Deception and Kerckhoffs’s Cryptographic Principle

Conceptually, deception is an incredibly intuitive approach to cybersecurity. The parallels between deception in the real-world, and deception in cyberspace are clear and easy to understand. However, in the digital battlefield it’s far more nuanced — it’s easy to do it badly, and far harder to get it right. Which makes it rather similar to a more traditional security practice — cryptography.

Cryptographers are familiar with a well-known axiom called Kerckhoff’s principle, which states:

A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

This was famously paraphrased by Claude Shannon in what is known as Shannon’s Maxim:

“The enemy knows the system“, i.e., “one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them“

The applicability to deception is immediately apparent. It should remain effective, even when an attacker:

• Knows that deception technology is deployed
• Knows the full capabilities of the specific solution
• Intuitively understands where the decoys may be deployed (ATM, SWIFT, SCADA, IoT etc.)

However, the exact map of the minefield — the specific placement of decoys, their running services, and their content is not known. This deception map is the equivalent of the secret key in a crypto-system. As long as the map is not known to the attacker, the illusion should still remain extremely effective, despite the attacker having complete visibility into the rest of the system.

At Smokescreen, we are laser focused on making sure deception is ‘done right’ — with the necessary rigour and formal reasoning to hold up in real-world conditions. How do we do this? Our depth of experience in related cybersecurity disciplines is our secret weapon. We apply hard earned knowledge from red-teaming, asymmetric thinking, threat hunting, cryptography and incident response to build the most formidable and effective deception system available.