Biblio

QR codes, intended for maximum accessibility are widely in use these days and can be scanned readily by mobile phones. Their ease of accessibility makes them vulnerable to attacks and tampering. Certain scenarios require a QR code to be accessed by a group of users only. This is done by making the QR code cryptographically secure with the help of a password (key) for encryption and decryption. Symmetric key algorithms like AES requires the sender and the receiver to have a shared secret key. However, the whole motive of security fails if the shared key is not secure enough. Therefore, in our design we secure the key, which is a grey image using RSA algorithm. In this paper, FPGA implementation of 1024 bit RSA encryption and decryption is presented. For encryption, computation of modular exponentiation for 1024 bit size with accuracy and efficiency is needed and it is carried out by repeated modular multiplication technique. For decryption, L-R binary approach is used which deploys modular multiplication module. Efficiency in our design is achieved in terms of throughput/area ratio as compared to existing implementations. QR codes security is demonstrated by deploying AES-RSA hybrid design in Xilinx System Generator(XSG). XSG helps in hardware co-simulation and reduces the difficulty in structural design. Further, to ensure efficient encryption of the shared key by RSA, histograms of the images of key before and after encryption are generated and analysed for strength of encryption.

Now a day, need for fast accessing of data is increasing with the exponential increase in the security field. QR codes have served as a useful tool for fast and convenient sharing of data. But with increased usage of QR Codes have become vulnerable to attacks such as phishing, pharming, manipulation and exploitation. These security flaws could pose a danger to an average user. In this paper we have proposed a way, called Secured QR (SQR) to fix all these issues. In this approach we secure a QR code with the help of a key in generator side and the same key is used to get the original information at scanner side. We have used AES algorithm for this purpose. SQR approach is applicable when we want to share/use sensitive information in the organization such as sharing of profile details, exchange of payment information, business cards, generation of electronic tickets etc.

As QR codes become ubiquitous, there is a prominent security threat of phishing and malware attacks that can be carried out by sharing rogue URLs through such codes. Several QR code scanner apps have become available in the past few years to combat such threats. Nevertheless, limited work exists in the literature evaluating such apps in the context of security. In this paper, we have investigated the status of existing secure QR code scanner apps for Android from a security point of view. We found that several of the so-called secure QR code scanner apps merely present the URL encoded in a QR code to the user rather than validating it against suitable threat databases. Further, many apps do not support basic security features such as displaying the URL to the user and asking for user confirmation before proceeding to open the URL in a browser. The most alarming issue that emerged during this study is that only two of the studied apps perform validation of the redirected URL associated with a QR code. We also tested the relevant apps with a set of benign, phishing and malware URLs collected from multiple sources. Overall, the results of our experiments imply that the protection offered by the examined secure QR code scanner apps against rogue URLs (especially malware URLs) is limited. Based on the findings of our investigation, we have distilled a set of key lessons and proposed design recommendations to enhance the security aspects of such apps.

Smart Card has complications with validation and transmission process. Therefore, by using peeping attack, the secret code was stolen and secret filming while entering Personal Identification Number at the ATM machine. We intend to develop an authentication system to banks that protects the asset of user's. The data of a user is to be ensured that secure and isolated from the data leakage and other attacks Therefore, we propose a system, where ATM machine will have a QR code in which the information's are encrypted corresponding to the ATM machine and a mobile application in the customer's mobile which will decrypt the encoded QR information and sends the information to the server and user's details are displayed in the ATM machine and transaction can be done. Now, the user securely enters information to transfer money without risk of peeping attack in Automated Teller Machine by just scanning the QR code at the ATM by mobile application. Here, both the encryption and decryption technique are carried out by using Triple DES Algorithm (Data Encryption Standard).

Internet of Things (IoT) devices are getting increasingly popular, becoming a core element for the next generations of informational architectures: smart city, smart factory, smart home, smart health-care and many others. IoT systems are mainly comprised of embedded devices with limited computing capabilities while having a cloud component which processes the data and delivers it to the end-users. IoT devices access the user private data, thus requiring robust security solution which must address features like usability and scalability. In this paper we discuss about an IoT authentication service for smart-home devices using a smart-phone as security anchor, QR codes and attribute based cryptography (ABC). Regarding the fact that in an IoT ecosystem some of the IoT devices and the cloud components may be considered untrusted, we propose a privacy preserving attribute based access control protocol to handle the device authentication to the cloud service. For the smart-phone centric authentication to the cloud component, we employ the FIDO UAF protocol and we extend it, by adding an attributed based privacy preserving component.

The utilization of the online services especially the access to Internet Banking services has grown rapidly from last five years. The Internet Banking services provide the customers with the secure and reliable environment to deal with. But with the technology advancement, it is mandatory for the banks to put into practice the ideal technologies or the best security strategies and procedures to authorize or validate the originality of the customers. This must be done to ensure that the data or the information being transmitted during any kind of transaction is safe and no kind of leakage or modification of the information is possible for the intruder. This paper presents a digital watermark method for the QR Code (Quick Response Code) In this, a visible watermark is embedded in the QR Code image using the watermark technology (DCT) and describes the functioning feature of a secure authorization system by means of QR codes & the digital watermark for Internet Banking.

This paper presents an entirely new RFID tag antenna design that incorporates the QR (Quick Response) code for security purposes. The tag antenna is designed to work at 2.45 GHz frequency. The RFID integrated QR code tag antenna is printed with an additive material deposition system that enables to produce a low cost tag antenna with extended security.

The QR codes have gained wide popularity in mobile marketing and advertising campaigns. However, the hidden security threat on the involved information system might endanger QR codes' success, and this issue has not been adequately addressed. In this paper we propose to examine the life cycle of a redesigned QR code ecosystem to identify the possible security risks. On top of this examination, we further propose standard changes to enhance security through a digital signature mechanism.

Steganography is a method of hiding information, whereas the goal of cryptography is to make data unreadable. Both of these methodologies have their own advantages and disadvantages. Encrypted messages are easily detectable. If someone is spying on communication channel for encrypted message, he/she can easily identify the encrypted messages. Encryption may draw unnecessary attention to the transferred messages. This may lead to cryptanalysis of the encrypted message if the spy tries to know the message. If the encryption technique is not strong enough, the message may be deciphered. In contrast, Steganography tries to hide the data from third party by smartly embedding the data to some other file which is not at all related to the message. Here care is to be taken to minimize the modification of the container file in the process of embedding data. But the disadvantage of steganography is that it is not as secure as cryptography. In the present method the authors have introduced three-step security. Firstly the secret message is encrypted using bit level columnar transposition method introduced by Nath et al and after that the encrypted message is embedded in some image file along with its size. Finally the modified image is encoded into a QR Code TM. The entire method has also been implemented for the Android mobile environment. This method may be used to transfer confidential message through Android mobile phone.