Despite all the recent advancements in information security technology, the basic problem of hacking into a server or database has not been solved. Hackers and attackers can still, with relative ease and technical ability, hack into a system and cause mayhem. In response to this, two gifted researchers have proposed a method to help ameliorate this threat — honeywords.
This article will detail what honeywords are, the problem they solve, how to implement honeywords and how you can benefit from them. With careful implementation, honeywords can be used to stop the age-old hacking problem in its tracks.
Without saying too much about the embarrassing fact that a decades-old information security issue is still an issue, using passwords for database or server authentication is not as secure as it can be. Passwords are becoming compromised at an ever-increasing rate, with users facing the brunt of whatever consequences may follow.
The numbers don’t lie about this issue. In 2012, the popular networking platform LinkedIn had over 6 million of its passwords breached, while in 2013, note organization app creator Evernote had 50 million of its passwords breached.
To this end, administrators worldwide have implemented measures in an attempt to mitigate hacker-related damage to their organizations. Chief among these measures is the use of honeypot accounts, where if one of the honeypot accounts becomes compromised an alert is sent to the administrator. The problem with this is that most times, the hackers can easily detect which accounts are honeypots by their usernames. If this is the best that the information security community can muster against attacks, clearly the best won’t do.
As a prevention and mitigation measure, MIT Professor Ronald L. Rivest and RSA Labs’ Ari Juels proposed the use of honeywords. When database passwords are stored, they are normally hashed, or scrambled, for secrecy. When a hacker steals hashed passwords, he can invert the hash to reveal the passwords. But when a honeyword is used as an account password, it generates an alert and notifies the site administrator. The idea here is that when a hacker inverts the hash, he cannot determine if the passwords revealed are a true password or a honeyword.
Simply put, if a breached network has employed honeywords and a hacker has successfully breached some database passwords, the hacker has in effect opened up a veritable minefield of passwords and may not even be aware of it.
How Are Honeywords Implemented?
Using honeywords is not a setting you can turn on or configure in your database, but rather a database itself. How it works is you pepper a password database with honeywords. This password database is then plugged into a dedicated server focused on distinguishing between honeywords and valid passwords.
As simple as this may seem, this is an overly-simplistic view and more exploring is required before you can understand the mechanics of this new information security sensation.
A Closer Look
The mechanics of honeywords can be explained as follows. The password database that hosts the honeywords will also contain what is called a honeychecker, which stores indexes of correct passwords for all accounts in the respective organization. When a user authenticates by submitting their account password, the computer system checks the submitted password against all stored passwords. The sum of all the honeywords and the valid passwords are known as sweetwords. If there is a match, the computer system sends the index of that authentication to the honeychecker for what is called verification. If the honeychecker verifies that the authentication index is correct, the user is then authenticated.
The situation is a little different when the attacker tries to breach the database. Let’s say that the attacker has successfully inverted the hash that was protecting the passwords in the password database. This gives the attacker a list of passwords and, unfortunately for the attacker, he/she does not know which password is valid and which passwords are honeywords. The attacker then submits a password that has been designated as a honeyword. The honeychecker will then throw an alarm and alert the administrator.
How is this method so effective at detecting a database breach? The effectiveness is predicated on the nature of the honeywords themselves. Honeywords are not simple, easily-hackable passwords. In fact, honeywords are rarely submitted by users on their own. When honeywords are used as login passwords, it therefore stands as a strong indicator that the password hash file has been stolen because of their rare use if properly chosen.
Benefits of Using Honeywords
Using honeywords as an information security strategy for authentication passwords comes with some serious benefits for your organization. First off, the administrator will be faced with very little work on his/her end. After creation of sweetword indexes, which can be autogenerated, the administrator can proverbially sit back and wait for password breaches to occur because honeywords will most likely set off the alarm.
Second, there is very little impact on organization systems. Aside from the actual login attempt itself, the only burden on related systems is that there will be a transmission of the sweetword index to the honeychecker. However, this is the only burden on the system. The only other action that may occur is that there will be the alarm output alerting the administrator.
Last, the organization will benefit from distributed security inherent in the use of honeywords as between the computer system and honeychecker. If any specific component of the system is compromised, the compromise will not be fatal. If an account becomes compromised, that can be easily mitigated. In the absolute worst-case scenario where both components are compromised, a new hash file will solve the issue by redefining the sweetwords used, leading to a new honeytrap for hackers.
HoneyWords: Making Password-Cracking Detectable, Ari Juels and Ronald L. Rivest
Honeywords: A New Tool for Protection from Password Data Breach, RSA Conference 2014