Honeyword is a representative ``honey" technique to detect intruders by
luring them with decoy data. This kind of honey technique blends a primary
object (from distribution P) with decoy samples (from distribution Q). In
this research, we focus on two key Honeyword security metrics: the flatness
function and the success-number function. Previous researchers are engaged in
designing experimental methods to estimate their values. We've derived
theoretical formulas on both metrics of the strongest A using the
optimal guessing strategy, marking a first in the field.
The mathematical structures of these metrics are intriguing: the flatness
function has an expression as
Ο΅(i)=βj=1iββ«0+ββ(jβ1kβ1β)f(x)Gkβj(x)(1βG(x))jβ1dx. In particular, the most important one,
Ο΅(1) is k1β(Mββ«0MβGk(x)dx)+b, where M=maxx:Q(x)ξ =0βQ(x)P(x)β, b=βx:Q(x)=0βP(x), and G is a
cumulative distribution function derived from P and Q. This formula
provides a criterion to compare different honey distributions: the one with
smaller M and b is more satisfactory. The mathematical structure of the
success-number function is a series of convolutions with beta distribution
kernels: Ξ»Uβ(i)=Uβj=1iββ«k1β1β1βΟ(x)Ο(x)β(jβ1Uβ1β)xUβj(1βx)jβ1dx, where U is
the number of users in the system and Ο(x) is a monotonically increasing
function. For further elaboration, we made some representative calculations.
Our findings offer insights into security assessments for Honeyword and similar
honey techniques, contributing to enhanced security measures in these systems