Abstract
Honey Encryption (HE), introduced by Juels and Ristenpart (Eurocrypt 2014, [12]), is an encryption paradigm designed to produce ciphertexts yielding plausible-looking but bogus plaintexts upon decryption with wrong keys. Thus brute-force attackers need to use additional information to determine whether they indeed found the correct key.
At the end of their paper, Juels and Ristenpart leave as an open question the adaptation of honey encryption to natural language messages. A recent paper by Chatterjee et al. [5] takes a mild attempt at the challenge and constructs a natural language honey encryption scheme relying on simple models for passwords.
In this position paper we explain why this approach cannot be extended to reasonable-size human-written documents e.g. e-mails. We propose an alternative solution and evaluate its security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
We stress that unlike e.g. Kamouflage [1] which deals with passwords, syntactic honey encyrption applies to natural language.
- 3.
Note that such a skeleton might be ambiguous in certain constructions, for instance in sentences such as “Time flies like an arrow; fruit flies like a banana”.
- 4.
- 5.
See for instance http://www.ngrams.info/.
- 6.
An extreme example is William Shakespeare’s use of inversion as a poetic device: “If’t be so, For Banquo’s issue have I fil’d my mind,/ For them the gracious Duncan have I murther’d,/Put rancors in the vessel of my peace” (MacBeth, III.1.8).
- 7.
We may assume that communication with such services is secure, i.e. confidential and non-malleable, for the sake of argument.
- 8.
The Arabic equivalent is madrasa.
- 9.
The way some characters do in Umberto Eco’s novel, Il pendolo di Foucault[10].
- 10.
References
Bojinov, H., Bursztein, E., Boyen, X., Boneh, D.: Kamouflage: Loss-Resistant Password Management. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 286–302. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15497-3_18
Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords, pp. 538–552 (2012)
Borges, J.L.: El Jardín de senderos que se bifurcan. Editorial Sur (1941)
Borges, J.L.: Ficcione. Editorial Sur (1944)
Chatterjee, R., Bonneau, J., Juels, A., Ristenpart, T.: Cracking-resistant password vaults using natural language encoders, pp. 481–498 (2015)
Chomsky, N.: Three models for the description of language. IRE Trans. Inf. Theory 2(3), 113–124 (1956)
Chomsky, N.: On certain formal properties of grammars. Inf. Control 2(2), 137–167 (1959)
Chomsky, N.: Syntactic structures. Walter de Gruyter, Berlin (2002)
Cocke, J.: Programming languages and their compilers: preliminary notes (1969)
Eco, U.: Il pendolo di Foucault. Bompiani (2011)
Jakobsson, M., Dhiman, M.: The benefits of understanding passwords. In: Traynor, P. (ed.) 7th USENIX Workshop on Hot Topics in Security, HotSec 2012, Bellevue, WA, USA, 7. USENIX Association (2012)., August 2012
Juels, A., Ristenpart, T.: Honey encryption: security beyond the brute-force bound, pp. 293–310 (2014)
Kasami, T.: An efficient recognition and syntax analysis algorithm for context-free languages. Technical report, DTIC Document (1965)
Kelley, P.G., Komanduri, S., Mazurek, M.L., Shay, R., Vidas, T., Bauer, L., Christin, N., Cranor, L.F., Lopez, J.: Guess again (and again and again): measuring password strength by simulating password-cracking algorithms, pp. 523–537
Klein, D., Manning, C.D.: Accurate unlexicalized parsing. In: Proceedings of the 41st Annual Meeting on Association for Computational Linguistics, vol. 1, pp. 423–430. Association for Computational Linguistics (2003)
Li, Z., He, W., Akhawe, D., Song, D.: The emperor’s new password manager: security analysis of web-based password managers. In: Fu, K., Jung, J. (eds.) Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, 20–22 August, pp. 465–479. USENIX Association (2014)
Ma, J., Yang, W., Luo, M., Li, N.: A study of probabilistic password models. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, 18–21 May, pp. 689–704. IEEE Computer Society (2014)
Manning, C.D., Schütze, H.: Foundations of statistical natural language processing. MIT Press, Cambridge (2001)
Michel, J.B., Shen, Y.K., Aiden, A.P., Veres, A., Gray, M.K., Pickett, J.P., Hoiberg, D., Clancy, D., Norvig, P., Orwant, J.: Quantitative analysis of culture using millions of digitized books. Science 331(6014), 176–182 (2011)
Rayner, K., White, S.J., Johnson, R.L., Liversedge, S.P.: Reading wrods with jubmled lettres there is a cost. Psychol. Sci. 17(3), 192–193 (2006)
Veras, R., Collins, C., Thorpe, J.: On semantic patterns of passwords and their security impact. In: The 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, 23–26 February 2014 (2014)
Weir, M., Aggarwal, S., de Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars, pp. 391–405 (2009)
Younger, D.H.: Recognition and parsing of context-free languages in time \(n^3\). Inf. Control 10(2), 189–208 (1967)
Kaliski, B.: PKCS #5: Password-based cryptography specification version 2.0. RFC 2898 (Informational). Internet Engineering Task Force, September 2000. http://www.ietf.org/rfc/rfc2898.txt
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Grammatical tags for English
A Grammatical tags for English
See Table 1.
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Beunardeau, M., Ferradi, H., Géraud, R., Naccache, D. (2017). Honey Encryption for Language. In: Phan, RW., Yung, M. (eds) Paradigms in Cryptology – Mycrypt 2016. Malicious and Exploratory Cryptology. Mycrypt 2016. Lecture Notes in Computer Science(), vol 10311. Springer, Cham. https://doi.org/10.1007/978-3-319-61273-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-61273-7_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-61272-0
Online ISBN: 978-3-319-61273-7
eBook Packages: Computer ScienceComputer Science (R0)