Enhanced Security of Internet Banking Authentication with EXtended Honey Encryption (XHE) Scheme

The rapid growth of security incidents and data breaches recently had risen concerns on Internet banking security issues. Existing Internet banking authentication mechanism that primarily relies on the conventional password-only authentication cannot efficiently resist to recent password guessing and password cracking attacks. To address this problem, this paper proposed an eXtended Honey Encryption (XHE) scheme by adding an additional protection mechanism on the existing user authentication mechanism. When the malicious user attempts to unauthorized access to online bank account by entering his guessed password, instead of rejecting the access, the XHE algorithm generates an indistinguishable bogus bank data, subsequently redirects attacker to fake user account, in which the attack could not determine whether the guessed password is working correctly or not. Therefore, increasing the complexity of password guessing and cracking attacks. This paper also provides an in-depth study of attack models on password-based authentication mechanism and their countermeasures. Subsequently, a preliminary study on Malaysian online banking authentication system is presented.