A new encrypted Data hiding algorithm inside a QR Code implemented for an Android Smartphone system: S_QR algorithm

Transcription

1 A new encrypted Data hiding algorithm inside a QR Code implemented for an Android Smartphone system: S_QR algorithm 1 Sayantan Majumdar, 2 Abhisek Maiti, 3 Biswarup Bhattacharyya, 4 Asoke Nath 1,2,3,4 Department of Computer Science, St. Xavier's College, Kolkata, India Abstract: - Due to tremendous growth of media and communication technology, now it is a real challenge to widely share/send some information through the insecure network/media ensuring that, the receiver will get the authentic information. For this reason Nath et al developed an information security system combining Cryptography & Mobile Computing together, and presented a method 'S_QR'(Secured QR). In the present work, the authors have developed a new secured scheme to digitally sign any small file and encode it to a QR Code to widely share the information over the network/media. Android Smartphones can be used to quickly decode the QR Code obtaining the stored data and verify the authenticity of the decoded information. Here, first the information is digitally signed using RSA algorithm, then encoded into a QR Code. A simple android app is developed in order to obtain the information from the QR Code and to check the authenticity of the decoded information. RSA is a modern and extremely secure crypto-algorithm which is currently internationally accepted for online transactions & many other policies. RSA is free from plain text attack or any brute force attack. The present method may be used to publish non-modifiable sensitive public document like mark sheets and certificates. 1. Introduction: To maintain the authenticity of the file over the media & network, extremely secure standard cryptographic method must be applied to verify and prohibit the modification of the information. In the present method the authors have used 3072-bit RSA [6] encryption, which is fully compliant with NIST [5] security standard and FIPS [4] security standard. QR Code is very flexible, popular and widely used. QR Code can be shared not only over the digital media but also over any visual or print media. The proposed scheme may be used to certify any printed or digital document. Quick Response Code (QR Code ) are a machine-readable two dimensional matrix barcodes used for encoding information. Recently, it has become very popular due to its fast readability and greater storage capacity compared to standard UPC barcodes. Digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. Digital signatures are used in the cases where it is important to detect forgery or tampering. In the present method the authors have used RSA encryption algorithm which is a standard public key crypto system.. A digital signature is an authentication mechanism that enables the creator of message to attach a code that acts as a signature. A digital signature scheme typically consists of three algorithms: A key generation algorithm that selects a private key uniformly at random. The algorithm outputs the private key and a corresponding public key. A signing algorithm that, given a message and a private key, produces a signature. A signature verifying algorithm that, given a message, public key and a signature, either accepts or rejects the message's claim to authenticity. In S_QR method the authors have used the following procedure: (i) Encrypt the small file containing the information using RSA algorithm and generate corresponding digital signature & public key. (ii) For size compression and unification, compress the original file along with the corresponding digital signature and public key into a zip file. (iii) Generate QR Code for the newly created zip file. (iv) To decode the information using Android device, the authors used the following procedure: (i) (ii) (iii) Scan the QR Code using the camera of the device and write the decoded data into a new zip file. Decompress the zip file and display the contents of the main file. If requested by the user, verify the authenticity of the main file using corresponding digital signature and the public key and display the verification result , IJIRAE- All Rights Reserved Page -40

2 The present scheme may be very much useful in storing marks of any exam or some confidential data like date of birth proof etc in a QR code in encrypted manner. The same process may be used in any kind of legal documents which should not be tampered under no circumstances. The authors will include new data encryption algorithm developed by Nath et al []. 2. Algorithms 2.1 Digital Signature Generation Algorithm: (GenSig) STEP 2: Create a Key Pair [2] STEP 3: Initialize the Key Pair randomly STEP 4: Generate the Private Key and Public Key STEP 5: Get a Signature Object [2] STEP 6: Initialize the Signature Object with Private key STEP 7: While read buffer data from input file 0 Update the data to be signed by each byte read. STEP 8: Generate the RSA Digital Signature STEP 9: Write the Digital Signature into 'sig' file STEP 10: Encode the public key and write it into 'suepk' file STEP 11: End 2.2 Digital Signature Verification Algorithm: (VerSig) STEP 2: Input the encoded RSA public key(suepk), signature(sig) and the source file(infile) STEP 3: Obtain Key Specification STEP 4: Convert the encoded RSA public key bytes and obtain the key STEP 5: Input the Digital Signature bytes STEP 6: Initialize the Signature Object for verification STEP 7: While read buffer data from infile 0 Update the data to be verified by each byte read. STEP 8: Match with the Digital Signature to verify STEP 9: If matching is correct then Display 'Verification: True' else Display 'Verification: False' STEP 10: End 2.3 QRCode Generation Algorithms: (GenQR) STEP 2: Input the source file(infile) STEP 3: Call GenSig(infile) STEP 4: Compress 'suepk','sig' and 'infile' into 'test.zip' file STEP 5: Create an empty string data STEP 6: Convert 'test.zip' into string and store in 'data' STEP 7: Input the image format and resolution of the QR Code to be generated STEP 8: Input Error Correction Level STEP 9: Using zxing [1] library method convert 'data' into a BitMatrix object 'bitmatrix' STEP 10: Write bitmatrix to an image STEP 11: End N.B- BitMatrix represents a 2D matrix of bits. 2.4 QRCode Decoding Algorithm: (Decode_QR) STEP 2: Input QR Code image STEP 3: Construct a Binary Bitmap object 'bitmap' from source image STEP 4: Using zxing library method decode the 'bitmap' and store it in the object 'result' STEP 5: Convert 'result' into string and write it to 'result.zip'. STEP 6: Extract result.zip STEP 7: If requested by user call VerSig('supek','sig',infile) STEP 6: End , IJIRAE- All Rights Reserved Page -41

3 4. Conceptual Models 4.1 Encoding: : Fig-1: Conceptual Model of Encoding 4.2 DECODING , IJIRAE- All Rights Reserved Page -42

4 Fig-2: Conceptual Model of Decoding Above diagrams show the conceptual model of the project. Digitally signing the file and generation of QR Code will be done in traditional desktop environment whereas decoding the QR Code and verification system are developed to work in Android mobile environment. 5. Results & Discussion: 5.1 CASE #1: With HTML , IJIRAE- All Rights Reserved Page -43

5 QRCode: 5.2 CASE #2: With a JPEG image Original Image (Too large!): B&W Image: QRCode: , IJIRAE- All Rights Reserved Page -44

6 5.3 CASE #3: With an SVG image: Original image: QRCode: 5.4 CASE #4: With a Plain Text File: Original File: I define UNIX as 30 definitions of regular expressions living under one roof. QR Code: I define UNIX as 30 definitions of regular expressions living under one roof. Verification: Let us consider the last test case again. If we modify the data of the decoded file to Input: I define LINUX as 30 definitions of regular expressions living under one roof. Verification Result: False If we try the verification with more minor change, such as change 'Donald Knuth' to 'Donald Knuth' i.e. Input: I define UNIX as 30 definitions of regular expressions living under one roof. Verification Result: False Note: In every test case, Digital Signature and Public Key has been generated accordingly. as 'sig' & 'suepk' contain raw binary data we could not show them here , IJIRAE- All Rights Reserved Page -45

7 6. Conclusion & Future Scope: In cryptography the process of securing data has been improved drastically in last few years. In the proposed method the authors have used 3072-bit RSA encryption to digitally sign the file. RSA is based on the practical difficulty of factoring the product of two large prime numbers. Till date most common attack against RSA involves supercomputers with extremely large RAM space. But it has a very high initial cost and also not feasible. Of course there are other factoring methods that don't require huge supercomputers. But they are enough less efficient even at the best case situation. For example 512-bit RSA encryption created in 1999 was possible to break in 2007 with continuous effort by the scientists using modern computers. In FIPS 186-3, NIST assured that RSA with the key length of 3072-bit will remain secured beyond Though RSA is an extremely secure cryptosystem till date and it will remain secure for a long while, the scenario may change quickly with the fast growth of technology and science. It is clear that, to maintain the security of this scheme we must update the crypto-system regularly. From the practical aspect, this may be a challenge to this project because of the compatibility issues. The present scheme has limitation over the storage capacity of the QR Code. In terms of capacity QR Code is better than UPC (Universal Product Code) barcodes. Still, even with low error detection level it's not enough to store file greater than ~2.9KB. Though it is not impossible to split a large file and generate more than one QR Code, it is neither always feasible nor recommended. The smartphone has a limited resource and processing power which is another bottleneck of any kind of massive computation. Scanning large QR Code with low error detection level in different lighting environments require a good built-in camera, which may not be available with every Android devices. The authors are already trying to incorporate some efficient cryptographic method but with less computation time than RSA. 7. References: [1]. Zxing Library: [2]. Java security libraries: [3]. Android Libraries: [4]. FIPS 186-3: [5]. NIST Standard: [6]. RSA reference: , IJIRAE- All Rights Reserved Page -46