Abstract
Quick Response (QR) codes are widely used due to their versatility and low deployment cost. However, the existing QR code standard is ineffective for security-critical applications (e.g., electronic identity management) as the stored information can be easily exposed to unauthorized parties. Moreover, it does not provide sufficient storage capacity to employ robust encryption schemes for complex access control and authentication. In this paper, we present a novel approach of employing encrypted multi-layer QR codes, MurQRI (pronounced “Mercury”), for secure user authentication and fine-grained access control in various domains (e.g., airport and hospital). MurQRI is designed to store up to 45 kilobytes of data and protect the stored information via biometric authentication and encryption. To support fine-grained access control, we employ attribute-based encryption. We also introduce real-world applications where MurQRI can be used effectively and discuss possible methods to enhance security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
The electronic passport in 2020 and beyond. https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/passport/electronic-passport-trends
QR code basics: Getting started with QR codes, June 2020. https://www.qr-code-generator.com/qr-code-marketing/qr-codes-basics/
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 321–334 (2007). https://doi.org/10.1109/SP.2007.11
Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13
Bui, T.V., Vu, N.K., Nguyen, T.T.P., Echizen, I., Nguyen, T.D.: Robust message hiding for QR code. In: 2014 Tenth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp. 520–523 (2014). https://doi.org/10.1109/IIH-MSP.2014.135
Bulan, O., Blasinski, H., Sharma, G.: Color QR codes: increased capacity via per-channel data encoding and interference cancellation. In: Color Imaging Conference (2011)
California State Legislature: (1965). https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=EVID&division=8.&title=&part=&chapter=4.&article=6, division 8. Priviliges Chapter 4. Particular Priviliges Article 6. Physician-Patient Privilege
Chambers, B.: How COVID-19 Has Accelerated QR Code Adoption in the UK and EU. Mobileiron.com, October 2020. https://www.mobileiron.com/en/blog/how-covid-19-has-accelerated-qr-code-adoption-uk-eu
Chiang, Y.J., Lin, P.Y., Wang, R.Z., Chen, Y.H.: Blind QR code steganographic approach based upon error correction capability. KSII Trans. Internet Inf. Syst. 7, 2527–2543 (2013). https://doi.org/10.3837/tiis.2013.10.012
Chow, Y.-W., Susilo, W., Baek, J.: Covert QR codes: how to hide in the crowd. In: Liu, J.K., Samarati, P. (eds.) ISPEC 2017. LNCS, vol. 10701, pp. 678–693. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72359-4_42
Dean, T., Dunn, C.: Quick layered response (QLR) codes (2012)
DENSO WAVE: Face authentication SQRC. https://www.denso-wave.com/en/system/qr/product/facesqrc.html
Espejel-Trujillo, A., Castillo Camacho, I., Nakano-Miyatake, M., Perez-Meana, H.: Identity document authentication based on VSS and QR codes. Procedia Technol. 3, 241–250 (2012). https://doi.org/10.1016/j.protcy.2012.03.026
Goyal, V., Jain, A., Pandey, O., Sahai, A.: Bounded ciphertext policy attribute based encryption. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008. LNCS, vol. 5126, pp. 579–591. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70583-3_47
ISO/IEC 18004:2015(E): Information technology – automatic identification and data capture techniques – QR code bar code symbology specification. Standard, International Organization for Standardization (2015)
Jaroszewski, P.: How to get good seats in the security theater? Hacking boarding passes for fun and profit, May 2016. https://www.defcon.org
Khammarnia, M., Kassani, A., Eslahi, M.: The efficacy of patients’ wristband bar-code on prevention of medical errors. Appl. Clin. Inform. 6, 716–727 (2015). https://doi.org/10.4338/ACI-2015-06-R-0077
Krombholz, K., Frühwirt, P., Kieseberg, P., Kapsalis, I., Huber, M., Weippl, E.: QR code security: a survey of attacks and challenges for usable security. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 79–90. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07620-1_8
Lai, J., Deng, R.H., Li, Y.: Fully secure cipertext-policy hiding CP-ABE. In: Bao, F., Weng, J. (eds.) ISPEC 2011. LNCS, vol. 6672, pp. 24–39. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21031-0_3
Lin, P., Chen, Y., Lu, E.J., Chen, P.: Secret hiding mechanism using QR barcode. In: 2013 International Conference on Signal-Image Technology Internet-Based Systems, pp. 22–25 (2013). https://doi.org/10.1109/SITIS.2013.15
Lin, P.-Y., Chen, Y.-H.: High payload secret hiding technology for QR codes. EURASIP J. Image Video Process. 2017(1), 1–8 (2017). https://doi.org/10.1186/s13640-016-0155-0
Meruga, J., et al.: Multi-layered covert QR codes for increased capacity and security 37, 17–27 (2015). https://doi.org/10.1080/1206212X.2015.1061254
Neurotechnology: Megamatcher SDK, November 2020. https://www.neurotechnology.com/megamatcher-algorithm-tests.html#tests_finger_face_iris
Niceware International LLC: Patient Safety with Bar Code and RFID Labeling Identification. White paper, December 2006
Noppakaew, P., Khomkuth, S., Sriwilas, S.: Construction of multi-layered QR codes utilizing partitions of positive integers. J. Math. Comput. Sci. 18, 306–313 (2018). https://doi.org/10.22436/jmcs.018.03.06
Qryptal: The simpler approach to secure and verify documents. https://www.qryptal.com/landingpages/signed-qr-code/
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979). https://doi.org/10.1145/359168.359176
SITA: Air Transport IT Insights 2019. SITA. https://www.sita.aero/resources/type/surveys-reports/air-transport-it-insights-2019
Acknowledgement
This research was supported by the ICT R&D program (No.2017-0-00545) and the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. 2019R1C1C1007118).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Koo, B., Moon, T., Kim, H. (2021). MurQRI: Encrypted Multi-layer QR Codes for Electronic Identity Management. In: Park, Y., Jadav, D., Austin, T. (eds) Silicon Valley Cybersecurity Conference. SVCC 2020. Communications in Computer and Information Science, vol 1383. Springer, Cham. https://doi.org/10.1007/978-3-030-72725-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-72725-3_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-72724-6
Online ISBN: 978-3-030-72725-3
eBook Packages: Computer ScienceComputer Science (R0)