A Puzzle-Based Data Sharing Approach with Cheating Prevention Using QR Code
Abstract and Figures
The information technique has developed rapidly. The technique of QR codes is widely applied in our daily life, and the mechanism is suitable to share data. A QR code uses symmetric encryption to store and retrieve data efficiently. However, the security issues of QR codes are seldom discussed by the wider community. Moreover, if the sender wishes only the authorized participant to attain the private data which are shared, the data must be encrypted. Furthermore, we do not know who should be censured when problems arise. In view of this, to maintain the integrity and the confidentiality of information security, this paper proposed a new puzzle-based data sharing scheme to share the private information safely. Firstly, we generated the digital signature of the information, then applied the random grids algorithm to obtain the shares. Then, we disarrayed the shares which contain the information and the digital signature with a puzzle-based encoding method. Afterwards, we concealed them into the cover QR codes. With the QR code mechanism of error correction, the marked QR code remain meaningful. Finally, we could send marked QR codes via transmission. The receiver could use XOR operation to obtain the private information after solving the puzzles and verify whether it was tampered with by the digital signature. The proposed system can recover the lossless data and protect them from being divulged. To deal with the potential hazard of transmission in a public environment, there are more and more studies on data hiding and image authentication.
Figures - available via license: Creative Commons Attribution 4.0 International
Content may be subject to copyright.
... VSS schemes reconstruct the secret image simply stacking the secret shares. These schemes based on the logical XOR operations are characterized by lossy recovery and low visual quality of reconstructed secret images [17]. In the earliest (k,n) PSS scheme proposed by Naor and Shamir [18], the secret image is divided into n shares, where at least k out of n shares are required for secret image reconstruction. ...
... The comparisons presented in Tables 3 and 4 are meant to provide a summary of the performance metrics only, as the proposed scheme is completely distinct from others. The methods proposed in [17,18,20,21] were based on evaluation of polynomials during secret-share construction and solving linear equations to reconstruct each pixel. The proposed scheme involves factorization for secret sharing, and reconstruction of secret is based on multiplications of shares and convolution in the SRCNN. ...
... The proposed scheme involves factorization for secret sharing, and reconstruction of secret is based on multiplications of shares and convolution in the SRCNN. Hence, the proposed method exhibits lower computational times with respect to [17,18,20,21] for both secretshare creation and secret reconstruction. ...
Advances in information technology have harnessed the application of Quick Response (QR) codes in day-to-day activities, simplifying information exchange. QR codes are witnessed almost everywhere, on consumables, newspapers, information bulletins, etc. The simplicity of QR code creation and ease of scanning with free software have tremendously influenced their wide usage, and since QR codes place information on an object they are a tool for the IoT. Many healthcare IoT applications are deployed with QR codes for data-labeling and quick transfer of clinical data for rapid diagnosis. However, these codes can be duplicated and tampered with easily, attributed to open- source QR code generators and scanners. This paper presents a novel (n,n) secret-sharing scheme based on Nonnegative Matrix Factorization (NMF) for secured transfer of QR codes as multiple shares and their reconstruction with a regularized Super Resolution Convolutional Neural Network (SRCNN). This scheme is an alternative to the existing polynomial and visual cryptography-based schemes, exploiting NMF in part-based data representation and structural regularized SRCNN to capture the structural elements of the QR code in the super-resolved image. The experimental results and theoretical analyses show that the proposed method is a potential solution for secured exchange of QR codes with different error correction levels. The security of the proposed approach is evaluated with the difficulty in launching security attacks to recover and decode the secret QR code. The experimental results show that an adversary must try 258 additional combinations of shares and perform 3 × 288 additional computations, compared to a representative approach, to compromise the proposed system.
... Hence, automatic detection of stolen products is impossible with this system. [3][4][5] proposed an anti-theft detection system using quick response (QR) code scanners. Unlike barcode scanning which requires LED or laser lights for operation, QR code scanners are dependent on camera-based scanning technology. ...
Supermarket shopping is an essential part of the livelihood of most people around the world. Consumers can acquire items essential for their daily activities. However, in an ever-evolving world with an increasing population and increasing crime rates, supermarket theft is becoming a prevalent problem with supermarket owners spending large sums of money on hiring security often with little effect. Organized Retail Crime (ORC) costs the retail industry approximately $30 billion each year, with 71.3% of retailers reporting an increase in ORC year-over-year. With the current global economic conditions, high labor costs are longer feasible. Consumers also face the issue of paying for items they did not select. Advanced camera systems, for some, may be an escape however, this approach is not feasible for all aspects of shopping and in underdeveloped countries that have technical constraints. The advent of digitization has helped improve the livelihood of consumers in Ghana. Currently, many large-scale retailers are oblivious to some of these advancements. The oblivion of the management of such retail services results in the loss of products, customer dissatisfaction and the mismanagement of untracked products by employees. To reduce theft and the mismanagement of products by employees, a smart antitheft system should be deployed in supermarkets; at the till and before the exit of supermarkets to ensure all products leaving the store are paid for and accounted for. The system consists of a deactivation and theft detection system. The product is deactivated by the store attendant at the till when the customer pays for the product. However, if a customer crosses the initial warning zone without paying, a warning sound is triggered and after the customer crosses the final warning zone, the alarm is triggered indicating an attempted theft by the customer. A log of products is also kept ensuring employees are not stealing products. This paper presents a smart way of detecting theft during supermarket shopping using Radio Frequency Identification (RFID) readers and tags, microcontroller-based control system, a database server and an Integromat
... Hence, automatic detection of stolen products is impossible with this system. [3][4][5] proposed an anti-theft detection system using quick response (QR) code scanners. Unlike barcode scanning which requires LED or laser lights for operation, QR code scanners are dependent on camera-based scanning technology. ...
Supermarket shopping is an essential part of the livelihood of most people around the world. Consumers can acquire items essential for their daily activities. However, in an ever-evolving world with an increasing population and increasing crime rates, supermarket theft is becoming a prevalent problem with supermarket owners spending large sums of money on hiring security often with little effect. Organized Retail Crime (ORC) costs the retail industry approximately $30 billion each year, with 71.3% of retailers reporting an increase in ORC year-over-year. With the current global economic conditions, high labor costs are longer feasible. Consumers also face the issue of paying for items they did not select. Advanced camera systems, for some, may be an escape however, this approach is not feasible for all aspects of shopping and in underdeveloped countries that have technical constraints. The advent of digitization has helped improve the livelihood of consumers in Ghana. Currently, many large-scale retailers are oblivious to some of these advancements. The oblivion of the management of such retail services results in the loss of products, customer dissatisfaction and the mismanagement of untracked products by employees. To reduce theft and the mismanagement of products by employees, a smart antitheft system should be deployed in supermarkets; at the till and before the exit of supermarkets to ensure all products leaving the store are paid for and accounted for. The system consists of a deactivation and theft detection system. The product is deactivated by the store attendant at the till when the customer pays for the product. However, if a customer crosses the initial warning zone without paying, a warning sound is triggered and after the customer crosses the final warning zone, the alarm is triggered indicating an attempted theft by the customer. A log of products is also kept ensuring employees are not stealing products. This paper presents a smart way of detecting theft during supermarket shopping using Radio Frequency Identification (RFID) readers and tags, microcontroller-based control system, a database server and an Integromat.
A sort of software service delivery paradigm known as "software as a service" (SaaS) includes a wide variety of commercial possibilities and problems. Despite being drawn to SaaS by its advantages, users and service providers are reluctant to incorporate their businesses into it because of security concerns. This article emphasizes the usefulness and adaptability of SaaS in a variety of situations, such as software defined networking, cloud computing, mobile cloud computing, and the Internet of Things. The examination of SaaS security issues, including data security, application security, and SaaS deployment security, is then started. Potential solutions or strategies that may be used in conjunction with one another are then offered for a secure SaaS platform. The SQL injection attack is the SaaS application's most dangerous vulnerability. This might result in sensitive and important data loss. (e.g., financial, personal). Through these kinds of assaults, attackers might steal sensitive information that is crucial to a business or organization, which has a detrimental effect on both physical (like data) and intangible (like reputation) assets. This research aims to investigate the viability of using machine learning techniques for application-level SQL injection detection. Various dangerous and benign payloads were utilized to train the classifiers employed in the testing methodologies. They detect if a payload includes malicious code when given one. This study aims to identify harmful activities in a Software as a Service (SaaS) environment based on the cloud. The anti-phishing advice for this technique, which is known as a secure QR code, includes a thorough analysis of the most current research on the usability and security of QR codes. The most important use cases and accompanying attack paths were identified. To do this, we conducted a comprehensive literature study. Social engineering, or phishing, is the fraud that exploits QR codes as an attack vector most often covered in the media. The usage of QR codes on smartphones has spread from auto production plants.
QR code payment plays an indispensable role in the mobile payment market, and the security of scanning codes has always been a problem in the field of information security. Static QR codes are easily copied and replaced, and there are huge security loopholes. The QR code payment in a closed system still faces security challenges. In order to solve the security problem of QR code payment, we have studied dynamic QR code payment system that supports SM2, SM3, and SM4 cryptographic algorithms, which can realize QR code scanning and scanned transactions, UnionPay cloud QuickPass transactions, etc., and generate dynamic QR code information in real time during the transaction process, one order and one code. Through dynamic algorithm distribution, the randomness and uniqueness of QR code generation are guaranteed, and it is suitable for multi-scene application transactions. The algorithm correctness test result shows that the system has achieved the expected effect. The performance test results show that the hardware of the security module implements the algorithm flow and improves the payment performance. Compared with some other algorithms, the processing time is shorter, the running speed is faster, and the system is more secure.
The complexity of a supply chain makes product safety or quality issues extremely difficult to track, especially for the basic agricultural food supply chains of people’s daily diets. The existing agricultural food supply chains present several major problems, such as numerous participants, inconvenient communication caused by long supply chain cycles, data distrust between participants and the centralized system. The emergence of blockchain technology effectively solves the pain-point problem existing in the traceability system of agricultural food supply chains. This paper proposes a framework based on the consortium and smart contracts to track and trace the workflow of agricultural food supply chains, implement traceability and shareability of supply chains, and break down the information islands between enterprises as much as possible to eliminate the need for the central institutions and agencies and improve the integrity of the transaction records, reliability and security. At the same time, farmers record details of the environment and crop growth data in the InterPlanetary File System (IPFS) and store file IPFS hashes in smart contracts, which not only increases data security but also alleviates the blockchain storage explosion problem. This framework has been applied in Shanwei Lvfengyuan Modern Agricultural Development Co., Ltd. Although there are still many defects, the framework has successfully realized functions such as disintermediation and tracing of agricultural product information through QR codes. Thus, the framework proposed in this paper is of great significance and reference value for enterprises to ensure product quality and safety traceability.
QR code is designed as machine readable symbol, which is widely used in various fields of life due to its large message capacity and fast decoding speed. However, as a public standard, it will give rise to the security issue when delivering sensitive information with QR code. To overcome this weakness, this paper explores the characteristic of QR code to propose an efficient secret hiding mechanism to protect the sensitive information within QR code. The secret message would be embedded into cover QR code based on (8, 4) Hamming code. The error correction capacity (ECC) of QR code would correct the errors produced in the secret embedding procedure, and the valid marked QR code would reduce people’s curious. Compared to the state-of-art works, the proposed scheme achieves a better performance on the aspects of secret payload and embedding efficiency.
Steganography is considered the first line of defense in information security as it hides a secret message (payload) inside an innocent looking file (container) to transfer the payload under the adversary’s nose without noticing it. Steganographic systems only use the container to hide the payload. In this paper, we present a steganographic system that uses the container not only to hide the payload, but also to give misleading information to the adversary. To achieve this goal, we use quick response (QR) code as a container. QR codes generated by our proposed system can carry its ordinary message in addition to the payload. Anyone can read the message, but the payload can only be obtained using a secret key. The message and the payload are unrelated; i.e. any message can be generated regardless of the payload and vise versa. We can take advantage of that by generating a message that gives misleading information to the adversary. We test the proposed system and show that the generated QR code is (valid) i.e indistinguishable from an ordinary QR code which makes it look innocent and less susceptible to an adversary’s attack. Moreover, it is space-efficient, has an acceptable level of noise immunity and is prone to steganalysis attacks.
This paper provides a novel method to improve the data storage of a quick response code (QR code) by applying encrypted lossless compression technology. QR codes are used in several domains, particularly when there is a need to transfer various types of text information. A key aspect of this work is to thus propose a new methodology to overcome the weaknesses of the limited size of the traditional QR code, which has long been an important issue in a wide range of areas. The proposed algorithm incorporates a clear and simple plan for overcoming this difficulty by inserting confidential information into a QR code message. The QR code is updated through the addition of levels that help to share secure messages of various sizes and to authenticate documents for verification and validation. In this work, the newly proposed QR code does not reconstruct the configuration or structure of the QR code. Rather, it provides better security because it relies on the features of the Huffman compression algorithm to reduce the size of the input data and the principles of encryption through the XOR function, which is done through a variable encryption key. The experimental results show the superiority of our method over the previous methods. The scope of this endeavour is thus wide, and there is potential for the encoding of different types of data with a high compression rate in the near future.
QR codes as public patent are widely used to acquire the information in various fields. However, the characteristic of its public readability hinders its usage for delivering private messages. To overcome this weakness, we propose a Sudoku-based secret sharing scheme to protect the privacy QR code message with the functionality of cheater prevention. The secret messages will be divided into several shadows and concealed to the QR code by replacing the QR code public message bits. And the private messages can be faithfully reproduced when all the involved participants cooperate. In our secret sharing scheme, the QR code public message still can be fully decoded publicly from the marked QR codes via a QR code reader, which helps to reduce uninvolved users’ curiosity. Experiments show that the proposed scheme is feasible, with high security protection level, and resistant to common image post-processing attacks.
This work examines QR codes and how they can be used to attack both human interaction and automated systems. As the encoded information is intended to be machine readable only, a human cannot distinguish between a valid and a maliciously manipulated QR code. While humans might fall for phishing attacks, automated readers are most likely vulnerable to well-known types of attacks where input data is not sanitized properly such as SQL and command injections. Our contribution consists of an analysis of the QR code as an attack vector, showing different attack strategies from the attackers point of view and exploring their possible consequences in a proof-of-concept phishing attack against QR codes, that is based on the idea of changing the content of a QR code by just turning white modules (pixels) into black ones.
The matrix barcodes known as Quick Response (QR) codes are rapidly becoming pervasive in urban environments around the world. QR codes are used to represent data, such as a web address, in a compact form that can be scanned readily and parsed by consumer mobile devices. They are popular with marketers because of their ease in deployment and use. However, this technology encourages mobile users to scan unauthenticated data from posters, billboards, stickers, and more, providing a new attack vector for miscreants. By positioning QR codes under false pretenses, attackers can entice users to scan the codes and subsequently visit malicious websites, install programs, or any other action the mobile device supports. We investigated the viability of QRcode- initiated phishing attacks, or QRishing, by conducting two experiments. In one experiment we visually monitored user interactions with QR codes; primarily to observe the proportion of users who scan a QR code but elect not to visit the associated website. In a second experiment, we distributed posters containing QR codes across 139 different locations to observe the broader application of QR codes for phishing. Over our four-week study, our disingenuous flyers were scanned by 225 individuals who subsequently visited the associated websites. Our survey results suggest that curiosity is the largest motivating factor for scanning QR codes. In our small surveillance experiment, we observed that 85% of those who scanned a QR code subsequently visited the associated URL.
This paper proposes an exclusive or (XOR)-based progressive visual secret sharing scheme that uses generalized random grids. This scheme differs from conventional visual secret sharing schemes. In addition to progressive recovery of secret messages, decrypting with an XOR operator produces reconstructed secret images with high visual quality when more shares are collected. Furthermore, the proposed scheme does not require a codebook to generate shares. In addition, there is no pixel expansion of the shares; thus, storing the shares does not result in additional burden. Experimental results reveal that the proposed scheme is superior to existing approaches with respect to performance and practicability.
QR barcodes are used extensively due to their beneficial properties, including small tag, large data capacity, reliability, and high-speed scanning. However, the private data of the QR barcode lacks adequate security protection. In this article, we design a secret QR sharing approach to protect the private QR data with a secure and reliable distributed system. The proposed approach differs from related QR code schemes in which it uses the QR characteristics to achieve secret sharing and can resist the print-and-scan operation. The secret can be split and conveyed with QR tags in the distribution application, and the system can retrieve the lossless secret when authorized participants cooperate. General browsers can read the original data from the marked QR tag via a barcode reader, and this helps reduce the security risk of the secret. Based on our experiments, the new approach is feasible and provides content readability, cheater detectability, and an adjustable secret payload of the QR barcode.