Detecting Data Breaches with Honeywords

Data breaches and security issues related to information leakage are a subject that has been making headlines in recent times. When a data breach happens, cybercriminals obtain information associated with a person or a large group of people. Data exposed by crooks is considered sensitive and often corresponds to personal emails, usernames, and password representations (generally, hash keys), when there is adequate security protection of user’s information.

Often, cybercriminals obtain the password representation easily, and the cracking schema is commonly known: trying to guess the password behind the cryptographic hash through some documented techniques within the password cracking landscape, for instance, using rainbow tables and brute-force attacks. For this reason, the username-password authentication method is considered poor since that criminals can easily access the user’s secret password.

Honeywords can be highlighted at this point. Initially described by Ari Juels of RSA Labs and MIT Professor Ronald L. Rivest, that refer the following: “We propose a simple method for improving the security of hashed passwords: the maintenance of additional “honeywords” (false passwords) associated with each user’s account” [1].

The term honeywords is very similar to a honeypot, where fake servers are created to fool cybercriminals, and cause them to attack the wrong server. Typically, this mechanism is used to help system administrators to detect more widespread security artifacts inside a network or a system.

According to the authors, with the use of honeywords
an adversary who steals a file of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword [1].

Therefore, if an attacker obtains a fake password (honeyword) during the cracking process and tries to authenticate the false password into the system, the attempt will be flagged as an unlawful activity, and an alarm will be triggered to (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Pedro Tavares. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/KbA435E_tRc/