The Case of Using Negative (Deceiving) Information in Data Protection
Project Members
Mohammed Almeshekah, Mikhail Atallah and Eugene Spafford
Mohammed Almeshekah, Mikhail Atallah and Eugene Spafford
Abstract
In this paper we develop a novel taxonomy of methods and techniques that can be
used to protect digital information. We explore complex relationships among these
protection techniques grouped into four categories. We present analysis of these
relationships and discuss how can they be applied at different scales within organizations.
We map these protection techniques against the cyber kill-chain model and discuss some
findings. Moreover, we identify the use of deceit as a useful protection technique that can
significantly enhance the security of computer systems. We posit how the well-known
Kerckhoffs’s principle has been misinterpreted to drive the security community away from
deception-based mechanisms. We examine advantages these techniques can have when
protecting our information in addition to traditional methods of denial and hardening. We
show that by intelligently introducing deceit in information systems, we not only lead
attackers astray, but also give organizations the ability to detect leakage; create doubt and
uncertainty in leaked data; add risk at the adversaries’ side to using the leaked
information; and significantly enhance our abilities to attribute adversaries. We discuss
how to overcome some of the challenges that hinder the adoption of deception-based
techniques.
How