QR CODE-BASED IDENTIFICATION WITH MOBILE DEVICES

Giovanni Schmid, Francesco Rossi

Abstract

Mobile devices are becoming ubiquitous, getting rise to a pervasive network through which people can share information and get also very complex services. A key factor for the security of both consumers and providers in this emerging business scenario is the ability for a user or a service to reliably and efficiently authenticate itself. In this paper, we consider a unidirectional visual channel of interaction between the user and the service. Identification indeed takes place by using a QR Code symbol which is displayed or scanned by the mobile device of the user in the proximity of an access point for the service. We consider protocols for strong authentication which, if correctly implemented, does not reveal any useful information both to the verifier and to any unauthorized observer (zero-knowledge protocols). Our experimental results show the feasibility of our approach for a wide range of mass-market devices and applications, including physical access to restricted or pay-per-use areas (military or parking zones, etc.), logical access to resources or services (e.g., ATMs, computer systems and Internet services), and privacy-aware voting and testing centers.

References

  1. Balfanz, D., Smetters, D., Stewart, P., and Wong, H. C. (2002). Talking to strangers: authentication in adhoc wireless networks. In Symposium on Network and Distributed Systems Security (NDSS). Internet Consortium.
  2. Bialoglowy, M. (2010a). Bluetooth security review, part 1. http://www.symantec.com/connect/articles/bluetoothsecurity-review-part-1.
  3. Bialoglowy, M. (2010b). Bluetooth security review, part 2. http://www.symantec.com/connect/articles/bluetoothsecurity-review-part-2.
  4. Bouncy-Castle (2011). Crypto apis version 1.46. http://www.bouncycastle.org/.
  5. Feige, U., Fiat, A., and Shamir, A. (1988). Zero-knowledge proofs of identity. Journal of Cryptology, 1.
  6. Fiat, A. and Shamir, A. (1987). How to prove yourself: practical solutions of identification and signature problems. In Advances in Cryptology - CRYPTO 86, A.M Odlyzko (Ed.), LNCS 263. Springer.
  7. FIPS (2001). Federal Information Processing Standards Publication 197 - AES.
  8. Goldwasser, S., Micali, S., and Rackoff, C. (1987). The knowledge complexity of interactive proof systems. In Advances in Cryptology - CRYPTO.. Springer.
  9. Goldwasser, S., Micali, S., and Rackoff, C. (1989). The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 18(1).
  10. Hankerson, D., Menezes, A., and Vanstone, S. (2004). Guide to Elliptic Curve Cryptography. Springer.
  11. ISO/IEC (2006a). Information technology - Automatic identification and data capture techniques - Data Matrix bar code symbology specification.
  12. ISO/IEC (2006b). Information technology - Automatic identification and data capture techniques - QR Code 2005 bar code symbology specification.
  13. ISO/IEC (2008). Information technology - Automatic identification and data capture techniques - Aztec Code bar code symbology specification.
  14. Jakobsson, M., Sako, K., and Impagliazzo, R. (1996). Designated verifier proofs and their applications. In EUROCRYPT 96, U. Maurer (Ed.), LNCS 1070. Springer.
  15. Java-Community (2011). Java community process: Contactless communication api. http://www.jcp.org/en/jsr/detail?id=257.
  16. Kieseberg, P., Leithner, M., Mulazzani, M., Munroe, L., Schrittwieser, S., Sinha, M., and Weippl, E. R. (2010). Qr code security. In Fourth International Workshop on Trustworthy Ubiquitous Computing (TwUC 2010). ACM.
  17. Laur, S. and Nyberg, K. (2006). Efficient mutual data authentication using mutually authenticated strings. In Cryptology and Network Security (CANS), LNCS 4301. Springer.
  18. McCune, J., Perrig, A., and Reiter, M. K. (2009). Seeing-isbelieving: using camera phones for human-verifiable authentication. Int. J. Security and Networks, 4(1-2).
  19. Menezes, A., van Oorschot, P., and Vanstone, S. (1997). Handbook of Applied Cryptography. CRC Press.
  20. Schnorr, C. P. (1990). Efficient identification and signatures for smart cards. In Advances in Cryptology - CRYPTO 89, G. Brassard (Ed.), LNCS 435. Springer.
  21. Schnorr, C. P. (1991). Efficient signature generation by smart cards. Journal of Cryptology, 4.
  22. Sun-Oracle (2010). Java platform standard edition 6 release. http://www.oracle.com/technetwork/java/javase/over view/index-jsp-136246.html.
  23. Tyley, R. (2011). Spongycastle crypto apis. https://github.com/rtyley/spongycastle/.
  24. ZXing-Community (2011). Zxing - open-source, multiformat 1d/2d barcode image processing library. http://code.google.com/p/zxing/.
Download


Paper Citation


in Harvard Style

Schmid G. and Rossi F. (2012). QR CODE-BASED IDENTIFICATION WITH MOBILE DEVICES . In Proceedings of the 2nd International Conference on Pervasive Embedded Computing and Communication Systems - Volume 1: PECCS, ISBN 978-989-8565-00-6, pages 79-86. DOI: 10.5220/0003807200790086


in Bibtex Style

@conference{peccs12,
author={Giovanni Schmid and Francesco Rossi},
title={QR CODE-BASED IDENTIFICATION WITH MOBILE DEVICES},
booktitle={Proceedings of the 2nd International Conference on Pervasive Embedded Computing and Communication Systems - Volume 1: PECCS,},
year={2012},
pages={79-86},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003807200790086},
isbn={978-989-8565-00-6},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Pervasive Embedded Computing and Communication Systems - Volume 1: PECCS,
TI - QR CODE-BASED IDENTIFICATION WITH MOBILE DEVICES
SN - 978-989-8565-00-6
AU - Schmid G.
AU - Rossi F.
PY - 2012
SP - 79
EP - 86
DO - 10.5220/0003807200790086