Secure Data Transmission Technique for iphone using Quick Response (QR) Code

Transcription

1 Available online at GlobalIlluminators Full Paper Proceeding MI-BEST-2015, Vol. 1, FULL PAPER PROCEEDING Multidisciplinary Studies ISBN: MI-BEST 2015 Secure Data Transmission Technique for iphone using Quick Response (QR) Code Abhijit Sen 1* & Yourdon Jou 2 1,2 Kwantlen Polytechnic University, canada Abstract The increasing use of smartphones and tablet computers as personal and business tools poses new levels of complexity to IT management and security.with continued growth of smartphones, and associated increase of mobile security concerns, users of mobile devices must be assured that the services they receive must be secured and trustworthy. A QR code (quick response code) is a type of 2D bar code that is used widely to provide easy access to information through a smartphone. It is envisioned that the technology of QR code could be applied for secured communications using smart phones. This paper provides a design framework for sending encrypted message using QR code, and decrypting the received QR code. An application is developed using Apple's iphone to demonstrate how mobile devices such as smart phones can communicate securely with another device using QR code. The sending smartphone can encode encrypted data in a QR code, and receiving smart phone can then decrypt the data encoded in QR code and retrieve the information. User can choose different encryption/decryption algorithm su ch as AES for secured transmission of data. The ios SDK together with Xcode IDE is used for the design and development of the iphone application. The design architecture is developed using Apple's ios mobile operating system, PHP server and MySQL databas e. The paper successfully demonstrates the feasibility of using QR code to securely transmit message between mobile users. The system works as expected, however rigorous analysis to assess the performance is deferred for future study The Authors. Published by Global Illuminators. This is an open access article under the CC BY-NC-ND license ( Peer-review under responsibility of the Scientific & Review committee of MI-BEST Keywords: AES, ios,sms,qr Code Introduction With the widespread use of smartphones, digital tablets, and other mobile devices, the deployment of QR codes for encoding information has dramatically increased. QR codes have many advantages over traditional barcodes because of their small size, superior security mechanisms, quantity of information that can be embedded, and low cost of implementation [1]. More and more smartphone applications are developed to meet different user needs, and to make the device more convenient to use. One example is the text messaging service. Other *All correspondence related to this article should be directed to Abhijit sen, Kwantlen Polytechnic University, Canada. [email protected] 2015 The Authors. Published by Global Illuminators. This is an open access article under the CC BY-NC-ND license ( Peer-review under responsibility of the Scientific & Review committee of MI-BEST-2015.

2 than the traditional SMS provided by the mobile phone company, many messengers such as WeChat [2], LINE [3],are using internet to send messages. Number of researchers have demonstrated using QR code for authentication purposes. For example, a secure authentication system for on-line banking that uses a two factor authentication by combining a password and a camera equipped mobile phone, where mobile phone is acting as an authentication token is detailed by Sonawane et.al [4].However, these messaging applications do not include the functions to send encrypted messages, and users conversation online will always have potential threat to be revealed.this paper presents the design and implementation of application named QR Send, a proof-of-concept secure message transmission system for mobile devicesthat uses well known RC4/AES encryption algorithms to transmit encrypted data which will be received and decrypted by the receiving device. This paper is organized as follows: First a brief introductionand objective of the study is provided in section 1, which is followed by literature survey in section 2 detailing some related worksin this area of interest. Section 3 provides the overview of the proposed design. Section 4 describes in detail how the prototype system works. The Section 5 discusses the results and highlights the overall performance and advantages of application designed.section 6 discusses the limitations of the study and provides suggestion in detail for future research in this area of research. Objective of the Study The objective of the study is to design, develop and implement an application that will demonstrate how mobile devices such as smart phones can communicate in a secured fashion with another device using QR code. The sending smartphone can encrypt data using appropriate cryptographicalgorithms and encode the data in a QR code.the receiving smart phone can then decrypt the data encoded in QR code and retrieve the information. This software project aims to: 1. Implement a security scheme for information exchange between two parties using QR codes as the exchange medium. Literature Review QR code has been widely used in many applications [1,5, 6] such as storing URLs, contact addresses and various forms of data on posters, signsand business cards. The security issues related to the use of QR code as attack vectors are discussed in [7].The paper [7]explains how QR Codes can be used to attack both human interaction and automated systemsby utilizing manipulated QR Codes.Various secure authentication system such as single factor and two factor authentication based on QR codeare detailed in [4, 8]. Liao et.al [9] proposes aqr-code based one-time password authentication protocolwhich eliminates theusage of the password verification table. A secure authentication system for on-line banking that uses a two factor authentication by combining a password and a camera equipped mobile phone, where mobile phone is acting as an authentication token is detailed by Sonawane [4].Chuanget.al [10] describes how the QR code is employed to design the secret sharing mechanism so that the data privacy during data transmission can be enhanced. The secret data is divided into some shadows by the secret sharing mechanism and the results are embedded into barcode tags. The secret can be recovered only when the number of shadows is greater than or equal to the predefined threshold.in [11], Huang et.al have proposed a data hiding scheme through application of QR codes. 54

3 The authors found that there exists a large gap between proposed theory in the literature and practical implementations of these theoretical concepts for secure transmission and delivery of data using QR code. Not many useful applications are developed for mobiledevices for secure communication using QR code.many messaging applications do not include the functions to send encrypted messages, and users conversation online will always have potential threat to be revealed.there are dearth of applications which use QR code to transport message in a secured manner. This paper attempts to develop a smart phone application that will use QR code as a medium to transport encrypted message using well known RC4/AES algorithm. Overview Of Design The following procedures are followed in the design and implementation of the application Identification of the Development environment Design of User interface and layout Application design Run and debug mobile applications The design is based on three-tier architecture and consists of the following components: iosclient : Any sending or receiving mobile device such as iphone php server:the server authenticates login user credentials and implements services to store and gather encrypted data from My SQL database. MySQL database: Data base server stores user s login credentials and QR encoded encrypted message. The figure 1 shows schematically the architecture used for this application. The figure 2 shows a typical query of QR coded embedded message stored in the database. As seen each sender receiver session is given a unique id which is used as a filename to store the coded message. For example a specific message sent by user andy to yourdon with unique id d60d8d0b267a1ce is encrypted and encoded as QRcode and stored in the file named d60d8d0b267a1ce.jpg. 55

4 Figure 1: Three tier Architecture Figure 2: Unique id for each Sender-Receiver session 56

5 Prototype Implementations The prototype application named QR Send enables user to send and receive RC4 or AES encrypted message using QR code as a transport medium. The receiver on receiving QR encoded RC4 or AES encrypted message can decrypt the message. The application consists of three main functionalities: Login as different users Generation of Encrypted QR Code and Sending the Encrypted QR Code to intended receiver Receiving the Encrypted QR Code and Decrypting Login Process Users will login before they start the application named QR Send. This allows them to use QR Send to send encrypted QR message to other QR Send users. Figure 3: Login Process 57

6 Generation and Sending of Secure QR code A QR Code will be generated with message text, and encryption key given by users. RC4 or AES encryption methods are allowed. After that, users can select Send to send an encrypted message to another user. If the sending is completed, a succe ss message will displayed as shown in Figure 4. Receiving the Encrypted QR Code and Decrypting On the receiving side, the users will be asked about the key and the encryption type, and press Decrypt button to decrypt the QR code with given key (or no key if unspecified). A message box will appear when a code is decrypted. If the key is wrong, the users will not able to receive the correct message as shown in Figure 5. Figure 4: Sending Encrypted message via QR code 58

7 Figure 5: Decryption of received message 59

8 Discussion We are able to design and implement system that will enable iphone users to transmit data in a secured manner using QR code. We have successfully implemented RC4 and AES encryption/decryption algorithms and iphone users are able to code and decode data using any of the two chosen encryption/decryption algorithms. We are able to transmit small and fairly large messages using QR code. The advantage of using QR codes are many [6]: Storage capacity of QR code is high and can stores data which is stored in onedimensional bar code in one-tenth the space QR codes are not readable by person It can handle many types of data such as numeric, alphabetic. It is readable if they are partially damage. It is easy to scan with camera As a consequences of these advantages one can envision using QR code to transmit message in a secure manner. The present paper successfully demonstrates that using appropriate encryption algorithms, smart phone users can transmit and receive messages using QR code. We have demonstrated one application which is the stated objective of the paper. Some sample examples of usefulmobile applicationsamong many that can be developedutilizing the concepts outlined in this paper are listed below: Password transmission using QR code Session Key distribution using QR code File and document transfer using QR code Delivery of Academic transcript using QR code However we have not conducted any performance analysis using different message sizes. This is left for future analysis. Conclusion In this paper we have discussed the design and implementation of QR-based secured message transfer application using smartphone. We have proposed design and implementation framework to enable mobile users equipped with devices such as s mart phones to transmit data securely to a smart phone receiver who has the capabilities of decrypting the received data. We have successfully demonstrated that mobile users equipped with iphone can easily communicate in a secured manner. Although the principle is demonstrated using iphone, the design can easily be extended to Android or Windows based smartphones. 60

9 This paper only demonstrates the design and implementation of QR-based secured message transmission between mobile devices. No attempt is made to integrate authentication schemes between sender and receiver in the current implementation. The paper does not address the issue of key distribution between the sender and the receiver. Performance issue related to transmission of large amount of data securely using QR code is also not addressed, neither any attempt is made to study the vulnerability of the proposed system to various types of attacks. Future research in the areas of key distribution, authentication, performance analysis and vulnerabilityanalysis will be carried out in future. Acknowledgment The work is sponsored and funded by Kwantlen Polytechnic University s Minor Research Grant Program. The supports from Mr. Wayne Tebb, Dean School of Business, of Kwantlen Polytechnic University is appreciated. References [1] Huang, Y.P., Chang, Y.T., Sandnes,F. E. (2010) Ubiquitous information transfer across different platforms by qr codes. Journal of Mobile Multimedia,6(1), pp [2]Group Chat QR Code, Retrieved from: [3]LINE, Retrieved from: [4]Sonawane, S., Khandave, M., Nemade, N. (2014)Secure Authentication for Online Banking Using QR Code, International Journal of Emerging Technology and Advanced Engineering, Volume ( 4), Issue (30), pp [5] Narayanan, A. S. (2012)QR Codes and Security Solutions. International Journal of Computer Science and Telecommunications, Volume (3), Issue (7), pp [6] Lee, Jaesik; Cho, Chang-Hyun; Jun, Moon-Seog. (2011) Secure quick response-payment (QRPay) system using mobile device. Advanced Communication Technology (ICACT), 13th International Conference, Feb [7] Kieseberg, P., Leithner M., Mulazzani, M., Munroe, L., Schrittwieser S., Sinha, M., Weippl,E. (2010)QR Code Security.MoMM '10 Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia, pp [8]Pintor, D. M(2012)QRP: An improved secure authentication method using QR codes,master ThesisUniversitat Oberta de Catalunya, Bercelona, Spain. Retrieved from: [9]Liao, K., Lee, W. (2010)A Novel User Authentication Scheme Based on QR-Code, Journal of NetworksVolume (5): No (8), pp ,

10 [10]Chuang,J., Hu,Y.,Ko,H. (2010) A NovelSecret Sharing Technique Using QR Code, International Journal of Image Processing (IJIP), Volume (4): Issue (5), pp , [11] Huang,H., Chang,F., Fang, W. (2011). Reversible data hiding with histogram-based difference expansion for QR code applications, Consumer Electronics, IEEE Transactions on, Volume (57), No (2), pp.779,787, May