D3CyT: Deceptive Camouflaging for Cyber Threat Detection and Deterrence

Even the most secure cyber systems could be compromised, and their data could be stolen. Once the data is stolen, even if it is encrypted or hashed, the attackers can conduct offline brute-forcing on it to recover the plaintext without being disrupted or detected. In this paper, we propose D3CyT, a simple, deceptive approach to camouflage sensitive data against such data thefts. In this approach, we transform a sensitive data value (which could be encrypted or hashed) to a deceptive value, called honeyvalue. The honeyvalue is stored instead of the original value, and the key to retrieve the original value from the honeyvalue is stored on a dedicated and secure server. If the data is stolen, the adversary would only attain the honeyvalues. The honeyvalues would either dissuade the attackers from using them by making stolen data look unimportant, or enable detection of data theft in case the attacker uses them. Through three different case studies focused on camouflaging passwords, QR codes, and logged IP addresses, we show the broad usability of our approach in different domains. We also show that even if our deception fails, the system is still technically more secure and computationally as secure as the original system.