Use of Deception and Misdirection in Cyber Defense
Principal Investigator: Gene Spafford
Deception and falsehoods have long been used in security, with such oft-used techniques as decoys, false flag operations, and double agents. Use of these mechanisms in cyber security have also been around for some time, with the use of honeypots (for example). However, the mantra of "No security through obscurity" has perhaps steered people from possibilities.
We have developed a formal classification of deception and obfuscation techniques, and study how to develop new ones for the purpose of cyber defense.
We have developed a mechanism for covert signalling doubt in veracity during remote logins. We have built a mechanism to defend against anti-foensic tools and botnets, and investigated the utility of obfuscating patches to hide vulnerabilities.
We expect to develop some other methods as we continue the process.
Other PIs: Mike Atallah Saurabh Bagchi
Other Faculty: Mohammed Almeshekah (King Saud University)
Students: Jeffery Avery (graduated) Christopher Guiterrez (graduated)
Avery, J., & Spafford, E. H. (2017, May). Ghost Patches: Fake Patches for Fake Vulnerabilities. In IFIP International Conference on ICT Systems Security and Privacy Protection (pp. 399-412). Springer, Cham.
Using Deceptive Information in Information Security Defenses; by M. Almeshekah and E. H. Spafford; in International Journal of Cyber Warfare and Terrorism(IJCWT), 4 (3), 46-58, July-September 2014, IGI Global.
Planning and Integrating Deception into Computer Systems Defenses; by M. Almeshekah and E. H. Spafford; in Proceedings of the New Security Paradigms Workshop (NSPW); 2014.
Covert Channels Can Be Useful! --Layering Authentication Channels to Provide Covert Communication; by M. Almeshekah, M. Atallah and E. Spafford; in Proceedings of the 21st International Workshop on Security Protocols; F. Stajano and J. Anderson, eds.; published and \copyright in 2013 by Springer-Verlag.
Enhancing Passwords Security using Deceptive Covert Communication, M. Almeshekah, M. Atallah and E. H. Spafford, International Conference on ICT Systems Security and Privacy Protection, IFIP SEC’15, May 26-28, 2015, Hamburg, Germany
The Case of Using Negative (Deceiving) Information in Data Protection; M. Almeshekah and E. H. Spafford; 9th International Conference on Cyber Warfare and Security (ICCWS); 2014.
Keywords: access control, deception, defense, duress, honeypots, honeytokens