SlideShare a Scribd company logo

Honey Encryption

S
shiriskumar

This is an implementation of Honey Encryption. The term was tossed by Ari Juels(RSA Labs) & Ronald L. Rivest(MIT CSAIL) during the presentation of The Password That Never Was at Harvard's Center for Research on Computation and Society (CRCS)(2014).

Education
1 of 26
Honey Encryption Security Beyond the Brute-Force Bound
Good News & Bad News about Password Breaches Good News: When I’m giving a talk about password breaches, a convenient example crops up. -September, 2014: JPMorgan Chase & Co. Lost 83 million Passwords! Bad News: It’s all Bad News! 400 Passwords Lost 13, Oct 2014 +5Million Passwords 8, Sept 2014 145Million Passwords 19, May 2014 273Million Passwords 31, Jan 2014
General Industrial Password Protection Convention Alice P = “myacc0uNt” H H(P)
To Verify an Incoming Password… Alice P’ H H(P)H(P’) ==
Human Weakness in Password Selection Why do humans tend to select easy passwords? •Easy to remember •Has to login into multiple devices regularly •Mobile Device Keyboards are small How are Password Breachers Advancing? •State-of-art of cracking tools have advanced •They use previously breached password lists for Brute Force attack •Implementation of Distributed System for Password Cracking (Ex: AWS)
Adversarial Game : Always Wins Alice Alice,”P” H(P)H(P’) == Steps: 1.Server Compromise : Active Attack 2.Snapshot 3.Offline Brute Force Attack
State-of-Art of Cracking S/W: Advanced Human Made Passwords Crackers use previously breached passwords to fasten the process of Brute-Force attack Resource is no more a constraint Crackers use Distributed Systems (ex. A.W.S.) to crack the huge database of hashed passwords
Honeywords Alice: P1 P2 . Pi = P . . Pn TRUE PASSWORD
Honeywords Alice: P1 P2 . Pi = P . . Pn HONEYWORDS (DECOYS)
Honeywords Alice: P1 P2 . Pi = P . . Pn SWEET WORDS {{
Adversarial Game : Guessing Alice: P1 P2 . Pi = P . . Pn What is “i” ? Alice,”Pj”
Adversarial Game : Guessing Alice: myPassw0rd heyItsme! qwerty admin 123456 Jesus lov3y0u Which is the Password ?
Honeyword Design Questions Verification How do we check if the submitted password (P’) is the correct password (P)? How is index i verified without storing i alongside passwords? Generation How are Honeywords generated? How do we make bogus password look real?
Honeywords: Verification COMPUTER SYSTEM Alice’s Password Index i HONEYCHECKER Alice P Alice: P1 P2 . . Pi . . PN i
Honeywords: Verification COMPUTER SYSTEM Alice’s Password Index i HONEYCHECKER Alice Pj Alice: P1 P2 . . Pi . . PN j
Honeywords: Verification Rule Case I : If true password (P) is submitted then the user is authenticated Case II : If a password P’ {P∉ 1,…,Pn} is submitted then it is treated as a normal password authentication failure. Case III : If a Honeyword (Pj ≠ Pi) is submitted, an alarm is raised by the Honeychecker. •This is likely to happen only after a breach! •Honeywords (if properly chosen) will rarely be submitted otherwise.
Some nice Design Features COMPUTER SYSTEM HONEYCHECKER COMPUTER SYSTEM transmits the index i of the password •Little modification required. We get the benefits of Distributed System •Compromise of either component isn’t fatal •No single point of compromise •Compromise of both the components brings us back to Hashing Case Honeychecker can be offline If a breach occurs when Honeychecker is offline the Computer System’s Cache can still store the activity logs.
Honeyword: Generation Method 1 : Chaffing Method Idea: Repurpose Cracker as a Generator Generate passwords form previously breached passwords. Ex. Rockyou, darkc0de Database Blink123 Graph128 Blink128 12345 letmein123 Method 2 : Chaffing by tweaking Idea: Tweak passwords to generate honeywords. Reacher found users tweak password during reset. letmein3211 letmein3212 letmein3213 letmein3214 letmein3215 Method 3 : Assigning ones password as Honeyword to other random user
Client Side : Sign Up & Sign In - Sequence
Administrator’s Dashboard
Password Breach Scenario Breacher uploads Hashed passwords to AWS to crack 20 Passwords for 1 User ID…!!! Let me try… User ID : shiris Password : hello User ID : shirisUser ID : shiris Password : helloPassword : hello Finally cracked one account! Let’s go for the next one…
Administrator Notified
SEQUENCE Diagram
Modules • User Interface + Dashboard • Honey Checker • Honey-word Generator (Chaffing, Chaffing by Tweaking, Previously Used Password) • Client Analytics
ANY QUERIES ?
Thank You!  Project Guide: Mr. V. Srinadh Assistant Professor (Dept. of CSE.) Team Members: 1. T. Vandana (11341A05A4) 2. R. Pavani (11341A0590) 3. Shiris Kumar (11341A05A0) 4. K. Vijay Durga Prasad (12345A0517)

Recommended

Honey encryption
Honey encryption Honey encryption
Honey encryption SahadebBarman
 
Blow fish final ppt
Blow fish final pptBlow fish final ppt
Blow fish final pptAjay AJ
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Basic cryptography
Basic cryptographyBasic cryptography
Basic cryptographyPerfect Training Center
 
One Time Pad Encryption Technique
One Time Pad Encryption TechniqueOne Time Pad Encryption Technique
One Time Pad Encryption TechniqueJohn Adams
 
Confusion and Diffusion.pptx
Confusion and Diffusion.pptxConfusion and Diffusion.pptx
Confusion and Diffusion.pptxbcanawakadalcollege
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 

Recommended

Honey encryption
Honey encryption Honey encryption
Honey encryption SahadebBarman
 
Blow fish final ppt
Blow fish final pptBlow fish final ppt
Blow fish final pptAjay AJ
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
Basic cryptography
Basic cryptographyBasic cryptography
Basic cryptographyPerfect Training Center
 
One Time Pad Encryption Technique
One Time Pad Encryption TechniqueOne Time Pad Encryption Technique
One Time Pad Encryption TechniqueJohn Adams
 
Confusion and Diffusion.pptx
Confusion and Diffusion.pptxConfusion and Diffusion.pptx
Confusion and Diffusion.pptxbcanawakadalcollege
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Trible data encryption standard (3DES)
Trible data encryption standard (3DES)Trible data encryption standard (3DES)
Trible data encryption standard (3DES)Ahmed Mohamed Mahmoud
 
CNS - Chapter1
CNS - Chapter1CNS - Chapter1
CNS - Chapter1JeevananthamArumugam
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksNortheast Ohio Information Security Forum
 
Cryptography
CryptographyCryptography
CryptographyPratiksha Patil
 
Rainbow Tables
Rainbow TablesRainbow Tables
Rainbow TablesPanggi Libersa
 
Graphical Password Authentication
Graphical Password AuthenticationGraphical Password Authentication
Graphical Password AuthenticationDhvani Shah
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & CryptographyArun ACE
 
A Brief History of Cryptography
A Brief History of CryptographyA Brief History of Cryptography
A Brief History of Cryptographyguest9006ab
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Hardik Manocha
 
Advanced encryption standard (aes)
Advanced encryption standard (aes)Advanced encryption standard (aes)
Advanced encryption standard (aes)farazvirk554
 
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherCaesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherMona Rajput
 
Pgp
PgpPgp
Pgpprecy02
 
Base64 Encoding
Base64 EncodingBase64 Encoding
Base64 EncodingJonathan Francis Roscoe
 
Video Steganography
Video SteganographyVideo Steganography
Video SteganographyJames Ridgway
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyBharat Kumar Katur
 
Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalResham Acharya
 
Presentation 3 1 1 1
Presentation 3 1 1 1Presentation 3 1 1 1
Presentation 3 1 1 1Ashwin Kumar
 
Truth and Consequences
Truth and ConsequencesTruth and Consequences
Truth and ConsequencesMohammed Almeshekah
 

More Related Content

What's hot

Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Trible data encryption standard (3DES)
Trible data encryption standard (3DES)Trible data encryption standard (3DES)
Trible data encryption standard (3DES)Ahmed Mohamed Mahmoud
 
Graphical Password Authentication
Graphical Password AuthenticationGraphical Password Authentication
Graphical Password AuthenticationDhvani Shah
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & CryptographyArun ACE
 
A Brief History of Cryptography
A Brief History of CryptographyA Brief History of Cryptography
A Brief History of Cryptographyguest9006ab
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Hardik Manocha
 
Advanced encryption standard (aes)
Advanced encryption standard (aes)Advanced encryption standard (aes)
Advanced encryption standard (aes)farazvirk554
 
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherCaesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherMona Rajput
 
Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalResham Acharya
 

What's hot (20)

Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
 
Trible data encryption standard (3DES)
Trible data encryption standard (3DES)Trible data encryption standard (3DES)
Trible data encryption standard (3DES)
 
CNS - Chapter1
CNS - Chapter1CNS - Chapter1
CNS - Chapter1
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise Networks
 
Cryptography
CryptographyCryptography
Cryptography
 
Rainbow Tables
Rainbow TablesRainbow Tables
Rainbow Tables
 
Graphical Password Authentication
Graphical Password AuthenticationGraphical Password Authentication
Graphical Password Authentication
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
 
A Brief History of Cryptography
A Brief History of CryptographyA Brief History of Cryptography
A Brief History of Cryptography
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentation
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES)
 
Advanced encryption standard (aes)
Advanced encryption standard (aes)Advanced encryption standard (aes)
Advanced encryption standard (aes)
 
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere CipherCaesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
Caesar Cipher , Substitution Cipher, PlayFair and Vigenere Cipher
 
Pgp
PgpPgp
Pgp
 
Base64 Encoding
Base64 EncodingBase64 Encoding
Base64 Encoding
 
Video Steganography
Video SteganographyVideo Steganography
Video Steganography
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Cyber security tips in Banking in Nepal
Cyber security tips in Banking in NepalCyber security tips in Banking in Nepal
Cyber security tips in Banking in Nepal
 

Similar to Honey Encryption

Presentation 3 1 1 1
Presentation 3 1 1 1Presentation 3 1 1 1
Presentation 3 1 1 1Ashwin Kumar
 
Barcamp 2009-Ninjitsu Attack Hack For Fun and Profit
Barcamp 2009-Ninjitsu Attack Hack For Fun and ProfitBarcamp 2009-Ninjitsu Attack Hack For Fun and Profit
Barcamp 2009-Ninjitsu Attack Hack For Fun and ProfitPrathan Phongthiproek
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdfw4tgrgdyryfh
 
Password Storage Sucks!
Password Storage Sucks!Password Storage Sucks!
Password Storage Sucks!nerdybeardo
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Vibrant Event
 
Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012Nick Galbreath
 
Secure Software: Action, Comedy or Drama? (2017 edition)
Secure Software: Action, Comedy or Drama? (2017 edition)Secure Software: Action, Comedy or Drama? (2017 edition)
Secure Software: Action, Comedy or Drama? (2017 edition)Peter Sabev
 
Shoulder Surfing as future technology
Shoulder Surfing as future technologyShoulder Surfing as future technology
Shoulder Surfing as future technologySatish Govindappa
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityGianluca Varisco
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 

Similar to Honey Encryption (20)

Presentation 3 1 1 1
Presentation 3 1 1 1Presentation 3 1 1 1
Presentation 3 1 1 1
 
Truth and Consequences
Truth and ConsequencesTruth and Consequences
Truth and Consequences
 
Barcamp 2009-Ninjitsu Attack Hack For Fun and Profit
Barcamp 2009-Ninjitsu Attack Hack For Fun and ProfitBarcamp 2009-Ninjitsu Attack Hack For Fun and Profit
Barcamp 2009-Ninjitsu Attack Hack For Fun and Profit
 
[EN]THS22_AMM_ishing.pptx
[EN]THS22_AMM_ishing.pptx[EN]THS22_AMM_ishing.pptx
[EN]THS22_AMM_ishing.pptx
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
 
Password Storage Sucks!
Password Storage Sucks!Password Storage Sucks!
Password Storage Sucks!
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Hacking
Hacking Hacking
Hacking
 
Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012Data Driven Security, from Gartner Security Summit 2012
Data Driven Security, from Gartner Security Summit 2012
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Secure Software: Action, Comedy or Drama? (2017 edition)
Secure Software: Action, Comedy or Drama? (2017 edition)Secure Software: Action, Comedy or Drama? (2017 edition)
Secure Software: Action, Comedy or Drama? (2017 edition)
 
Ethichack 2012
Ethichack 2012Ethichack 2012
Ethichack 2012
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Computer security
Computer securityComputer security
Computer security
 
Shoulder Surfing as future technology
Shoulder Surfing as future technologyShoulder Surfing as future technology
Shoulder Surfing as future technology
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on Security
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
 

Recently uploaded

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 

Recently uploaded (20)

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 

Honey Encryption

  • 2. Good News & Bad News about Password Breaches Good News: When I’m giving a talk about password breaches, a convenient example crops up. -September, 2014: JPMorgan Chase & Co. Lost 83 million Passwords! Bad News: It’s all Bad News! 400 Passwords Lost 13, Oct 2014 +5Million Passwords 8, Sept 2014 145Million Passwords 19, May 2014 273Million Passwords 31, Jan 2014
  • 3. General Industrial Password Protection Convention Alice P = “myacc0uNt” H H(P)
  • 4. To Verify an Incoming Password… Alice P’ H H(P)H(P’) ==
  • 5. Human Weakness in Password Selection Why do humans tend to select easy passwords? •Easy to remember •Has to login into multiple devices regularly •Mobile Device Keyboards are small How are Password Breachers Advancing? •State-of-art of cracking tools have advanced •They use previously breached password lists for Brute Force attack •Implementation of Distributed System for Password Cracking (Ex: AWS)
  • 6. Adversarial Game : Always Wins Alice Alice,”P” H(P)H(P’) == Steps: 1.Server Compromise : Active Attack 2.Snapshot 3.Offline Brute Force Attack
  • 7. State-of-Art of Cracking S/W: Advanced Human Made Passwords Crackers use previously breached passwords to fasten the process of Brute-Force attack Resource is no more a constraint Crackers use Distributed Systems (ex. A.W.S.) to crack the huge database of hashed passwords
  • 11. Adversarial Game : Guessing Alice: P1 P2 . Pi = P . . Pn What is “i” ? Alice,”Pj”
  • 12. Adversarial Game : Guessing Alice: myPassw0rd heyItsme! qwerty admin 123456 Jesus lov3y0u Which is the Password ?
  • 13. Honeyword Design Questions Verification How do we check if the submitted password (P’) is the correct password (P)? How is index i verified without storing i alongside passwords? Generation How are Honeywords generated? How do we make bogus password look real?
  • 16. Honeywords: Verification Rule Case I : If true password (P) is submitted then the user is authenticated Case II : If a password P’ {P∉ 1,…,Pn} is submitted then it is treated as a normal password authentication failure. Case III : If a Honeyword (Pj ≠ Pi) is submitted, an alarm is raised by the Honeychecker. •This is likely to happen only after a breach! •Honeywords (if properly chosen) will rarely be submitted otherwise.
  • 17. Some nice Design Features COMPUTER SYSTEM HONEYCHECKER COMPUTER SYSTEM transmits the index i of the password •Little modification required. We get the benefits of Distributed System •Compromise of either component isn’t fatal •No single point of compromise •Compromise of both the components brings us back to Hashing Case Honeychecker can be offline If a breach occurs when Honeychecker is offline the Computer System’s Cache can still store the activity logs.
  • 18. Honeyword: Generation Method 1 : Chaffing Method Idea: Repurpose Cracker as a Generator Generate passwords form previously breached passwords. Ex. Rockyou, darkc0de Database Blink123 Graph128 Blink128 12345 letmein123 Method 2 : Chaffing by tweaking Idea: Tweak passwords to generate honeywords. Reacher found users tweak password during reset. letmein3211 letmein3212 letmein3213 letmein3214 letmein3215 Method 3 : Assigning ones password as Honeyword to other random user
  • 19. Client Side : Sign Up & Sign In - Sequence
  • 21. Password Breach Scenario Breacher uploads Hashed passwords to AWS to crack 20 Passwords for 1 User ID…!!! Let me try… User ID : shiris Password : hello User ID : shirisUser ID : shiris Password : helloPassword : hello Finally cracked one account! Let’s go for the next one…
  • 24. Modules • User Interface + Dashboard • Honey Checker • Honey-word Generator (Chaffing, Chaffing by Tweaking, Previously Used Password) • Client Analytics
  • 26. Thank You!  Project Guide: Mr. V. Srinadh Assistant Professor (Dept. of CSE.) Team Members: 1. T. Vandana (11341A05A4) 2. R. Pavani (11341A0590) 3. Shiris Kumar (11341A05A0) 4. K. Vijay Durga Prasad (12345A0517)