Authenticating Data Transfer Using RSA-Generated QR Codes

##plugins.themes.bootstrap3.article.main##

  •   Angela Marie S. Pangan

  •   Izrah L. Lacuesta

  •   Romie C. Mabborang

  •   Flordeliza P. Ferrer

Abstract


Lack of security measures for cybersecurity threat is somewhat vulnerable and can even put one’s digital life at high risk of phishing attack which is so alarming nowadays. Perpetrators may even use fictitious personal information to infiltrate various institutions for their malicious acts. It is the aim of this paper to present a security measure for a safe data transfer by means of vaccination card. Vaccination information is one of the most commonly acquired pieces of data today. However, because most internet data collection processes lack encryption, personal data becomes very vulnerable to threats. As a result, the researchers presented a Centralized Covid-19 Record System, which illustrates secure data transfer via RSA-generated QR codes. A descriptive research design was employed in which a survey questionnaire together with secondary data sources and online tools i.e., RSA Express Encryption/Decryption Calculator and QR code generator were utilized as data instruments. Through a culmination of knowledge on asymmetric cryptography, RSA algorithm, QR codes, and web system development, answers to the founded research questions were unveiled. The web system’s architecture comprises several components and sub-components building its digital makeup. For the system development process, the most essential structural components are the web browser, web server, and database server. Through a message encryption/decryption feature that makes use of the RSA algorithm in generating a key pair, cryptography was implemented in the system. The essential mathematical parameters comprising such features are RSA encryption algorithm, RSA decryption algorithm, and Euler phi function. As for the system development environment, several hardware and software requirements that build and support the system’s end-to-end process were also specified. Upon the employment of those specifications, the system was able to offer several security features including the 15-digit account user IDs and QR code scanning for log-in, secured acquisition of public and private keys, and an admin verification process. Lastly, it was found that asymmetric cryptosystem provides a secured channel for data transfer due to the computational difficulty of factoring the large integers that constitute modulo . Upon the strategic culmination of the study’s framework, well-established system architecture, required system specifications, and security measures, the researchers were able to successfully develop VacciFied.net, a Centralized Covid-19 Record System involving authenticated data transfer process.



Keywords: Asymmetric Cryptography, Encryption, Decryption, RSA algorithm, QR codes, Web-based system

References

Atwady Y, Hammoudeh M. A Survey on Authentication Techniques for the Internet of Things. Proceedings of the International Conference on Future Networks and Distributed Systems. 2017.

Chenchev I, Aleksieva-Petrova A, Petrov M. Authentication Mechanisms and Classification: A Literature Survey. Lecture Notes in Networks and Systems. 2021: 1051–1070.

Derhab A., Belaoued M., Guerroumi M., & Khan F. A. Two-Factor Mutual Authentication Offloading for Mobile Cloud Computing. IEEE Access. 2020; 8: 28956–28969.

Alhothaily A, Hu C, Alrawais A, Song T, Cheng X, Chen D. A Secure and Practical Authentication Scheme Using Personal Devices. IEEE Access. 2017; 5: 11677–11687.

Ali G, Ally Dida M, Elikana Sam A. Two-Factor Authentication Scheme for Mobile Money: A Review of Threat Models and Countermeasures. Future Internet. 2020; 12(10); 160.

Barker E, Barker WC. Recommendation for Key Management: Part 2 - Best Practices for Key Management Organizations. NIST Special Publication. 2019: 800–57.

Purnomo AT, Gondokaryono YS, Kim CS. Mutual authentication in securing mobile payment system using encrypted QR code based on Public Key Infrastructure. 2016 6th International Conference on System Engineering and Technology (ICSET). 2016.

Ali RF, Muneer A, Dominic PDD, Taib SM, Ghaleb EAA. Internet of Things (IoT) Security Challenges and Solutions: A Systematic Literature Review. Communications in Computer and Information Science. 2021: 128–154.

Thirumalai C, Kar H. Memory efficient multi key (MEMK) generation scheme for secure transportation of sensitive data over cloud and IoT devices. 2017 Innovations in Power and Advanced Computing Technologies (i-PACT). 2017.

Cerf VG. Self-authenticating identifiers. Communications of the ACM, 2018; 61(12): 5.

Farrell, S, Wenning R, Bos B. STRINT Workshop - report/papers. W3.Org. [Internet] 2015. [cited 2022 May 5] Available from: https://www.w3.org/2014/strint/draft-iab-strint-report.html

Wahsheh HAM. Secure and Usable QR Codes. Università Ca’Foscari Venezia [Internet] 2019. Available from : http://dspace.unive.it/bitstream/handle/10579/15022/956262-1208160.pdf?sequence=2.

Focardi R, Luccio FL, Wahsheh HAM. Usable cryptographic QR codes. 2018 IEEE International Conference on Industrial Technology (ICIT). 2018.

Robinson CP. The Key to Cryptography: The RSA Algorithm. BSU Honors Program Theses and Projects. [Internet] 2018. Available from: https://vc.bridgew.edu/honors_proj/268

Nivetha A, Preethy Mary S, Santosh Kumar J. Modified RSA encryption algorithm using four keys. International Journal of Engineering Research & Technology (IJERT). 2015; 3(7): 1-5.

Goyal K. Randomization of RSA and other main public-key cryptosystems. MSc Thesis. Masaryk University. 2018.

Naresh K, Pillai PN. QR verification system using RSA algorithm. International Journal of Innovation and Scientific Research. 2014; 10(2): 433-437.

Rawat V, Nath KDD, Shukla DN. QR code based cloud data protection using RSA algorithm. International Journal of Creative Research Thoughts (IJCRT). 2018; 6(2): 561-570.

Ahamed S. Development of a secure QR code system for hiding personal confidential information. MSc Thesis. Bangladesh University of Engineering and Technology. 2018.

Daddala B. Design and implementation of a customized encryption algorithm for authentication and secure communication between devices. MSc Thesis. University of Toledo. 2017.

Kafle S. Securing Distributed Context Exchange Networks in Mobile Environments MSc Thesis. Mid Sweden University. 2013.

Jathar C, Gurav S, Jamdaade K. A review on QR code analysis. International Journal of Application or Innovation in Engineering & Management (IJAIEM). 2019; 8(7): 1-6.

Wahsheh HAM, Luccio FL. Security and privacy of QR code applications: A comprehensive study, general guidelines and solutions. Information. 2020; 11(4): 217.

Umaria MM, Jethava G. Enhancing the data storage capacity in QR code using compression algorithm and achieving security and further data storage capacity improvement using multiplexing. 2015 International Conference on Computational Intelligence and Communication Networks (CICN). 2015.

Dey S, Nath A. Confidential encrypted data hiding and retrieval using QR authentication system 2013 International Conference on Communication Systems and Network Technologies, Kolkata, India. 2013.

Ahamed S, Mustafa HA. A secure QR code system for sharing personal confidential information International Conference on Computer, Communication, Chemical, Materials and Electronic Engineering (IC4ME2). 2019.

Abed HN. Robust and secured image steganography using LSB and encryption with QR code. Journal of AL-Qadisiyah for Computer Science and Mathematics. 20179; (2): 1-9.

Mittra P, Rakesh N. A desktop application of QR code for data security and authentication. 2016 International Conference on Inventive Computation Technologies (ICICT). 2016.

Zhang J, Liu S, Pan J-S, Ji X. Digital certificate based security payment for QR code applications. Advances in Intelligent Systems and Computing. 2017.

Masalha F, Hirzallah N. A students attendance system using QR code. International Journal of Advanced Computer Science and Applications. 2014; 5(3): 1-5.

Quilala R, Sison AM, Medina R. QR code integrity verification based on modified SHA-1 algorithm. Indonesian Journal of Electrical Engineering and Informatics (IJEEI). 2018; 6(4): 385-392.

Intila CA, Gerardo BD, Medina RP. Modified key generation in RSA algorithm. International Journal of Recent Technology and Engineering (IJRTE). 2019; 8(2): 1-5.

Al Busafi S, Kumar B. Review and Analysis of Cryptography Techniques. 2020 9th International Conference System Modeling and Advancement in Research Trends (SMART). 2020.

Barbay J. Review of understanding and applying cryptography and data security by Adam J. Elbirt. ACM SIGACT News. 2012; 43(1): 18–21.

Blog F. Descriptive Research Designs: Types, Examples & Methods. Formplus. 2020.

Brush K, Rosencrance L, Cobb M. Asymmetric cryptography (public key cryptography). SearchSecurity. [Internet] 2021 [cited 2022 June 13] Available from: https://www.techtarget.com/searchsecurity/definition/asymmetric-cryptography

ClickSSL. Symmetric vs Asymmetric Encryption – Know the Difference. ClickSSL Blog - Information about SSL Certificates & Infosec. [Internet] 2022 Available from: https://www.clickssl.net/blog/symmetric-encryption-vs-asymmetric-encryption

codeSTACKr. Visual Studio Code 2022 | Web Dev Setup | Top Extensions, Themes, Settings, Tips & Tricks [Video]. YouTube. [Internet] 2021 Available from: https://www.youtube.com/watch?v=fJEbVCrEMSE

Combinations and Permutations. Mathsisfun.com. [Internet] 2017 Available from: https://www.mathsisfun.com/combinatorics/combinations-permutations.html

Czereszko G. Decrypting the future: a mathematical review of error-correcting codes and cryptography. Ball State University Libraries. [Internet] 2018 Available from: https://cardinalscholar.bsu.edu/handle/123456789/201420

Daniel B. Symmetric vs. Asymmetric Encryption: What’s the Difference? Trenton Systems, Inc. [Internet] 2021 Available from: https://www.trentonsystems.com/blog/symmetric-vs-asymmetric-encryption

Development Environment: A Definitive Guide. Indeed Career Guide. [Internet] 2021 Available from: https://www.indeed.com/career-advice/career-development/development-environmen

Development Environment. (n.d.). SUSE Defines. [Internet] Available from: https://www.suse.com/suse-defines/definition/development-environment/

Hoffstein J, Pipher J, Silverman JH. An Introduction to Mathematical Cryptography. Springer Publishing. 2014.

Isaiah A. How to add HTTPS to your website for free in 10 minutes, and why you need to do this now more than…. FreeCodeCamp.org. [Internet] 2018 Available from: https://www.freecodecamp.org/news/free-https-c051ca570324/

Wright J. (2013, January 15). Learn PHP in 15 minutes [Video]. YouTube. https://www.youtube.com/watch?v=ZdP0KM49IVk

Lake, J. What is RSA encryption and how does it work? Comparitech. [Internet] 2021 [cited 2022 June 13] Available from: from https://www.comparitech.com/blog/information-security/rsa-encryption/

Loshin P. plaintext. SearchSecurity. [Internet] 2021 [cited 2022 June 13] Available from: https://www.techtarget.com/searchsecurity/definition/plaintext#:%7E:text=In%20cryptography%2C%20plaintext%20is%20usually,algorithms%20is%20not%20always%20plaintext.

Marget A. Development and Test Environments: Understanding the Different Types of Environments. Unitrends. [Internet] 2021 Available from: https://www.unitrends.com/blog/development-test-environments

Maxey M. A Modern Day Application of Euler’s Theorem: The RSA Cryptosystem. [Internet] 2021 Available from: https://www.gcsu.edu/sites/files/page-assets/node-808/attachments/maxey.pdf

Mitali VK, Sharma A. A survey on various cryptography techniques. International Journal of Emerging Trends & Technology in Computer Science (IJETTCS). 2014; 3(4): 307–312.

Montero C. Centralized Covid Vaccination Records System in PHP Free Source Code|Free Source Code Projects and Tutorials. Sourcecodester. [Internet] 2021 Available from: https://www.sourcecodester.com/php/14997/centralized-covid-vaccination-records-system-php-free-source-code.html

Open Source Initiative. The Open Source Definition | Open Source Initiative. Opensource.org. [Internet] 2007 Available from: https://opensource.org/osd

Otto, M. Bootstrap. Getbootstrap.com. [Internet] 2000 Available from: https://getbootstrap.com/

Quick Programming. Simple signup and login system with PHP and Mysql database|Full Tutorial|How to & source code [Video]. YouTube. [Internet] 2020 Available from: https://www.youtube.com/watch?v=WYufSGgaCZ8

Rastogi A. PHP a Scripting Language | General-purpose programming language. NewGenApps - DeepTech,FinTech,Blockchain, Cloud, Mobile, Analytics. [Internet] 2020 Available from: https://www.newgenapps.com/technology/php/

Ricart JR. A Beginners’ Guide to Domain Names. Wix Blog. [Internet] 2021 Available from: https://www.wix.com/blog/2021/03/what-is-a-domain/

Security, S. What is Asymmetric Encryption? Read Symmetric vs. Asymmetric Encryption Diversity. Savvy Security. [Internet] 2021 Available from: https://cheapsslsecurity.com/blog/what-is-asymmetric-encryption-understand-with-simple-examples/#:%7E:text=Asymmetric%20Encryption %20uses% 20two%20distinct,recipient%20can%20decrypt%20the%20message

SourceCodester. Centralized Covid Vaccination Records System in PHP DEMO [Video]. YouTube. [Internet] 2021 Available from: https://www.youtube.com/watch?v=Mgj-zITzzcA

Source Code PH. QR Code Based Centralized Covid Vaccination Records System in PHP and MySql [Internet] 2022 Available from: YouTube. https://www.youtube.com/watch?v=tyT_ZHFfaDY&t=10s

The Economic Times. (n.d.). What is Ciphertext? Definition of Ciphertext, Ciphertext Meaning. [Internet] Available from: https://economictimes.indiatimes.com/definition/ciphertext

Warrayat, A. Cryptography and RSA. Uga.edu. [Internet] 2012 Available from: http://jwilson.coe.uga.edu/EMAT6680Fa2012/Warrayat/EMAT%206690/Essay2/Essay2.html

What is Asymmetric Encryption? Understand with Simple Examples. Savvy Security. [Internet] 2021 Available from: https://cheapsslsecurity.com/blog/what-is-asymmetric-encryption-understand-with-simple-examples/

What is Web-Based Systems. (n.d.). IGI Global. [Internet] Available from: https://www.igi-global.com/dictionary/web-based-systems/32428

Why RSA Encryption is secure - RSA Encryption. (n.d.). Sites.google.com. [Internet] Available from: https://sites.google.com/site/danzcosmos/why-rsa-encryption-is-secure

##plugins.themes.bootstrap3.article.details##

How to Cite
Pangan, A. M. S., Lacuesta, I. L., Mabborang, R. C., & Ferrer, F. P. (2022). Authenticating Data Transfer Using RSA-Generated QR Codes. European Journal of Information Technologies and Computer Science, 2(4), 18–30. https://doi.org/10.24018/compute.2022.2.4.73