Secure Banking Transaction using Encryption Based Negative Password Scheme

Abstract

Password authentication is the most widely used authentication technique, for it is available at a low cost and easy to deploy. Many users usually set their passwords using familiar vocabulary for its convenience to remember. Passwords may be leaked from weak systems. Vulnerabilities are continuously being determined, and no longer all systems may be well timed patched to resist attacks, which give adversaries an opportunity to illegally access vulnerable systems. To overcome the vulnerabilities of password attacks, here propose a password authentication framework that is designed for secure password storage and could be easily integrated into existing authentication systems. In our framework, first, the received plain password from a client is hashed through a cryptographic hash function (e.g., SHA-512). Then, the hashed password is randomly shuffled to get a negative password. Finally, the negative password is encrypted into an Encrypted Negative Password using a symmetric-key algorithm RC5, to further improve security. The proposed hash function and encryption methodologies make it difficult to break passwords from ENPs. This proposed ENP system will be implemented for banking environment to improve security of password storage and transaction details.