Loading…

Usable security for QR code

QR codes are widely used in various settings such as consumer advertising, commercial tracking, ticketing and marketing. People tend to scan QR codes and trust their content, but there exists no standard mechanism for providing authenticity and confidentiality of the code content. Attacks such as th...

Full description

Saved in:
Bibliographic Details
Published in:Journal of information security and applications 2019-10, Vol.48, p.102369, Article 102369
Main Authors: Focardi, Riccardo, Luccio, Flaminia L., Wahsheh, Heider A.M.
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:QR codes are widely used in various settings such as consumer advertising, commercial tracking, ticketing and marketing. People tend to scan QR codes and trust their content, but there exists no standard mechanism for providing authenticity and confidentiality of the code content. Attacks such as the redirection to a malicious website or the infection of a smartphone with a malware are realistic and feasible in practice. In this paper, we present the first systematic study of usable state-of-the-art cryptographic primitives inside QR codes. We select standard, popular cryptographic schemes and we compare them based on performance, size and security. We conduct tests that show how different usability factors impact on the QR code scanning performance and we evaluate the usability/security trade-off of the considered cryptographic schemes. Interestingly, we find out that in some cases security breaks usability and we provide recommendations for the choice of secure and usable cryptographic schemes.
ISSN:2214-2126
DOI:10.1016/j.jisa.2019.102369