Articles
Analysis of existing methods and techniques to minimize security problems when using QR codes
Published 2019-09-16
Keywords
- quick response code,
- secure QR code,
- cryptology,
- information security,
- QR code security
- uses and applications of QR codes ...More
How to Cite
Castro-Acuña, N., Leguizamón-Páez, M., & Mora Lancheros, A. L. (2019). Analysis of existing methods and techniques to minimize security problems when using QR codes. Revista UIS Ingenierías, 18(4), 157–172. https://doi.org/10.18273/revuin.v18n4-2019015
Copyright (c) 2019 Revista UIS Ingenierías
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.
Abstract
This document allows knowing about QR codes, their creation process and security features; because it has improved its use supplying the need to store information in a small space. However, because it is so well known and used, it has been a focus for the theft of information by those who violate the security system illegally, who have detected weaknesses both in their construction and in those who use them, implementing attacks as "man in the middle", in which the attacker can intercept messages among phishing users, by redirecting to fake web pages created with the intention of obtaining confidential data; and perform information thefts. Besides, in this document describes some ways to protect both the QR code, and the information it contains and each of the methods that have been implemented and recommended by authors.
Downloads
Download data is not yet available.
References
[1] W. B. Cheon, K. i. Heo, W. G. Lim, W. H. Park, and T. M. Chung, “The New Vulnerability of Service Set Identifier (SSID) Using QR Code in Android Phone,” in 2011 International Conference on Information Science and Applications, 2011, pp. 1–6. doi: 10.1109/ICISA.2011.5772367.
[2] S. Singh, “QR Code Analysis,” Int. J. Adv. Res. Comput. Sci. Softw. Eng., vol. 6, no. 5, 2016.
[3] Z. Liao, T. Huang, R. Wang and X. Zhou, “A method of image analysis for QR code recognition,” 2010 International Conference on Intelligent Computing and Integrated Systems, Guilin, 2010, pp. 250-253, doi: 10.1109/ICISS.2010.5657187
[4] DENSO, “QR Code ® Essentials,” 2011.. [En línea]. Disponible en: http://www.nacs.org/LinkClick.aspx%3Ffileticket%3DD1FpVAvvJuo%253D%26tabid%3D1426%26mid%3D4802. [Accedido: 01-nov-2018]
[5] J. Cabero Almenara et al., La realidad aumentada como herramienta educativa : aplicación a la Educación Infantil, Primaria, Secundaria y Bachillerato. Ediciones Paraninfo, 2018.
[6] J. Valdeni de Lima, D. Menegais, A. B. do C. Filho, T. J. Müller, and F. P. da Silva, Objetos de aprendizaje multimodales: diseños y aplicaciones. Editorial UOC, 2014.
[7] L. Linjie and R. Haijun, “The applied research on power telecommunication identifier management system based on QR code,” in 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), 2017, pp. 270–274.
[8] L. Hernández Encinas and A. Peinado Domínguez, “Una propuesta para el uso de códigos QR en la autenticación de usuarios,” in XII Reunión Española De Criptografía Y Seguridad De La Información, 2012.
[9] H. Jara and F. G. Pacheco, Ethical hacking 2.0: Manual Users, Spanish. Creative Andina Corp., 2012.
[10] M. I. Romero Castro et al., Introducción a la seguridad informática y el análisis de vulnerabilidades. Editorial Científica 3Ciencias, 2018. doi: 10.17993/IngyTec.2018.46.
[11] O. Villarrea and R. Villamizar, “Incrustación de imágenes en códigos de barras bidimensionales de rápida respuesta qr-codes,” Rev. vínculos, vol. 10, no. 2, pp. 277–288, Dec. 2013, doi:10.14483/2322939X.6515.
[12] G. Barland, “Error Correction And Qr Codes,” Saint Paul, 2017.
[13] D. Gutierrez Garcia, “Estudio De Los Codigos Qr,” Escola Universitària Politècnica de Mataró, 2011.
[14] J. C. A. García and S. Okazaki, “El uso de los códigos QR en España,” Distrib. y Consum., vol. 22, no. 123, pp. 46–62, 2012.
[15] B. Tepekule, U. Yavuz, and A. E. Pusane, “On the use of modern coding techniques in QR applications,” in 2013 21st Signal Processing and Communications Applications Conference (SIU), 2013, pp. 1–4. doi: 10.1109/SIU.2013.6531318.
[16] D. Renza, D. M. Ballesteros L., and R. Rincón, “Método de ocultamiento de píxeles para esteganografía de imágenes en escala de gris sobre imágenes a color,” Ing. y Cienc., vol. 12, no. 23, pp. 145–162, Sep. 2016.
[17] K. Krombholz, P. Frühwirt, T. Rieder, I. Kapsalis, J. Ullrich, and E. Weippl, “QR Code Security -- How Secure and Usable Apps Can Protect Users Against Malicious QR Codes,” in 2015 10th International Conference on Availability, Reliability and Security, 2015, pp. 230–237. doi: 10.1109/ARES.2015.84.
[18] Y. Wang, C. Sun, P. Kuan, C. Lu, and H. Wang, “Secured graphic QR code with infrared watermark,” in 2018 IEEE International Conference on Applied System Invention (ICASI), 2018, pp. 690–693. doi: 10.1109/ICASI.2018.8394351.
[19] A. P. Godínez, R. P. Meléndez, and C. G. Treviño-Palacios, “Códigos QR cifrados como Marcas de Agua en Patrones de Difracción,” in Somi XXXII, Congreso De Instrumentacion, 2017.
[20] S. R. Toh, W. Goh, and C. K. Yeo, “Data exchange via multiplexed color QR codes on mobile devices,” in 2016 Wireless Telecommunications Symposium (WTS), 2016, pp. 1–6. doi: 10.1109/WTS.2016.7482035.
[21] P.-C. Huang, C.-C. Chang, and Y.-H. Li, “Sudoku-based secret sharing approach with cheater prevention using QR code,” Multimed. Tools Appl., vol. 77, no. 19, pp. 25275–25294, 2018, doi:10.1007/s11042-018-5784-0.
[22] N. Goel, A. Sharma, and S. Goswami, “A way to secure a QR code: SQR,” in 2017 International Conference on Computing, Communication and Automation (ICCCA), 2017, pp. 494–497. doi: 10.1109/CCAA.2017.822985.
[23] P. Gupta, S. Saini, and K. Lata, “Securing qr codes by rsa on fpga,” in 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2017, pp. 2289–2295. doi: 10.1109/ICACCI.2017.8126188.
[24] A. Gómez Vieites, Enciclopedia de la seguridad informática, 2a ed. Ra-Ma, 2011.
[25] V. Hajduk, M. Broda, O. Kováč, and D. Levický, “Image steganography with using QR code and cryptography,” in 2016 26th International Conference Radioelektronika (RADIOELEKTRONIKA), 2016, pp. 350–353. doi:
10.1109/RADIOELEK.2016.7477370.
[26] M. M. Shanthi Rani and K. R. Euphrasia, “Data Security Through Qr Code Encryption And Steganography,” Adv. Comput. An Int. J., vol. 7, no. 1/2, 2016, doi:10.5121/acij.2016.7201.
[27] A. M. Al-Ghaili, H. Kasim, F. A. Rahim, Z.-A. Ibrahim, M. Othman, and Z. Hassan, Smart Verification Algorithm for IoT Applications using QR Tag BT - Computational Science and Technology. Singapore: Springer Singapore, 2018.
[28] J. Baek, J. Newmarch, R. Safavi-naini, and W. Susilo, “A Survey of Identity-Based Cryptography,” in Proc. Of Australian Unix Users Group Annual Conference, 2004, pp. 95–102. doi: 10.1.1.128.6502.
[29] A. S. Narayanan, “QR Codes and Security Solutions,” Int. J. Comput. Sci. Telecommun. IJCST., vol. 3, no. 7, pp. 69–72, 2012.
[30] R. M. Bani-Hani, Y. A. Wahsheh, and M. B. Al-Sarhan, “Secure QR code system,” in 2014 10th International Conference on Innovations in Information Technology (IIT), 2014, pp. 1–6. doi: 10.1109/INNOVATIONS.2014.6985772.
[31] T. Marktscheffel et al., “QR code based mutual authentication protocol for Internet of Things,” in 2016 IEEE 17th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2016, pp. 1–6. doi:
10.1109/WoWMoM.2016.7523562.
[32] V. González Ruiz, “Compresion Lossy de Imagenes en el Dominio Wavelet,” w3, 2015. . [En línea]. Disponible: https://w3.ual.es/~vruiz/Docencia/Apuntes/Coding/Image/Image-Compression-Lab/index.html. [Accedido: 12-feb-2019]
[33] J. Argon, “What is LSB (Least Significant Bit)?,” Computer Hope, 2017. . [En línea]. Disponible: https://www.computerhope.com/jargon/l/leastsb.htm. [Accedido: 10-ene-2019]
[34] S. Kumar, “Classifying image data,” debugmode, 2001. . [En línea]. Disponible: http://www.debugmode.com/imagecmp/classify.htm. [Accedido: 17-mar-2019]
[35] P. Mittra and N. Rakesh, “A desktop application of QR code for data security and authentication,” in 2016 International Conference on Inventive Computation Technologies (ICICT), 2016, vol. 2, pp. 1–5. doi: 10.1109/INVENTIVE.2016.7824809.
[36] M. Moreno, “Introducción a la esteganografía (I),” Security Art Work, 2010. . [En línea]. Disponible: https://www.securityartwork.es/2010/04/15/introduccion-a-la-esteganografia-i/.[Accedido: 12-feb-2019]
[2] S. Singh, “QR Code Analysis,” Int. J. Adv. Res. Comput. Sci. Softw. Eng., vol. 6, no. 5, 2016.
[3] Z. Liao, T. Huang, R. Wang and X. Zhou, “A method of image analysis for QR code recognition,” 2010 International Conference on Intelligent Computing and Integrated Systems, Guilin, 2010, pp. 250-253, doi: 10.1109/ICISS.2010.5657187
[4] DENSO, “QR Code ® Essentials,” 2011.. [En línea]. Disponible en: http://www.nacs.org/LinkClick.aspx%3Ffileticket%3DD1FpVAvvJuo%253D%26tabid%3D1426%26mid%3D4802. [Accedido: 01-nov-2018]
[5] J. Cabero Almenara et al., La realidad aumentada como herramienta educativa : aplicación a la Educación Infantil, Primaria, Secundaria y Bachillerato. Ediciones Paraninfo, 2018.
[6] J. Valdeni de Lima, D. Menegais, A. B. do C. Filho, T. J. Müller, and F. P. da Silva, Objetos de aprendizaje multimodales: diseños y aplicaciones. Editorial UOC, 2014.
[7] L. Linjie and R. Haijun, “The applied research on power telecommunication identifier management system based on QR code,” in 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS), 2017, pp. 270–274.
[8] L. Hernández Encinas and A. Peinado Domínguez, “Una propuesta para el uso de códigos QR en la autenticación de usuarios,” in XII Reunión Española De Criptografía Y Seguridad De La Información, 2012.
[9] H. Jara and F. G. Pacheco, Ethical hacking 2.0: Manual Users, Spanish. Creative Andina Corp., 2012.
[10] M. I. Romero Castro et al., Introducción a la seguridad informática y el análisis de vulnerabilidades. Editorial Científica 3Ciencias, 2018. doi: 10.17993/IngyTec.2018.46.
[11] O. Villarrea and R. Villamizar, “Incrustación de imágenes en códigos de barras bidimensionales de rápida respuesta qr-codes,” Rev. vínculos, vol. 10, no. 2, pp. 277–288, Dec. 2013, doi:10.14483/2322939X.6515.
[12] G. Barland, “Error Correction And Qr Codes,” Saint Paul, 2017.
[13] D. Gutierrez Garcia, “Estudio De Los Codigos Qr,” Escola Universitària Politècnica de Mataró, 2011.
[14] J. C. A. García and S. Okazaki, “El uso de los códigos QR en España,” Distrib. y Consum., vol. 22, no. 123, pp. 46–62, 2012.
[15] B. Tepekule, U. Yavuz, and A. E. Pusane, “On the use of modern coding techniques in QR applications,” in 2013 21st Signal Processing and Communications Applications Conference (SIU), 2013, pp. 1–4. doi: 10.1109/SIU.2013.6531318.
[16] D. Renza, D. M. Ballesteros L., and R. Rincón, “Método de ocultamiento de píxeles para esteganografía de imágenes en escala de gris sobre imágenes a color,” Ing. y Cienc., vol. 12, no. 23, pp. 145–162, Sep. 2016.
[17] K. Krombholz, P. Frühwirt, T. Rieder, I. Kapsalis, J. Ullrich, and E. Weippl, “QR Code Security -- How Secure and Usable Apps Can Protect Users Against Malicious QR Codes,” in 2015 10th International Conference on Availability, Reliability and Security, 2015, pp. 230–237. doi: 10.1109/ARES.2015.84.
[18] Y. Wang, C. Sun, P. Kuan, C. Lu, and H. Wang, “Secured graphic QR code with infrared watermark,” in 2018 IEEE International Conference on Applied System Invention (ICASI), 2018, pp. 690–693. doi: 10.1109/ICASI.2018.8394351.
[19] A. P. Godínez, R. P. Meléndez, and C. G. Treviño-Palacios, “Códigos QR cifrados como Marcas de Agua en Patrones de Difracción,” in Somi XXXII, Congreso De Instrumentacion, 2017.
[20] S. R. Toh, W. Goh, and C. K. Yeo, “Data exchange via multiplexed color QR codes on mobile devices,” in 2016 Wireless Telecommunications Symposium (WTS), 2016, pp. 1–6. doi: 10.1109/WTS.2016.7482035.
[21] P.-C. Huang, C.-C. Chang, and Y.-H. Li, “Sudoku-based secret sharing approach with cheater prevention using QR code,” Multimed. Tools Appl., vol. 77, no. 19, pp. 25275–25294, 2018, doi:10.1007/s11042-018-5784-0.
[22] N. Goel, A. Sharma, and S. Goswami, “A way to secure a QR code: SQR,” in 2017 International Conference on Computing, Communication and Automation (ICCCA), 2017, pp. 494–497. doi: 10.1109/CCAA.2017.822985.
[23] P. Gupta, S. Saini, and K. Lata, “Securing qr codes by rsa on fpga,” in 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2017, pp. 2289–2295. doi: 10.1109/ICACCI.2017.8126188.
[24] A. Gómez Vieites, Enciclopedia de la seguridad informática, 2a ed. Ra-Ma, 2011.
[25] V. Hajduk, M. Broda, O. Kováč, and D. Levický, “Image steganography with using QR code and cryptography,” in 2016 26th International Conference Radioelektronika (RADIOELEKTRONIKA), 2016, pp. 350–353. doi:
10.1109/RADIOELEK.2016.7477370.
[26] M. M. Shanthi Rani and K. R. Euphrasia, “Data Security Through Qr Code Encryption And Steganography,” Adv. Comput. An Int. J., vol. 7, no. 1/2, 2016, doi:10.5121/acij.2016.7201.
[27] A. M. Al-Ghaili, H. Kasim, F. A. Rahim, Z.-A. Ibrahim, M. Othman, and Z. Hassan, Smart Verification Algorithm for IoT Applications using QR Tag BT - Computational Science and Technology. Singapore: Springer Singapore, 2018.
[28] J. Baek, J. Newmarch, R. Safavi-naini, and W. Susilo, “A Survey of Identity-Based Cryptography,” in Proc. Of Australian Unix Users Group Annual Conference, 2004, pp. 95–102. doi: 10.1.1.128.6502.
[29] A. S. Narayanan, “QR Codes and Security Solutions,” Int. J. Comput. Sci. Telecommun. IJCST., vol. 3, no. 7, pp. 69–72, 2012.
[30] R. M. Bani-Hani, Y. A. Wahsheh, and M. B. Al-Sarhan, “Secure QR code system,” in 2014 10th International Conference on Innovations in Information Technology (IIT), 2014, pp. 1–6. doi: 10.1109/INNOVATIONS.2014.6985772.
[31] T. Marktscheffel et al., “QR code based mutual authentication protocol for Internet of Things,” in 2016 IEEE 17th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2016, pp. 1–6. doi:
10.1109/WoWMoM.2016.7523562.
[32] V. González Ruiz, “Compresion Lossy de Imagenes en el Dominio Wavelet,” w3, 2015. . [En línea]. Disponible: https://w3.ual.es/~vruiz/Docencia/Apuntes/Coding/Image/Image-Compression-Lab/index.html. [Accedido: 12-feb-2019]
[33] J. Argon, “What is LSB (Least Significant Bit)?,” Computer Hope, 2017. . [En línea]. Disponible: https://www.computerhope.com/jargon/l/leastsb.htm. [Accedido: 10-ene-2019]
[34] S. Kumar, “Classifying image data,” debugmode, 2001. . [En línea]. Disponible: http://www.debugmode.com/imagecmp/classify.htm. [Accedido: 17-mar-2019]
[35] P. Mittra and N. Rakesh, “A desktop application of QR code for data security and authentication,” in 2016 International Conference on Inventive Computation Technologies (ICICT), 2016, vol. 2, pp. 1–5. doi: 10.1109/INVENTIVE.2016.7824809.
[36] M. Moreno, “Introducción a la esteganografía (I),” Security Art Work, 2010. . [En línea]. Disponible: https://www.securityartwork.es/2010/04/15/introduccion-a-la-esteganografia-i/.[Accedido: 12-feb-2019]