Use of Deception and Misdirection in Cyber Defense
Principal Investigator: Gene Spafford
Deception and falsehoods have long been used in security, with such oft-used techniques as decoys, false flag operations, and double agents. Use of these mechanisms in cyber security have also been around for some time, with the use of honeypots (for example). However, the mantra of "No security through obscurity" has perhaps steered people from possibilities.
We are attempting to develop a formal classification of deception and obfuscation techniques, and study how to develop new ones for the purpose of cyber defense.
We have made progress in this approach, and have developed one new mechanism for covert signalling doubt in veracity during remote logins. We have also begun to develop some other mechanisms that can be used for both host and network defense.
We expect to develop some other methods as we continue the process.
Other PIs: Mike Atallah Saurabh Bagchi
Other Faculty: Mohammed Almeshekah (King Saud University)
Students: Jeffery Avery Christopher Guiterrez
Covert Channels Can Be Useful! --Layering Authentication Channels to Provide Covert Communication; by M. Almeshekah, M. Atallah and E. Spafford; in Proceedings of the 21st International Workshop on Security Protocols; F. Stajano and J. Anderson, eds.; published and \copyright in 2013 by Springer-Verlag.
Avery, J., & Spafford, E. H. (2017, May). Ghost Patches: Fake Patches for Fake Vulnerabilities. In IFIP International Conference on ICT Systems Security and Privacy Protection (pp. 399-412). Springer, Cham.
Enhancing Passwords Security using Deceptive Covert Communication, M. Almeshekah, M. Atallah and E. H. Spafford, International Conference on ICT Systems Security and Privacy Protection, IFIP SEC’15, May 26-28, 2015, Hamburg, Germany
Planning and Integrating Deception into Computer Systems Defenses; by M. Almeshekah and E. H. Spafford; in Proceedings of the New Security Paradigms Workshop (NSPW); 2014.
Using Deceptive Information in Information Security Defenses; by M. Almeshekah and E. H. Spafford; in International Journal of Cyber Warfare and Terrorism(IJCWT), 4 (3), 46-58, July-September 2014, IGI Global.
The Case of Using Negative (Deceiving) Information in Data Protection; M. Almeshekah and E. H. Spafford; 9th International Conference on Cyber Warfare and Security (ICCWS); 2014.
Keywords: access control, deception, defense, duress, honeypots, honeytokens