Multidisciplinary Studies
Full Paper Proceeding MI-BES T-2015, Vol. 1, 53-62
IS BN: 978-969-9948-10-7
*All correspondence related to this article should be directed to Abhijit sen, Kwantlen Polytechnic University, Canada. MI-BEST 2015
Secure Data Transmission Technique for iPhone using Quick Response (QR)
Code
Abhijit Sen1* & Yourdon Jou2 1,2Kwantlen Polytechnic University, canada
Abstract
The increasing use of smartphones and tablet computers as personal and busines s tools poses new levels of comple xity to IT management and security.With continued growth of smartphones, and associated increase of mobile security concerns, users of mobile devices must be assured that the services they receive must be secured and trustworthy. A QR code (quick response code) is a type of 2D bar code that is used widely to provide easy access to information through a smartphone. It is envisioned that the technology of QR code could be applied for secured communicat ions using smart phones.
This paper provides a design fra mewo rk for sending encrypted message using QR code, and decrypting the received QR code. An applicat ion is developed using Apple's iPhone to demonstrate how mobile devices such as smart phones can communicate securely with another device using QR code. The sending smartphone can encode encrypted data in a QR code, and receiving smart phone can then decrypt the data encoded in QR code and retrieve the information. User can choose different encryption/decryption algorithm su ch as AES for secured transmission of data.
The iOS SDK together with Xcode IDE is used for the design and development of the iPhone application. The design architecture is developed using Apple's iOS mob ile operating system, PHP server and MySQL databas e. The paper successfully de monstrates the feasibility of using QR code to securely transmit message between mobile users. The system works as expected, however rigorous analysis to assess the performance is deferred for future study.
© 2015 The Authors. Published by Global Illuminators. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Peer-review under responsibility of the Scientific & Review committee of MI-BEST -2015.
Keywords: AES, iOS,SMS,QR Code
Introduction
With the widespread use of smartphones, digital tablets, and other mobile devices, the deployment of QR codes for encoding information has dramatica lly increased. QR codes have many advantages over traditional barcodes because of their small size, superior security mechanisms, quantity of information that can be embedded, and low cost of implementation [1]. More and more smartphone applications are developed to meet different user needs, and to make the device more convenient to use. One example is the text messaging service. Other
than the traditional SMS provided by the mobile phone company, many messengers such as “WeChat” [2], “LINE” [3],are using internet to send messages. Number of researchers have demonstrated using QR code for authentication purposes. For example, a secure authentication system for on- line banking that uses a two factor authentication by combining a password and a camera equipped mobile phone, where mobile phone is acting as an authentication token is detailed by Sonawane et.al [4].However, these messaging applications do not include the functions to send encrypted messages, and users’ conversation online will always have potential threat to be revealed.This paper presents the design and implementation of application named QR Send, a proof-of-concept secure message transmission system for mobile devicesthat uses well known RC4/AES encryption algorithms to transmit encrypted data which will be received and decrypted by the receiving device.
This paper is organized as follows: First a brief introductionand objective of the study is provided in section 1, which is followed by literature survey in section 2 detailing some related worksin this area of interest. Section 3 provides the overview of the proposed design. Section 4 describes in detail how the prototype system works. The Section 5 discusses the results and highlights the overall performance and advantages of application des igned.Section 6 discusses the limitations of the study and provides suggestion in detail for future research in this area of research.
Objective of the Study
The objective of the study is to design, develop and implement an application that will demonstrate how mobile devices such as smart phones can communicate in a secured fashion with another device using QR code. The sending smartphone can encrypt data using appropriate cryptographicalgorithms and encode the data in a QR code.The receiving smart phone can then decrypt the data encoded in QR code and retrieve the information. This software project aims to: 1. Implement a security scheme for information exchange between two parties using QR codes as the exchange medium.
Literature Review
QR code has been widely used in many applications [1,5, 6] such as storing URLs, contact addresses and various forms of data on posters, signsand business cards. The security issues related to the use of QR code as attack vectors are discussed in [7] .The paper [7]explains how QR Codes can be used to attack both human interaction and automated systemsby utilizing manipulated QR Codes.Various secure authentication system such as single factor and two factor authentication based on QR codeare detailed in [4, 8]. Liao et.al [9] proposes aQR-code based one-time password authentication protocolwhich eliminates
The authors found that there exists a large gap between proposed theory in the literature and practical implementations of these theoretical concepts for secure transmission and delivery of data using QR code. Not many useful applications are developed for mobiledevices for secure communication using QR code.Many messaging applications do not include the functions to send encrypted messages, and users’ conversation online will always have potential threat to be revealed.There are dearth of applications which use QR code to transport message in a secured manner. This paper attempts to develop a smart phone application that will use QR code as a medium to transport encrypted message using well known RC4/AES algorithm.
Overview Of Design
The following procedures are followed in the design and implementation of the application
Identification of the Development environment
Design of User interface and layout
Application design
Run and debug mobile applications
The design is based on three-tier architecture and consists of the following components:
iOSclient : Any sending or receiving mobile device such as iPhone
php server:The server authenticates login user credentials and implements services to store and gather encrypted data from My SQL database.
MySQL database: Data base server stores user’s login credentials and QR encoded encrypted message.
The figure 1 shows schematically the architecture used for this application. The figure 2 shows a typical query of QR coded embedded message stored in the database. As seen each sender receiver session is given a unique id which is used as a filename to store the coded message. For example a specific message sent by user andy to yourdon with unique id d60d8d0b267a1ce is encrypted and encoded as QRcode and stored in the file named d60d8d0b267a1ce.jpg.
Prototype Implementations
The prototype application named QR Send enables user to send and receive RC4 or AES encrypted message using QR code as a transport medium. The receiver on receiving QR encoded RC4 or AES encrypted message can decrypt the message. The application consists of three main functionalities:
Login as different users
Generation of Encrypted QR Code and Sending the Encrypted QR Code to intended receiver
Receiving the Encrypted QR Code and Decrypting Login Process
Users will login before they start the application named QR Send. This allows them to use “QR Send” to send encrypted QR message to other QR Send users.
Generation and Sending of Secure QR code
A QR Code will be generated with message text, and encryption key given by users. RC4 or AES encryption methods are allowed. After that, users can select “Send” to send an encrypted message to another user. If the sending is completed, a succe ss message will displayed as shown in Figure 4.
Receiving the Encrypted QR Code and Decrypting
On the receiving side, the users will be asked about the key and the encryption type, and press “Decrypt” button to decrypt the QR code with given key (or no key if unspecified). A message box will appear when a code is decrypted. If the key is wrong, the users will not able to receive the correct message as shown in Figure 5.
Discussion
We are able to design and implement system that will enable iPhone users to transmit data in a secured manner using QR code. We have successfully implemented RC4 and AES encryption/decryption algorithms and iPhone users are able to code and decode data using any of the two chosen encryption/decryption algorithms. We are able to transmit small and fairly large messages using QR code. The advantage of using QR codes are many [6]:
Storage capacity of QR code is high and can stores data which is stored in onedimensional bar code in one-tenth the space
QR codes are not readable by person
It can handle many types of data such as numeric, alphabetic.
It is readable if they are partially damage.
It is easy to scan with camera
As a consequences of these advantages one can envision using QR code to transmit message in a secure manner. The present paper successfully demonstrates that using appropriate encryption algorithms, smart phone users can transmit and receive messages using QR code.
We have demonstrated one application which is the stated objective of the paper. Some sample examples of usefulmobile applicationsamong many that can be developedutilizing the concepts outlined in this paper are listed below:
Password transmission using QR code
Session Key distribution using QR code
File and document transfer using QR code
Delivery of Academic transcript using QR code
However we have not conducted any performance analysis using different message sizes. This is left for future analysis.
Conclusion
In this paper we have discussed the design and implementation of QR-based secured message transfer application using smartphone. We have proposed design and
This paper only demonstrates the design and implementation of QR-based secured message transmission between mobile devices. No attempt is made to integrate authentication schemes between sender and receiver in the current implementation. The paper does not address the issue of key distribution between the sender and the receiver. Performance issue related to transmission of large amount of data securely using QR code is also not addressed, neither any attempt is made to study the vulnerability of the proposed system to various types of attacks. Future research in the areas of key distribution, authentication, performance analysis and vulnerabilityanalysis will be carried out in future.
Acknowledgment
The work is sponsored and funded by Kwantlen Polytechnic University’s Minor Research Grant Program. The supports from Mr. Wayne Tebb, Dean School of Business, of Kwantlen Polytechnic University is appreciated.
References
[1] Huang, Y.P., Chang, Y.T., Sandnes,F. E. (2010) Ubiquitous information transfer across different platforms by qr codes. Journal of Mobile Multimedia,6(1), pp.3-14. [2]Group Chat QR Code, Retrieved
from:http://www.wechat.com/en/features.html#group_chat_qrcode
[3]LINE, Retrieved from:http://line.me/en/
[4]Sonawane, S., Khandave, M., Nemade, N. (2014)Secure Authentication for Online Banking Using QR Code, International Journal of Emerging Technology and
Advanced Engineering, Volume ( 4), Issue (30), pp.778-781.
[5] Narayanan, A. S. (2012)QR Codes and Security Solutions. International Journal of
Computer Science and Telecommunications, Volume (3), Issue (7), pp.69-71.
[6] Lee, Jaesik; Cho, Chang-Hyun; Jun, Moon-Seog. (2011) Secure quick response-payment (QRPay) system using mobile device. Advanced Communication Technology
(ICACT), 13th International Conference, Feb. 2011.
[7] Kieseberg, P., Leithner M., Mulazzani, M., Munroe, L., Schrittwieser S., Sinha, M., Weippl,E. (2010)QR Code Security.MoMM '10 Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia, pp.430-435.
[8]Pintor, D. M(2012)QRP: An improved secure authentication method using QR
codes,Master ThesisUniversitat Oberta de Catalunya, Bercelona, Spain. Retrieved
from: https://www.grc.com/sqrl/files/QRP-secure-authentication.pdf
[9]Liao, K., Lee, W. (2010)A Novel User Authentication Scheme Based on QR-Code, Journal of NetworksVolume (5): No (8), pp. 937-941, 2010.
[10]Chuang,J., Hu,Y.,Ko,H. (2010) A NovelSecret Sharing Technique Using QR Code,
International Journal of Image Processing (IJIP), Volume (4): Issue (5), pp.468-475,
2010.
[11] Huang,H., Chang,F., Fang, W. (2011). Reversible data hiding with histogram-based difference expansion for QR code applications, Consumer Electronics, IEEE
![以中文十億詞語料庫為基礎之兩岸詞彙對比研究 (Cross-Strait Lexical Differences: A Comparative Study based on Chinese Gigaword Corpus) [In Chinese]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==)