SlideShare ist ein Scribd-Unternehmen logo
1 von 63
Downloaden Sie, um offline zu lesen
Using Deception to Enhance Security: A
Taxonomy, Model and Novel Uses
Mohammed H. Almeshekah
Thesis Defense
Special Thanks!
• To my advisors:
• Prof. Eugene Spafford
• Prof. Mike Atallah
• To my committee members:
• Prof. Sam Wagstaff
• Prof. Matt Bishop
Introduction
A Holistic Overview of Security
Defenses
Computer System
Defenses
Denial and Isolation
(1) Prevent unauthorized
access.
(2) Hide the existence
and/or the nature of
systems and/or data.
Degradation and
Obfuscation
(1) 	Slow down the
attackers.
(2) 	Prevent and reduce the
recovery.
(3) Obfuscate the value/
nature of systems and/or
data.
(4) 	Create noise around
valuable data.
Deception and Negative
Information
(1) Lead the attackers
astray.
(2) 	Add decoys.
(3) 	Add doubt to the
data obtained by the
adversary.
(4) 	Increase the risk of
attacking computer
systems.
Attribution and Counter
Operation
(1) 	Attributing adversaries.
(2) 	Cause damage to
attackers.
(3) Increase overall risk in
attacking our systems.
Computer System
Defenses
Denial and Isolation
(1) Prevent unauthorized
access.
(2) Hide the existence
and/or the nature of
systems and/or data.
Degradation and
Obfuscation
(1) 	Slow down the
attackers.
(2) 	Prevent and reduce the
recovery.
(3) Obfuscate the value/
nature of systems and/or
data.
(4) 	Create noise around
valuable data.
Deception and Negative
Information
(1) Lead the attackers
astray.
(2) 	Add decoys.
(3) 	Add doubt to the
data obtained by the
adversary.
(4) 	Increase the risk of
attacking computer
systems.
Attribution and Counter
Operation
(1) 	Attributing adversaries.
(2) 	Cause damage to
attackers.
(3) Increase overall risk in
attacking our systems.
Status Quo
• Breaches:
• 84% of these attacks took hours or less to infiltrate.
• 66% of breaches took months or years to discover.
• Defenses:
• Only 5% of these breaches were detected using
traditional tools.
Using Deception as a
Defensive Mechanism
Traditional Security
Defenses
Narrowing down the
attack path!
Whack

Your

Attacker
Security Tools
Computer
System
Traditional Security
Defenses
Narrowing down the
attack path!
Whack

Your

Attacker
Security Tools
Computer
System
Deception-Based Defenses
• Traditional security (negative clues) and deception
(positive clues) work in tandem.
• Humans are not good at detecting deception:
• Detecting deception by college students → 57%
• Detecting deception by law enforcement → 54%
Uniques Advantages of Using Deception
Uniques Advantages of Using Deception
Uniques Advantages of Using Deception
Uniques Advantages of Using Deception
Uniques Advantages of Using Deception
Previous Uses of Deception
• Used as ad-hoc attempt:
• Deception has been mainly used as “trapping” or
“deterrence” tools.
• Trojan Horses, Phishing, XSS, XSRF and others have long
been effective.
• Deception is Effectively Used in Many Areas of Computing.
Dissertation Overview
Framework for Using
Deception in Security
Defenses
A Framework
Deception Framework (3) Exploit Attacker’s Biases
What are the plausible
responses to the attack
and which ones should
you use?
Deception Framework (4) Apply Deception
Make your system lie
Deception Framework (4) Apply Deception
Deception Framework (8) Monitoring and Dynamic Adjusting
Continuous monitoring
and dynamic adjustment
based on the attacker’s
response
Deceptive Covert
Channel
A Password Dangerous
Trip
MitB MitM
Information Asymmetry Context-less Authentication
User wants to
access
Banks want me to
access.
Information Asymmetry Contextual Authentication
Public Network?
Email link?
….
Dynamic Decision
context
Goals of Using Such Channel
• Limit passwords exposure.
• Communicate the user’s authentication context.
• Incorporate covert messages in the protocol that are
totally oblivious to any part observing.
A Deceptive Covert Communication
• We will use an accumulation function A() that can be
realized using modular exponentiation.
• A(x1, x2) = A(x2, x1).
• Computing A(A(x1), x2) doesn’t require the knowledge
of x1, and = A(x1, x2).
• Current systems store h = H(passwd || salt).
A Deceptive Covert
Communication
Check whether username exists?
if usernameExists():
R = randomNonce()
key = A(h, R)
x = HMACkey(A(R), s, id)
Send QR(A(R), x, s, id)
id = Serverid
A Deceptive Covert
Communication
Check the integrity of QR
h = Hash(passwd || salt)
key = A(A(R), h)
x’ = HMACkey(A(R), s, id)
if x == x’ -> route (b)
else -> route (a)
A Deceptive Covert
Communication
Covert message
code = A(A(R), h, msgs)
A Deceptive Covert
Communication
Verifying the code
code’ = A(A(R), h,
possible msgs)
check code =? code’
Comparison
Ersatzpassword
A Password Lifecycle
Insider Threat/
Compromise
Passwords Files are Attractive Target
• Evernote reported the leakage of the hashed passwords
for more than 50 million users
• Other attacks against Yahoo, RockYou, LinkedIn and
eHarmony has been reported.
• Passwords cracking is often a precursor to more
significant attacks.
Ersatzpasswords
Goals
• Eliminate the possibility
of an offline passwords
cracking.

• Detect the leakage of
users’ passwords.

• Proactively detect
accounts impersonation
attempts.
Technical Specification — One-Time Initialization
• Instantaneously store all passwords in a machine
dependent format.
[ ui , αi , si ]

↓

HDF(αi)

↓

βi = H(HDF(αi) || si)

↓

[ ui , βi , si ]
αi = H(pi || si)
Technical Specification — Injecting
Ersatzpasswords
• When the user is logging-in:
ui , pi

↓

pi*

↓

si’ = HDF(pi || ui) ⊕ pi*

↓

βi’ = H[ pi* || si’],

↓

[ ui , βi’, si’]
[Choose an erstazpassword]
[Compute a new salt]
, pi* = HDF(pi || ui) ⊕ si’
Technical Specification — Login
• The user enters her username (ui) and password (pi).
• The systems checks:
• If H[ (HDF(pi || ui) ⊕ si’) || si’] equals βi’ → correct login.
• If H(pi || si’) equals βi’ → ersatzpassword login.
• else → incorrect username/password.
Three Main Properties
• Checking a password requires access to HDF

→ thwarting offline cracking.
• Cracking returns an ersatzpassword for every account

→ triggering an alarm at the server when used.
• Maintain the same format of the password file

→ deceiving the attacker.
Ersatzpasswords Properties
• Plausibility
• Non-Deducibility
• Typo-Resilience
• Crackable
• Policy Adherence
Implementation
• We used YubiHSM.
• HDF(p) := HMAC-SHA1k(p)
• Implemented as a modified pam_unix in an OpenBSD
OS.
Performance Analysis
Normal OpenBSD Modified OpenBSD
Password update
Authentication
Deceptiver
Web Applications
• Verizon DBIR identified web application attacks as the
most common incident in 2013 accounting for 35% of all
incidents.
• Gartner states that more than 70% of threats are at the
web application layer
Deceptiver
Deceptiver vs. Honeypots
• Instantaneous reflecting the current production state.
• Honeypots are yet another set of systems that need to
be administered and updated.
• Honeypots need to keep copies of different individual
resources where deceit is injected.
Deceptiver
Responses
1. Traps

•Administrative resources
(e.g. .htaccess).

•Isolated resource.

•Meta/Hidden data.

•Known Vulnerabilities.

2. Active deceptive responses

•Performance.

•Public data.

•Software and services
Implementation
Performance Analysis
Performance Analysis
— 2
• Further investigating
performance showed
that 9 lines of codes
take %99.2 of
execution time.

• All of those are
querying the mySQL
database.
Future Work
The role of
biases
This
Dissertation
Modeling
the use of
deception
The creation
of deceit
Deception
Metrics
Advanced
tools
Economical
and ethical
issues
Future Work
The role of
biases
This
Dissertation
Modeling
the use of
deception
The creation
of deceit
Deception
Metrics
Advanced
tools
Economical
and ethical
issues
• The role of Deception.
• A framework to plan and
integrate deception.
• Three practical tools.
Future Work
The role of
biases
This
Dissertation
Modeling
the use of
deception
The creation
of deceit
Deception
Metrics
Advanced
tools
Economical
and ethical
issues
• In defending computer systems.
• In protecting users.
• Further investigating cultural and
organization biases.
Future Work
The role of
biases
This
Dissertation
Modeling
the use of
deception
The creation
of deceit
Deception
Metrics
Advanced
tools
Economical
and ethical
issues
• Using game theoretical
models (e.g. hypergames).
• Where to apply deception
within the kill-chain.
Future Work
The role of
biases
This
Dissertation
Modeling
the use of
deception
The creation
of deceit
Deception
Metrics
Advanced
tools
Economical
and ethical
issues
• Cost/benefit analysis.
• Externality effects.
• Lying to regular users.
Future Work
The role of
biases
This
Dissertation
Modeling
the use of
deception
The creation
of deceit
Deception
Metrics
Advanced
tools
Economical
and ethical
issues
• Measuring plausibility,
deductibility, confusion and
other characteristics.
Future Work
The role of
biases
This
Dissertation
Modeling
the use of
deception
The
creation of
deceit
Deception
Metrics
Advanced
tools
Economical
and ethical
issues
• How to create believable
fake information?
Future Work
The role of
biases
This
Dissertation
Modeling
the use of
deception
The creation
of deceit
Deception
Metrics
Advanced
tools
Economical
and ethical
issues
• Deceptive file system.
• Deceptive patches.
• Deceptive system calls.
Publications
• M. Almeshekah, C. Gutierrez, M. Atallah and E. Spafford, “ErsatzPasswords – Ending Passwords
Cracking” (under review).
• M. Almeshekah, M. Atallah and E. Spafford, “Enhancing Passwords Security using Deceptive Covert
Communication,” International Conference on ICT Systems Security and Privacy Protection, IFIP SEC’15,
May 26-28, 2015, Hamburg, Germany.
• M. Almeshekah and E. Spafford, “Using Deceptive Information in Computer Security Defenses,” International
Journal of Cyber Warfare and Terrorism (IJCWT), 4 (3), 46-58, July-September 2014, IGI Global.
• M. Almeshekah and E. Spafford, “Planning and Integrating Deception into Computer Security Defenses,”
New Security Paradigms Workshop (NSPW’14), 15-18 September 2014, Victoria, BC, Canada.
• M. Almeshekah and E. Spafford, “The Case of Using Negative (Deceiving) Information in Data Protection,” in
Proceedings of the 9th International Conference on Cyber Warfare and Security ICCWS-2014, ISSN:
2048-9870, Academic Conferences and Publishing International Limited, March 2014.
• M. Almeshekah, M. Atallah, and E. Spafford, “Back channels can be useful! – layering authentication
channels to provide covert communication,” SPW’13, in Security Protocols XXI (B. Christianson, J. Malcolm,
F. Stajano, and J. Anderson, eds.), vol. 8263 of Lecture Notes in Computer Science, Springer Berlin
Heidelberg, 2013.
Thanks! Questions?

Weitere ähnliche Inhalte

Was ist angesagt?

Abstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat HuntingAbstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat Huntingchrissanders88
 
Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement Ram Shankar Siva Kumar
 
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...FFRI, Inc.
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
 
Enabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responseEnabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responsejeffmcjunkin
 
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault
 
Building a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramBuilding a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramCarl C. Manion
 
Art into Science 2017 - Investigation Theory: A Cognitive Approach
Art into Science 2017 - Investigation Theory: A Cognitive ApproachArt into Science 2017 - Investigation Theory: A Cognitive Approach
Art into Science 2017 - Investigation Theory: A Cognitive Approachchrissanders88
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
SOC2016 - The Investigation Labyrinth
SOC2016 - The Investigation LabyrinthSOC2016 - The Investigation Labyrinth
SOC2016 - The Investigation Labyrinthchrissanders88
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 -  Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 -  Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckNorth Texas Chapter of the ISSA
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE - ATT&CKcon
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1 Lastline, Inc.
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionMITRE - ATT&CKcon
 
Resistance Isn't Futile: A Practical Approach to Threat Modeling
Resistance Isn't Futile: A Practical Approach to Threat ModelingResistance Isn't Futile: A Practical Approach to Threat Modeling
Resistance Isn't Futile: A Practical Approach to Threat ModelingKatie Nickels
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Lastline, Inc.
 

Was ist angesagt? (20)

Abstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat HuntingAbstract Tools for Effective Threat Hunting
Abstract Tools for Effective Threat Hunting
 
Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement
 
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
 
Enabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responseEnabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident response
 
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
AlienVault Brute Force Attacks- Keeping the Bots at Bay with AlienVault USM +...
 
Building a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramBuilding a Successful Threat Hunting Program
Building a Successful Threat Hunting Program
 
Art into Science 2017 - Investigation Theory: A Cognitive Approach
Art into Science 2017 - Investigation Theory: A Cognitive ApproachArt into Science 2017 - Investigation Theory: A Cognitive Approach
Art into Science 2017 - Investigation Theory: A Cognitive Approach
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
SOC2016 - The Investigation Labyrinth
SOC2016 - The Investigation LabyrinthSOC2016 - The Investigation Labyrinth
SOC2016 - The Investigation Labyrinth
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 -  Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 -  Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - October
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis Question
 
Resistance Isn't Futile: A Practical Approach to Threat Modeling
Resistance Isn't Futile: A Practical Approach to Threat ModelingResistance Isn't Futile: A Practical Approach to Threat Modeling
Resistance Isn't Futile: A Practical Approach to Threat Modeling
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
 

Andere mochten auch

SIU Unofficial Transcript
SIU Unofficial TranscriptSIU Unofficial Transcript
SIU Unofficial TranscriptChuck Foster
 
Rfid tech for library | تحديد الهوية بموجات الراديو
Rfid tech for library | تحديد الهوية بموجات الراديوRfid tech for library | تحديد الهوية بموجات الراديو
Rfid tech for library | تحديد الهوية بموجات الراديوTrans Gulf information technology
 
Information Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric VanderburgInformation Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric VanderburgEric Vanderburg
 
نظام إدارة المؤسسات التدربية التعليمية
نظام إدارة المؤسسات التدربية التعليميةنظام إدارة المؤسسات التدربية التعليمية
نظام إدارة المؤسسات التدربية التعليميةTrans Gulf information technology
 
امن الشبكات المخاطر والحلول
امن الشبكات المخاطر والحلولامن الشبكات المخاطر والحلول
امن الشبكات المخاطر والحلولabayazed
 
Managing System Security
Managing System SecurityManaging System Security
Managing System SecurityPIREH
 
العرض المرئي عن الشركة عبر الخليج لتقنية المعلومات
 العرض المرئي عن الشركة عبر الخليج لتقنية المعلومات العرض المرئي عن الشركة عبر الخليج لتقنية المعلومات
العرض المرئي عن الشركة عبر الخليج لتقنية المعلوماتTrans Gulf information technology
 
افاق المعرفة- نظام ادارة المكتبات
افاق المعرفة- نظام ادارة المكتبات افاق المعرفة- نظام ادارة المكتبات
افاق المعرفة- نظام ادارة المكتبات Trans Gulf information technology
 
إختبارات في أمن المعلومات It security
إختبارات في أمن المعلومات It securityإختبارات في أمن المعلومات It security
إختبارات في أمن المعلومات It securitySherief Elmetwali
 
شبكات و أمن المعلومات 1
شبكات و أمن المعلومات 1شبكات و أمن المعلومات 1
شبكات و أمن المعلومات 1emad tawfeek
 
أساسيات أمن المعلومات
أساسيات أمن المعلوماتأساسيات أمن المعلومات
أساسيات أمن المعلوماتMohammed Almeshekah
 
information security
information securityinformation security
information securityMoamen Ayyad
 
Security of the database
Security of the databaseSecurity of the database
Security of the databasePratik Tamgadge
 

Andere mochten auch (20)

SIU Unofficial Transcript
SIU Unofficial TranscriptSIU Unofficial Transcript
SIU Unofficial Transcript
 
نظام إدارة مؤسسات تعليم القران
نظام إدارة مؤسسات تعليم القراننظام إدارة مؤسسات تعليم القران
نظام إدارة مؤسسات تعليم القران
 
Rfid tech for library | تحديد الهوية بموجات الراديو
Rfid tech for library | تحديد الهوية بموجات الراديوRfid tech for library | تحديد الهوية بموجات الراديو
Rfid tech for library | تحديد الهوية بموجات الراديو
 
Information security presentation
Information security presentationInformation security presentation
Information security presentation
 
محاولة تأريخ لعلم الأجرام عبر الأنترنت
محاولة تأريخ لعلم الأجرام عبر الأنترنت محاولة تأريخ لعلم الأجرام عبر الأنترنت
محاولة تأريخ لعلم الأجرام عبر الأنترنت
 
حجية الدليل الرقمي وموقع المشروع اليبي
حجية الدليل الرقمي وموقع المشروع اليبيحجية الدليل الرقمي وموقع المشروع اليبي
حجية الدليل الرقمي وموقع المشروع اليبي
 
Information Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric VanderburgInformation Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric Vanderburg
 
منهجية قانون الانترنيت
منهجية قانون الانترنيتمنهجية قانون الانترنيت
منهجية قانون الانترنيت
 
نظام إدارة المؤسسات التدربية التعليمية
نظام إدارة المؤسسات التدربية التعليميةنظام إدارة المؤسسات التدربية التعليمية
نظام إدارة المؤسسات التدربية التعليمية
 
قضايا معرفية في الأمن السبراني
قضايا معرفية في الأمن السبرانيقضايا معرفية في الأمن السبراني
قضايا معرفية في الأمن السبراني
 
امن الشبكات المخاطر والحلول
امن الشبكات المخاطر والحلولامن الشبكات المخاطر والحلول
امن الشبكات المخاطر والحلول
 
Managing System Security
Managing System SecurityManaging System Security
Managing System Security
 
العرض المرئي عن الشركة عبر الخليج لتقنية المعلومات
 العرض المرئي عن الشركة عبر الخليج لتقنية المعلومات العرض المرئي عن الشركة عبر الخليج لتقنية المعلومات
العرض المرئي عن الشركة عبر الخليج لتقنية المعلومات
 
افاق المعرفة- نظام ادارة المكتبات
افاق المعرفة- نظام ادارة المكتبات افاق المعرفة- نظام ادارة المكتبات
افاق المعرفة- نظام ادارة المكتبات
 
مسودة مشروع قانون المعاملات الالكترونية الليبي
مسودة مشروع قانون المعاملات الالكترونية الليبيمسودة مشروع قانون المعاملات الالكترونية الليبي
مسودة مشروع قانون المعاملات الالكترونية الليبي
 
إختبارات في أمن المعلومات It security
إختبارات في أمن المعلومات It securityإختبارات في أمن المعلومات It security
إختبارات في أمن المعلومات It security
 
شبكات و أمن المعلومات 1
شبكات و أمن المعلومات 1شبكات و أمن المعلومات 1
شبكات و أمن المعلومات 1
 
أساسيات أمن المعلومات
أساسيات أمن المعلوماتأساسيات أمن المعلومات
أساسيات أمن المعلومات
 
information security
information securityinformation security
information security
 
Security of the database
Security of the databaseSecurity of the database
Security of the database
 

Ähnlich wie Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- Thesis Defense

Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdfMarlboroAbyad
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
System Security Beyond the Libraries
System Security Beyond the LibrariesSystem Security Beyond the Libraries
System Security Beyond the LibrariesEoin Woods
 
Vulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfVulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfMithunJV
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingankit sarode
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
Introduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf fileIntroduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf filedebmajumder741249
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadIvo Andreev
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionDavid Perkins
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules  - Detecting more with RSA Security AnalyticsThe Golden Rules  - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issuesErnest Staats
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 

Ähnlich wie Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- Thesis Defense (20)

Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdf
 
What is Ethical Hacking?
What is Ethical Hacking? What is Ethical Hacking?
What is Ethical Hacking?
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
 
Network security
Network securityNetwork security
Network security
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
System Security Beyond the Libraries
System Security Beyond the LibrariesSystem Security Beyond the Libraries
System Security Beyond the Libraries
 
Vulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfVulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdf
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
Introduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf fileIntroduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf file
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and Bad
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and Prevention
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules  - Detecting more with RSA Security AnalyticsThe Golden Rules  - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 

Kürzlich hochgeladen

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 

Kürzlich hochgeladen (20)

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 

Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- Thesis Defense

  • 1. Using Deception to Enhance Security: A Taxonomy, Model and Novel Uses Mohammed H. Almeshekah Thesis Defense
  • 2. Special Thanks! • To my advisors: • Prof. Eugene Spafford • Prof. Mike Atallah • To my committee members: • Prof. Sam Wagstaff • Prof. Matt Bishop
  • 3. Introduction A Holistic Overview of Security Defenses
  • 4. Computer System Defenses Denial and Isolation (1) Prevent unauthorized access. (2) Hide the existence and/or the nature of systems and/or data. Degradation and Obfuscation (1) Slow down the attackers. (2) Prevent and reduce the recovery. (3) Obfuscate the value/ nature of systems and/or data. (4) Create noise around valuable data. Deception and Negative Information (1) Lead the attackers astray. (2) Add decoys. (3) Add doubt to the data obtained by the adversary. (4) Increase the risk of attacking computer systems. Attribution and Counter Operation (1) Attributing adversaries. (2) Cause damage to attackers. (3) Increase overall risk in attacking our systems.
  • 5. Computer System Defenses Denial and Isolation (1) Prevent unauthorized access. (2) Hide the existence and/or the nature of systems and/or data. Degradation and Obfuscation (1) Slow down the attackers. (2) Prevent and reduce the recovery. (3) Obfuscate the value/ nature of systems and/or data. (4) Create noise around valuable data. Deception and Negative Information (1) Lead the attackers astray. (2) Add decoys. (3) Add doubt to the data obtained by the adversary. (4) Increase the risk of attacking computer systems. Attribution and Counter Operation (1) Attributing adversaries. (2) Cause damage to attackers. (3) Increase overall risk in attacking our systems.
  • 6. Status Quo • Breaches: • 84% of these attacks took hours or less to infiltrate. • 66% of breaches took months or years to discover. • Defenses: • Only 5% of these breaches were detected using traditional tools.
  • 7. Using Deception as a Defensive Mechanism
  • 8. Traditional Security Defenses Narrowing down the attack path! Whack
 Your
 Attacker Security Tools Computer System
  • 9. Traditional Security Defenses Narrowing down the attack path! Whack
 Your
 Attacker Security Tools Computer System
  • 10. Deception-Based Defenses • Traditional security (negative clues) and deception (positive clues) work in tandem. • Humans are not good at detecting deception: • Detecting deception by college students → 57% • Detecting deception by law enforcement → 54%
  • 11. Uniques Advantages of Using Deception
  • 12. Uniques Advantages of Using Deception
  • 13. Uniques Advantages of Using Deception
  • 14. Uniques Advantages of Using Deception
  • 15. Uniques Advantages of Using Deception
  • 16. Previous Uses of Deception • Used as ad-hoc attempt: • Deception has been mainly used as “trapping” or “deterrence” tools. • Trojan Horses, Phishing, XSS, XSRF and others have long been effective. • Deception is Effectively Used in Many Areas of Computing.
  • 18. Framework for Using Deception in Security Defenses
  • 20. Deception Framework (3) Exploit Attacker’s Biases What are the plausible responses to the attack and which ones should you use?
  • 21. Deception Framework (4) Apply Deception Make your system lie
  • 22. Deception Framework (4) Apply Deception
  • 23. Deception Framework (8) Monitoring and Dynamic Adjusting Continuous monitoring and dynamic adjustment based on the attacker’s response
  • 26. Information Asymmetry Context-less Authentication User wants to access Banks want me to access.
  • 27. Information Asymmetry Contextual Authentication Public Network? Email link? …. Dynamic Decision context
  • 28. Goals of Using Such Channel • Limit passwords exposure. • Communicate the user’s authentication context. • Incorporate covert messages in the protocol that are totally oblivious to any part observing.
  • 29. A Deceptive Covert Communication • We will use an accumulation function A() that can be realized using modular exponentiation. • A(x1, x2) = A(x2, x1). • Computing A(A(x1), x2) doesn’t require the knowledge of x1, and = A(x1, x2). • Current systems store h = H(passwd || salt).
  • 30. A Deceptive Covert Communication Check whether username exists? if usernameExists(): R = randomNonce() key = A(h, R) x = HMACkey(A(R), s, id) Send QR(A(R), x, s, id) id = Serverid
  • 31. A Deceptive Covert Communication Check the integrity of QR h = Hash(passwd || salt) key = A(A(R), h) x’ = HMACkey(A(R), s, id) if x == x’ -> route (b) else -> route (a)
  • 32. A Deceptive Covert Communication Covert message code = A(A(R), h, msgs)
  • 33. A Deceptive Covert Communication Verifying the code code’ = A(A(R), h, possible msgs) check code =? code’
  • 36. A Password Lifecycle Insider Threat/ Compromise
  • 37. Passwords Files are Attractive Target • Evernote reported the leakage of the hashed passwords for more than 50 million users • Other attacks against Yahoo, RockYou, LinkedIn and eHarmony has been reported. • Passwords cracking is often a precursor to more significant attacks.
  • 38. Ersatzpasswords Goals • Eliminate the possibility of an offline passwords cracking. • Detect the leakage of users’ passwords. • Proactively detect accounts impersonation attempts.
  • 39. Technical Specification — One-Time Initialization • Instantaneously store all passwords in a machine dependent format. [ ui , αi , si ]
 ↓
 HDF(αi)
 ↓
 βi = H(HDF(αi) || si)
 ↓
 [ ui , βi , si ] αi = H(pi || si)
  • 40. Technical Specification — Injecting Ersatzpasswords • When the user is logging-in: ui , pi
 ↓
 pi*
 ↓
 si’ = HDF(pi || ui) ⊕ pi*
 ↓
 βi’ = H[ pi* || si’],
 ↓
 [ ui , βi’, si’] [Choose an erstazpassword] [Compute a new salt] , pi* = HDF(pi || ui) ⊕ si’
  • 41. Technical Specification — Login • The user enters her username (ui) and password (pi). • The systems checks: • If H[ (HDF(pi || ui) ⊕ si’) || si’] equals βi’ → correct login. • If H(pi || si’) equals βi’ → ersatzpassword login. • else → incorrect username/password.
  • 42. Three Main Properties • Checking a password requires access to HDF
 → thwarting offline cracking. • Cracking returns an ersatzpassword for every account
 → triggering an alarm at the server when used. • Maintain the same format of the password file
 → deceiving the attacker.
  • 43. Ersatzpasswords Properties • Plausibility • Non-Deducibility • Typo-Resilience • Crackable • Policy Adherence
  • 44. Implementation • We used YubiHSM. • HDF(p) := HMAC-SHA1k(p) • Implemented as a modified pam_unix in an OpenBSD OS.
  • 45. Performance Analysis Normal OpenBSD Modified OpenBSD Password update Authentication
  • 47. Web Applications • Verizon DBIR identified web application attacks as the most common incident in 2013 accounting for 35% of all incidents. • Gartner states that more than 70% of threats are at the web application layer
  • 49. Deceptiver vs. Honeypots • Instantaneous reflecting the current production state. • Honeypots are yet another set of systems that need to be administered and updated. • Honeypots need to keep copies of different individual resources where deceit is injected.
  • 50. Deceptiver Responses 1. Traps •Administrative resources (e.g. .htaccess). •Isolated resource. •Meta/Hidden data. •Known Vulnerabilities. 2. Active deceptive responses •Performance. •Public data. •Software and services
  • 53. Performance Analysis — 2 • Further investigating performance showed that 9 lines of codes take %99.2 of execution time. • All of those are querying the mySQL database.
  • 54. Future Work The role of biases This Dissertation Modeling the use of deception The creation of deceit Deception Metrics Advanced tools Economical and ethical issues
  • 55. Future Work The role of biases This Dissertation Modeling the use of deception The creation of deceit Deception Metrics Advanced tools Economical and ethical issues • The role of Deception. • A framework to plan and integrate deception. • Three practical tools.
  • 56. Future Work The role of biases This Dissertation Modeling the use of deception The creation of deceit Deception Metrics Advanced tools Economical and ethical issues • In defending computer systems. • In protecting users. • Further investigating cultural and organization biases.
  • 57. Future Work The role of biases This Dissertation Modeling the use of deception The creation of deceit Deception Metrics Advanced tools Economical and ethical issues • Using game theoretical models (e.g. hypergames). • Where to apply deception within the kill-chain.
  • 58. Future Work The role of biases This Dissertation Modeling the use of deception The creation of deceit Deception Metrics Advanced tools Economical and ethical issues • Cost/benefit analysis. • Externality effects. • Lying to regular users.
  • 59. Future Work The role of biases This Dissertation Modeling the use of deception The creation of deceit Deception Metrics Advanced tools Economical and ethical issues • Measuring plausibility, deductibility, confusion and other characteristics.
  • 60. Future Work The role of biases This Dissertation Modeling the use of deception The creation of deceit Deception Metrics Advanced tools Economical and ethical issues • How to create believable fake information?
  • 61. Future Work The role of biases This Dissertation Modeling the use of deception The creation of deceit Deception Metrics Advanced tools Economical and ethical issues • Deceptive file system. • Deceptive patches. • Deceptive system calls.
  • 62. Publications • M. Almeshekah, C. Gutierrez, M. Atallah and E. Spafford, “ErsatzPasswords – Ending Passwords Cracking” (under review). • M. Almeshekah, M. Atallah and E. Spafford, “Enhancing Passwords Security using Deceptive Covert Communication,” International Conference on ICT Systems Security and Privacy Protection, IFIP SEC’15, May 26-28, 2015, Hamburg, Germany. • M. Almeshekah and E. Spafford, “Using Deceptive Information in Computer Security Defenses,” International Journal of Cyber Warfare and Terrorism (IJCWT), 4 (3), 46-58, July-September 2014, IGI Global. • M. Almeshekah and E. Spafford, “Planning and Integrating Deception into Computer Security Defenses,” New Security Paradigms Workshop (NSPW’14), 15-18 September 2014, Victoria, BC, Canada. • M. Almeshekah and E. Spafford, “The Case of Using Negative (Deceiving) Information in Data Protection,” in Proceedings of the 9th International Conference on Cyber Warfare and Security ICCWS-2014, ISSN: 2048-9870, Academic Conferences and Publishing International Limited, March 2014. • M. Almeshekah, M. Atallah, and E. Spafford, “Back channels can be useful! – layering authentication channels to provide covert communication,” SPW’13, in Security Protocols XXI (B. Christianson, J. Malcolm, F. Stajano, and J. Anderson, eds.), vol. 8263 of Lecture Notes in Computer Science, Springer Berlin Heidelberg, 2013.