About Our Group
In everyday security, deception plays a prominent role in our physical world security. We leave lights on to deter thieves by deceiving them to think someone is inside. We may further put up signs that warn “Beware of the Dog” to cast doubt on the nature of our defenses. Inside, we may place our valuables in a safe, but hide the safe behind a painting.
Over history, deception has evolved to find its natural place in our societies and eventually our technical systems. Deception and decoy-based mechanisms have been used in cyber security for more than two decades in techniques such as honeypots and obfuscation.
Our group is investigating how deception can be used to improve the security of computers and networks. This site provides a summary and reference of the work we have done with links to more in-depth information.
- After a hiatus of a few years, we’re coming back! The next topic for research is how/if we can use deception to help protect ICS systems.
- Purdue did a short news story on Spaf’s work in deception
- Spaf is on sabbatical 2018-2019, and is working on deception technologies with Sandia Laboratories and the US Department of Defense. Check back in late 2019 for possible new developments.
- Chris Gutierrez successfully defended his thesis, and becomes Dr. Gutierrez on December 17, 2017. He has taken a position at Intel Corporation
- Jeff Avery successfully defended his thesis, and became Dr. Avery on August 5th, 2017. He took a position at Northrop Grumman
- Spaf was interviewed at RSA 2017 about deception. Check out the video!
- Our paper entitled Ghost Patches: Faux Patches for Faux Vulnerabilities was presented at the IFIP SEC 17 conference. (Link for the paper coming soon.)
- Our paper entitled Offensive Deception in Computing was presented at the ICCWS 17 conference.
- Our paper Inhibiting and Detecting Offline Password Cracking Using ErsatzPasswords was published in ACM Transactions on Privacy and Security (TOPS), v19(3), Dec 2016, DOI 10.1145/2996457.
- A new book on cyber deception includes a chapter on our work. See the Papers and Presentations page for details.
- Our paper on ersatz passwords was presented at the ACSAC 15 conference.
Update! This paper won the conference best paper award!
- Mohammed Almeshekah has completed his PhD and left Purdue to take a faculty position at King Saud University. His PhD dissertation, Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses, is available online in the CERIAS library.
- We have received an NSF grant to support portions of our work! See the Acknowledgements page for specifics.