TRANSMITTING BULK AMOUNT OF DATA IN THE FORM OF QR CODE WITH CBFSC AND CHUNKI

Document Sample
TRANSMITTING BULK AMOUNT OF DATA IN THE FORM OF QR CODE WITH CBFSC AND CHUNKI Powered By Docstoc
					International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
 INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME
                                TECHNOLOGY (IJCET)

ISSN 0976 – 6367(Print)
ISSN 0976 – 6375(Online)                                                      IJCET
Volume 4, Issue 4, July-August (2013), pp. 341-349
© IAEME: www.iaeme.com/ijcet.asp
Journal Impact Factor (2013): 6.1302 (Calculated by GISI)                   ©IAEME
www.jifactor.com




 TRANSMITTING BULK AMOUNT OF DATA IN THE FORM OF QR CODE
  WITH CBFSC AND CHUNKING TECHNIQUES- FIGHTING AGAINST
                 CRYPTANALYTIC ATTACKS

                      Praveen.T                             Muthaiah.RM
              Asst.Professor ,Dept of CSE           UG Student, Dept of CSE
             Veltech Hightech Engg College         Veltech Hightech Engg College

                                       Krishnamoorthy.N
                                    UG Student, Dept of CSE
                                  Veltech Hightech Engg College



ABSTRACT

        A technique to transmit bulk amount of data in the form of QR code (Quick Response Code)
and to make secure transmission of QRC containing the information is proposed. Since last few
years, two-dimensional (2D) codes have gained the attention of the people from the industrial
backgrounds and gradually replaced one-dimensional bar codes in many applications due to their
higher information storage capacity. Quick response (QR) codes, defined by the ISO/IEC18004
standard, are one of the most popular types of 2D codes. So,initially, the bulk information to be
transmitted is put into a QR container. Considering the very dark side of the unsecure QR codes, we
enhance security by chunking the actual QR to be transmitted and then encrypt individual chunk
using the CHAOS BASED FEEDBACK STREAM CIPHER (CBFSC) mechanism. Using this
technique, the chunked QR code is encrypted pixel by pixel considering the values of previously
encrypted pixels, in each iteration. After this, each encrypted chunk is transmitted over the network
as packets At the receiving end, the chunks are decrypted individually. Finally, they are clustered to
get the original QR code that can be read using secure QR reader, thus fighting against cryptanalytic
attacks. Thus a QR code containing the information to be transmitted is encrypted using the above
said The advantage is that any changes in the plain image are cascaded forward throughout the cipher
image, which means that two almost identical plain images will encrypt to completely different
cipher images. Notably, all the QR images are almost identical and so is the reason we use the said
technique. As the QR codes stand as data containers that provide more security when encrypted,
from the viewpoint of data hiding researches, they shall then be regarded as the visible watermarks
helping us to transmit bulk data.
                                                 341
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME

1. INTRODUCTION

        In recent times, the computer networks and its use has grown enormously and hence there is a
concern for the security of the information be it text or image or audio or any other multimedia and
hence protecting the transmitted data stands unabated. When the information is transmitted over a
network it is necessary to fight against cryptanalytic attacks. Most times we transmit bulk amount of
data and for security we may use private key encryption algorithms such as triple DES or blowfish
[9] .But the drawback is that the transmission is costly because of the size as well as the complexity
of the encryption algorithms and so we use the QR code (expanded as Quick Response Code) [1][2]
to store the bulk amount of data limiting the size than the usual. In order to make the transmission of
QR containing the information secure [8][9], we propose a technique. Initially the QR containing the
information is broken into chunks and encrypted individually using the CHAOS BASED
FEEDBACK STREAM CIPHER [10] mechanism where the chunked QR code[1] is encrypted pixel
by pixel[10] considering the values of previously encrypted pixels, in each iteration. After this each
encrypted chunk is transmitted over the network as packets and at the receiving end the chunk is
decrypted and clustered to get a original QR code that can be read using secure QR reader. The rest
of the paper is organized as below:
        Section 2 surveys the conventional network transmission techniques and its pros and cons.
Section 3 discusses the characteristics and advantages of the Quick Response Code. Section 4 deals
with the issues with the use of QR code. Section 5 presents the need for encryption of QR code using
Chaos Based Feedback Stream Cipher technique and furthermore explores the benefits of the
CBFSC technique and its robustness against cryptanalytic attacks. Section 6 brings to light the
efficiency of the well built QR code that contains large amount of data. Section 7 paves way to
enhance further more security by chunking the actual QR to be transmitted and then applying the
encryption algorithm used above. Section8 describes decryption of chunked QR code and clustering
of the chunks to get the original QR and exploring the information in QR using the reader. The
practical applicability and the pre-eminence of the proposed technique than the conventional one is
dealt in section 9. Section 10 concludes the paper.

2. CONVENTIONAL TRANSMISSION TECHNIQUES

2.1 Network Security
        The global information technology infrastructure has become network centric, well allied and
highly distributed. Network security is a concept to protect network and to make secure
transmissions over the network. This clearly shows that by network security, we mean the data
security which is a exigent aspect today. Clearly, information in electronic form as well as the
technology for creating, transmitting, processing and storing information are increasingly important
assets that can be targeted by criminals and it is demanding that it must be protected. In the distant
past, operating systems and the computers on which they resided were afforded a degree of
protection simply by virtue of their relative inaccessibility. This was because that they were used by
relatively few staff in an organization, tended to be found in access controlled computer rooms, and
were not connected to networks. But nowadays, they are often networked together within a company
and increasingly connected to the World Wide Internet. The computing infrastructure is now global
in scope and it is feasible to remotely access computers from almost everywhere in the world. Today,
the principles of protection are still similar to those of the past, but the consequences of failure are
more significant since computers are widely depended on for daily business operations. In addition,
the frequency of incidents is on the increasing scale and the bad guys do not even have to be experts
given the large set of tools available on the Internet that are capable of breaching system security.
The purpose of computer and network security is to provide an umbrella of protection for the

                                                  342
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME

organization in the form of policies and procedures as well as the technological implementation of
measures to secure and protect a network. Doing this is not an easy matter. In fact, implementing
strong electronic security is very difficult. It is fair to say that no system that is available today or
that can even be imagined is 100% secure. There are simply too many ways to either break or
circumvent security measures no matter how well it is constructed. To protect the data transmission
over the network, We may have to concentrate on wide areas such as the cryptography [8][9], Data
hiding, cipher technology[8], secure communication channel etc.,

2.2 Encryption techniques
        There are many encryption techniques that are not capable of providing sufficient security to
the network transmission. Many encryption methods have been proposed, and the most common way
to protect large multimedia files is by using conventional encryption techniques. Implementations of
popular public key encryption methods, such as RSA [8] cannot provide suitable encryption rates,
while security of these algorithms relies on the difficulty of quickly factorizing large numbers or
solving the discrete logarithm problem, that are seriously challenged by recent advances in number
theory and distributed computing. Caesar cipher encryption technique and multiple encryptions are
few of the Conventional encryption techniques that survived during the previous decade or even
before. But now, there is a necessity for more efficient technique due to the proliferation of the
Internet usage.

2.3 Data Containers
        At this juncture, we should also consider a point that it would not definitely be fair to use
such a costly technique to transmit data even on a larger scale. On the other hand, compressing the
data would also not be a solution. So, here we bring in the concepts of Data Containers (1D or 2D)
into picture.[1][7]

3. CHARACTERISTICS AND ADVANTAGE OF QR CODES

3.1 Quick Response Codes
        Since last few years, two-dimensional (2D) codes have gained the attention of the people
from the industrial backgrounds and gradually replaced one-dimensional bar codes in many
applications due to their higher information storage capacity. QR code is hence
as an information container which can be captured and decoded by smart phones directly[3][4].
        Quick response (QR) codes, defined by the ISO/IEC18004 standard [1][7], are one of the
most popular types of 2D codes. Thus, Quick response codes (QR Codes) are two-dimensional
barcodes designed to share encoded information in a variety of formats. QR code is just a matrix bar
code containing much more amount of information than its 1D counterpart A typical QR code is a
square black and white pixelated box [2]. Encoded information may contain simple text, graphics, or
direct users to a website or landing page for additional information. Furthermore Barcode technology
is superior in speed, steadfastness, information capacity, universality, and cost. The two dimensional
code can encode in 2-D directions, represent thousands of characters, and bear a certain automatic
error correction capability. The information in the code can be encrypted, which needs special
software to decipher and decode [8][9], which ensure better security. Quick Response codes, QR
code for short, is a two-dimensional barcode with high information density, error correction ability
and convenient encryption mechanism.

3.2 Applications
        Because of the wide-spreading of smart phones and extended wireless networks, people are
getting familiar with acquiring information via mobile phones nowadays [3]. QR code has the error

                                                  343
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME

correcting capability since Reed-Solomon (RS) codes have already been integrated into the standard
QR codes[1][2][7]. With the aid of QR codes, users can avoid tedious typing. Since the cost of
information transfer using QR code is extremely low as compared with many other technologies, the
QR code is the most widely used as information container which has already been applied to
numerous stuffs like posters, books or magazines) on the small size screen of smart phones[3]. They
are extensively used in many commercial applications due to their high-speed decoding.
Furthermore, since modern handheld devices can show a barcode on their screen with enough
resolution to decode it, a broad range of emerging applications may use QR codes in a variety of
scenarios such as boarding passes, event tickets, retailer cards identification systems, etc.,

3.3 Transformation in QR’s applications
        The QR code shall easily be seen in web pages or on posters nowadays. It is a two-
dimensional code in square shape, mostly represented by binary form (black and white pixels). It is
easily recognizable because it looks like a random pattern[6]. Colorized QR codes too are in
existence. The beautifications of QR codes have also been proposed recently. During the origination
of the QR codes, the purpose was to utilize the quick connection to the specific web page with the
URL information converted to the QR code pattern. But these days they stand as data containers that
provide more security when encrypted since from the viewpoint of data hiding researches, QR code
shall then be regarded as the visible watermarks.

3.4 Ease of QR scanning
       A few years ago, specific scanners were designed to capture QR code images and decode
them. Nowadays, however, given the increasing computational capability of cell phones, as well as
the quality and resolution of the latest embedded cameras[4][5], they have emerged as suitable
devices to perform this kind of image processing tasks.

3.5 Proposed Application
        And now we propose the concept of the Quick Response code in network transmission and
here raises the question of security which is being dealt in forth coming sections of this paper. We
perform the following in the proposed technique.
    Initially, the bulk information to be transmitted is put into a QR container.
    Considering the very dark side of the unsecure QR codes, we enhance security by chunking the
    actual QR to be transmitted
     We now encrypt individual chunk using the CHAOS BASED FEEDBACK STREAM CIPHER
    (CBFSC) mechanism.
    Using this technique, the chunked QR code is encrypted pixel by pixel considering the values of
    previously encrypted pixels, in each iteration.
    After this, each encrypted chunk is transmitted over the network as packets
    At the receiving end, the chunks are decrypted individually.
    Finally, they are clustered to get the original QR code that can be read using secure QR reader,
    thus fighting against cryptanalytic attacks.

4. THE DARK SIDE OF QR CODES

4.1 The un-secure QR code
       Hidden in those lines are embedded codes which only our smart phones can read and point it
to a new location on the Web. Online marketing gurus are singing the digital praises for the
inexpensive cost with maximum return on investment. The online marketing industry is one
example. Agents are able to market their hottest products by embedding QR codes into their signs

                                                344
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME

and brochures. This does not limit only to the marketing sector, but certainly from many petty small
scale industries to pretty big corporate. The QR design companies say they're viewing exponential
growth in their business over the past two years. But security experts say no so fast[1].

4.2 After math of reading an un-secure QR
        Taking your smart phone to a new site certainly can seem cool if you trust the source. But
experts believe it's just a matter of time before hackers are able to hijack this clever code, taking you
someplace you didn't plan on going. The results could be a nasty virus, botnet, or malicious code that
records your personal information, your location, even your bank account numbers. As with any new
technology that allows and encourages sharing data, there is always the chance that identification and
financial information may be at risk. QR codes that are scanned to gain instant access to a text
message are less likely to place a user’s identity and personal information at risk than near field
communication used for the so called contactless payments. Hence, it places the personal
information at risk from fraudulent sites and malicious programs thus putting the QR codes onto its
dark side.

5. NEED FOR THE ENCRYPTION OF QR CODES

        Encrypting data in Quick Response Codes eliminates the dangers associated with loss or
theft. The process makes data worthless to unauthorized users. Typically, by processing data through
a mathematical formula called an algorithm, encryption software converts data into "cipher text."[8]
Following this conversion, that data requires users to input their unique credentials to gain access to
it. Provided those credentials stay private, they make it virtually impossible for others to access the
data. It is broadly agreed that we are in an information and knowledge economy. In the short term
4G, the next generation of smart phone connectivity, will give download speeds of up to 100Mbps as
standard. That means entire databases can be downloaded in seconds, to any device and in any
location across the globe. Smart phones and tablets will eclipse the traditional PC as the devices of
choice for business users. In current scenario, 70% of business users have one smart phone for both
business and personal use. This will increase the mobility of data and blur the home-work boundaries
even more. When this is the case for a huge database, it is indescribable for a QR code.

5.1 Encryption of QRC using Chaos Based Feedback Stream Cipher algorithm

5.1.1 Robustness of an Encryption technique against Cryptanalytic attacks
        A good information security system should not only protect confidential messages in the text
form, but also in image form. In general, there are three basic characteristics in the information
security field privacy, integrity, and availability. By Privacy, we mean that an unauthorized user
cannot disclose a message and by integrity we connote that an unauthorized user cannot modify or
corrupt a message. Finally by availability we signify that messages are made available to authorized
users faithfully. The encryption system should be computationally secure[8]. It must require an
extremely long computation time to break, for example. Unauthorized users should not be able to
read privileged images. Encryption and decryption should be fast enough not to degrade the system
performance. The algorithms for encryption and decryption must be simple enough to be done by
users with a personal computer. The security mechanism should be as widespread as possible[8][9].
It must be widely acceptable to design a cryptosystem like a commercial product. The security
mechanism should be flexible. There should not be a large expansion of the encrypted image data.
The chosen Chaos Based Feedback Stream Cipher technique abides by all the above requirements.



                                                  345
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME

5.1.2 Chaos Based Feedback Stream Cipher technique
        The close association between chaos and cryptography makes chaos based cryptographic
algorithms as a natural preference for secure communication and cryptography. The chaos based
encryption techniques are considered superior for practical use as these techniques provide a good
combination of speed, high security, complexity, reasonable computational overheads and
computational power etc.[10]
        An overview of CBFSC encryption module is depicted here. This is a simple block cipher
with block size of 8-bit and 256-bit secret key. The key is used to generate a pad that is then merged
with the plaintext a byte at a time.

1. For the encryption or decryption ,we divide the plain text or the cipher text into blocks of 8 bits.
Plain text and the cipher text of i blocks are represented as
P P1P2P3P4 ..........Pi
C C1C2C3C4 ..........Ci
2. The proposed image encryption process utilizes an external secret key of 256-bit long. Further, the
secret key is divided into blocks of 8-bit each, referred as session keys.
K K1K2K3K4 .........K64 (in hexadecimal)
Here, Ki 's are the alphanumeric characters (0–9 and A–F) and each group of two alphanumeric
characters represents a session key.
Alternatively, the secret key can be represented in ASCII mode as
K K1K2K3K4 .........K32 (in ASCII)
Here, each Ki represents one 8-bit block of the secret key i.e. session key.
3. The initial condition for the chaotic map and the initial codes are generated from the session keys
4. Read a byte from the image file (that represent a block of 8-bits) and load it as plain image pixel
Pi .
5. Encryption of each plain image pixel Pi to produce its corresponding cipher image pixel Ci . The
entire image is encrypted pixel by pixel considering the values of previously encrypted pixels, in
each iteration
6. Repeat steps 4-5 until the entire image file
is exhausted.

5.2 Why CBFSC for QR Code?
        Thus a QR code containing the information to be transmitted is encrypted using the above
said algorithm. The use of feedback mechanism has two desirable benefits. The first benefit is that
there can be no simple periodicity in the encrypted image because the encryption of each plain image
pixel depends not only on the encryption key, but also on the previous cipher image pixel. The next
is that any changes in the plain image are cascaded forward throughout the cipher image, which
means that two almost identical plain images will encrypt to completely different cipher images[10].
Notably, all the QR images are almost identical and so is the reason we use the said technique

6. WELL- BUILT QRC AFTER ENCRYPTION

        The sensitivity to the plain image is also a plus to the security of the used CBFSC. High key
sensitivity is required by secure image cryptosystems, which means that the cipher image (QRC)
cannot be decrypted correctly although there is only a slight difference between encryption or
decryption keys. This guarantees the security of the QRC against brute-force attacks [8][9] to some
extent. An ideal image encryption procedure should be sensitive with respect to both the secret key
and plain image. The change of a single bit in either the secret key or plain image should produce a


                                                 346
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME

completely different encrypted image [10]. The basic concept is that the encryption of each part of
the plain image depends not only on the key, but also on the previous cipher image.




                              a)Quick Response Code with information




                               b) The encrypted image of the QR Code




                               c) The decrypted image of the QR code

7. ENHANCED SECURITY BY CHUNKING THE QRC

        The Quick Response Code is chunked before the encryption is applied. The above is included
in the proposed technique in order to enhance further security to the data in the QR container thus
preventing the data against the cryptanalytic attacks during its transmission over an interconnected
network. The robustness of the technique used has further reinforcement of a feedback mechanism,
which leads the cipher to a cyclic behavior so that the encryption of each plain pixel depends on the
key, the value of the previous cipher pixel and the output of the logistic map. On top of this, our idea
is to chunk the QR code into pieces using any chunking algorithm which shall then be used in
clustering the QR code chunks at the reception end. Once the actual Quick Response Code is
chunked, we apply the CBFSC technique and then transmit it as packets over the network. When this
is done, each chunk that is subjected to encryption will have separate and distinct secret keys and
thus the chance for the cryptanalytic attack is very negligible.

8. RECEPTION OF THE QR SENT OVER NETWORK

         At the receiving end, we shall decrypt each and every packet that we call as the encrypted QR
chunk using the reverse of CBFSC technique. In the decryption module, the same pad is generated
but it is un-merged with the cipher text to retrieve the plaintext. The decryption module receives an
encrypted image (cipher image) as input and the 256-bit secret key and returns the original image
(QR chunk). In particular, the decryption module works in the same way as the encryption
module[10] but now the output of the logistic map is subtracted from the corresponding cipherimage

                                                  347
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME

pixel Ci providing the plainimage pixel Pi as we used the iterative procedure . The output of the
decryption module is the original image (QR chunk).Decryption of each cipherimage pixel Ci to
produce its corresponding plainimage pixel Pi [10]



                                       a)Decrypted QR chunks

       Finally we cluster all the decrypted QR chunks [11] using the clustering (reverse of the one
used for chunking).Finally we get the entire QR code as output that contains the large amount of
information.




                                  b)The entire QRC after clustering

        This actual QR code contains the original information that was intended for transmission. If
there is an error in decryption of any of the QR chunks may be with a slightly wrong secret key, then
we surely will fail to extract the actual information in the QR. Thus we increase the complexity for
the bad attackers to attack the transmission.

9. PRACTICAL APPLICABILITY AND PRE-EMINENCE OF THE PROPOSAL

        The technique that we have proposed has got an immense applicability practically and hence
this technique shall be used widely. We enlighten this because we use a very strong technique that
stands against loss of information with an intention to disallow the cryptanalytic attacks any further.
Another exclusive benefit of our proposed technique is that the transmission cost is comparatively
less since we transfer a large amount of data into a single QR container and then apply the encryption
algorithm rather than apply the encryption algorithm to the data itself. Yet again we can say that our
proposed technique is efficient because we suggest to chunk the QR code before the encryption and
cluster [11] the chunks after the decryption. Our chunking and clustering idea adds further security to
the already secure and efficient encrypted transmission of the entire QR code over the network.

10. CONCLUSION

        In this paper we propose a technique for extremely safest and secure transmission of large
amount of information using a efficient QR code and our use of the Chaos Based Feedback Stream
Cipher technique adds further security to the transmission. Using this proposed technique, we shall
put a large amount of information that is intended for the transmission into the data container called
Quick Response Code and hence achieve the maximum effectiveness and security for transmission
of large amount of data. Furthermore, we have also discussed the characteristics of image
cryptosystems, chaos and cryptography and issues related to network transmission and the need for
security is also brought to light.




                                                 348
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME

11. REFERENCES

 [1] www.qrcode.com
 [2] QR-Code Generator, http://qrcode.kaywa.com/, 2010.
 [3] International Standard. ISO/IEC 18004. Information technology --Automatic identification
      and data capture techniques -- QR Code 2005 bar code symbology specification. Second
      Edition. 2006-09-01.
 [4] E Ohbuchi, H Hanaizumi, LA Hock, “Barcode readers using the camera device in mobile
      phones” Cyber worlds, 2004 International Conference on (2004), pp. 260-265.
 [5] C.-H. Chu, D.-N. Yang and M.-S Chen, “Image stabilization for 2D barcode in handheld
      devices,” Proc. of the 15th ACM Int. Conf. on Multimedia, Augsburg, Germany, pp.697-706,
      Sep. 2007
 [6] K. Fujita, M. Kuribayashi, and M. Morii, “A study of image displayable design qr code,”
      IEICE Tech Report (in Japanese), vol. 110, no. 374, pp. 39–44, 2011.
 [7] GB/T 18284-2000 "Quick Response Code",Beijing, National Standards Press,2000
 [8] W. Stallings., "Cryptography and Network Security: Principles and Practice," Prentice-Hall,
      New Jersey, 1999.
 [9] Bruce Schneier, "Applied Cryptography –Protocols, algorithms, and source code in C,"John
      Wiley & Sons, Inc., New York, second edition, 1996
 [10] An Efficient Chaos-Based Feedback Stream Cipher (ECBFSC) for Image Encryption and
      Decryption, Hossam El-din H. Ahmed, Hamdy M. Kalash, and Osama S. Farag Allah
      Menoufia University,
 [11] Kuo, S. P., Wu, B. J., Peng, W. C., and Tseng, Y. C. Cluster enhanced Techniques for Pattern
      Matching Localization Systems, in IEEE International Conference on Mobile Ad-hoc and
      Sensor Systems, 2007.
 [12] Ahmad Salameh Abusukhon, “Block Cipher Encryption for Text-To-Image Algorithm”,
      International journal of Computer Engineering & Technology (IJCET), Volume 4, Issue 3,
      2013, pp. 50 - 59, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.
 [13] Santosh Abaji Kharat and Dr.B.M.Pange, “Qr (Quick Response) Codes and Academic
      Libraries: Reaching to Mobile Users a Best Practices”, International Journal of Library and
      Information Science (IJLIS), Volume 2, Issue 1, 2013, pp. 1 - 18, ISSN Print: 2277 – 3533,
      ISSN Online: 2277 – 3584.




                                              349

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:9/2/2013
language:
pages:9