close
test_template

Enhancing Online Security: Qr Code-based Authentication for Banking

Human-Written
download print

About this sample

About this sample

close
Human-Written

Words: 2069 |

Pages: 4|

11 min read

Published: Sep 20, 2018

Words: 2069|Pages: 4|11 min read

Published: Sep 20, 2018

Sample
Details

Table of contents

  1. Introduction
  2. Literature Survey
  3. Proposed System
  4. Survey On Information Hiding Techniques Using Barcode
  5. QR Code
  6. System Overview
  7. Registration System
  8. Online Authentication System
  9. Offline Authentication System
  10. Security
  11. Future Scope
  12. Conclusion

This work contributes in implementation and designs of an inventive secure authentication method which utilizes a QR code; an open source proof of a concept authentication system that uses a two way authentication by combining a password and a mobile phone, acting as an authentication token. QR code is extremely secure as all the sensitive information stored and transmitted is encrypted; however it is also an easy to use and cost-efficient solution. In the QR code a complex password is stored. Smart phone is used for scanning the QR code. The code is scanned with the QR code scanner. Scanning result generate one string which is the combination of IMEI number of a phone which is register by the user and the random number, where random number is generated by the random number function which is pre. If the network is available on the smart phone then that generated string is automatically entered into the login page and homepage of bank is open. Otherwise six digit pin code is generated and it has to manually enter in the login page and home page of bank is open for transactions.[1]

In a modern world where we are able to do almost everything on-line, it is nowadays a critical matter to be able to access these services in the most secured manner. Indeed, as viruses and cracking methods become more complex and powerful by the day, the available security techniques must improve as well, allowing users to protect their data and communications with the maximum confidence. The aim is to develop an authentication method using a two factor authentication: a trusted device (a mobile phone) that will read a QR code and that will act as a token, and a password known by the user.

Introduction

Now a day’s almost all the things we are able to do online (like banking, shopping, communicating) and in this the challenge is that while doing this things online our information is not get damaged. Indeed, as the method of cracking the security code get more complex and powerful. These powerful applications allow user to work on untrusted computers confidently. This work is based on the two way authentication system. In this the QR code provides security. The existing system having security methods such as password, username, finger prints, and face detection. But in these methods security is not up to the mark, so there is need to develop such security system which provides high security. The recent interest in the use of visual tags in everyday life is a natural consequence of the technological advances found in modern mobile Phones.[2] The QR code is a matrix consisting of an array of nominally square modules arranged in an overall square pattern, including a unique pattern located at three corners of the symbol and intended to assist in easy location of its position, size and inclination. A wide range of sizes of symbols is provided together with four levels of error correction. There are two sections in this system. In the encoding section conversion of input data to a QR Code symbol takes place. In this the data analysis and encoding is done then after Error correction coding the final message is structures. Decode section contains decoding of the input QR Code image and displays the data contain that QR code. The decoding procedure starts with the reorganization of black and white module then Decode format information.

Literature Survey

In the literature survey we did the survey of certain systems which are common used. To eliminate threat of phishing and to confirm user identity, QR-code which would be scanned by user mobile device can be used and weakness of traditional password based system can be improved by one time password (OTP) which can be calculated by user transaction information and data unique at user side like imei number of the user mobile device. We just studied their working and tried to add unique features and disadvantages about them and tried to learn something new from each system.

Proposed System

To design a system which replaces the current OTP based two factor authentication system The QR based authentication system lets the user input the password, if the user is authenticated then an encrypted string consisting of IMEI number of the user is displayed in the form of QR code. The user uses his phone to scan the QR code and if the encrypted string is same as the IMEI number of the device the user is authenticated. To design a system for visually impaired persons in which the person uses his phone to scan the QR code and after the scan is complete the code is spoken out. The visually impaired can enter the code via text-to-speech to the web application. Paper Name Disadvantages OTP Encryption Techniques in Mobiles for Authentication and Transaction Security Most OTP systems are susceptible to real-time replay and social engineering attacks. OTPs are also indirectly susceptible to man in the middle (MITM) and man in the browser (MITB) attacks.

Survey On Information Hiding Techniques Using Barcode

They Can Breakdown Label damage. Scratched or crumpled barcodes may cause problems A Secure Credit Card Protocol over NFC

  1. Security problems.
  2. Sensitive data can be accessed if card is lost.

QR Code

QR code is the Quick Response code. Before the QR code there are some authentication methods are available that are-User name and password, Bar code, Finger prints, Face identity. But user name and password are not providing more security. And the Bar codes have some limitations like bar code only stored up to 20 digits. So in bar code we are not able to stored very complex password there for bar code is not more secure method.[3] Figure 4. Bar Code Finger prints and the face identity methods are very costly and not affordable by common users. For overcome all the drawbacks of existing system the QR code is introduce. QR codes (Quick Response codes) were introduced in 1994 by Denso-Wave, a Japanese company subsidiary of Toyota. QR codes are two-dimensional bar codes, so they can be read from any direction in 360. It can store up to 4,296 alphanumeric characters. So it is much more than the barcode can stored. QR code’s structure is shown in the figure below: Advantages of QR code QR code is two dimensional and readable at any direction. Storage capacity of QR code is up to 4,296 alphanumeric characters. It is readable if they are partially damage. It is easy to scan with camera based device. QR codes are not readable by person. QR code can stores data which is stored in one dimensional bar code in one-tenth the space. QR code is providing information correctly if it is damage up to 30%. It can handle many types of data like numeric, alphabetic.

System Overview

Registration System

The following steps give the information on how to complete the registration process: The first user would go into the registration section in the web application and would submit her/his username, password and IMEI number of the phone. After validating the data which is user enter is stored in to database. The data which is in the database server produce the public and private key and stored into the server. After this, the user would proceed to download and install the application on her phone. When user first time run the application the class files of public key and private are created and stored into the internal storage of mobile phone.[4] In a registration if the user not enter all the values like username, password, IMEI number, mobile number, and email address then registration process is not get completed. Validation is most important part in registration process; if validation is not successful then user is not able to login.

Online Authentication System

First IMEI number and random number are encrypted using the public key. This encrypted string generates the QR code using the QR code generation function which is present in java. Now this QR code image is display on the client machine. User scans this QR code using mobile phone. After scanning, in online mode means net is available on phone the generated string (IMEI number and random number) is automatically get entered into the login page. After successful login the home page of the bank is get open. So in our system there is no need to remember the password that is combination of your IMEI number and the random number. The server decrypts the string using the user public key and verifies that a row exists in the transactions table with our random number, and then updates the row of transaction table.[5] The server checks then that the IMEI is correct or not and assigned that IMEI to the correct user. If the login is get successful the transaction row is deleted. It means every time the generated QR code image is different. Now the PHP session is created and when user gets logoff the session is destroyed.

Offline Authentication System

Using pin code generation algorithm, a unique six-digit number is generated from the encrypted string (IMEI number and random number). This pin code user has to enter on login page manually with his username. For enter the pin code the keypad is available on screen. So there is no need to enter the pin code using systems keypad. Here our system provides more security. After entering the pin code server verify the IMEI number of user which is stored in the database. If the IMEI number is present then user is valid and then homepage Of bank is gets open. Sequence diagram of Offline authentication The timestamp is also checked. If the random number is generated before the 5 minutes ago then session is destroyed. And user is not able to login.

Security

In our system the security is more powerful because of the QR code and encryption algorithm. A man-in-the-middle attack is not gets successful in our system because communication between the server and user is always encrypted. Username is not gets reuse or copies because username is get deleted after the user logout.[6] For mobile application person also need the password so there is no way for any attack because the file is not easily accessible and it is encrypted. If the untrusted person knows how to handle the internal storage then only the security problem is created. A phishing attack on the mobile phone is possible by replacing the application by another application. And the password is also get covered but without the certificate it still not possible. Another security part is timestamp, if user is not able to login in given timestamp then login is not successful.

Future Scope

In future we would like to improve many aspects of our project. We would like to add voice input command feature to our website and android application. It will help the user to do his work comfortably. We would like to use some advanced encryption and decryption algorithm, better than AES.

Get a custom paper now from our expert writers.

Conclusion

This work provides additional security with the traditional way of online authentication of banking; which includes username and password. However, by adding QR code authentication the security measures for banking are enhanced. Two factor authentications are considered in this system.[7] With the help of this QR code security is increased during the login of the particular bank. Depending on the authentication only the client will be able to perform the transaction.

References

  1. SnehalKalbhor, AshwiniMangulkar ,Mrs.SnehalKulkarni“Android App for Local Railway Ticketing Using GPS Validation” International Journal of Emerging Trends in Science and Technology,IJETST-Volume 01,Issue- 01, March-2014,Pages 71-74.
  2. Fu-HauHsu,Min-HaoWu,Shiuh-JengWANG, “Dual-watermarking by QR-code Applications in Image Processin”.9th International Conference on Ubiquitous Intelligence and Autonomic and Trusted Computing,DOI 10.1109,2012,Pages 638-643.
  3. Mrs.ShantaSondur, Ms.TanushreeBhattacharjee “QR-Decoder and Mobile Payment System for Feature Phone”, VESIT,International Technological Conference(I-TechCON)-Jan. 03 – 04(2014), Pages 13-15.
  4. SomdipDey, B. JoyshreeNath and C. AsokeNath “OTP Encryption Techniques in Mobiles for Authentication and Transaction Security” Institute of Information Systems Argentinierstrasse -2009.
  5. Dr. A. P. Adsul, GayatriKumbhar, VrundaChincholkar, YogeshKamble, AnujaBankar “Automated Exam Process using QR Code Technology” International Journal of Application or Innovation in Engineering & Management, (IJAIEM)-ISSN 2319-4847,Vol.3,Issue 4,April- 2014,Pages-296-298.
  6. Ben Dodson, DebangsuSengupta, Dan Boneh, and Monica S. Lam “Secure, Consumer-Friendly Web Authentication and Payments with a Phone”, International Journal of Applied Engineering Research, ISSN 0973-4562, Vol. 8, No. 17 (2013).
  7. SadafShaikh, GayatriShinde, MayuriPotghan, TazeenShaikh, RanjeetsinghSuryawanshi “SURVEY ON INFORMATION HIDING TECHNIQUES USING BARCODE” International Journal of Advanced Research in Computer Science and Software Engineering,ISSN:2277 128X,Vol.4,Issue 3,March 2014,Pages 1184-1187.
Image of Dr. Oliver Johnson
This essay was reviewed by
Dr. Oliver Johnson

Cite this Essay

Enhancing Online Security: QR Code-Based Authentication for Banking. (2018, September 04). GradesFixer. Retrieved December 21, 2024, from https://gradesfixer.com/free-essay-examples/qr-code/
“Enhancing Online Security: QR Code-Based Authentication for Banking.” GradesFixer, 04 Sept. 2018, gradesfixer.com/free-essay-examples/qr-code/
Enhancing Online Security: QR Code-Based Authentication for Banking. [online]. Available at: <https://gradesfixer.com/free-essay-examples/qr-code/> [Accessed 21 Dec. 2024].
Enhancing Online Security: QR Code-Based Authentication for Banking [Internet]. GradesFixer. 2018 Sept 04 [cited 2024 Dec 21]. Available from: https://gradesfixer.com/free-essay-examples/qr-code/
copy
Keep in mind: This sample was shared by another student.
  • 450+ experts on 30 subjects ready to help
  • Custom essay delivered in as few as 3 hours
Write my essay

Still can’t find what you need?

Browse our vast selection of original essay samples, each expertly formatted and styled

close

Where do you want us to send this sample?

    By clicking “Continue”, you agree to our terms of service and privacy policy.

    close

    Be careful. This essay is not unique

    This essay was donated by a student and is likely to have been used and submitted before

    Download this Sample

    Free samples may contain mistakes and not unique parts

    close

    Sorry, we could not paraphrase this essay. Our professional writers can rewrite it and get you a unique paper.

    close

    Thanks!

    Please check your inbox.

    We can write you a custom essay that will follow your exact instructions and meet the deadlines. Let's fix your grades together!

    clock-banner-side

    Get Your
    Personalized Essay in 3 Hours or Less!

    exit-popup-close
    We can help you get a better grade and deliver your task on time!
    • Instructions Followed To The Letter
    • Deadlines Met At Every Stage
    • Unique And Plagiarism Free
    Order your paper now