The existing password-based encryption (PBE)methods that are used to protect private data are vulnerable to brute-force attacks.\nThe reason is that, for a wrongly guessed key, the decryption process yields an invalid-looking plaintext message, confirming\nthe invalidity of the key, while for the correct key it outputs a valid-looking plaintext message, confirming the correctness of the\nguessed key. Honey encryption helps to minimise this vulnerability. In this paper, we design and implement the honey encryption\nmechanisms and apply it to three types of private data including Chinese identification numbers, mobile phone numbers, and debit\ncard passwords. We evaluate the performance of our mechanism and propose an enhancement to address the overhead issue. We\nalso show lessons learned from designing, implementing, and evaluating the honey encryption mechanism.
Loading....