International Journal of Computer Engineering and Applications,

Volume XI, Issue IX, September 17, www.ijcea.com ISSN 2321-3469

QR CODE GENERATION USING ECC CRYPTOGRAPHY

Mr. Ganesh Bhagwat, Ms. Rajlaxmi Nayak

(Information Technology, Mumbai University, India)

(Information Technology, Mumbai University, India)

ABSTRACT

Mobile payment system being one of the widely expanding mobile services, it has security
concerns that prevented its wide acceptance. Some of the main security services given prior
attention in mobile payment are issues of privacy, authentication and confidentiality. This paper
used ECC cryptography technique for the encryption of QRCODE. The encryption and
decryption of QRCODE is barrier of security issue of mobile payment system. If the encryption
time of QRCODE is high. Its invites the security threats for transaction

Keywords: Cryptography, Decryption, Encryption ECC, QRCODE

[1] INTRODUCTION

Encryption is a procedure that progressions and information into a mystery code. It is one
conceivable method for concealing information so that lone approved clients can read it. Mystery
key or secret word is expected to empower decoding process. Encryption is the most capable
technique to disentangle information [1]. Encryption is by and large ordered in two fundamental
sorts. The essential encryption strategy is symmetric encryption and topsy-turvy encryption. The
trouble level of topsy-turvy encryption lies in the challenges of numerical computation in tackling
modulus for an extraordinary number. Awry encryption utilizes two keys. People in general key

Mr. Ganesh Bhagwat, Ms. Rajlaxmi Nayak 95

 QR CODE GENERATION USING ECC CRYPTOGRAPHY

are utilized for encoding plaintext and the private key is utilized for decoding the cipher text. As a
result of the multifaceted nature of computation, deviated encryption reassure a considerable
amount of time. In the other hand, symmetric encryption is less tedious on the grounds that the key
of symmetric encryption additionally have less difficult computation than hilter kilter encryption.
Lamentably, the mystery key of symmetric encryption is less secured that deviated on the grounds
that the mystery key is shared by the collector and the sender. So it is essential to circulate mystery
key of symmetric encryption safely. The dominant part of encryption framework utilizes the
symmetric technique since its calculation is single, straightforward and very much acknowledged.
The most essential thing is that the era of the mystery key is basic and simple since it utilizes a
similar key for encryption and unscrambling. The downside happens when the gatecrasher
succeeds stole the mystery key so they can without much of a stretch open the message. Thusly,
the key conveyance system ought to be finished with a safe technique to make symmetric
encryption secure [1].

[2] QR CODE ENCRYPTION

Amid critical exchange utilizing versatile installment, all information ought to be secured.
Accordingly, a few information concealing technique ought to be utilized to guarantee that the data
is right and is gotten or sent by confirmed gathering. In this paper, Encrypted QR Code through
PKI is examined for securing data in the portable installment framework. Securing encryption key
needs trusted-outsider that has obligations to guarantee that both sides are genuine clients. The
examined framework is appeared in Figure [1]. This installment framework can be utilized for the
immediate installment framework and online installment framework. In view of Fig., the primary
client ought to give their client ID to the vendor. The dealer will ask for an open key to the outsider.
This outsider ought to be trusted. In the wake of getting a demand from dealer then outsider check
client ID to database and produces a couple segment of key (open and private key).
People in general key and the private key is constantly created for every exchange and has a specific
time restrict. their versatile installment framework uses a key match plan to create distinctive open
and private keys for different individuals in the meantime, and even a similar individual gets
different keys at various circumstances. To bolster key combine period, the clock of the client,
shipper, and the outsider must be synchronized. After open and the private key is produced, then
people in general key is sent to the vendor gadget, and the private key is sent to the client. To get
the correct private key, the client ought to sign into the application on his cell phone. These two
methods for verification technique will guarantee that the client is a genuine gathering.

In the wake of accepting the general population key, this open key is utilized by the vendor to
encode exchange data. From that point forward, the vendor will create QR Code from the encoded
data of the exchange. In this versatile installment framework, QR Code is utilized to store
installment data, for example, cost and shipper's record number. QR Code is utilized as shared
verification amongst trader and customer. Just particular purchaser can read the QR Code and paid
it to the record number. Other than that, by utilizing this common verification strategy, it will
ensure the client as the pays party from undesirable withdrawal installment by the wrong party. It
additionally shields the shipper from extortion parties which have the probability to hoodwink
installment affirmation to another record number.

Mr. Ganesh Bhagwat, Ms. Rajlaxmi Nayak 96

 International Journal of Computer Engineering and Applications,
Volume XI, Issue IX, September 17, www.ijcea.com ISSN 2321-3469

Figure 1.1: QR Code encryption through PKI.

At last, QR Code prepared to be checked by clients. QR Code that created by vendor go about as
virtual record number installment. There is a restrict period to check the QR Code in light of the
fact that the key match (open and private key) has constrained time. On the off chance that the
client does not affirm the installment amid as far as possible, the QR Code will be terminated. In
the wake of affirming the installment, the QR Code can't be utilized any longer. In this installment
framework, shared confirmation is finished by the outsider that guarantees legitimating amongst
client and shipper. It is likewise significant not putting away login data and secret key on the
telephone. All information ought to be prepared and put away in the server.
Prior to the information leaving cell phone, all data should be scrambled.
Process block diagram of encryption and decryption

Mr. Ganesh Bhagwat, Ms. Rajlaxmi Nayak 97

 QR CODE GENERATION USING ECC CRYPTOGRAPHY

Figure 1.2 shows that process of encryption and decryption of QRCODE

[3] PROBLEM STATEMENT

Several implementations have emerged as the key methods to use a cellular phone in remote
network authentication. One such solution focuses on using cellular phone as a standalone OTP
token [6]. The phone is a computational platform to generate the OTP code. The OTP generating
software, user’s secret seed and counter value are stored in the cellular phone. In operating the
token, the user activates the software. The phone generates the OTP code. The user reads the OTP
code and enters it into a PC or Internet device for 2FA need. Once authenticated, the user is allowed
to access the network. These simple mobile tokens usually do not have any capability to resist the
OTP seed (K) tracing by MITM interception or Shoulder-surfing attacks. Moreover, it stores the
secret seed and counter value. These secrecies can be exposed if the phone is lost or stolen [7,8].
The network security is comprised then. Amid critical exchange utilizing versatile

Mr. Ganesh Bhagwat, Ms. Rajlaxmi Nayak 98

 International Journal of Computer Engineering and Applications,
Volume XI, Issue IX, September 17, www.ijcea.com ISSN 2321-3469

installment, all information ought to be secured. Accordingly, a few information concealing

technique ought to be utilized to guarantee that the data is right and is gotten or sent by confirmed
gathering. In this paper, Encrypted QR Code through PKI is examined for securing data in the
portable installment framework. Securing encryption key needs trusted-outsider that has
obligations to guarantee that both sides are genuine clients [9, 10].

[4] QR CODE GENERATION ARCHITECTURE

QR Code generation: QR code era is the primary module of their talked about approach. In that
they will produce a QR code with included encoding procedures which coverts their unique private
information into various QR codes. Regularly QR code is an enhanced encoding system which
implies it scrambles given information and in addition packs the scrambled into decreased size.
The span of given information will be lessened when utilizing an encoding strategy. QR code is
additionally performs like an encoding component. QR codes are presently utilized over a
considerably more extensive scope of versatile applications and business applications [4].

Figure 1.3: QR Code Generation Architecture

[5] COMPARATIVE RESULT

Figure 1.4: comparitive performance for www.google.com with elapsed time using RSA and ECC method
in our implementation.

Mr. Ganesh Bhagwat, Ms. Rajlaxmi Nayak 99

 QR CODE GENERATION USING ECC CRYPTOGRAPHY

Figure 1.5: comparitive performance for www.sbi.co.in with elapsed time using RSA and DES method in
our implementation

[6] CONCLUSIONS

In this dissertation we enhanced the security strength of QR code. For enhancement of security of
QRCODE we used ECC cryptography technique. The ECC cryptography technique is public
cryptography technique and more secured in compression of RSA and other cryptography
algorithm. Selection of ECC asymmetric encryption among asymmetric encryptions improves
efficiency and speed of encryption calculation of QRCOE is calculated and data is decrypted with
very high speed in ECC method and its security is higher than that of other asymmetric algorithms.
The encryption for securing mobile payments reached in the work is as such mature. It makes use
of the industry standard technology for wireless PKI and in it the generally agreed models have
been adopted. For a payment system, the functionality of the system is, however, quite limited.

REFERENCES

[1]ArianaTulusPurnomo, YudiSatriaGondokaryono and Chang-Soo Kim “Mutual Authentication in

Securing Mobile Payment System using Encrypted QR Code based on Public Key Infrastructure”, IEEE,
2016, Pp 194-198.
[2] Boris Pokrić, SrđanKrčo and Maja Pokrić “Augmented Reality based Smart City Services using Secure
IoT Infrastructure”, IEEE, 2014, Pp 1-6.
[3]MojtabaAlizadeh,SaeidAbolfazli, MazdakZamani, SabariahBaharun and Kouichi Sakurai
“Authentication in mobile cloud computing: A survey”, Elsevier, 2016, Pp 1-23.
[4] R.Sharmila and M.Mohamed Sithik “Smartphone Base D Secure Color Qr Code Using Visible
Light Communication”, IJARBEST, Pp 314-319.
[5] NajmehMashhadi “Authentication in mobile cloud computing by combining the two factor
Authentication and one time password token”, Ciência e Natura, 2015, Pp 220-229.
[6] Norbert Pohlmann, Markus Hertlein and Pascal Manaras “Bring Your Own Device For
Authentication (BYOD4A) – The Xign–System”, Springer, 2015, Pp 1-10.

Mr. Ganesh Bhagwat, Ms. Rajlaxmi Nayak 100

 International Journal of Computer Engineering and Applications,
Volume XI, Issue IX, September 17, www.ijcea.com ISSN 2321-3469

[7] Maarten H. Everts, Jaap-Henk Hoepman and JohannekeSiljee “UbiKiMa: Ubiquitous

authentication using a smartphone, migrating from passwords to strong cryptography”, ACM, 2013, Pp 1-
6.
[8] Tao-Ku Chang “A Secure Operational Model for Mobile Payments”, Scientific World Journal,
2014, Pp 1-14.
[9] NaelHirzallah and Sana Nseir “a mobile payment system with an extra token of security”,
International Journal of Computer Engineering and Applications, 2014, Pp 81-93.
[10] Fumiko Hayashi and Terri Bradford “Mobile Payments: Merchants’ Perspectives”, Federal Reserve
Bank Of Kansas City, 2014, Pp 33-57.
[11] S. H. V. C. Silva, E. L. Flôres, G. A. Carrijo, A. C. P. Veiga, and M. B. P. Carneiro “SWEP Protocol
and S-Wallet System - Mobile Payments using Near Field Communications”, Hindawi, 2014, Pp 1-7. [12]
Florian Otterbein, Tim Ohlendorf and Marian Margraf “Mobile Authentication with German eID”, arXiv,
2017, Pp 1-12.
[13] Preeti Garg and Dr. Vineet Sharma “Secure Data Storage in Mobile Cloud Computing”, International
Journal of Scientific & Engineering Research, 2013, Pp 1154-1159.
[14] Adam Ali.ZareHudaib “E-payment Security Analysis In Depth”, IJCSS, 2014, Pp 14-24.
[15] Piotr K. Tysowski and M. Anwarul Hasan “Hybrid Attribute-Based Encryption and Re-Encryption for
Scalable Mobile Applications in Clouds”, IEEE, 2013, Pp 1-13.
[16] V.N.V.H Sudheer and J.Ranga Rajesh “Secure Ciphering based QR Pay System for Mobile Devices”,
International Journal of Emerging Trends in Engineering and Development, 2013, Pp 662-669.
[17] Ariana Tulus Purnomo, Yudi Satria Gondokaryono, Chang-Soo Kim, Ilkyeun Ra, “A Study on QR
Code and Fingerprint Sequence for Securing Mobile Payment System”, International Conference on
Future Information & Communication Engineering, pp. 33-35, 2016.
[18] William Stallings, “Cryptography and Network Security”, Pearson, United States of America., 2008,
Pp 88-95.
[19] Kinjal H. Pandya and Hiren J. Galiyawala, “A Survey on QR Codes: in contex of Research and
Application”, International Journal odf Emerging Technology and Advanced Engineering, Vol. 4,
Issue. 3, March 2014.
[20] Somdip Dey, “SD-EQR: A New Technique to Use QR Codes in Cryptography”, International Journal
of Onformation Technology and Computer Science, IJITCS, May/June 2012.
[21] P. Azad, T. Asfour, and R. Dillmann, “Combining Harris interest points and the sift descriptor for fast
scale-invariant object recognition,” EEE/RSJ International Conference on Intelligent Robots and
Systems (IROS), 2009.
[22] [2] H. Bay, A. Ess, T. Tuytelaars, and L.V. Gool, “Speeded-up robust features (surf),” Computer Vision
and Image Understanding, vol. 3, 2008, pp. 346–359. [23] Y. Boykov, and D. Huttenlocher, “Adaptive
Bayesian recognition in tracking rigid objects,” In Proc. IEEE Conf. Computer Vision and Pattern
Recognition (CVPR), 2000.
[24] Z. Xuanwu, J. Zhigang, F. Yan, Z. Huaiwei and Q. Lianmin, “Short signcryption scheme for the
internet of things,” Slovenian Society Informatika, 2011.
[25] A. Sojka, K. Piotrowski and P. Langendoerfer, “Short ECC: a lightweight security approach for
wireless sensor networks,” Proc. Security and Cryptography (SECRYPT), July 2010.
[26] M. Abdalla, M. Bellare, D. Catalano, E. Kiltz, T. Kohno, T. Lange, et al., “Searchable encryption
revisited: consistency properties, relation to anonymous IBE and extensions,” Journal of Cryptology, vol.
21, no. 3, pp. 350-391, 2008.
[27] M. S. Islam, M. Kuzu, M. Kantarcioglu, “Inference attacks against s earchable encryption
protocols,” Proc. of the 18th ACM conference on Computer and communications security, pp 845-448,
2011. [28] S. Raza, H. Shafagh, K. Hewage, R. Hummen and T. Voigt, “Lightweight secure CoAP for the
internet of things,” Sensors Journal, IEEE, vol. 13, Issue 10, Oct. 2013, pp. 3711–3720.
[29] Z. Shelby, K. Hartke and C. Bormann, “Constrained application protocol (CoAP),”
https://ietf.org/doc/draft-ietf-core-coap, June 28, 2013, CoRE Working Group, IETF.
[30] J. Janak, H. Nam, and H. Schulzrinne, “On access control in the internet of things,” Columbia
University, February 15, 2012.

Mr. Ganesh Bhagwat, Ms. Rajlaxmi Nayak 101