The work in this project has been partially supported by funding from CERIAS at Purdue University.

Portions of this work conducted in 2014-2015 were supported by Northrop Grumman through its Cybersecurity Research Consortium.

Portions of this work conducted in 2015-2017 were supported by the National Science Foundation grant #1548114.

All of the support of this project is gratefully acknowledged.

Any opinions, findings, conclusions or recommendations expressed on this website or in any of our materials are those of the author(s) and do not necessarily reflect the views of the National Science Foundation, the Northrop Grumman Corporation, CERIAS, or Purdue University.

Douglas Rapp is a PhD student working on the project as of 2021.

Former grad student Chris Gutierrez is now a Security Solutions Research Scientist at Intel.

Mohammed Almeshekah has completed his PhD and left Purdue to take a faculty position at King Saud University. His PhD dissertation, Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses, is available online in the CERIAS library.

Jeff Avery has finished his PhD and accepted a full-time position post graduation as a Software Engineer in the Future Technical Leaders program at Northrop Grumman. His PhD dissertation, The Application of Deception to Software Security Patching is available online in the CERIAS library.

We are interested in collaboration with others, at Purdue University or elsewhere. Please contact us for details.

In everyday security, deception plays a prominent role in our physical world security. We leave lights on to deter thieves by deceiving them to think someone is inside. We may further put up signs that warn “Beware of the Dog” to cast doubt on the nature of our defenses. Inside, we may place our valuables in a safe, but hide the safe behind a painting.

Over history, deception has evolved to find its natural place in our societies and eventually our technical systems. Deception and decoy-based mechanisms have been used in cyber security for more than two decades in techniques such as honeypots and obfuscation.

Our group is investigating how deception can be used to improve the security of computers and networks. This site provides a summary and reference of the work we have done with links to more in-depth information.

News

• After a hiatus of a few years, we’re coming back! The next topic for research is how/if we can use deception to help protect ICS systems.
• Purdue did a short news story on Spaf’s work in deception
• Spaf is on sabbatical 2018-2019, and is working on deception technologies with Sandia Laboratories and the US Department of Defense. Check back in late 2019 for possible new developments.
• Chris Gutierrez successfully defended his thesis, and becomes Dr. Gutierrez on December 17, 2017. He has taken a position at Intel Corporation
• Jeff Avery successfully defended his thesis, and became Dr. Avery on August 5th, 2017. He took a position at Northrop Grumman
• Spaf was interviewed at RSA 2017 about deception. Check out the video!
• Our paper entitled Ghost Patches: Faux Patches for Faux Vulnerabilities was presented at the IFIP SEC 17 conference. (Link for the paper coming soon.)
• Our paper entitled Offensive Deception in Computing was presented at the ICCWS 17 conference.
• Our paper Inhibiting and Detecting Offline Password Cracking Using ErsatzPasswords was published in ACM Transactions on Privacy and Security (TOPS), v19(3), Dec 2016, DOI 10.1145/2996457.
• A new book on cyber deception includes a chapter on our work. See the Papers and Presentations page for details.
• Our paper on ersatz passwords was presented at the ACSAC 15 conference.
  Update! This paper won the conference best paper award!
• Mohammed Almeshekah has completed his PhD and left Purdue to take a faculty position at King Saud University. His PhD dissertation, Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses, is available online in the CERIAS library.
• We have received an NSF grant to support portions of our work! See the Acknowledgements page for specifics.

Site Map

People

Papers and Presentations

Deceptive Tools and Software

Press Coverage and Mentions

For More Information or Contact Us

External Resources

Acknowledgements

• Avery, J., Almeshekah, M., & Spafford, E. (2017). Offensive Deception in Computing. In 12th International Conference on Cyber Warfare and Security 2017 Proceedings (p. 23).
• Deceptive Memory Systems - Countering Anti‐Forensics with Deception, C. N. Gutierrez, E. H. Spafford, and S. Bagchi. 17th Annual CERIAS Information Security Symposium: Poster, West Lafayette, IN, USA, April 2016. Best Poster Award, 3rd Place.
• The Cost of Deception, , J. Avery, C. N. Gutierrez, E. H. Spafford. 17th Annual CERIAS Information Security Symposium: Poster, West Lafayette, IN, USA, April 2016.
• Chapter 2 in Cyber Deception: Building the Scientific Foundation, entitled Cyber Security Deception, by M. Almeshekah and E. H. Spafford. 2016
• Deception in Computing: Where and How it Has Been Used, J. Avery,  C. N. Gutierrez, M. Almeshekah, S. Bagchi, and E. H. Spafford, 16th Annual CERIAS Information Security Symposium: Poster, West Lafayette, IN, USA, March 2015.
• Using Deceptive Information in Computer Security Defenses, M. Almeshekah and E. H. Spafford, International Journal of Cyber Warfare and Terrorism (IJCWT), 4 (3), 46-58, July-September 2014, IGI Global.
• The Case of Using Negative (Deceiving) Information in Data Protection, M. Almeshekah and E. Spafford, in Proceedings of the 9th International Conference on Cyber Warfare and Security ICCWS-2014, ISSN: 2048-9870, Academic Conferences and Publishing International Limited, March 2014.
  [paper] . [15th CERIAS Symposium: poster (Best Poster Award)]
• “Improving Security Using Deception, M. Almeshekah, E. Spafford and M. Atallah, The Center for Education and Research in Information Assurance and Security: Technical Report (CERIAS TR 2013-13).
• A Presentation, Truth and Consequences, that Spaf has given recently in several places, including University of Central Florida and Texas A&M University.

Systemization, Modeling and Integrating of Deception

• A Hypergame Analysis for ErsatzPasswords; Christopher Gutierrez, Mohammed Almeshekah, Eugene Spafford and Saurabh Bagchi; in proceedings of 33rd IFIP TC-11 SEC 2018 International Conference on Information Security and Privacy Protection, Poznan, Poland.
• Modeling Deception In Information Security As A Hypergame – A Primer;  Christopher Gutierrez, Mohammed Almeshekah, Eugene H. Spafford, Saurabh Bagchi, Jeff Avery, and Paul Wood; CERIAS Tech Report CERIAS TR 2016-5; July 2016.
• Modeling Deception In Information Security As A Hypergame — A Primer;  C. N. Gutierrez, M. Almeshekah, J. Avery, S. Bagchi, and E. H.Spafford, 16th Annual CERIAS Information Security Symposium: Poster, West Lafayette, IN, USA, March 2015.
• Planning and Integrating Deception into Computer Security Defenses, M. Almeshekah and E. H. Spafford, New Security Paradigms Workshop (NSPW’14), 15-18 September 2014, Victoria, BC, Canada.

Using Deception in Authentication

• Inhibiting and Detecting Offline Password Cracking Using ErsatzPasswords; Christopher N. Gutierrez, Mohammed H. Almeshekah, Eugene H. Spafford, Mikhail J. Atallah, and Jeff Avery. ACM Trans. Priv. Secur. 19, 3, Article 9 (December 2016), 30 pages. DOI: https://doi.org/10.1145/2996457 [17th CERIAS Symposium Poster, 1st Place] [Video Presentation]
• Deceptive Memory Systems - Countering Anti‐Forensics
• ErsatzPasswords: Ending Password Cracking and Detecting Password Leakage; M. Almeshekah, C. N. Gutierrez, M. Atallah and E.H. Spafford; pp. 311-320; proceedings of ACSAC 2015, Universal City, CA, Dec 2015.
• Enhancing Passwords Security using Deceptive Covert Communication; M. Almeshekah, M. Atallah and E. H. Spafford, International Conference on ICT Systems Security and Privacy Protection, IFIP SEC’15, May 26-28, 2015, Hamburg, Germany (to appear).
• ErsatzPasswords – Ending Passwords Cracking, M. Almeshekah, C. N. Gutierrez, M. Atallah and E.H. Spafford.[Technical Report] .  [16th CERIAS  Symposium: Poster] . [Implementation] . [FAQs]
• Defending against Password Exposure using Deceptive Covert Communication, M. Almeshekah, M. Atallah and E. H. Spafford, The Center for Education and Research in Information Assurance and Security: Technical Report (CERIAS TR 2015-3).

Deceptive Patching

• Jeffrey Avery and John Ross Wallrabenstein. Formally modeling deceptive patches using a game-based approach, in Computers & Security, Elsevier, v75 pp 182-190, March 2018. [Paper]
• Jeff Avery. The Application of Deception to Software Security Patching Purdue University Computer Science, Ph.D. Dissertation and CERIAS TR 2017-03, August 2017. [PhD disseration]
• Avery, J., & Spafford, E. H. (2017, May). Ghost Patches: Fake Patches for Fake Vulnerabilities. In IFIP International Conference on ICT Systems Security and Privacy Protection (pp. 399-412). Springer, . [Paper].
• CERIAS Symposium, “Ghost Patches: Faux Patches for Faux Vulnerabilities”, 2017 [Poster]

Deceptive Memory

• Christopher N. Gutierrez, Eugene H. Spafford, Saurabh Bagchi, Thomas Yurek; Reactive Redundancy for Data Destruction Protection (R2D2); v 72, pp. 184-201; Computers & Security; Elsevier; May 2018.

Dissertations and Theses

• Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses, M. Almeshekah, Purdue University Computer Science, Ph.D. Dissertation and CERIAS TR 2015-11, August 2015.
• The Application of Deception to Software Security Patching, J. Avery. Purdue University Computer Science, Ph.D. Dissertation and CERIAS TR 2017-03, August 2017.
• Deceptive Memory Systems, C. N. Gutierrez. Purdue University Computer Science, Ph.D. Dissertation and CERIAS TR 2017-05, December 2017.

We modified how Linux-based operating systems store user’s passwords and incorporated a machine dependent machine function in the process. When an attacker steals the hashed passwords file (e.g., etc/shadow) and tries to crack the password, ersatz “fake” passwords are returned instead. The design of this tool can be found in this paper and the code, which was mainly developed by Christopher Gutierrez, can be found here.

• Deception: Why It’s Not Just Another Honeypot

• Reflections Upon Deception-Based Security Tactics

In the last few years several vendors have sprung up marketing products with deception as a basic component. Here are the ones we know about. Let us know if there are any we are missing.

• Acalvio
• Attivo Networks
• Countercraft
• Illusive Networks
• TopSpin Security
• TrapX Security

If you want to join the group’s (not highly active) mailing list, Decepticons, please send email with the word “subscribe” in the subject or body of the message to decepticons-request@cerias.purdue.edu.