HoneyTree: Making Honeywords Sweeter

Das, Kuntal
Jafarian, Jafar Haadi
Gethner, Ellen
Dincelli, Ersin
Bekman, Thomas
Journal Title
Journal ISSN
Volume Title
Cyber deception is an area of cybersecurity based on building detection systems and verification models using decoys or controlled misinformation to confuse or misdirect the adversaries into revealing their presence and/or intentions. In the era of online services where our data is usually protected on the cloud relying on a secret key, even the most secure cyber systems can get compromised, losing highly confidential data to the attackers, including hashed passwords that can be cracked offline. Prior work has been done in carefully placing traps in the systems to detect intrusion activities. The Honeywords project by Juels and Rivest is the most straightforward and successful technique in detecting and deterring offline-password brute force by placing multiple plausible decoy passwords together along with the real password. In this paper, we enhance this approach and combine it with the concept of Merkle tree to build a new model called HoneyTree. Our model achieves twice the level of security as the Honeywords project at the same storage cost. We perform a detailed comparison of our approach to the original Honeywords project and analyze its pros and cons.
Cyber Systems: Their Science, Engineering, and Security, cyber deception, hash inversion, honeywords, passive adversary detection
Access Rights
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.