Hao Pan,Lanqing Yang,Yi-Chao Chen,Guangtao Xue,Chuang-Wen You,Xiaoyu Ji,Pai-Yen Chen

DOI: https://doi.org/10.1145/3300061.3343391

2019-01-01

Abstract:Quick response (QR) codes are becoming pervasive due to their rapid readability and the popularity of smartphones with built-in cameras. QR codes are also gaining importance in the retail sector as a convenient mobile payment method. However, researchers have concerns regarding the security of QR codes, which leave users susceptible to financial loss or private information leakage. In this study, we address this issue by developing a novel QR code (called mQR code), which exploits patterns presenting a specific spatial frequency as a form of camouflage. When the targeted receiver holds a camera in a designated position (e.g., directly in front at a distance of 30 cm from the camouflaged QR code), the original QR code is revealed in form of a Moiré pattern. From any other position, only the camouflaged QR code can be seen. In experiments, the decryption rate of mQR codes is $> 98%$. The decryption rate for cameras positioned $20\degree$ off axis or $> 10cm$ from the designated location drops to $0%$, indicating that any attackers will be unable to steal a usable image.

Hao Pan,Yi‐Chao Chen,Lanqing Yang,Guangtao Xue,Chuang-Wen You,Xiaoyu Ji

DOI: https://doi.org/10.1145/3300061.3345428

2019-01-01

Abstract:Quick response (QR) codes are becoming pervasive due to their rapid readability and the popularity of smartphones with built-in cameras. QR codes are also gaining importance in the retail sector as a convenient mobile payment method. However, researchers have concerns regarding the security of QR codes, which leave users susceptible to financial loss or private information leakage. In this study, we addressed this issue by developing a novel QR code (called mQRCode), which exploits patterns presenting a specific spatial frequency as a form of camouflage. When the targeted receiver holds a camera in a designated position (e.g., directly in front at a distance of 30 cm from the camouflaged QR code), the original QR code is revealed in form of a Moire pattern. From any other position, only the camouflaged QR code can be seen. In experiments, the decryption rate of mQRCode was > 98.6% within 10.2 frames via a multi-frame decryption method. The decryption rate for cameras positioned 20° off axis or > 10cm away from the designated location dropped to 0%, indicating that mQRCode is robust against attacks.

Hao Pan,Yi-Chao Chen,Guangtao Xue,Chuang-Wen You,Xiaoyu Ji

DOI: https://doi.org/10.1145/3267305.3267626

2018-01-01

Abstract:Quick Response (QR) codes are rapidly becoming pervasive in our daily life because of its fast readability and the popularity of smartphones with a built-in camera. However, recent researches raise security concerns because QR codes can be easily sniffed and decoded which can lead to private information leakage or financial loss. To address the issue, we present mQRCode which exploit patterns with specific spatial frequency to camouflage QR codes. When the targeted receiver put a camera at the designated position (e.g., 30cm and 0° above the camouflaged QR code), the original QR code is revealed due to the Moiré phenomenon. Malicious adversaries will only see camouflaged QR code at any other position. Our experiments show that the decoding rate of mQR codes is 95% or above within 0.83 seconds. When the camera is 10cm or 15° away from the designated location, the decoding rate drops to 0 so it's secure from attackers.

Guangtao Xue,Yijie Li,Hao Pan,Lanqing Yang,Yi-Chao Chen,Xiaoyu Ji,Jiadi Yu

DOI: https://doi.org/10.1109/tnet.2022.3203044

2022-01-01

IEEE/ACM Transactions on Networking

Abstract:Quick response (QR) codes have been widely used in mobile applications, especially mobile payments, such as Alipay, WeChat, PayPal, etc due to their convenience and the pervasive built-in cameras on smartphones. Recently, however, attacks against QR codes have been reported and attackers can capture a QR code of the victim and replay it to achieve a fraudulent transaction or intercept private information, just before the original QR code is scanned. In this study, we enhance the security of a QR code by identifying its authenticity. We propose ScreenID, which embeds a QR code with information of the screen which displays it, thereby the QR code can reveal whether it is reproduced by an adversary or not. In ScreenID, PWM frequency of screens is exploited as the unique screen fingerprint. To improve the estimation accuracy of PWM frequency, ScreenID incorporates a model for the interaction between the camera and screen in the temporal and spatial domains. Extensive experiments demonstrate that ScreenID can differentiate screens of different models, types, and manufacturers and thus improve the security of QR codes.

Yijie Li,Yi-Chao Chen,Xiaoyu Ji,Hao Pan,Lanqing Yang,Guangtao Xue,Jiadi Yu

DOI: https://doi.org/10.1145/3372224.3418165

2020-01-01

Abstract:Quick response (QR) codes have been widely used in mobile applications, due to its convenience and the pervasive built-in cameras on smartphones. Recently, however, QR codes have been reported suffering attacks for being sniffed just before the QR code is scanned, which lead to financial loss. In this study, we propose ScreenID, for enhancing the QR code security by identifying its authenticity, which embeds a QR code with information of unique screen fingerprint - PWM frequency. PWM frequencies are adjusted to different values by screen manufacturers, therefore can successfully differentiate screens. To improve the estimation accuracy of PWM frequency, ScreenID incorporates a model for the interaction between the camera and screen in the temporal and spatial domains. Extensive experiments demonstrate that ScreenID can differentiate screens of different models, types and manufacturers and thus improve the security of QR codes.

Yijie Li,Yi-Chao Chen,Xiaoyu Ji,Hao Pan,Lanqing Yang,Guangtao Xue,Jiadi Yu

DOI: https://doi.org/10.1109/infocom42981.2021.9488859

2021-01-01

Abstract:Quick response (QR) codes have been widely used in mobile applications due to its convenience and the pervasive built-in cameras on smartphones. Recently, however, attacks against QR codes have been reported that attackers can capture a QR code of the victim and replay it to achieve a fraudulent transaction or intercept private information, just before the original QR code is scanned. In this study, we enhance the security of a QR code by identifying its authenticity. We propose SCREENID, which embeds a QR code with information of the screen which displays it, thereby the QR code can reveal whether it is reproduced by an adversary or not. In SCREENID, PWM frequency of screens is exploited as the unique screen fingerprint. To improve the estimation accuracy of PWM frequency, SCREENID incorporates a model for the interaction between the camera and screen in the temporal and spatial domains. Extensive experiments demonstrate that SCREENID can differentiate screens of different models, types, and manufacturers, thus improve the security of QR codes.

Zizhi Jin,Xiaoyu Ji,Yushi Cheng,Bo Yang,Chen Yan,Wenyuan Xu

DOI: https://doi.org/10.1109/jiot.2024.3496783

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Autonomous vehicles and robots increasingly exploit LiDAR-based 3D object detection systems to detect obstacles in the environment. Correct detection and classification are important to ensure safe driving. Although previous work has demonstrated the feasibility of manipulating point clouds to spoof 3D object detectors, most of these attempts are performed digitally. In this paper, we investigate the possibility of physically fooling LiDAR-based 3D object detection by injecting adversarial point clouds using lasers. First, we develop a laser transceiver that can inject up to 4200 points, and can measure the scanning cycle of victim LiDARs to schedule the spoofing laser signals. By designing a control signal method that converts the coordinates of point clouds to control signals and an adversarial point cloud optimization method with physical constraints of LiDARs and attack capabilities, we manage to inject spoofing point cloud with desired point cloud shapes into the victim LiDAR physically. We can launch four types of attacks, i.e., naive hiding, record-based creating, optimization-based hiding, and optimization-based creating. Extensive experiments demonstrate the effectiveness of our attacks against two commercial LiDAR and three detectors. We further analyze the impact of our attacks on four fusion-based detectors. The paper concludes with experiments on defense methods and discussion on potential defense strategies at both the sensor and autonomous vehicle system levels.

Zizhi Jin,Xiaoyu Ji,Yushi Cheng,Bo Yang,Chen Yan,Wenyuan Xu

DOI: https://doi.org/10.1109/sp46215.2023.10179458

2023-01-01

Abstract:Autonomous vehicles and robots increasingly exploit LiDAR-based 3D object detection systems to detect obstacles in environment. Correct detection and classification are important to ensure safe driving. Though existing work has demonstrated the feasibility of manipulating point clouds to spoof 3D object detectors, most of the attempts are conducted digitally. In this paper, we investigate the possibility of physically fooling LiDAR-based 3D object detection by injecting adversarial point clouds using lasers. First, we develop a laser transceiver that can inject up to 4200 points, which is 20 times more than prior work, and can measure the scanning cycle of victim LiDARs to schedule the spoofing laser signals. By designing a control signal method that converts the coordinates of point clouds to control signals and an adversarial point cloud optimization method with physical constraints of LiDARs and attack capabilities, we manage to inject spoofing point cloud with desired point cloud shapes into the victim LiDAR physically. We can launch four types of attacks, i.e., naive hiding, record-based creating, optimization-based hiding, and optimization-based creating. Extensive experiments demonstrate the effectiveness of our attacks against two commercial LiDAR and three detectors. We also discuss defense strategies at the sensor and AV system levels.

Yichen Tao,Fuxin Cai,Gangyao Zhan,Hao Zhong,Yun Zhou,Su Shen

DOI: https://doi.org/10.1364/OE.423923

2021-05-10

Abstract:Since the printing quick response (QR) code can be easily produced and duplicated as a potential tool for cybercriminals, QR code security has been a hotly debated issue across globe. Here we demonstrate a floating QR code device based on the moiré principle which has the advantage of displaying an appealing three-dimensional (3D) effect and privacy protection. In the imaging system, the microlens array (MLA) contributes to efficiently sampling the multiple elemental images and the metal-coated nanostructure yields patterned structural black color with a high pattern resolution (>12, 500 dpi). A virtual mask scheme is specially developed in the elemental image construction, allowing for eliminating the crosstalk between neighboring units and containing more information in one unit without the necessity for ultra-high-resolution fabrication process and sophisticated operation. The proposed QR code device, capable of being read by an unmodified smart phone, is inexpensive, mass-producible, nondestructive, unclonable and convenient for authentication. This new solution should take a place among the existing solutions to fight counterfeiting and QR code attacks.

Yushi Cheng,Xiaoyu Ji,Lixu Wang,Qi Pang,Yi-Chao Chen,Wenyuan Xu

2021-01-01

Abstract:Cyber-theft of trade secrets has become a serious business threat. Digital watermarking is a popular technique to assist in identifying the source of the file leakage, whereby a unique watermark for each insider is hidden in sensitive files. However, malicious insiders may use their smartphones to photograph the secret file displayed on screens to remove the embedded hidden digital watermarks due to the optical noises introduced during photographing. To identify the leakage source despite such screen-photo-based leakage attacks, we leverage Moire pattern, an optical phenomenon resulted from the optical interaction between electronic screens and cameras. As such, we present mID, a new watermark-like technique that can create a carefully crafted Moire pattern on the photo when it is taken towards the screen. We design patterns that appear to be natural yet can be linked to the identity of the leaker. We implemented mID and evaluate it with 5 display devices and 6 smartphones from various manufacturers and models. The results demonstrate that mID can achieve an average bit error rate (BER) of 0:6% and can successfully identify an ID with an average accuracy of 96%, with little influence from the type of display devices, cameras, IDs, and ambient lights.

Jianfeng Lu,Zaorang Yang,Lina Li,Wenqiang Yuan,Li Li,Chin-Chen Chang

DOI: https://doi.org/10.1155/2017/4356038

2017-01-01

Mobile Information Systems

Abstract:QR code (quick response code) is used due to its beneficial properties, especially in the mobile payment field. However, there exists an inevitable risk in the transaction process. It is not easily perceived that the attacker tampers with or replaces the QR code that contains merchant’s beneficiary account. Thus, it is of great urgency to conduct authentication of QR code. In this study, we propose a novel mechanism based on visual cryptography scheme (VCS) and aesthetic QR code, which contains three primary schemes for different concealment levels. The main steps of these schemes are as follows. Firstly, one original QR code is split into two shadows using VC multiple rules; secondly, the two shadows are embedded into the same background image, respectively, and the embedded results are fused with the same carrier QR code, respectively, using XOR mechanism of RS and QR code error correction mechanism. Finally, the two aesthetic QR codes can be stacked precisely and the original QR code is restored according to the defined VCS. Experiments corresponding to three proposed schemes are conducted and demonstrate the feasibility and security of the mobile payment authentication, the significant improvement of the concealment for the shadows in QR code, and the diversity of mobile payment authentication.

computer science, information systems,telecommunications

Kaihua Song,Ning Liu,Zhongpai Gao,Fiche Zhang,Guangtao Zhai,Xiao-Ping Zhang

DOI: https://doi.org/10.1109/icmew46912.2020.9105961

2020-01-01

Abstract:QR (Quick Response) codes are widely used in daily lives for their convenience in conveying information from offline to online. However, black-white QR code image takes up space and is not visually appealing when embedded into videos. Owing to the high resolution and high refresh rates of display screens, we are able to embed QR code to be invisible on displays based on temporal psychovisual modulation (TPVM). In this work, we proposed a method to improve the invisibility of QR code via TPVM. Furthermore, we propose a fast restoration-recognition method to scan invisible QR codes by smartphones using deep convolutional neural networks. Extensive experiment results show that our proposed methods effectively improve the indivisibility of QR code and can efficiently recognize the invisible QR code correctly and stably. Our methods can be applied in video copyright protection and Internet shopping without affecting the visual quality for audiences.

Sai Xu,Yanan Du,Jiliang Zhang,Jie Zhang

DOI: https://doi.org/10.48550/arXiv.2208.03137

2022-08-05

Abstract:This letter proposes to employ intelligent reflecting surface (IRS) as an information media to display a microwave quick response (QR) code for Internet-of-Things applications. To be specific, an IRS is used to form a dynamic bitmap image thanks to its tunable elements. With a QR code shown on the IRS, the transmitting and receiving antenna arrays are jointly designed to scan it by radiating electromagnetic wave as well as receiving and detecting the reflected signal. Based on such an idea, an IRS enabled information and communication system is modelled. Accordingly, some fundamental systematic operating mechanisms are investigated, involving derivation of average bit error probability for signal modulation, QR code implementation on an IRS, transmission design, detection, etc. The simulations are performed to show the achievable communication performance of system and confirm the feasibility of IRS-based microwave QR code.

Signal Processing

Wei Wu,Lina Zhang,Jiehui Zhang,Chenyu Cui,Xiaoyu Zhang,Miao Liu

DOI: https://doi.org/10.1109/icspcc55723.2022.9984448

2022-01-01

Abstract:QR code is a typical two-dimensional code tag consisting of square symbols, which is widely used in social life due to the advantages of high readability and large storage capacity. However, its security performance is low, which has caused widespread concern among scholars in various industries. This paper proposes a three-level QR code scheme based on superpixel segmentation in response. Public information can be scanned directly from shares using any standard QR code scanner. Moreover, secret information can only be obtained by the dissimilarity of shares. The reconstructed secret image in this paper retains the main features of the embedded image, and the scheme is resistant to deformation, high load, and robust because it retains the advantages of visual ciphers and QR codes. Experimental results and analysis show this scheme has many advantages over other schemes.

Hui Wei,Hanxun Yu,Kewei Zhang,Zhixiang Wang,Jianke Zhu,Zheng Wang

DOI: https://doi.org/10.1145/3581783.3611910

2023-01-01

Abstract:A backdoor attack is executed by injecting a few poisoned samples into the training dataset of Deep Neural Networks (DNNs), enabling attackers to implant a hidden manipulation. This manipulation can be triggered during inference to exhibit controlled behavior, posing risks in real-world deployments. In this paper, we specifically focus on the safety-critical task of pedestrian detection and propose a novel backdoor trigger by exploiting the Moiré effect. The Moiré effect, a common physical phenomenon, disrupts camera-captured images by introducing Moiré patterns and unavoidable interference. Our method comprises three key steps. Firstly, we analyze the Moiré effect's cause and simulate its patterns on pedestrians' clothing. Next, we embed these Moiré patterns as a backdoor trigger into digital images and use this dataset to train a backdoored detector. Finally, we physically test the trained detector by wearing clothing that generates Moiré patterns. We demonstrate that individuals wearing such clothes can effectively evade detection by the backdoored model while wearing regular clothes does not trigger the attack, ensuring the attack remains covert. Extensive experiments in both digital and physical spaces thoroughly demonstrate the effectiveness and efficacy of our proposed Moiré Backdoor Attack.

Yulong Yan,Zhuo Zou,Hui Xie,Yu Gao,Lirong Zheng

DOI: https://doi.org/10.1109/JIOT.2020.3035697

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:This article presents an Internet-of-Things (IoT) anti-counterfeiting system that uses visual features combined with the quick response (QR) code. The visual features guarantee the authenticity of a product with the QR code for tracking and tracing. Two visual features, i.e., natural texture features and printed micro features are exploited in the proposed system. The natural texture features use the texture of fiber paper to achieve physical unclonable function (PUF), while the micro features are artificially generated for improved industrial manufacturability and reliability. Features are generated and registered in the production phase when the QR code is printed. In the anti-counterfeiting verification phase, the feature obtained through the feature extraction algorithm is compared with the record to calculate similarity, which indicates the verification result. Such an approach is fully compatible with the QR code-based logistic process without any additional manufacturing cost. A user-friendly application has been developed on a mobile platform that facilitates easy-to-use and affordable devices for verification, such as a mobile phone or a handheld code reader. The experimental results show 99.6% and 99.9% accuracy of anti-counterfeiting verification for texture features and micro features, respectively. The system with corresponding algorithms and software has been demonstrated in real-life products.

Youngseek Chung,Soonho Jung,Junwoo Kim,Junghoon Lee,Jaesang Cha

DOI: https://doi.org/10.7236/ijasc.2015.4.2.69

2015-11-30

International journal of advanced smart convergence

Abstract:There are several possible places which are accessible in many buildings and facilities, various types of systems have been utilized such as access control or surveillance depending on the purpose. Especially if security is important, it must go through the various authentication procedures when people can access. Until now many access control systems have been proposed and developed, they are applied and utilized to companies which security is needed. However, as time passes the problems with existing access control systems occur or the vulnerabilities related to access control are reported, as technology advances. The solution to this, we propose authentication technology related to access control using LED-QR tag.

English Else

Minh Nguyen,Huy Tran,Huy Le,Wei Qi Yan

DOI: https://doi.org/10.1145/3139131.3139164

2017-01-01

Abstract:Most existing Augmented Reality (AR) applications use either template (picture) markers or bar-code markers to overlay computer-generated graphics on the real world surfaces. The use of template markers is computationally expensive and unreliable. On the other hand, bar-code markers display only black and white blocks; thus, they look uninteresting and uninformative. In this short paper, we describe a new way to optically hide a QR code inside a tile based colour picture. Each AR marker is built from hundreds of small tiles (just like tiling a bathroom), and the unique gaps between the tiles are used to determine the elements of the hidden QR Code. This novel type of AR marker presents not only a realistic-looking colour picture but also contains self-Correcting information (stored in QR code). In this article, we demonstrate that this tile based colour picture with hidden QR code is relatively robust under various conditions and scaling. We believe many nowadays' AR challenges could be solved with this type of marker. AR-enabled medias could then be easily generated. For instance, it would be capable of storing and displaying virtual figures of an entire book or magazine. Thus, it provides a promising AR approach to be used in many different AR applications; and beyond, it may even replace the barcodes and QR Codes in some cases.

Zhe Zhou,Di Tang,Xiaofeng Wang,Weili Han,Xiangyu Liu,Kehuan Zhang

2018-01-01

Abstract:Accurate face recognition techniques make a series of critical applications possible: policemen could employ it to retrieve criminalsu0027 faces from surveillance video streams; cross boarder travelers could pass a face authentication inspection line without the involvement of officers. Nonetheless, when public security heavily relies on such intelligent systems, the designers should deliberately consider the emerging attacks aiming at misleading those systems employing face recognition. We propose a kind of brand new attack against face recognition systems, which is realized by illuminating the subject using infrared according to the adversarial examples worked out by our algorithm, thus face recognition systems can be bypassed or misled while simultaneously the infrared perturbations cannot be observed by raw eyes. Through launching this kind of attack, an attacker not only can dodge surveillance cameras. More importantly, he can impersonate his target victim and pass the face authentication system, if only the victimu0027s photo is acquired by the attacker. Again, the attack is totally unobservable by nearby people, because not only the light is invisible, but also the device we made to launch the attack is small enough. According to our study on a large dataset, attackers have a very high success rate with a over 70% success rate for finding such an adversarial example that can be implemented by infrared. To the best of our knowledge, our work is the first one to shed light on the severity of threat resulted from infrared adversarial examples against face recognition.

Zhe Zhou,Di Tang,Wenhao Wang,Xiaofeng Wang,Zhou Li,Kehuan Zhang

DOI: https://doi.org/10.1145/3274694.3274721

2018-01-01

Abstract:QR-code mobile payment becomes increasingly popular, being offered by major banks (e.g., ICBC) and payment service providers (e.g., PayPal). Unlike mobile payment solutions provided by hardware vendors (e.g., Apple Pay and Samsung Pay), QR code payment schemes do not rely on any hardware support and can therefore be easily deployed. However, the security guarantee of the new scheme is less clear: in the absence of hardware protection, users' digital wallet can be vulnerable to an OS-level adversary, who could steal her secret for generating payment tokens.