Vasileios Mavroeidis
Quick response code secure: a cryptographically secure anti-phishing tool for QR code attacks.
Mavroeidis, Vasileios; Nicho, Mathew
Authors
Mathew Nicho
Contributors
Jacek Rak
Editor
John Bay
Editor
Igor Kotenko
Editor
Leonard Popyack
Editor
Victor Skormin
Editor
Krzysztof Szczypiorski
Editor
Abstract
The two-dimensional quick response (QR) codes can be misleading due to the difficulty in differentiating a genuine QR code from a malicious one. Since, the vulnerability is practically part of their design, scanning a malicious QR code can direct the user to cloned malicious sites resulting in revealing sensitive information. In order, to evaluate the vulnerabilities and propose subsequent countermeasures, we demonstrate this type of attack through a simulated experiment, where a malicious QR code directs a user to a phishing site. For our experiment, we cloned Google's web page providing access to their email service (Gmail). Since, the URL is masqueraded into the QR code the unsuspecting user who opens the URL is directed to the malicious site. Our results proved that hackers could easily leverage QR codes into phishing attack vectors targeted at smartphone users, even bypassing web browsers safe browsing feature. In addition, the second part of our paper presents adequate countermeasures and introduces QRCS (Quick Response Code Secure). QRCS is a universal efficient and effective solution focusing exclusively on the authenticity of the originator and consequently, the integrity of QR code by using digital signatures.
Citation
MAVROEIDIS, V. and NICHO, M. 2017. Quick response code secure: a cryptographically secure anti-phishing tool for QR code attacks. In Rak, J., Bay, J., Kotenko, I., Popyack, L., Skormin, V. and Szczypiorski, K. (eds.) Computer network security: Proceedings of the 7th International Mathematical methods, models and architectures for computer network security conference (MMM-ACNS 2017), 28-30 August 2017, Warsaw, Poland. Lecture notes in computer science, 10466. Cham: Springer [online], pages 313-324. Available from: https://doi.org/10.1007/978-3-319-65127-9_25
| Conference Name | 7th International Mathematical methods, models and architectures for computer network security conference (MMM-ACNS 2017) |
|---|---|
| Conference Location | Warsaw, Poland |
| Start Date | Aug 28, 2017 |
| End Date | Aug 30, 2017 |
| Acceptance Date | May 8, 2017 |
| Online Publication Date | Aug 6, 2017 |
| Publication Date | Sep 13, 2017 |
| Deposit Date | Jun 5, 2017 |
| Publicly Available Date | Jun 5, 2017 |
| Print ISSN | 0302-9743 |
| Publisher | Springer |
| Pages | 313-324 |
| Series Title | Lecture notes in computer science |
| Series Number | 10446 |
| Series ISSN | 0302-9743 |
| ISBN | 9783319651262 |
| DOI | https://doi.org/10.1007/978-3-319-65127-9_25 |
| Keywords | Quick response (QR)codes; 2D codes; Smartphone security; Mobile phishing attacks; Cryptography; Digital signatures |
| Public URL | http://hdl.handle.net/10059/2358 |
Files
MAVROEIDIS 2017 Quick Response Code Secure
(1.2 Mb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by-nc/4.0/
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search