Every time we turn around, it seems, we read that hackers have penetrated another company’s supposedly “impenetrable” servers.
Currently, Target and other department stores are dealing with the aftermath of a very public data breach that may ultimately cost consumers billions of dollars.
Another high-profile attack happened last year when hackers gained access to Adobe’s servers and stole user information for 150 million users. And the list goes on and on. But these data breaches may soon be a thing of the past.
Researchers have created a new tool called Honey Encryption, and it’s anything but sweet for criminals who want to get their hands on sensitive customer data.
When hackers access company servers, they are able to download encrypted files. As you probably know, encryption is one of the best ways to protect data.
These encrypted files are gibberish without the right encryption key. The correct encryption key turns this encrypted information back into readable data.
Some hackers have access to sophisticated software programs that can figure out encryption keys. Given enough time, this software can try hundreds of millions of encryption keys until it finds one that works.
How does the software know when it’s found the right encryption key? It’s simple: the gibberish turns into real data.
Once the hacker sees that the encrypted gibberish is readable data, he knows that he’s found the right encryption key.
This is called a brute force attack, and up until now, there’s been no way to protect against such an attack.
Enter Honey Encryption.
If Honey Encryption software has been used to protect encrypted data, a hacker won’t know if he has correctly guessed the encryption key or not. Normally, an incorrect guess would return a garbled mess.
But with Honey Encryption software, an incorrect guess returns fake, but legitimate-looking, information.
The attacker would have no idea if they have been able to access real or fake data. And that’s the point.
Even if the attacker figures out the correct encryption key, he would never know what data was correct because he wouldn’t be able to tell it apart from the fake data.
The Future of Encryption?
Former RSA Security chief scientist Ari Juels and Thomas Ristenpart of the University of Wisconsin came up with the idea of Honey Encryption, and the duo plans to formally roll it out at the Eurocrypt conference in Copenhagen this spring.
While it is important to use strong encryption standards to protect sensitive data, Honey Encryption could provide an extra layer of protection for sensitive customer information. By using Honey Protection, businesses would be able to protect themselves against these kinds of data breaches.
And this would make our digital world a better (and much safer) place.