Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2017 (2017), Article ID 6760532, 9 pages
Research Article

Protecting Private Data by Honey Encryption

1North China Institute of Computing Technology, Beijing, China
2School of ITEE, The University of Queensland, Brisbane, QLD, Australia

Correspondence should be addressed to Wei Yin

Received 10 July 2017; Revised 6 October 2017; Accepted 6 November 2017; Published 21 November 2017

Academic Editor: Leandros Maglaras

Copyright © 2017 Wei Yin et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


The existing password-based encryption (PBE) methods that are used to protect private data are vulnerable to brute-force attacks. The reason is that, for a wrongly guessed key, the decryption process yields an invalid-looking plaintext message, confirming the invalidity of the key, while for the correct key it outputs a valid-looking plaintext message, confirming the correctness of the guessed key. Honey encryption helps to minimise this vulnerability. In this paper, we design and implement the honey encryption mechanisms and apply it to three types of private data including Chinese identification numbers, mobile phone numbers, and debit card passwords. We evaluate the performance of our mechanism and propose an enhancement to address the overhead issue. We also show lessons learned from designing, implementing, and evaluating the honey encryption mechanism.