Secure Data Transmission Technique for iphone using Quick Response (QR) Code



Similar documents
SURVEY ON INFORMATION HIDING TECHNIQUES USING QR BARCODE

Electronic Questionnaires for Investigations Processing (e-qip)

Design and Analysis of Methods for Signing Electronic Documents Using Mobile Phones

Manual for Android 1.5

Intelligent Database Monitoring System using ARM9 with QR Code

QR-CODE BASED NON-REPUDIATION TRANSACTION VERIFICATION SYSTEM

Multifactor Graphical Password Authentication System using Sound Signature and Handheld Device

Dynamic Query Updation for User Authentication in cloud Environment

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

ANALYTICS WHITE PAPER. MicroStrategy Analytics: Delivering Secure Enterprise Analytics

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Crypho Security Whitepaper

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT

QRP: An improved secure authentication method using QR codes

SECURITY STORAGE MODEL OF DATA IN CLOUD Sonia Arora 1 Pawan Luthra 2 1,2 Department of Computer Science & Engineering, SBSSTC

A Secure Authenticate Framework for Cloud Computing Environment

Security Overview of QR Codes

Secure Authentication of Distributed Networks by Single Sign-On Mechanism

Single Sign-On Secure Authentication Password Mechanism

Chapter 23. Database Security. Security Issues. Database Security

Research Information Security Guideline

AN ANDROID APPLICATION FOR ISSUING AND VERIFYING COMMUTER TRAIN TICKET THROUGH GPS USING CLOUD

Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are.

RFID based Bill Generation and Payment through Mobile

Middleware- Driven Mobile Applications

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

A Robust Multimedia Contents Distribution over IP based Mobile Networks

Sophos Mobile Control User guide for Apple ios. Product version: 4

INTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY

The Security Behind Sticky Password

Uniticket: A Third Party Universal E-Ticket System Based on Mobile Phone *

Implementing two-factor authentication: Google s experiences. Cem Paya (cemp@google.com) Information Security Team Google Inc.

Monalisa P. Kini, Kavita V. Sonawane, Shamsuddin S. Khan

The increasing popularity of mobile devices is rapidly changing how and where we

Wireless LAN Security Mechanisms

An Innovative Two Factor Authentication Method: The QRLogin System

Biometric Authentication Platform for a Safe, Secure, and Convenient Society

Criteria for web application security check. Version

AUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes

Workday Mobile Security FAQ

NetIQ Advanced Authentication Framework

Architecture Guidelines Application Security

2695 P a g e. IV Semester M.Tech (DCN) SJCIT Chickballapur Karnataka India

Strengthen RFID Tags Security Using New Data Structure

Mitigating Server Breaches with Secure Computation. Yehuda Lindell Bar-Ilan University and Dyadic Security

API-Security Gateway Dirk Krafzig

Device-based Secure Data Management Scheme in a Smart Home

BlackBerry Universal Device Service. Demo Access. AUTHOR: System4u

Entrust IdentityGuard Comprehensive

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER

QR-SSO : Towards a QR-Code based Single Sign-On system

Final Year Project Interim Report

Donky Technical Overview

Storing Encrypted Plain Text Files Using Google Android

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

The Implementation of Face Security for Authentication Implemented on Mobile Phone

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved

Project 2: Web Security Pitfalls

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Mobile Admin Security

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

FAQs for Open Payments Mobile for Physicians &

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Multi-Factor Authentication Job Aide

Data Integrity by Aes Algorithm ISSN

LIBRARY ACCESS SYSTEM SMARTPHONE APPLICATION USING ANDROID

Improving Online Security with Strong, Personalized User Authentication

Microsoft.NET Passport, a solution of single sign on

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Data Integrity for Secure Dynamic Cloud Storage System Using TPA

A SECURE METHOD FOR SIGNING IN USING QUICK RESPONSE CODES WITH MOBILE AUTHENTICATION

Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage

An Anti-Phishing mechanism for Single Sign-On based on QR-Code

Brainloop Secure Dataroom Version QR Code Scanner Apps for ios Version 1.1 and for Android

SECURING MOBILE APPLICATIONS

A Students Attendance System Using QR Code

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Cryptographic Data Security over Cloud

Chapter 23. Database Security. Security Issues. Database Security

Enterprise Application Security Workshop Series

SHORT MESSAGE SERVICE SECURITY

ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback -

Transcription:

Available online at www.globalilluminators.org GlobalIlluminators Full Paper Proceeding MI-BEST-2015, Vol. 1, 53-62 FULL PAPER PROCEEDING Multidisciplinary Studies ISBN: 978-969-9948-10-7 MI-BEST 2015 Secure Data Transmission Technique for iphone using Quick Response (QR) Code Abhijit Sen 1* & Yourdon Jou 2 1,2 Kwantlen Polytechnic University, canada Abstract The increasing use of smartphones and tablet computers as personal and business tools poses new levels of complexity to IT management and security.with continued growth of smartphones, and associated increase of mobile security concerns, users of mobile devices must be assured that the services they receive must be secured and trustworthy. A QR code (quick response code) is a type of 2D bar code that is used widely to provide easy access to information through a smartphone. It is envisioned that the technology of QR code could be applied for secured communications using smart phones. This paper provides a design framework for sending encrypted message using QR code, and decrypting the received QR code. An application is developed using Apple's iphone to demonstrate how mobile devices such as smart phones can communicate securely with another device using QR code. The sending smartphone can encode encrypted data in a QR code, and receiving smart phone can then decrypt the data encoded in QR code and retrieve the information. User can choose different encryption/decryption algorithm su ch as AES for secured transmission of data. The ios SDK together with Xcode IDE is used for the design and development of the iphone application. The design architecture is developed using Apple's ios mobile operating system, PHP server and MySQL databas e. The paper successfully demonstrates the feasibility of using QR code to securely transmit message between mobile users. The system works as expected, however rigorous analysis to assess the performance is deferred for future study. 2015 The Authors. Published by Global Illuminators. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/) Peer-review under responsibility of the Scientific & Review committee of MI-BEST-2015. Keywords: AES, ios,sms,qr Code Introduction With the widespread use of smartphones, digital tablets, and other mobile devices, the deployment of QR codes for encoding information has dramatically increased. QR codes have many advantages over traditional barcodes because of their small size, superior security mechanisms, quantity of information that can be embedded, and low cost of implementation [1]. More and more smartphone applications are developed to meet different user needs, and to make the device more convenient to use. One example is the text messaging service. Other *All correspondence related to this article should be directed to Abhijit sen, Kwantlen Polytechnic University, Canada. Email: abhijit.sen@kpu.ca 2015 The Authors. Published by Global Illuminators. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/) Peer-review under responsibility of the Scientific & Review committee of MI-BEST-2015.

than the traditional SMS provided by the mobile phone company, many messengers such as WeChat [2], LINE [3],are using internet to send messages. Number of researchers have demonstrated using QR code for authentication purposes. For example, a secure authentication system for on-line banking that uses a two factor authentication by combining a password and a camera equipped mobile phone, where mobile phone is acting as an authentication token is detailed by Sonawane et.al [4].However, these messaging applications do not include the functions to send encrypted messages, and users conversation online will always have potential threat to be revealed.this paper presents the design and implementation of application named QR Send, a proof-of-concept secure message transmission system for mobile devicesthat uses well known RC4/AES encryption algorithms to transmit encrypted data which will be received and decrypted by the receiving device. This paper is organized as follows: First a brief introductionand objective of the study is provided in section 1, which is followed by literature survey in section 2 detailing some related worksin this area of interest. Section 3 provides the overview of the proposed design. Section 4 describes in detail how the prototype system works. The Section 5 discusses the results and highlights the overall performance and advantages of application designed.section 6 discusses the limitations of the study and provides suggestion in detail for future research in this area of research. Objective of the Study The objective of the study is to design, develop and implement an application that will demonstrate how mobile devices such as smart phones can communicate in a secured fashion with another device using QR code. The sending smartphone can encrypt data using appropriate cryptographicalgorithms and encode the data in a QR code.the receiving smart phone can then decrypt the data encoded in QR code and retrieve the information. This software project aims to: 1. Implement a security scheme for information exchange between two parties using QR codes as the exchange medium. Literature Review QR code has been widely used in many applications [1,5, 6] such as storing URLs, contact addresses and various forms of data on posters, signsand business cards. The security issues related to the use of QR code as attack vectors are discussed in [7].The paper [7]explains how QR Codes can be used to attack both human interaction and automated systemsby utilizing manipulated QR Codes.Various secure authentication system such as single factor and two factor authentication based on QR codeare detailed in [4, 8]. Liao et.al [9] proposes aqr-code based one-time password authentication protocolwhich eliminates theusage of the password verification table. A secure authentication system for on-line banking that uses a two factor authentication by combining a password and a camera equipped mobile phone, where mobile phone is acting as an authentication token is detailed by Sonawane [4].Chuanget.al [10] describes how the QR code is employed to design the secret sharing mechanism so that the data privacy during data transmission can be enhanced. The secret data is divided into some shadows by the secret sharing mechanism and the results are embedded into barcode tags. The secret can be recovered only when the number of shadows is greater than or equal to the predefined threshold.in [11], Huang et.al have proposed a data hiding scheme through application of QR codes. 54

The authors found that there exists a large gap between proposed theory in the literature and practical implementations of these theoretical concepts for secure transmission and delivery of data using QR code. Not many useful applications are developed for mobiledevices for secure communication using QR code.many messaging applications do not include the functions to send encrypted messages, and users conversation online will always have potential threat to be revealed.there are dearth of applications which use QR code to transport message in a secured manner. This paper attempts to develop a smart phone application that will use QR code as a medium to transport encrypted message using well known RC4/AES algorithm. Overview Of Design The following procedures are followed in the design and implementation of the application Identification of the Development environment Design of User interface and layout Application design Run and debug mobile applications The design is based on three-tier architecture and consists of the following components: iosclient : Any sending or receiving mobile device such as iphone php server:the server authenticates login user credentials and implements services to store and gather encrypted data from My SQL database. MySQL database: Data base server stores user s login credentials and QR encoded encrypted message. The figure 1 shows schematically the architecture used for this application. The figure 2 shows a typical query of QR coded embedded message stored in the database. As seen each sender receiver session is given a unique id which is used as a filename to store the coded message. For example a specific message sent by user andy to yourdon with unique id d60d8d0b267a1ce is encrypted and encoded as QRcode and stored in the file named d60d8d0b267a1ce.jpg. 55

Figure 1: Three tier Architecture Figure 2: Unique id for each Sender-Receiver session 56

Prototype Implementations The prototype application named QR Send enables user to send and receive RC4 or AES encrypted message using QR code as a transport medium. The receiver on receiving QR encoded RC4 or AES encrypted message can decrypt the message. The application consists of three main functionalities: Login as different users Generation of Encrypted QR Code and Sending the Encrypted QR Code to intended receiver Receiving the Encrypted QR Code and Decrypting Login Process Users will login before they start the application named QR Send. This allows them to use QR Send to send encrypted QR message to other QR Send users. Figure 3: Login Process 57

Generation and Sending of Secure QR code A QR Code will be generated with message text, and encryption key given by users. RC4 or AES encryption methods are allowed. After that, users can select Send to send an encrypted message to another user. If the sending is completed, a succe ss message will displayed as shown in Figure 4. Receiving the Encrypted QR Code and Decrypting On the receiving side, the users will be asked about the key and the encryption type, and press Decrypt button to decrypt the QR code with given key (or no key if unspecified). A message box will appear when a code is decrypted. If the key is wrong, the users will not able to receive the correct message as shown in Figure 5. Figure 4: Sending Encrypted message via QR code 58

Figure 5: Decryption of received message 59

Discussion We are able to design and implement system that will enable iphone users to transmit data in a secured manner using QR code. We have successfully implemented RC4 and AES encryption/decryption algorithms and iphone users are able to code and decode data using any of the two chosen encryption/decryption algorithms. We are able to transmit small and fairly large messages using QR code. The advantage of using QR codes are many [6]: Storage capacity of QR code is high and can stores data which is stored in onedimensional bar code in one-tenth the space QR codes are not readable by person It can handle many types of data such as numeric, alphabetic. It is readable if they are partially damage. It is easy to scan with camera As a consequences of these advantages one can envision using QR code to transmit message in a secure manner. The present paper successfully demonstrates that using appropriate encryption algorithms, smart phone users can transmit and receive messages using QR code. We have demonstrated one application which is the stated objective of the paper. Some sample examples of usefulmobile applicationsamong many that can be developedutilizing the concepts outlined in this paper are listed below: Password transmission using QR code Session Key distribution using QR code File and document transfer using QR code Delivery of Academic transcript using QR code However we have not conducted any performance analysis using different message sizes. This is left for future analysis. Conclusion In this paper we have discussed the design and implementation of QR-based secured message transfer application using smartphone. We have proposed design and implementation framework to enable mobile users equipped with devices such as s mart phones to transmit data securely to a smart phone receiver who has the capabilities of decrypting the received data. We have successfully demonstrated that mobile users equipped with iphone can easily communicate in a secured manner. Although the principle is demonstrated using iphone, the design can easily be extended to Android or Windows based smartphones. 60

This paper only demonstrates the design and implementation of QR-based secured message transmission between mobile devices. No attempt is made to integrate authentication schemes between sender and receiver in the current implementation. The paper does not address the issue of key distribution between the sender and the receiver. Performance issue related to transmission of large amount of data securely using QR code is also not addressed, neither any attempt is made to study the vulnerability of the proposed system to various types of attacks. Future research in the areas of key distribution, authentication, performance analysis and vulnerabilityanalysis will be carried out in future. Acknowledgment The work is sponsored and funded by Kwantlen Polytechnic University s Minor Research Grant Program. The supports from Mr. Wayne Tebb, Dean School of Business, of Kwantlen Polytechnic University is appreciated. References [1] Huang, Y.P., Chang, Y.T., Sandnes,F. E. (2010) Ubiquitous information transfer across different platforms by qr codes. Journal of Mobile Multimedia,6(1), pp.3-14. [2]Group Chat QR Code, Retrieved from:http://www.wechat.com/en/features.html#group_chat_qrcode [3]LINE, Retrieved from:http://line.me/en/ [4]Sonawane, S., Khandave, M., Nemade, N. (2014)Secure Authentication for Online Banking Using QR Code, International Journal of Emerging Technology and Advanced Engineering, Volume ( 4), Issue (30), pp.778-781. [5] Narayanan, A. S. (2012)QR Codes and Security Solutions. International Journal of Computer Science and Telecommunications, Volume (3), Issue (7), pp.69-71. [6] Lee, Jaesik; Cho, Chang-Hyun; Jun, Moon-Seog. (2011) Secure quick response-payment (QRPay) system using mobile device. Advanced Communication Technology (ICACT), 13th International Conference, Feb. 2011. [7] Kieseberg, P., Leithner M., Mulazzani, M., Munroe, L., Schrittwieser S., Sinha, M., Weippl,E. (2010)QR Code Security.MoMM '10 Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia, pp.430-435. [8]Pintor, D. M(2012)QRP: An improved secure authentication method using QR codes,master ThesisUniversitat Oberta de Catalunya, Bercelona, Spain. Retrieved from: https://www.grc.com/sqrl/files/qrp-secure-authentication.pdf [9]Liao, K., Lee, W. (2010)A Novel User Authentication Scheme Based on QR-Code, Journal of NetworksVolume (5): No (8), pp. 937-941, 2010. 61

[10]Chuang,J., Hu,Y.,Ko,H. (2010) A NovelSecret Sharing Technique Using QR Code, International Journal of Image Processing (IJIP), Volume (4): Issue (5), pp.468-475, 2010. [11] Huang,H., Chang,F., Fang, W. (2011). Reversible data hiding with histogram-based difference expansion for QR code applications, Consumer Electronics, IEEE Transactions on, Volume (57), No (2), pp.779,787, May 2011. 62

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information