Weekly Word Wednesday – Honey Encryption

With the frequency of data leaks increasing, cyber criminals are getting more and more practice with decrypting the data and making use of what they obtain. An independent researcher in the computer security field, Ari Juels, has a new idea for data encryption called “Honey Encryption” that has recently created quite the buzz in the security community. Here’s an idea of how the new encryption method would work:

  1. Deception – Once the encrypted data has fallen into the wrong hands, there are many methods and software products available to guess the password or key protecting the data. In honey encryption, each incorrect guess gives the hacker a fake piece of data in the same form of the real data they are trying to access, as opposed to the garbled chunk of data they usually see, signaling that they did not guess correctly.
  2. Layering – If the criminal does eventually guess the correct key, the real data will be indistinguishable from all of the fake data generated by the incorrect attempts.
  3. Fake Data Generation – Due to the number of data leaks, fake data will be generated by utilizing a collection of previously leaked data. Juels believes that being able to use passwords and data created by real people will be able to throw off criminals completely or at least delay their next attempts.

Although it may not be easy to generate fake data for all of a mobile device’s real data, much of the information that consumers consider most important, such as usernames and passwords, PINs and credit card numbers, should be easily encrypted with this new honey method. One thing is for sure: honey encryption is bringing a whole new approach to defense against data theft.