QR codes are widely used in various settings such as consumer advertising, commercial tracking, ticketing and marketing. People tend to scan QR codes and trust their content, but there exists no standard mechanism for providing authenticity and confidentiality of the code content. Attacks such as the redirection to a malicious website or the infection of a smartphone with a malware are realistic and feasible in practice. In this paper, we present the first systematic study of usable state-of-the-art cryptographic primitives inside QR codes. We select standard, popular signature schemes and we compare them based on performance, size and security. We conduct tests that show how different usability factors impact on the QR code scanning performance and we evaluate the usability/security trade-off of the considered signature schemes. Interestingly, we find out that in some cases security breaks usability and we provide recommendations for the choice of secure and usable signature schemes.

Usable Cryptographic QR Codes

Focardi Riccardo;Luccio Flaminia;Wahsheh Heider
2018-01-01

Abstract

QR codes are widely used in various settings such as consumer advertising, commercial tracking, ticketing and marketing. People tend to scan QR codes and trust their content, but there exists no standard mechanism for providing authenticity and confidentiality of the code content. Attacks such as the redirection to a malicious website or the infection of a smartphone with a malware are realistic and feasible in practice. In this paper, we present the first systematic study of usable state-of-the-art cryptographic primitives inside QR codes. We select standard, popular signature schemes and we compare them based on performance, size and security. We conduct tests that show how different usability factors impact on the QR code scanning performance and we evaluate the usability/security trade-off of the considered signature schemes. Interestingly, we find out that in some cases security breaks usability and we provide recommendations for the choice of secure and usable signature schemes.
2018
Proceedings of the IEEE International Conference on Industrial Technology (ICIT - IEEE 2018)
4.1 Articolo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
EditorUsableCryptographic.pdf

non disponibili

Tipologia: Versione dell'editore
Licenza: Accesso chiuso-personale
Dimensione 3.93 MB
Formato Adobe PDF
  Visualizza/Apri
3.93 MB Adobe PDF   Visualizza/Apri
PreprintUsableCryptographic.pdf

accesso aperto

Tipologia: Documento in Pre-print
Licenza: Accesso gratuito (solo visione)
Dimensione 4.06 MB
Formato Adobe PDF
Visualizza/Apri
4.06 MB Adobe PDF Visualizza/Apri

I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10278/3696274
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 24
  • ???jsp.display-item.citation.isi??? 15
social impact