Professional Documents
Culture Documents
INTRODUCTION TO QR CODES
1.1 WHAT IS QR CODE
QR code (abbreviated from Quick Response Code) is the trademark for a type of matrix
barcode (or two-dimensional barcode) first designed for the automotive industry in Japan. A
barcode is a machine-readable optical label that contains information about the item to which
it is attached. A QR code uses four standardized encoding modes (numeric, alphanumeric,
byte / binary, and kanji) to efficiently store data; extensions may also be used
The QR Code system has become popular outside the automotive industry due to its fast
readability and greater storage capacity compared to standard UPC barcodes. Applications
include product tracking, item identification, time tracking, document management, general
marketing, and much more.
A QR code consists of black modules (square dots) arranged in a square grid on a white
background, which can be read by an imaging device (such as a camera) and processed using
ReedSolomon error correction until the image can be appropriately interpreted. The required
data are then extracted from patterns present in both horizontal and vertical components of
the image.
The QR (Quick Response) Code is a two-dimensional (2-D) matrix code that belongs to a
larger set of machine-readable codes, all of which are often referred to as barcodes, regardless
of whether they are made up of bars, squares or other-shaped elements.
Compared with 1-D codes, 2-D codes can hold a larger amount of data in a smaller space, and
compared with other 2-D codes, QR Code Essentials.
The QR Code can hold much more data still. In addition, an advanced error-correction
method and other unique characteristics allow the QR Code to be read more reliably and
at higher speeds than other codes. Like written language, barcodes are visual representations
of information. Unlike language, however, which humans can read, barcodes are designed to
be read and understood (decoded) by computers, using machine-vision systems consisting of
optical laser scanners or cameras and barcode-interpreting software. The rules with which a
barcode is constructed (its grammar) and the character set it uses (its alphabet) are called
its symbology.
Fig 1.1.1 To barcode-reading software, both of these 1-D barcodes are identical.
Changing the height of the bars does not change the information they contain.
Differences in the second, vertical dimension of the bars and spaceswhether they are taller
or shorterdoes not matter; all that counts is how wide they are and what order they are
placed in.
HISTORY
The QR code system was invented in 1994 by Denso Wave. Its purpose
was to track vehicles during manufacture; it was designed to allow highspeed component scanning Although initially used for tracking parts in
vehicle manufacturing, QR codes now are used in a much broader context,
including both commercial tracking applications and convenience-oriented
applications aimed at mobile-phone users (termed mobile tagging). QR
codes may be used to display text to the user, to add a vCard contact to
the user's device, to open a Uniform Resource Identifier (URI), or to
compose an e-mail or text message. Users can generate and print their
own QR codes for others to scan and use by visiting one of several paid
and free QR code generating sites or apps. The technology has since
become one of the most-used types of two-dimensional barcode
Multiple-barcode
1.2.3 STORAGE
The amount of data that can be stored in the QR code symbol depends on the datatype (mode,
or input character set), version (1, , 40, indicating the overall dimensions of the symbol),
and error correction level. The maximum storage capacities occur for 40-L symbols (version
40, error correction level L)
Maximum character storage capacity (40-L)
character refers to individual values of the input mode/datatype
Input mode
Numeric
only
max.
bits/ch
possible characters, default encoding
characters
ar
7,089
0, 1, 2, 3, 4, 5, 6, 7, 8, 9
Alphanume
4,296
ric
Binary/byt
2,953
e
ISO 8859.1
Kanji/kana 1,817
13
CHAPTER-2
UNDERSTANDING OF QR CODE STRUCTURE
Unlike 1-D barcodes, the QR Code is a 2-D matrix code that conveys information not by the
size and position of bars and spaces in a single (horizontal) dimension, but by the
arrangement of its dark and light elements, called modules, in columns and rows, i.e. in
both the horizontal and vertical directions.
Each dark or light module of a QR Code symbola specific instance of a coderepresents a
0 or 1, thus making it machineintelligible.
Point the camera at the code orient code within designated area
CHA
PTER-3
TYPES OF QR CODES
(1) URL:
These are the codes that redirect the user to a website. As soon the code is scanned, the phone
browser will open and load the company website. Company can put URL QR codes on their
promotional materials so that their customers who are looking for more information can land
on their website.
(2) MECARD:
Containing contact details, these codes automatically save information in a users phone
address book. This saves users from the hassle of entering the information manually and from
making input mistakes. These codes are very useful in an event such as conventions,
conferences, and seminars where there is a need to exchange business card.
(3) VCARD:
A vCard QR code can store more data than meCard QR code, like a salutation, job title,
mobile number, work details, address, zip code, and country. Such information is useful if a
person is working on a global level and needs to share more information about to consumers.
10
11
CHAPTER-4
CREATION AND WORKING OF QR CODES
4.1 QR CODE GENERATOR
As the inventor of the QR Code and owner of the QR Code trademark, DENSO Wave
Incorporated has allowed the patents for the code to be freely available to the public.
Consequently, many websites now feature online QR Code generators or
downloadable code-generating software. Such code generators and software are not certified
by the International Organization for Standardization (ISO), however, so there is no way of
telling if they adhere to the relevant ISO Standard 18004, which is based on the DENSO
Wave patent. As a result, the code symbols they create may not be readable by all devices or
the reading quality may be reduced. (An easy test is to create the same code symbol with two
or more online generators and compare the results. Differences in the arrangement of the
modulessimilar to the differences in language translationwill be immediately apparent.)
Of particular concern is the fact that non-ISO-compliant code generators do not determine the
minimum printable size of a given QR Code symbol. If a symbol is printed at a size that is
below the ISO-specified minimumwhich takes into account the amount of data contained
in that symbol, the symbol version and the resolution of the printing devicereadability
will be dramatically reduced.
Using QR Code-generating software that is not ISO compliant can be especially problematic
if the QR Code is to be read by smart phones, whose quality may greatly vary. Also, the QR
Code-reading software used by smart phones, like code generating software, is not
necessarily based on ISO specifications.
12
To ensure that a QR Code will be successfully read by the highest percentage of devices,
therefore, it is essential to use code-generating software offered only by a reputable
manufacturer who can be trusted to comply with ISO specifications.
13
14
15
16
17
18
CHA
PTER-5
FUNCTIONS AND SECURITY OF QR CODES
5.1 FUNCTIONS
1 HIGH-SPEED READING:
Faster scanning and the ability to scan barcodes from a distance increase operator efficiency.
Look for devices with advanced CCD scanning technology, which enables even high-density
or poorly printed barcodes to be read at high speed and from a distance.
2. EASE OF USE:
Lightweight, ergonomic designs, featuring large display screens and easy-to-hold grips,
reduce operator fatigue, a key factor in productivity.
3. DURABILITY:
In the field, hand-held scanners and terminals are vulnerable to harsh environments and rough
handling, including being bumped or dropped. Devices featuring rugged, drop-resistant
construction and resistance to water and dust protect your equipment investment.
4. LONG BATTERY LIFE:
Scanners are available with power-saving features that result in longer operating time,
eliminating frequent, time-consuming battery changes.
19
20
Humans can not read the code without a reader software, the information
stored within the code is completely obfuscated. But by reading the
manipulated QR code, vulnerability in the reader software or the browser
might get triggered.
1.
2.
3.
4.
5.3 SOLUTION
In this we outlined the dangers of possible attacks utilizing manipulated
QR Codes. Since QR Codes gain increasing popularity through their use
for marketing purposes, we expect that this kind of attack will receive
more and more attention by the hacking community in the future.
Furthermore, many mobile devices (e.g., Smartphones) at present are
able to decode QR Codes and access the URLs contained in them. This
adds a new dimension to the topic of trust, especially since most users are
not security-conscious enough when using their mobile phones (which
also enable the use of novel phishing techniques). In addition to phishing,
a multitude of other attack methods, both against humans and automated
systems, might be performed using QR
21
CHAPTER-6
QR CODE GENERATION
There are 6 stages in qr generation
DATA ANALYSIS
DATA ENCODING
ERROR CORRECTING
STRUCTURE FINAL MESSAGE
DATA MASKING
FORMAT INFORMATION STRING
Allows the QR code readers to detect & correct the errors in the
code.
Reed-Solomon error-correcting algorithm is used.
Codewords are 8 bits long and use the ReedSolomon error
correction algorithm with four error correction levels. The higher the
error correction level, the less storage capacity. The following table
lists the approximate error correction capability at each of the four
levels:
Level L (Low)
Level M (Medium)
Level Q (Quartile)
Level H (High)
24
CHAPTER-7
ENCRYPTION AND
IMPLEMENTATION OF QR CODES
7.1 ENCRYPTION
Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily
understood by unauthorized people. Decryption is the process of converting encrypted data
back into its original form, so it can be understood.
The use of encryption/decryption is as old as the art of communication. In wartime, a cipher,
often incorrectly called a code, can be employed to keep the enemy from obtaining the
contents of transmissions. (Technically, a code is a means of representing a signal without the
intent of keeping it secret; examples are Morse code and ASCII.) Simple ciphers include the
substitution of letters for numbers, the rotation of letters in the alphabet, and the "scrambling"
of voice signals by inverting the sideband frequencies. More complex ciphers work according
to sophisticated computer algorithms that rearrange the data bits in digital signals.
In order to easily recover the contents of an encrypted signal, the correct decryption key is
required. The key is an algorithm that undoes the work of the encryption algorithm.
Alternatively, a computer can be used in an attempt to break the cipher. The more complex
25
the encryption algorithm, the more difficult it becomes to eavesdrop on the communications
without access to the key.
Encryption/decryption is especially important in wireless communications. This is because
wireless circuits are easier to tap than their hard-wired counterparts. Nevertheless,
encryption/decryption is a good idea when carrying out any kind of sensitive transaction,
such as a credit-card purchase online, or the discussion of a company secret between different
departments in the organization. The stronger the cipher -- that is, the harder it is for
unauthorized people to break it -- the better, in general. However, as the strength of
encryption/decryption increases, so does the cost.
In recent years, a controversy has arisen over so-called strong encryption. This refers to
ciphers that are essentially unbreakable without the decryption keys. While most companies
and their customers view it as a means of keeping secrets and minimizing fraud, some
governments view strong encryption as a potential vehicle by which terrorists might evade
authorities. These governments, including that of the United States, want to set up a keyescrow arrangement. This means everyone who uses a cipher would be required to provide
the government with a copy of the key. Decryption keys would be stored in a supposedly
secure place, used only by authorities, and used only if backed up by a court order.
Opponents of this scheme argue that criminals could hack into the key-escrow database and
illegally obtain, steal, or alter the keys. Supporters claim that while this is a possibility,
implementing the key escrow scheme would be better than doing nothing to prevent criminals
from freely using encryption/decryption.
26
Contests
Games
Voting
Security applications
Encrypted Codes are standard Dynamic Link Codes and therefore manageable, trackable and
editable like all other System Codes.
The contact data is stored in a database and accessible by providing the contact ID. Without
encryption, the URL for recalling this contact data would probably look something like this:
http://www.somesite.com/contactpage.php?contactid=12345
The problem with that approach is that someone could easily try contact IDs other than the
given ID of 12345 and collect the contact information that is associated with those other IDs.
Thats certainly something the BeeTagg Contact application has to prevent, and it can do so
by using Encrypted Codes.
The visible URL after encryption looks similar to this:
http://www.xyz.com/en/m/contact/data/-1/-1/0v0fZINM__Wc-WWFf7h93A
The last part of the URL (bold) is the ID of the contact, but in an encrypted form. Therefore,
plugging in random IDs to the URL will no longer lead you to a customers contact
information. Sure, you could encrypt the sensitive part of the URL yourself, but it means
exactly that: you need to do it yourself.
27
Example: ThI3**iS--an"EncRPtiOn::::KeY
2. Select one of the two encryption algorithms XOR or Rijandael
3. Define which part of the URL should be encrypted.
7.4 IMPLEMENTATION
To implement qr codes, a user interface code is being used
28
views and layout of application, and other contains main class and the
codes which generates QR code and add Encryption to them.
CHAPTER-8
CHARACTERISTICS OF QR
CODE
Additional to the characteristics for two-dimensional symbol s such as large
volume data (7,089 numerical characters a t maximum), high-density recording
(approx. 100 times higher in density than linear symbols), and high-speed
reading, QR Code has other superiority in both performance and functionalities
aspects
30
31
QR Code has four different error correction levels (7%, 15%,25%, and 30% per symbol area).
The error correction functionality is implemented according to each of the smudge/damage,
and is utilizing Reed-Solomon code which is highly resistant to burst errors. Reed-Solomon
codes are arranged in the QR Code data area. By this error correction functionality, the codes
can be read correctly even when they are smudged or damaged up until the error correction
level.
32
8.5 VARIANTS
Micro QR code is a smaller version of the QR code standard for applications where symbol
size is limited. There are 4 different versions (sizes) of Micro QR codes: the smallest is 1111
modules; the largest can hold 35 numeric characters
IQR code is an alternative to existing QR codes developed by Denso Wave. IQR codes can be
created in square or rectangular formations; this is intended for situations where a rectangular
33
barcode would otherwise be more appropriate, such as cylindrical objects. IQR codes can fit
the same amount of information in 30% less space. There are 61 versions of square IQR
codes, and 15 versions of rectangular codes. For squares, the minimum size is 9x9 modules;
rectangles have a minimum of 19x5 modules. IQR codes add error correction level S, which
allows for 50% error correction. QR Codes have not yet been given an ISO specification, and
only proprietary Denso Wave products can create or read IQR codes.
Model 1 QR code is an older version of the specification. It is visually similar to the widely
seen model 2 codes, but lacks alignment patterns
34
CHAPTER-9
APPLICATIONS AND
ADVANTAGES/DISADVANTAGES OF QR CODES
35
9.1 APPLICATIONS
Although the QR Code was originally designed to track automotive components and systems
through the manufacturing process and distribution supply chain, it has rapidly spread to
virtually every other area where traditional barcodes are used, as well as some entirely new
ones.
Typical applications include:
Manufacturing
Product traceability
Process control
Order and time tracking
Inventory and equipment management
Warehousing and logistics
Item tracking
Retailing
Point-of-purchase product identification
Sales management
Inventory control
Healthcare
Medical records management
Patient identification
Medication tracking
Equipment and device tracking
Life sciences
Specimen tracking
Transportation
Fleet management
Ticketing and boarding passes
Office automation
Document management
Marketing and advertising
Mobile marketing
Electronic tickets, coupons, payments and loyalty programs
36
LIMITIONS
1. Since Qr codes are main used for marketing purpose they are now used as large
medium to encode data, so they cannot be a safe medium to encode a confidential
data.
2. Making encryption better and developing a universal decoder for decoding encrypted
codes is not available yet universally.
3. Although QR codes are popping up everywhere from on plant specimen labels to
library catalogues, there is a large demographic in society that still dont know what
QR codes represent. These proses a problem as companies and business are using the
37
QR code to advertise information that a potential customer might be interested in, but
if the customer doesnt know how to find the information, then they might not buy the
product or service and this can lose business thousands of dollars
4. Another major disadvantage of a QR code is the codes dependability on a mobile
device or smartphone. The whole concept of a QR code and its benefits are strictly
based on its ability to be scanned by a mobile device. If a consumer does not have a
mobile device or smartphone, then the QR code is not beneficial to them and they lose
out.
5. QR codes appear on billboards, branded products, product tags and business cards. A
bad print job renders your QR code useless. Blurry, crooked and bad print quality
make it impossible to scan the QR code and retrieve the information stored within.
You need to make sure your print QR codes correctly print and test them before
distribution.
9.3 LICENSE
The use of QR codes is free of any license. The QR code is clearly defined and published as
an ISO standard.
Denso Wave owns the patent rights on QR codes, but has chosen not to exercise them In the
USA, the granted QR code patent is US 5726435, and in Japan JP 2938338. The European
Patent Office granted patent "EPO 0672994". to Denso Wave, which was then validated into
French, UK, and German patents, all of which are still in force as of November 2011.
The word QR code itself is a registered trademark of Denso Wave Incorporated.In UK, the
trademark is registered as E921775, the word "QR Code", with a filing date of 03/09/1998.
The UK version of the trademark is based on the Kabushiki Kaisha Denso (DENSO
CORPORATION) trademark, filed as Trademark 000921775, the word "QR Code", on
03/09/1998 and registered on 6/12/1999 with the European Union OHIM (Office for
Harmonization in the Internal Market). The U.S. Trademark for the word "QR Code" is
38
Trademark 2435991 and was filed on 29 September 1998 with an amended registration date
of 13 March 2001, assigned to Denso Corporation.
FUTURE WORK
The possibilities for attacks proposed open up a quite large held for further research.
The main target lies in the accurate analysis and practical application of one
or more of the outlined attacks on a given target. Furthermore, it should be investigated
which parts of a QR Code are the easiest to attack, and what countermeasures can be
taken to thwart attacks.
In even more general terms, it would be very interesting to and metrics that can be
used to measure the vulnerability of QR Codes depending on a given type of attack outline
and with respect to characteristics like black/white-distribution, version, masking, etc.
39
Last but not least, other 2D-Codes such as Aztec or DataMatrix need to be analyzed in the
same way to identify possible attack vectors and find suitable countermeasures.
CONCLUSION
In general, we believe that QR codes have great potential in business media. Some
possibilities are there are many creative ideas waiting for us to explore. We examine outlined
the dangers of possible malicious attacks utilizing manipulated QR Codes.
Since QR Codes gain increasing popularity through their use for marketing purposes,
we expect that this kind of attack will receive more and more attention by the hacking
community in the future. This paper will present some security conscious of the mobile
phones users.
40
REFERENCES
[1] R. Bose and D. Ray-Chaudhuri. On a class of error correcting binary group codes*.
Information and control, 3(1):68{79, 1960.
[2] M. Canadi, W. Hopken, and M. Fuchs. Application of qr codes in online travel
distribution. In ENTER, pages 137{148, 2010.
[3] https://developers.google.com
41
42