D() is dcryption function and K is key used for encryption and decryption. CipherText, C = E(M, K) PlainText, M = D(C, K) Authenticated if password is correct. Gives an error message or failed message if password is incorrect. Gives hint to the attackers about the key. by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
  • 5. Background: The Vulnerability of Weak Passwords User created passwords are easy to remember and easy to guess. A study by Moshe Zviran William J. Haga suggested that characteristics of user created passwords did not change in the internet era over the time. Passwords are still weak and easy to guess, mainly because users keep employing predictable patterns and common words such as names, birth date. For example weak passwords are name@YearOfBirth, name@MobileNumber etc. Venerable for brute force attacks by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
  • 6. Background: Password Cracking Tool Password cracking tools are used to crack password from password hash. Depending on the working principle, there are many password cracking tools are available for free to use, like Hydra, John The Ripper, Rainbow-Crack etc. knowledge of how users typically compose their passwords by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
  • 7. Honey Encryption: Why to use Honey Encryption Protects from brute force attacks. Honey Encryption(HE) generates valid looking but fake output on every incorrect key used. This makes difficult for an attacker who is carrying out a brute force attack to know if he has correctly guessed a password or encryption key by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
  • 8. Honey Encryption: DTE Distribution Transforming Encoders(DTE), the hurt of Honey Encryption It maps the message space into seed space To maps the message space, DTE consider the probability distribution of the message space. According to probability distribution, it assigns a corresponding ratio of bit strings to the message. Every message should maps to at least one seed value. by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
  • 9. Honey Encryption: Constructing DTE Suppose Bob wants to encrypt his favorite ice cream flavor M=”chocolate”, to send to Alice as a hint for his birthday. Bob looks up surveys on favorite ice cream flavors and finds that one-half of the respondents favored vanilla, one-fourth chose chocolate and one-fourth preferred strawberry. Bob thus constructs a favorite-ice-cream DTE that maps messages {”Vanilla”,”Chocolate”, ”Strawberry”} into the space of two bit string {00,01,10,11} by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
  • 10. Honey Encryption: Algorithms Encryption HEncrypt(M, K) : S ← HEncode(M) R ← {0, 1}n ¯S ← H(R, K) C ← ¯S ⊕ S Return R, C Decryption HDcrypt(K, (R, C)) : ¯S ← H(R, K) S ← C ⊕ ¯S M ← HDcode(S) Return M . by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
  • 11. Honey Encryption: Examples Examples From Figure 1 DTE table, message M=”Chocolate” and seed S ← HEncode(”Chocolate”)=01 , assume key K=1001. Encryption by Bob HEncrypt(M, K) : R ← {0, 1}4 = 1000 ¯S ← H(1000, 1001) = 10 C ← ¯S ⊕ S = (10 ⊕ 01) = 11 Decryption by Alice HDcrypt(K, (R, C)) : ¯S ← H(1000, 1001) = 10 S ← C ⊕ ¯S = 11 ⊕ 10 = 01 M ← HDcode(S) = HDecode(01) = ”Chocolate” . Decryption by Eve HDcrypt(K, (R, C)) : ¯S ← H(1000, 1101) = 11 S ← C ⊕ ¯S = 11 ⊕ 11 = 00 M ← HDcode(S) = HDecode(00) = ”Strawberry” by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
  • 12. Honey Encryption:Advantages and Disadvantages Advantages The main advantage of the honey encryption over the tradition PBE is that the honey encryption avoids the brute force attack completely. It generates plausible-looking but wrong output on every incorrect key. Makes attacker confuse between valid and invalid output. Which stops attacker for further trying for brute-force attacks. Disadvantages Some times it may leaks sensitive data from message space. by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020
  • 13. Honey Encryption: Conclusion The current Password Based Encryption technique is not more secure from Brute-Force attacks as modern computer powers are increasing day by day. It is easy for an attacker to determine whether the guessed key is correct or not by looking at the output of the decryption process. Honey Encryption countermeasures the problem by producing valid looking but vogues output on every incorrect key entered by advisory. by Ari Juels and Thomas Ristenpart Honey Encryption: Encryption beyond the Brute-Force BarrierPresented by Sahadeb Barman April, 2020