JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.

ORG

147

Quick Response code A Survey

S.Hemalatha, P.C.SenthilMahesh, and Dr.Paul Rodrigues Abstract
QR code is an abbreviation of Quick Response code is widely used in a around the world to keep information about all kind of product industry .These usage starts from automotive industry to all other commercial products because of its two big advantages are fast accessing of data and provide large storage area .In this papers we pointed out the survey of QR codes and finally concluded with the possible attacks in QR code.

Index Terms
QR code 1.Introduction A QR code is an abbreviated of Quick Response code[1] is a type of two dimensional codes seems like a matrix bar code. This QR code initially designed for automotive industry, day by day this design becomes more popular from the outside industry. There are two for most reason for becoming popular is which is fast readably comparing with other bar codes and another reason is which provide large storage area. The QR code is an arrangement which consist of black modules arranged in a square pattern on a white background. The information will be stored in a QR code through encoding of data which can be any one of four modes of data like numeric, alpha numeric, byte or binary and kanji. Initially this QR code in created in the year of 1994 by Toyota to do the purpose of track vehicles during the stage of manufacturing process day by day this QR code is the most popular that two dimensional bar code because of it has been designed to allow its contents to be decoded at high speed. QR usage is growing fastest in United States, Canada and Hong Kong etc. Background of QR code The information records format consist of two things: the error correction level and the mask pattern On seeing of QR code which not only consist of two dimensional shape and storage area, along with that which also has five important area are 1)Standards used for encoding of QR codes 2)Storage 3)Encryption 4)Information Recording[1][2] There are several standards in documents covering the physical encoding of QR codes. The standards are AIM, JIS X 0510, ISO/IEC 18004:2000, ISO/IEC 18004 in the year 1997, 1999, 2000, 2006 respectively. Finally Docomo as established defacto standards for the encoding of URLs, contact information, and several other data types to access application layer. The open-source "ZXing" project maintains a list of QR code data types. The maximum amount of data storage in QR Code depends on the data types and version. Possibly there are 1.40 versions in the error correction level of (L[ow], M[edium], Q[uality], and H[igh]. For encryption and decryption operation in QR codes uses DES algorithms (56 bits).Reed Solomon error correction algorithm used for error correction at four level of error correction.

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

148

used for the symbol. Masking is used to break up patterns in the data area that might confuse a scanner, such as large blank areas or misleading features that look like the locator marks. The mask patterns are defined on a 66 grid that is repeated as necessary to cover the whole symbol. Modules corresponding to the dark areas of the mask are inverted. The format information is protected from errors with a BCH code and two complete copies are included in each QR symbol. 2. Architecture of QR Code Figure 1 shows the structure of QR code which has the inner components of version indicator, data and error correction level, information etc.

The message data is placed from right to left in a zigzag pattern, as shown figure 2 below. In larger symbols, this is complicated by the presence of the alignment patterns and the use of multiple interleaved error-correction blocks.

Fig 2 Meaning of format information

Fig 1 Structure of a QR code, highlighting functional elements Version: The 40 different versions of QR Codes mainly differ in the number of modules. Version 1 consists of 21x21 modules, up to 133 (lowest error correction level) of which can be used for storing encoded data. The largest QR Code (Version 40) has a size of 177x177 modules and can store up to 23,648 data modules. Data and Error Correction Level: Error Correction in QR Codes is based on Reed-Solomon Codes [14], a specific Form of BCH error correction codes. There are four levels (Table 1) of error correction that can be chosen by the user at creation time. L 7% M 15% Q 25% H 30% Table 1: Error Correction Levels

Fig 3Message placement within a QR symbol Four-bit indicators are used to select the encoding mode and convey other information. Encoding modes can be mixed as needed within a QR symbol. Indicator 0001 0010 0100 1000 0011 0111 Meaning Numeric encoding Alphanumeric encoding Byte encoding Kanji encoding Structured append Extended Channel Interpretation

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

149

0101 1001 0000

FNC1 in first position FNC1 in second position End of message

6 6 7 7 8 8

15 F 16 G 17 H

24 O 25 P 26 Q

33 X 34 Y 35 Z

42 . 43 / 44 :

Next have to select the Encoding mode which says how many characters are encoded in this mode are shown Encoding Numeric Alphanumeric Byte Kanji Ver. 19 1026 2740

c-code Ch character. 3.Literature Review

10 9 8 8

12 11 16 10

14 13 16 12 Although QR code initially developed for automotive industry to know the status of a machine during manufacturing .Day by day which has been used in many field like mobile phone , Authentication ,web ,buildings ,images, graphics,even a new research is going on implementation of QR code in teaching field. This literature review shows how QR codes are used in above fields. 3.1 QR codes in mobile Phone Alexandre Alapetite [4] introduces a novel Web architecture that supports session migration in multidevice Web applications, particularly the case when a user starts a Web session on a computer and wishes to continue on a mobile phone. This papers provide a solution for transferring the needed session identifiers across devices is to dynamically generate pictures of 2D-barcodes containing a Web address and a session ID in an encoded form. mobile device to a computer (opposite direction), and between two or more mobile phones (possibly back and forth).

Alphanumeric encoding mode stores a message more compactly than the byte mode, but cannot store lower-case letters and has only a limited selection of punctuation marks. Two characters are coded in an 11-bit value by this formula: V = 45 C1 + C2 Alphanumeric character codes are as follows. C Ch 0 0 1 1 2 2 3 3 4 4 5 5 C 9 Ch 9 C 18 I 19 J 20 K 21 L 22 M 23 N Ch C Ch C Ch

27 R 28 S 29 T 30 U 31 V 32 W

36 space 37 $ 38 % 39 * 40 + 41 -

10 A 11 B 12 C 13 D 14 E

fig 4 A mobile phone scanning a QR-code from a Web page on a desktop computer screen, to initiate a session transfer towards the mobile phone Web browser

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

150

3.4 QR code in Banking for secure transaction 3.2 QR code in dotMobi dotMobi [2] is the mobile subsidiary of the Internet registry service provider, Afilias is the registry operator of the .info top level domain. The dotMobi site is the parent site of several other subsites:mobiThinking, mobiForge (covered in-depth below) mobiReady, DeviceAtlas, findMobi and goMobi. Following the Mobilize your web presence link on the dotMobi site leads to the InstantMobilizer. The InstantMobilzer at (http://instantmobilizer.com) will automatically convert your conventional web site to a .mobi web site, optimized for mobile devices. The converter is available to customers who register a .mobi site with one of the dotMobi registrar partners. Theres a tool to test your web site prior to conversion. The Instant Mobilizer site also has a Quick Response (QR) code generator. Entering a URL into the code generator will produce a QR code such as the one shown here. Scanning the QR code with a smart phone barcode scanner will cause the smart phone browser to launch with the URL in the QR code. The QR code can be attached to ads, business cards etc . 3.3 QR code used for Authentication Using Fixed and Mobile Terminals Normally in banking are using data base for maintaining the details about the client. But the possibility of attacks on the client details and transactions are day by day becomes more. So QR code is used to maintain client information securely shown in fig 6 and fig 7

Fig 5 Secure bank transaction details

Fig 5 Makiko Aoyagi, Tsuyoshi Abe, Kenji Takahashi[5] proposed the mobile terminal has implemented a user authentication module based on a mobile equipment identifier. As demands for stronger authentication rise, many technologies using mobile phones as authentication devices have been proposed, such as those based on biometrics, PKI , onetime password, and multi-factor methods . By using mobile method, users can strongly authenticate both with the authentication functions of PCs (such as client certificates) and mobile phones (such as SIMbased authentication) (Figure 5). References

Fig 6 mobile device capture QR region

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

151

(using the cellular phone), in the form of yellow plastic discs fitted with stick-on 13.5 MHz RFID tags placed around the campus maze as shown in Figure 9.

Fig 7 Mobile device capture the QR code 3.5 QR code in way finding One of the another usage of QR code is for finding the way[6]. By scanning the QR-code tag(which has location information ) through the user PDA That will be sent over wi-fi, followed by the navigation server uses that location information to decide which photos to send . The user then follows the direction or prompt displayed on device. The navigation server records the positions, time, and user ID for the tracking purpose. A user interface is provided for job coaches or family members to retrieve the tracking information then which is displayed on a map which is shown in fig 8 below.

Fig 9 QR code reading through cellular phone for ganming 3.7 QR code for education The CULP[8] provides a collaborative learning environment to the students at anytime and in anywhere. While most of the existing ubiquitous learning systems use RFID as the object identification technology, we use QR-code instead. Our major concerns are the availability and the cost. Nowadays, RFID readers usuallyattached to PDAs rather than cell-phones. If RFID technology is employed, extra expenses are required to buy a set of PDA with RFID reader for each student. To make the system available to all the students without extra expenses, low-cost cell-phones with built-in cameras and QRcode technology are employed. As cell-phones with built-in cameras are quite popular, the studentscan simply use their own cell-phones as the ubiquitous learning device. Once the student encounters a problem with a certain component, the student can invoke the QR-code reader from his/her cell-phone and focus the camera on the QRcode attached previously on the component. While the reader successfully read the QR-code of the component, the related teaching materials of the

Fig 8 QR code for way finding 3.6 QR code is for gaming QR code can also be used for doing playing games[7].Player who takes the role of the main PACLAN character collects game pills

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

152

component is automatically provided to the student and is shown on the screen of his/her cell-phone. If the student needs more helps from the peers, he can simply click the on-line help button from the menu and a list of peers who have studied the component is shown for the student to choose one. When a peer is chosen, a message is sent to the peer asking him/her to provide on-line help for the student. Figure10 shows some snapshots taken from the PC-DIY lab.

Fig 10 Reading material from QR code

4. Attacks on QR code
Although the QR code is using in many fields which is vulnerable to different kinds of arracks[9] 4.1 SQL injection We believe that many automated systems store and process the encoded information in a relational database. By appending a semicolon followed by a SQL query like ;drop table <tablename> to the encoded information, manipulations to the backend database are possible (provided the DBMS allows for multiple queries in a single line). This would delete the table specified in the command, resulting in a denialof- service attack. More specific attacks may include adding a user, executing system commands (e.g., by using the stored procedure xp_cmdshell on Microsoft SQL Server), or altering data such as prices or passwords within the database. 4.2 Command injection: If the encoded information is used as a command line parameter without being sanitized, this could be easily exploited to run arbitrary commands on behalf of the attacker, which 4.3. Fraud may have disastrous consequences for the security of the operating system e.g., installing root kits, DoS, or connecting a shell to a remote computer under the control of the attacker. 4.4 Attcking human interaction. Humans can not read the code without a reader software, the information stored within the code is

completely obfuscated. But by reading the manipulated QR code, vulnerability in the reader software or the browser might get triggered. 4.5 Phishing and Pharming[10]: If QR Codes are used for links in augmented reality scenarios, an attacker might set up a fake website and redirect users by changing the QR Code. This is dangerous if some form of credentials are needed to access the website. The user has no possibility to verify that the link is not modified. 4.6 Fraud: QR Codes are often used in advertisements to direct the target audience to special offers or additional information about specific products. If the QR Code can be manipulated to redirect the user to a cloned website, an adversary could sell the solicited product without ever fulfilling the contract. The victim implicitly trusts the advertising company by following the link. 4.7 Attacking reader software: Different implementations of the reader software on computers or cell phones might be attackable via command injection or traditional buffer overflows if the encoded information is not sanitized. An attacker might gain control over the entire smartphone, including contact information or the victims communication content like Email or SMS. 4.8 Social engineering attacks: Building on these attacks, more specific attacks like spear phishing or other variants of social engineering are enabled, depending on the goal of the attacker. Leaving a poster of a QR Code on the parking lot of a company (instead of the traditional attack with an USB drive) offering discount in a nearby restaurant is a new attack vector which is likely to be successful.

5. Conclusion
In this paper we organized this article right from the architecture of QR code to different fields using QR code. Finally we pointed out various attacks in QR code.

6.Further Work
Our feature work will be creating a new QR code which also will work to thwart QR code attacks.

7.References
1.QRcode.com 2.QRcodegenerator.com 3.Dynamic 2D-barcodes for multi -device Web session migration including mobile phones Alexandre Alapetite published online: 2 April 2009 Springer-Verlag London Limited 2009

JOURNAL OF COMPUTING, VOLUME 4, ISSUE 2, FEBRUARY 2012, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

153

4. http://mtld.mobi 5. Symmetric Identity Federation for Fixed-Mobile Convergence Makiko Aoyagi, Tsuyoshi Abe, Kenji Takahashi ACM 2008 6. A Context Aware Handheld Wayfinding System for Individuals with Cognitive Impairments Yao-Jen Chang,Chung Yuan Christian ,Shih-Kai Tsai acm 2008 7. Extending Cyberspace: Location Based Games Using Cellular Phones acm 2008 OMER RASHID, IAN MULLINS, PAUL COULTON,AND REUBEN EDWARDS Acm 2008. 8. A Collaborative Ubiquitous Learning Platform for Computer Science Education Judy C.R. Tseng, Sunny Y.Y. Hsu 9. Cryptography and network security William stallings 10. Wikipedia Network attacks

Author S.Hemalatha has completed BE,ME in Madras university and Anna University year of 2000 and 2004 respectively. Now she is doing her research in Anna University in the field of QR code. Her research interested in network security. P.C.SenthilMahesh has completed BE,ME in Madras university and Anna University year of 1997 and 2006respectively. Now he is doing his research in Anna University in the field of QR code.His research interested in network security. Dr.Paul Rodrigues is a Dean (Research) in Vellamal Engineering college .He has more than 20 years of experience. His research area is Network security,SOA,etc..,