Yijie Li,Yi-Chao Chen,Xiaoyu Ji,Hao Pan,Lanqing Yang,Guangtao Xue,Jiadi Yu

DOI: https://doi.org/10.1109/infocom42981.2021.9488859

2021-01-01

Abstract:Quick response (QR) codes have been widely used in mobile applications due to its convenience and the pervasive built-in cameras on smartphones. Recently, however, attacks against QR codes have been reported that attackers can capture a QR code of the victim and replay it to achieve a fraudulent transaction or intercept private information, just before the original QR code is scanned. In this study, we enhance the security of a QR code by identifying its authenticity. We propose SCREENID, which embeds a QR code with information of the screen which displays it, thereby the QR code can reveal whether it is reproduced by an adversary or not. In SCREENID, PWM frequency of screens is exploited as the unique screen fingerprint. To improve the estimation accuracy of PWM frequency, SCREENID incorporates a model for the interaction between the camera and screen in the temporal and spatial domains. Extensive experiments demonstrate that SCREENID can differentiate screens of different models, types, and manufacturers, thus improve the security of QR codes.

Yijie Li,Yi-Chao Chen,Xiaoyu Ji,Hao Pan,Lanqing Yang,Guangtao Xue,Jiadi Yu

DOI: https://doi.org/10.1145/3372224.3418165

2020-01-01

Abstract:Quick response (QR) codes have been widely used in mobile applications, due to its convenience and the pervasive built-in cameras on smartphones. Recently, however, QR codes have been reported suffering attacks for being sniffed just before the QR code is scanned, which lead to financial loss. In this study, we propose ScreenID, for enhancing the QR code security by identifying its authenticity, which embeds a QR code with information of unique screen fingerprint - PWM frequency. PWM frequencies are adjusted to different values by screen manufacturers, therefore can successfully differentiate screens. To improve the estimation accuracy of PWM frequency, ScreenID incorporates a model for the interaction between the camera and screen in the temporal and spatial domains. Extensive experiments demonstrate that ScreenID can differentiate screens of different models, types and manufacturers and thus improve the security of QR codes.

Hao Pan,Yi‐Chao Chen,Lanqing Yang,Guangtao Xue,Chuang-Wen You,Xiaoyu Ji

DOI: https://doi.org/10.1145/3300061.3345428

2019-01-01

Abstract:Quick response (QR) codes are becoming pervasive due to their rapid readability and the popularity of smartphones with built-in cameras. QR codes are also gaining importance in the retail sector as a convenient mobile payment method. However, researchers have concerns regarding the security of QR codes, which leave users susceptible to financial loss or private information leakage. In this study, we addressed this issue by developing a novel QR code (called mQRCode), which exploits patterns presenting a specific spatial frequency as a form of camouflage. When the targeted receiver holds a camera in a designated position (e.g., directly in front at a distance of 30 cm from the camouflaged QR code), the original QR code is revealed in form of a Moire pattern. From any other position, only the camouflaged QR code can be seen. In experiments, the decryption rate of mQRCode was > 98.6% within 10.2 frames via a multi-frame decryption method. The decryption rate for cameras positioned 20° off axis or > 10cm away from the designated location dropped to 0%, indicating that mQRCode is robust against attacks.

Hao Pan,Lanqing Yang,Yi-Chao Chen,Guangtao Xue,Chuang-Wen You,Xiaoyu Ji,Pai-Yen Chen

DOI: https://doi.org/10.1145/3300061.3343391

2019-01-01

Abstract:Quick response (QR) codes are becoming pervasive due to their rapid readability and the popularity of smartphones with built-in cameras. QR codes are also gaining importance in the retail sector as a convenient mobile payment method. However, researchers have concerns regarding the security of QR codes, which leave users susceptible to financial loss or private information leakage. In this study, we address this issue by developing a novel QR code (called mQR code), which exploits patterns presenting a specific spatial frequency as a form of camouflage. When the targeted receiver holds a camera in a designated position (e.g., directly in front at a distance of 30 cm from the camouflaged QR code), the original QR code is revealed in form of a Moiré pattern. From any other position, only the camouflaged QR code can be seen. In experiments, the decryption rate of mQR codes is $> 98%$. The decryption rate for cameras positioned $20\degree$ off axis or $> 10cm$ from the designated location drops to $0%$, indicating that any attackers will be unable to steal a usable image.

Hao Pan,Yi-Chao Chen,Guangtao Xue,Chuang-Wen You,Xiaoyu Ji

DOI: https://doi.org/10.1145/3267305.3267626

2018-01-01

Abstract:Quick Response (QR) codes are rapidly becoming pervasive in our daily life because of its fast readability and the popularity of smartphones with a built-in camera. However, recent researches raise security concerns because QR codes can be easily sniffed and decoded which can lead to private information leakage or financial loss. To address the issue, we present mQRCode which exploit patterns with specific spatial frequency to camouflage QR codes. When the targeted receiver put a camera at the designated position (e.g., 30cm and 0° above the camouflaged QR code), the original QR code is revealed due to the Moiré phenomenon. Malicious adversaries will only see camouflaged QR code at any other position. Our experiments show that the decoding rate of mQR codes is 95% or above within 0.83 seconds. When the camera is 10cm or 15° away from the designated location, the decoding rate drops to 0 so it's secure from attackers.

Yushi Cheng,Xiaoyu Ji,Lixu Wang,Qi Pang,Yi-Chao Chen,Wenyuan Xu

2021-01-01

Abstract:Cyber-theft of trade secrets has become a serious business threat. Digital watermarking is a popular technique to assist in identifying the source of the file leakage, whereby a unique watermark for each insider is hidden in sensitive files. However, malicious insiders may use their smartphones to photograph the secret file displayed on screens to remove the embedded hidden digital watermarks due to the optical noises introduced during photographing. To identify the leakage source despite such screen-photo-based leakage attacks, we leverage Moire pattern, an optical phenomenon resulted from the optical interaction between electronic screens and cameras. As such, we present mID, a new watermark-like technique that can create a carefully crafted Moire pattern on the photo when it is taken towards the screen. We design patterns that appear to be natural yet can be linked to the identity of the leaker. We implemented mID and evaluate it with 5 display devices and 6 smartphones from various manufacturers and models. The results demonstrate that mID can achieve an average bit error rate (BER) of 0:6% and can successfully identify an ID with an average accuracy of 96%, with little influence from the type of display devices, cameras, IDs, and ambient lights.

Wenyuan Xu,Yushi Cheng,Xiaoyu Ji,Yi-Chao Chen

DOI: https://doi.org/10.1109/tdsc.2023.3299983

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Cyber-theft of trade secrets has become a serious business threat. Digital watermarking is a popular technique to help identify the source of the file leakage, whereby a unique watermark for each insider is hidden in sensitive files. However, malicious insiders may use smartphones to photograph the secret file displayed on screens to remove the embedded hidden digital watermarks due to the optical noises introduced during photographing. To identify the leakage source despite such screen-photo-based leakage attacks , we leverage Moiré pattern, an optical phenomenon resulted from the optical interaction between electronic screens and cameras. As such, we present mID , a new watermark-like technique that can create a carefully crafted Moiré pattern on the photo when it is taken towards the screen. We design patterns that appear to be natural yet can be linked to the identity of the leaker. We implemented mID and evaluated it with 7 display devices and 6 smartphones from various manufacturers and models. The results demonstrate that mID can achieve an average bit error rate (BER) of $0.2\%$ and can successfully identify an ID with an average accuracy of $98\%$ , with little influence from the type of display devices, cameras, IDs, and ambient lights.

Ruxin Wang,Long Huang,Kaitlyn Madden,Chen Wang

DOI: https://doi.org/10.1145/3643833.3656128

2024-01-01

Abstract:Because of the great convenience and being not readable to humans, Quick Response (QR) codes are increasingly being utilized to offer a variety of security applications to mobile users, such as online payments, website logins, and private data sharing. To facilitate these security applications, QR codes usually contain sensitive information, such as bank account details, credit card numbers, and personal/organizational/device data, or they are specifically designed to work with cloud servers to provide security services. However, there is currently no existing solution to verify the identity of the smartphone user who scans a QR code from a Kiosk or another phone's screen. Verifying the scanner's identity is essential to ensure that financial transactions go to the correct recipient and that sensitive data is securely shared to its intended destination. This work aims to equip QR code providers with the ability to verify human scanners' identities, facilitating authorization and auditing. When a phone is held close to scan a QR code, we utilize the front camera of the code provider (a Kiosk or phone) to simultaneously verify the scanner's hand. Instead of requiring the scanner to present a stretched palm to obtain traditional hand geometries, we find that the geometry of an individual's hand, when it grips a phone, is also identifiable. We thus design a vision-based approach to extract gripping hand biometrics. We leverage the QR code's screen to cast light onto the scanner's gripping hand, ensuring adequate illumination even in low-light conditions. We then use a hand tracking tool, MediaPipe, to detect and localize the hand and develop a transformer-based algorithm to verify four types of gripping hand biometric features extracted from the hand image, including hand contour, skeleton, color, and surface. We further capture the subtle hand joint movements for liveness validation, because the user needs to click touchscreen buttons to start QR code scanning. Extensive experiments, including a long-term study spanning over 32 months, show that the system achieves 98.3% accuracy in verifying the user and mitigating 2D and 3D replay attacks. Compared to the widely used facial recognition, this approach addresses the recent struggles of identifying faces behind masks and the public concerns about privacy erosion.

Zhe Zhou,Di Tang,Wenhao Wang,Xiaofeng Wang,Zhou Li,Kehuan Zhang

DOI: https://doi.org/10.1145/3274694.3274721

2018-01-01

Abstract:QR-code mobile payment becomes increasingly popular, being offered by major banks (e.g., ICBC) and payment service providers (e.g., PayPal). Unlike mobile payment solutions provided by hardware vendors (e.g., Apple Pay and Samsung Pay), QR code payment schemes do not rely on any hardware support and can therefore be easily deployed. However, the security guarantee of the new scheme is less clear: in the absence of hardware protection, users' digital wallet can be vulnerable to an OS-level adversary, who could steal her secret for generating payment tokens.

Anfu Zhou,Guangyuan Su,Shilin Zhu,Huadong Ma

DOI: https://doi.org/10.1145/3351284

2019-01-01

Proceedings of the ACM on Interactive Mobile Wearable and Ubiquitous Technologies

Abstract:Quick response (QR) codes have found versatile usage in numerous applications, but have also posed severe security threats such as privacy leakage, phishing and even payment inception if the codes are hijacked. The hijacking is often assumed to be preventable by physically isolating the codes from possible attackers, e.g., putting the QR code inside a glass cabinet distant to outsiders. In this paper, we explore a new QR code hijacking attack, named Li-Man, that can subvert such protection using smart LED. The key idea is to illuminate a target victim QR code from afar using specialized flickering light waveforms, which can transform the code to be any other predefined malicious ones when being captured by smart-phone cameras, while keeping the attack invisible to human visual perception. Li-Man builds on a modeling framework that harnesses the disparity between camera and human imaging mechanisms. We develop a Li-Man simulator and also implement a prototype to verify the feasibility and threat level of Li-Man. Experiments demonstrate that Li-Man can successfully realize the invisible hijacking of QR codes from multiple hidden positions in constrained space. On the other hand, we propose and verify a primary countermeasure that is promising to defeat the Li-Man attack.

Yichen Tao,Fuxin Cai,Gangyao Zhan,Hao Zhong,Yun Zhou,Su Shen

DOI: https://doi.org/10.1364/OE.423923

2021-05-10

Abstract:Since the printing quick response (QR) code can be easily produced and duplicated as a potential tool for cybercriminals, QR code security has been a hotly debated issue across globe. Here we demonstrate a floating QR code device based on the moiré principle which has the advantage of displaying an appealing three-dimensional (3D) effect and privacy protection. In the imaging system, the microlens array (MLA) contributes to efficiently sampling the multiple elemental images and the metal-coated nanostructure yields patterned structural black color with a high pattern resolution (>12, 500 dpi). A virtual mask scheme is specially developed in the elemental image construction, allowing for eliminating the crosstalk between neighboring units and containing more information in one unit without the necessity for ultra-high-resolution fabrication process and sophisticated operation. The proposed QR code device, capable of being read by an unmodified smart phone, is inexpensive, mass-producible, nondestructive, unclonable and convenient for authentication. This new solution should take a place among the existing solutions to fight counterfeiting and QR code attacks.

Min-Jen Tsai,Shao-Lun Peng

DOI: https://doi.org/10.1016/j.dsp.2022.103887

IF: 2.92

2023-03-01

Digital Signal Processing

Abstract:Due to the popularity of smartphones, cameras can be seen everywhere. QR codes are widely used daily, and their application is becoming more and more diverse, such as for warehouse management, electronic tickets, mobile payment, etc. As COVID-19 rapidly spread worldwide, people were forced to change their payment habits. Contactless systems, such as electronic tickets, became increasingly used to display information and avoid traditional queues. However, the standard QR code comprises black and white squares in monochrome images, which is not visually appealing. Yet, the easiest way to present a theme in a QR code is an image, which is more eye-catching and easier to understand than text. In this study, we devise an IS-QR method to integrate full-color images with QR codes by instance segmentation, using BlendMask to extract image feature regions and take Human Visual System into account. Discrete wavelet transform and contrast sensitivity were used to lessen the impact of reduced readability of QR codes during printing. Representative image visual quality measures, including PSNR, MSE, SSIM, FSIM, and GMSD, were used to measure the experimental results in order to validate the effectiveness of QR code beautification. The subjective quality evaluation is also performed. Finally, the measurement results indicate that the beautified QR codes generated by the method IS-QR designed in this study perform better than other related studies in terms of visualization and beautification.

engineering, electrical & electronic

Jianfeng Lu,Zaorang Yang,Lina Li,Wenqiang Yuan,Li Li,Chin-Chen Chang

DOI: https://doi.org/10.1155/2017/4356038

2017-01-01

Mobile Information Systems

Abstract:QR code (quick response code) is used due to its beneficial properties, especially in the mobile payment field. However, there exists an inevitable risk in the transaction process. It is not easily perceived that the attacker tampers with or replaces the QR code that contains merchant’s beneficiary account. Thus, it is of great urgency to conduct authentication of QR code. In this study, we propose a novel mechanism based on visual cryptography scheme (VCS) and aesthetic QR code, which contains three primary schemes for different concealment levels. The main steps of these schemes are as follows. Firstly, one original QR code is split into two shadows using VC multiple rules; secondly, the two shadows are embedded into the same background image, respectively, and the embedded results are fused with the same carrier QR code, respectively, using XOR mechanism of RS and QR code error correction mechanism. Finally, the two aesthetic QR codes can be stacked precisely and the original QR code is restored according to the defined VCS. Experiments corresponding to three proposed schemes are conducted and demonstrate the feasibility and security of the mobile payment authentication, the significant improvement of the concealment for the shadows in QR code, and the diversity of mobile payment authentication.

computer science, information systems,telecommunications

Kaihua Song,Ning Liu,Zhongpai Gao,Fiche Zhang,Guangtao Zhai,Xiao-Ping Zhang

DOI: https://doi.org/10.1109/icmew46912.2020.9105961

2020-01-01

Abstract:QR (Quick Response) codes are widely used in daily lives for their convenience in conveying information from offline to online. However, black-white QR code image takes up space and is not visually appealing when embedded into videos. Owing to the high resolution and high refresh rates of display screens, we are able to embed QR code to be invisible on displays based on temporal psychovisual modulation (TPVM). In this work, we proposed a method to improve the invisibility of QR code via TPVM. Furthermore, we propose a fast restoration-recognition method to scan invisible QR codes by smartphones using deep convolutional neural networks. Extensive experiment results show that our proposed methods effectively improve the indivisibility of QR code and can efficiently recognize the invisible QR code correctly and stably. Our methods can be applied in video copyright protection and Internet shopping without affecting the visual quality for audiences.

Yanan Du,Sai Xu,Kuaikuai Yu,Jiangzhou Wang

DOI: https://doi.org/10.1109/lwc.2023.3237252

IF: 6.3

2023-01-01

IEEE Wireless Communications Letters

Abstract:This letter studies communication security of intelligent reflecting surface (IRS)-based microwave quick response (QR) code. Specifically, the confidential information at a low-cost low-power Internet-of-Things device (Alice) is encoded as a microwave QR code on its associated IRS. To acquire the microwave QR code, a radio frequency signal is transmitted by an authorized user (Bob) and then received by itself through the reflection at the IRS. Meanwhile, a passive eavesdropper (Eve) attempts to intercept the reflected signal from the IRS and decode the carried confidential information. To enhance security, the transmitted signal and the receiving beamforming at Bob are jointly designed while the receiving beamforming vector at Eve is also optimized to capture the worse case of eavesdropping. Based on this, the average bit error probabilities at Bob and Eve are derived for phase shift keying (PSK). The simulation results demonstrate the secrecy performance of the considered system.

Hao Su,Jianwei Niu,Xuefeng Liu,Mohammed Atiquzzaman

DOI: https://doi.org/10.1016/j.jnca.2024.103874

IF: 7.574

2024-01-01

Journal of Network and Computer Applications

Abstract:In social networks, the Internet of Things, mobile computing, electronic commerce, and other fields, Quick Response (QR) codes have been widely used as the interface between online and offline scenarios. In offline lives, users can readily scan QR codes with smartphones to access online networks or remote devices. However, standard QR codes appear as random black-and-white modules that make users difficult to visually distinguish the encoding message in QR codes, which incurs users unwittingly to scan malicious QR codes distributed by hackers, and results in serious issues of cyber security and privacy leakage. In this paper, we propose a novel system that can embed safety identification information (SII) into QR codes, which conduces to avoid issues of cyber security and privacy leakage. Although some existing methods attempt to embed visual information into QR codes, these methods require complex pre-designed algorithms and leave some limitations in visual representation. Unlike them, our system employs the machine learning technique, which can naturally embed SII into QR codes without compromising the scanning-robustness and message preservation. The decoding time of our results is an average of 0.72 s which is similar to the standard QR code. Subjective and objective experiments show that our system can effectively produce embedded QR codes that are applicable in real-world life, and reach the state-of-the-art level.

Zhongpai Gao,Guangtao Zhai,Chunjia Hu

DOI: https://doi.org/10.1145/2733373.2806398

2015-01-01

Abstract:QR (Quick Response) Codes are widely used as a convenient unidirectional communication channel to convey information, such as emails, hyperlinks, or phone numbers, from publicity materials to mobile devices. But the QR Code is not visually appealing and takes up valuable space of publicity materials. In this paper, we propose a new method to embed QR Code on digital screen via temporal psychovisual modulation (TPVM). By exploiting the difference between human eyes and semiconductor imaging sensors in temporal convolution of optical signals, we make QR Code perceptually transparent to human but detectable for mobile devices. Based on the idea of invisible QR Code, many applications can be implemented, e.g., "physical hyperlink" for something interesting on TV or digital signage , "invisible watermark" for anti-piracy in theater. A prototype system introduced in this paper serves as a proof-of-concept of the invisible QR Code and can be improved in future works.

Jiamei Lv,Yuxuan Zhang,Wei Dong,Yi Gao,Chun Chen

DOI: https://doi.org/10.1109/iwqos49365.2020.9212963

2020-01-01

Abstract:With the continued proliferation of smart mobile devices, Quick Response (QR) code has played an important role in daily life. They may be distorted and partially invisible due to bright spots, folding and stains When they are printed on soft materials such as plastic bags. Existing scanners may fail in detecting and decoding QR codes due to distortion. In this paper, we propose a simple but effective approach to decoding distorted and partial QR codes. First, we improve an existing QR code detection algorithm to extract QR codes. Then based on the structural features of QR codes that white and black modules are staggered, we propose a novel distortion correction mechanism that uses an adaptive window to match each module. In order to tackle the problem of invisibility, we print multiple QR codes and capture them in an image. Considering confidence of each module in separate, we reconstruct a relatively complete QR code. Extensive experiments have been conducted to evaluate the performance of our approach. The results show that our approach improves the decoding rate by 50% – 60% compared to the other two baselines.

Rongjun Chen,Yue Huang,Kailin Lan,Jiawen Li,Yongqi Ren,Xianglei Hu,Leijun Wang,Huimin Zhao,Xu Lu

DOI: https://doi.org/10.3390/electronics12194134

IF: 2.9

2023-10-05

Electronics

Abstract:The advancement of Internet of Things (IoT) has enhanced the extensive usage of QR code images in various computer vision applications. Nonetheless, this has also brought forth several technical challenges. In particular, the logistics sorting system often encounters issues such as a low recognition rate and slow processing speed when dealing with QR code images under complex lighting conditions like uneven illumination. To address these difficulties, a method that focuses on achieving a fast adaptive binarization of QR code images through dynamic illumination equalization was proposed. First, an algorithm based on edge enhancement to obtain the position detection patterns within QR code images was applied, which enabled the acquisition of structural features in uneven illumination. Subsequently, QR code images with complex lighting conditions can achieve a fast adaptive binarization through dynamic illumination equalization. As for method validation, the experiments were performed on the two datasets that include QR code images influenced by strong light, weak light, and different shadow degrees. The results disclosed the benefits of the proposed method compared to the previous approaches; it produced superior recognition rates of 78.26–98.75% in various cases through commonly used decoders (Wechat and Zxing), with a faster processing speed of 0.0164 s/image, making it a proper method to satisfy real-time requirements in practical applications, such as a logistics sorting system.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yulong Yan,Zhuo Zou,Hui Xie,Yu Gao,Lirong Zheng

DOI: https://doi.org/10.1109/JIOT.2020.3035697

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:This article presents an Internet-of-Things (IoT) anti-counterfeiting system that uses visual features combined with the quick response (QR) code. The visual features guarantee the authenticity of a product with the QR code for tracking and tracing. Two visual features, i.e., natural texture features and printed micro features are exploited in the proposed system. The natural texture features use the texture of fiber paper to achieve physical unclonable function (PUF), while the micro features are artificially generated for improved industrial manufacturability and reliability. Features are generated and registered in the production phase when the QR code is printed. In the anti-counterfeiting verification phase, the feature obtained through the feature extraction algorithm is compared with the record to calculate similarity, which indicates the verification result. Such an approach is fully compatible with the QR code-based logistic process without any additional manufacturing cost. A user-friendly application has been developed on a mobile platform that facilitates easy-to-use and affordable devices for verification, such as a mobile phone or a handheld code reader. The experimental results show 99.6% and 99.9% accuracy of anti-counterfeiting verification for texture features and micro features, respectively. The system with corresponding algorithms and software has been demonstrated in real-life products.