Secure Banking Transaction using Encryption Based Negative Password Scheme
DOI:
https://doi.org/10.32628/CSEIT206475Keywords:
Password Creation, Hash Generation, Create Negative Values, RC5 Encryption, Negative Password StorageAbstract
Password authentication is the most widely used authentication technique, for it is available at a low cost and easy to deploy. Many users usually set their passwords using familiar vocabulary for its convenience to remember. Passwords may be leaked from weak systems. Vulnerabilities are continuously being determined, and no longer all systems may be well timed patched to resist attacks, which give adversaries an opportunity to illegally access vulnerable systems. To overcome the vulnerabilities of password attacks, here propose a password authentication framework that is designed for secure password storage and could be easily integrated into existing authentication systems. In our framework, first, the received plain password from a client is hashed through a cryptographic hash function (e.g., SHA-512). Then, the hashed password is randomly shuffled to get a negative password. Finally, the negative password is encrypted into an Encrypted Negative Password using a symmetric-key algorithm RC5, to further improve security. The proposed hash function and encryption methodologies make it difficult to break passwords from ENPs. This proposed ENP system will be implemented for banking environment to improve security of password storage and transaction details.
References
- Li, Yue, Haining Wang, and Kun Sun. "Personal information in passwords and its security implications." IEEE Transactions on Information Forensics and Security 12, no. 10 (2017): 2320-2333.
- Zhao, Dongdong, and Wenjian Luo. "One-time password authentication scheme based on the negative database." Engineering Applications of Artificial Intelligence 62 (2017): 396-404.
- Zhao, Dongdong, Wenjian Luo, Ran Liu, and Lihua Yue. "Negative iris recognition." IEEE Transactions on Dependable and Secure Computing 15, no. 1 (2015): 112-125.
- Najjar, Mohannad. "Using Improved d-HMAC for Password Storage." Computer and Information Science 10, no. 3 (2017): 1-9.
- Jose, Jacob, Tibin T. Tomy, Vibin Karunakaran, Anoop Varkey, and C. A. Nisha. "Securing passwords from dictionary attack with character-tree." In 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), pp. 2301-2307. IEEE, 2016.
- Zhao, Dongdong, Wenjian Luo, Ran Liu, and Lihua Yue. "A fine-grained algorithm for generating hard-toreverse negative databases." In 2015 International Workshop on Artificial Immune Systems (AIS), pp. 1-8. IEEE, 2015.
- Boonkrong, Sirapat, and Chaowalit Somboonpattanakit. "Dynamic salt generation and placement for secure password storing." IAENG International Journal of Computer Science 43, no. 1 (2016): 27-36.
- Biryukov, Alex, Daniel Dinu, and Dmitry Khovratovich. "Argon2: new generation of memory-hard functions for password hashing and other applications." In 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 292-302. IEEE, 2016.
- Wang, Ding, Debiao He, Haibo Cheng, and Ping Wang. "fuzzyPSM: A new password strength meter using fuzzy probabilistic context-free grammars." In 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 595-606. IEEE, 2016.
- Sun, Hung-Min, Yao-Hsin Chen, and Yue-Hsun Lin. "oPass: A user authentication protocol resistant to password stealing and password reuse attacks." IEEE Transactions on Information Forensics and Security 7, no. 2 (2011): 651-663.
Downloads
Published
Issue
Section
License
Copyright (c) IJSRCSEIT
This work is licensed under a Creative Commons Attribution 4.0 International License.