Over the last year hackers have made a number of high-profile data grabs: 150 million usernames and passwords from Adobe, 40 million and 1.1 million debit and credit card numbers from Target and Neiman Marcus respectively. The scale and frequency of these thefts make it seem like there’s little we can do to stop determined hackers from walking off with our personal data. But an article today in the MIT Technology review explains a new and potentially more effective kind of digital security: Rather than trying to block hackers, maybe it’s better to distract them.
The approach is built into a new piece of software called Honey Encryption, created by Ari Juels and Thomas Ristenpart, and it works on a simple model. After hackers steal a trove of encrypted data, they hunker down to crack the code. It can take them thousands of tries before they’re able to guess the right cryptographic key, and Honey Encyyption makes them pay for each failed attempt. Each time hackers enter the wrong password, Honey Encryption adds a piece of fake data to the dataset—by the time hackers finally get access to the data, it’s swimming with so many fake credit card numbers, for example, they’ll have no idea which ones are real.
The main limit of Honey Encryption is that it doesn’t work for all situations, because with some kinds of data, it’s hard to generate entries that are believably fake. Or, as Hristo Bojiov, a tech CEO, told the MIT Technology Review, “Not all authentication or encryption systems yield themselves to being ‘honeyed.’”
Still, Honey Encryption embodies a fun strategy, one that’s familiar to parents of young children: You can spend all day telling them not to touch the dog bowl, or you can get them interested in something else.
The author is solely responsible for the content.
Leon Neyfakh is the staff writer for Ideas. Amanda Katz is the deputy Ideas editor. Stephen Heuser is the Ideas editor.
Guest blogger Simon Waxman is Managing Editor of Boston Review and has written for WBUR, Alternet, McSweeney's, Jacobin, and others.
Guest blogger Elizabeth Manus is a writer living in New York City. She has been a book review editor at the Boston Phoenix, and a columnist for The New York Observer and Metro.
Guest blogger Sarah Laskow is a freelance writer and editor in New York City. She edits Smithsonian's SmartNews blog and has contributed to Salon, Good, The American Prospect, Bloomberg News, and other publications.
Guest blogger Joshua Glenn is a Boston-based writer, publisher, and freelance semiotician. He was the original Brainiac blogger, and is currently editor of the blog HiLobrow, publisher of a series of Radium Age science fiction novels, and co-author/co-editor of several books, including the story collection "Significant Objects" and the kids' field guide to life "Unbored."
Guest blogger Ruth Graham is a freelance journalist in New Hampshire, and a frequent Ideas contributor. She is a former features editor for the New York Sun, and has written for publications including Slate and the Wall Street Journal.
Joshua Rothman is a graduate student and Teaching Fellow in the Harvard English department, and an Instructor in Public Policy at the Harvard Kennedy School of Government. He teaches novels and political writing.