It seems like no matter how much companies may try to up their defences, there will always be some industrious young hacker who manages to evade every roadblock in his way. One team of researchers, though, think they may have finally found a way to turn their defence into an attack on the hackers themselves — by spewing fake data at them and sending them drowning.
Currently, hackers will often use software that decrypts encrypted data by guessing hundred of thousands of potential keys. So anytime an incorrect key is tried, the hackers are left with an incomprehensible mess that is distinctly not data and a clear indicator that the key or password was wrong.
Ari Juels, previous chief scientist at computer security company RSA, and Thomas Ristenpart of the University of Wisconsin worked together to develop a different type of encryption device with a twist; any time an incorrect password or encryption key is guessed, the system responds by delivering fake data to the intruder. The string resembles the actual data to the point that attackers won't be able to tell what is and isn't real. So even if/when the hacker guesses the actual password, the real information will be completely lost amongst the mass of bogus data surrounding it.
This doesn't mean that the new Honey Encryption method is totally foolproof, though. As MIT Tech Review notes:
Hristo Bojinov, CEO and founder of mobile software company Anfacto, who has previously worked on the problem of protecting password vaults as a security researcher, says Honey Encryption could help reduce their vulnerability. But he notes that not every type of data will be easy to protect this way since it's not always possible to know the encrypted data in enough detail to produce believable fakes. "Not all authentication or encryption systems yield themselves to being 'honeyed.'"
Still, if Honey Encryption works like its creators intend, this will definitely make hackers' jobs infinitely harder if not entirely impossible. And with the number of mass data leaks constantly increasing, we need all the help we can get. [MIT Tech Review]