International Journal of Computer Engineering and Technology (IJCET), ISSN 0976INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & 6367(Print), ISSN

0976 6375(Online) Volume 4, Issue 4, July-August (2013), IAEME

TECHNOLOGY (IJCET)

ISSN 0976 6367(Print) ISSN 0976 6375(Online) Volume 4, Issue 4, July-August (2013), pp. 341-349 IAEME: www.iaeme.com/ijcet.asp Journal Impact Factor (2013): 6.1302 (Calculated by GISI) www.jifactor.com

IJCET
IAEME

TRANSMITTING BULK AMOUNT OF DATA IN THE FORM OF QR CODE WITH CBFSC AND CHUNKING TECHNIQUES- FIGHTING AGAINST CRYPTANALYTIC ATTACKS
Praveen.T Asst.Professor ,Dept of CSE Veltech Hightech Engg College Muthaiah.RM UG Student, Dept of CSE Veltech Hightech Engg College

Krishnamoorthy.N UG Student, Dept of CSE Veltech Hightech Engg College

ABSTRACT A technique to transmit bulk amount of data in the form of QR code (Quick Response Code) and to make secure transmission of QRC containing the information is proposed. Since last few years, two-dimensional (2D) codes have gained the attention of the people from the industrial backgrounds and gradually replaced one-dimensional bar codes in many applications due to their higher information storage capacity. Quick response (QR) codes, defined by the ISO/IEC18004 standard, are one of the most popular types of 2D codes. So,initially, the bulk information to be transmitted is put into a QR container. Considering the very dark side of the unsecure QR codes, we enhance security by chunking the actual QR to be transmitted and then encrypt individual chunk using the CHAOS BASED FEEDBACK STREAM CIPHER (CBFSC) mechanism. Using this technique, the chunked QR code is encrypted pixel by pixel considering the values of previously encrypted pixels, in each iteration. After this, each encrypted chunk is transmitted over the network as packets At the receiving end, the chunks are decrypted individually. Finally, they are clustered to get the original QR code that can be read using secure QR reader, thus fighting against cryptanalytic attacks. Thus a QR code containing the information to be transmitted is encrypted using the above said The advantage is that any changes in the plain image are cascaded forward throughout the cipher image, which means that two almost identical plain images will encrypt to completely different cipher images. Notably, all the QR images are almost identical and so is the reason we use the said technique. As the QR codes stand as data containers that provide more security when encrypted, from the viewpoint of data hiding researches, they shall then be regarded as the visible watermarks helping us to transmit bulk data.
341

International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 6375(Online) Volume 4, Issue 4, July-August (2013), IAEME 1. INTRODUCTION In recent times, the computer networks and its use has grown enormously and hence there is a concern for the security of the information be it text or image or audio or any other multimedia and hence protecting the transmitted data stands unabated. When the information is transmitted over a network it is necessary to fight against cryptanalytic attacks. Most times we transmit bulk amount of data and for security we may use private key encryption algorithms such as triple DES or blowfish [9] .But the drawback is that the transmission is costly because of the size as well as the complexity of the encryption algorithms and so we use the QR code (expanded as Quick Response Code) [1][2] to store the bulk amount of data limiting the size than the usual. In order to make the transmission of QR containing the information secure [8][9], we propose a technique. Initially the QR containing the information is broken into chunks and encrypted individually using the CHAOS BASED FEEDBACK STREAM CIPHER [10] mechanism where the chunked QR code[1] is encrypted pixel by pixel[10] considering the values of previously encrypted pixels, in each iteration. After this each encrypted chunk is transmitted over the network as packets and at the receiving end the chunk is decrypted and clustered to get a original QR code that can be read using secure QR reader. The rest of the paper is organized as below: Section 2 surveys the conventional network transmission techniques and its pros and cons. Section 3 discusses the characteristics and advantages of the Quick Response Code. Section 4 deals with the issues with the use of QR code. Section 5 presents the need for encryption of QR code using Chaos Based Feedback Stream Cipher technique and furthermore explores the benefits of the CBFSC technique and its robustness against cryptanalytic attacks. Section 6 brings to light the efficiency of the well built QR code that contains large amount of data. Section 7 paves way to enhance further more security by chunking the actual QR to be transmitted and then applying the encryption algorithm used above. Section8 describes decryption of chunked QR code and clustering of the chunks to get the original QR and exploring the information in QR using the reader. The practical applicability and the pre-eminence of the proposed technique than the conventional one is dealt in section 9. Section 10 concludes the paper. 2. CONVENTIONAL TRANSMISSION TECHNIQUES 2.1 Network Security The global information technology infrastructure has become network centric, well allied and highly distributed. Network security is a concept to protect network and to make secure transmissions over the network. This clearly shows that by network security, we mean the data security which is a exigent aspect today. Clearly, information in electronic form as well as the technology for creating, transmitting, processing and storing information are increasingly important assets that can be targeted by criminals and it is demanding that it must be protected. In the distant past, operating systems and the computers on which they resided were afforded a degree of protection simply by virtue of their relative inaccessibility. This was because that they were used by relatively few staff in an organization, tended to be found in access controlled computer rooms, and were not connected to networks. But nowadays, they are often networked together within a company and increasingly connected to the World Wide Internet. The computing infrastructure is now global in scope and it is feasible to remotely access computers from almost everywhere in the world. Today, the principles of protection are still similar to those of the past, but the consequences of failure are more significant since computers are widely depended on for daily business operations. In addition, the frequency of incidents is on the increasing scale and the bad guys do not even have to be experts given the large set of tools available on the Internet that are capable of breaching system security. The purpose of computer and network security is to provide an umbrella of protection for the
342

International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 6375(Online) Volume 4, Issue 4, July-August (2013), IAEME organization in the form of policies and procedures as well as the technological implementation of measures to secure and protect a network. Doing this is not an easy matter. In fact, implementing strong electronic security is very difficult. It is fair to say that no system that is available today or that can even be imagined is 100% secure. There are simply too many ways to either break or circumvent security measures no matter how well it is constructed. To protect the data transmission over the network, We may have to concentrate on wide areas such as the cryptography [8][9], Data hiding, cipher technology[8], secure communication channel etc., 2.2 Encryption techniques There are many encryption techniques that are not capable of providing sufficient security to the network transmission. Many encryption methods have been proposed, and the most common way to protect large multimedia files is by using conventional encryption techniques. Implementations of popular public key encryption methods, such as RSA [8] cannot provide suitable encryption rates, while security of these algorithms relies on the difficulty of quickly factorizing large numbers or solving the discrete logarithm problem, that are seriously challenged by recent advances in number theory and distributed computing. Caesar cipher encryption technique and multiple encryptions are few of the Conventional encryption techniques that survived during the previous decade or even before. But now, there is a necessity for more efficient technique due to the proliferation of the Internet usage. 2.3 Data Containers At this juncture, we should also consider a point that it would not definitely be fair to use such a costly technique to transmit data even on a larger scale. On the other hand, compressing the data would also not be a solution. So, here we bring in the concepts of Data Containers (1D or 2D) into picture.[1][7] 3. CHARACTERISTICS AND ADVANTAGE OF QR CODES 3.1 Quick Response Codes Since last few years, two-dimensional (2D) codes have gained the attention of the people from the industrial backgrounds and gradually replaced one-dimensional bar codes in many applications due to their higher information storage capacity. QR code is hence as an information container which can be captured and decoded by smart phones directly[3][4]. Quick response (QR) codes, defined by the ISO/IEC18004 standard [1][7], are one of the most popular types of 2D codes. Thus, Quick response codes (QR Codes) are two-dimensional barcodes designed to share encoded information in a variety of formats. QR code is just a matrix bar code containing much more amount of information than its 1D counterpart A typical QR code is a square black and white pixelated box [2]. Encoded information may contain simple text, graphics, or direct users to a website or landing page for additional information. Furthermore Barcode technology is superior in speed, steadfastness, information capacity, universality, and cost. The two dimensional code can encode in 2-D directions, represent thousands of characters, and bear a certain automatic error correction capability. The information in the code can be encrypted, which needs special software to decipher and decode [8][9], which ensure better security. Quick Response codes, QR code for short, is a two-dimensional barcode with high information density, error correction ability and convenient encryption mechanism. 3.2 Applications Because of the wide-spreading of smart phones and extended wireless networks, people are getting familiar with acquiring information via mobile phones nowadays [3]. QR code has the error
343

International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 6375(Online) Volume 4, Issue 4, July-August (2013), IAEME correcting capability since Reed-Solomon (RS) codes have already been integrated into the standard QR codes[1][2][7]. With the aid of QR codes, users can avoid tedious typing. Since the cost of information transfer using QR code is extremely low as compared with many other technologies, the QR code is the most widely used as information container which has already been applied to numerous stuffs like posters, books or magazines) on the small size screen of smart phones[3]. They are extensively used in many commercial applications due to their high-speed decoding. Furthermore, since modern handheld devices can show a barcode on their screen with enough resolution to decode it, a broad range of emerging applications may use QR codes in a variety of scenarios such as boarding passes, event tickets, retailer cards identification systems, etc., 3.3 Transformation in QRs applications The QR code shall easily be seen in web pages or on posters nowadays. It is a twodimensional code in square shape, mostly represented by binary form (black and white pixels). It is easily recognizable because it looks like a random pattern[6]. Colorized QR codes too are in existence. The beautifications of QR codes have also been proposed recently. During the origination of the QR codes, the purpose was to utilize the quick connection to the specific web page with the URL information converted to the QR code pattern. But these days they stand as data containers that provide more security when encrypted since from the viewpoint of data hiding researches, QR code shall then be regarded as the visible watermarks. 3.4 Ease of QR scanning A few years ago, specific scanners were designed to capture QR code images and decode them. Nowadays, however, given the increasing computational capability of cell phones, as well as the quality and resolution of the latest embedded cameras[4][5], they have emerged as suitable devices to perform this kind of image processing tasks. 3.5 Proposed Application And now we propose the concept of the Quick Response code in network transmission and here raises the question of security which is being dealt in forth coming sections of this paper. We perform the following in the proposed technique. Initially, the bulk information to be transmitted is put into a QR container. Considering the very dark side of the unsecure QR codes, we enhance security by chunking the actual QR to be transmitted We now encrypt individual chunk using the CHAOS BASED FEEDBACK STREAM CIPHER (CBFSC) mechanism. Using this technique, the chunked QR code is encrypted pixel by pixel considering the values of previously encrypted pixels, in each iteration. After this, each encrypted chunk is transmitted over the network as packets At the receiving end, the chunks are decrypted individually. Finally, they are clustered to get the original QR code that can be read using secure QR reader, thus fighting against cryptanalytic attacks. 4. THE DARK SIDE OF QR CODES 4.1 The un-secure QR code Hidden in those lines are embedded codes which only our smart phones can read and point it to a new location on the Web. Online marketing gurus are singing the digital praises for the inexpensive cost with maximum return on investment. The online marketing industry is one example. Agents are able to market their hottest products by embedding QR codes into their signs
344

International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 6375(Online) Volume 4, Issue 4, July-August (2013), IAEME and brochures. This does not limit only to the marketing sector, but certainly from many petty small scale industries to pretty big corporate. The QR design companies say they're viewing exponential growth in their business over the past two years. But security experts say no so fast[1]. 4.2 After math of reading an un-secure QR Taking your smart phone to a new site certainly can seem cool if you trust the source. But experts believe it's just a matter of time before hackers are able to hijack this clever code, taking you someplace you didn't plan on going. The results could be a nasty virus, botnet, or malicious code that records your personal information, your location, even your bank account numbers. As with any new technology that allows and encourages sharing data, there is always the chance that identification and financial information may be at risk. QR codes that are scanned to gain instant access to a text message are less likely to place a users identity and personal information at risk than near field communication used for the so called contactless payments. Hence, it places the personal information at risk from fraudulent sites and malicious programs thus putting the QR codes onto its dark side. 5. NEED FOR THE ENCRYPTION OF QR CODES Encrypting data in Quick Response Codes eliminates the dangers associated with loss or theft. The process makes data worthless to unauthorized users. Typically, by processing data through a mathematical formula called an algorithm, encryption software converts data into "cipher text."[8] Following this conversion, that data requires users to input their unique credentials to gain access to it. Provided those credentials stay private, they make it virtually impossible for others to access the data. It is broadly agreed that we are in an information and knowledge economy. In the short term 4G, the next generation of smart phone connectivity, will give download speeds of up to 100Mbps as standard. That means entire databases can be downloaded in seconds, to any device and in any location across the globe. Smart phones and tablets will eclipse the traditional PC as the devices of choice for business users. In current scenario, 70% of business users have one smart phone for both business and personal use. This will increase the mobility of data and blur the home-work boundaries even more. When this is the case for a huge database, it is indescribable for a QR code. 5.1 Encryption of QRC using Chaos Based Feedback Stream Cipher algorithm 5.1.1 Robustness of an Encryption technique against Cryptanalytic attacks A good information security system should not only protect confidential messages in the text form, but also in image form. In general, there are three basic characteristics in the information security field privacy, integrity, and availability. By Privacy, we mean that an unauthorized user cannot disclose a message and by integrity we connote that an unauthorized user cannot modify or corrupt a message. Finally by availability we signify that messages are made available to authorized users faithfully. The encryption system should be computationally secure[8]. It must require an extremely long computation time to break, for example. Unauthorized users should not be able to read privileged images. Encryption and decryption should be fast enough not to degrade the system performance. The algorithms for encryption and decryption must be simple enough to be done by users with a personal computer. The security mechanism should be as widespread as possible[8][9]. It must be widely acceptable to design a cryptosystem like a commercial product. The security mechanism should be flexible. There should not be a large expansion of the encrypted image data. The chosen Chaos Based Feedback Stream Cipher technique abides by all the above requirements.

345

International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 6375(Online) Volume 4, Issue 4, July-August (2013), IAEME 5.1.2 Chaos Based Feedback Stream Cipher technique The close association between chaos and cryptography makes chaos based cryptographic algorithms as a natural preference for secure communication and cryptography. The chaos based encryption techniques are considered superior for practical use as these techniques provide a good combination of speed, high security, complexity, reasonable computational overheads and computational power etc.[10] An overview of CBFSC encryption module is depicted here. This is a simple block cipher with block size of 8-bit and 256-bit secret key. The key is used to generate a pad that is then merged with the plaintext a byte at a time. 1. For the encryption or decryption ,we divide the plain text or the cipher text into blocks of 8 bits. Plain text and the cipher text of i blocks are represented as P P 1P2P3P4 ..........Pi C C 1C2C3C4 ..........Ci 2. The proposed image encryption process utilizes an external secret key of 256-bit long. Further, the secret key is divided into blocks of 8-bit each, referred as session keys. K K 1K2K3K4 .........K64 (in hexadecimal) Here, Ki 's are the alphanumeric characters (09 and AF) and each group of two alphanumeric characters represents a session key. Alternatively, the secret key can be represented in ASCII mode as K K 1K2K3K4 .........K32 (in ASCII) Here, each Ki represents one 8-bit block of the secret key i.e. session key. 3. The initial condition for the chaotic map and the initial codes are generated from the session keys 4. Read a byte from the image file (that represent a block of 8-bits) and load it as plain image pixel Pi . 5. Encryption of each plain image pixel Pi to produce its corresponding cipher image pixel Ci . The entire image is encrypted pixel by pixel considering the values of previously encrypted pixels, in each iteration 6. Repeat steps 4-5 until the entire image file is exhausted. 5.2 Why CBFSC for QR Code? Thus a QR code containing the information to be transmitted is encrypted using the above said algorithm. The use of feedback mechanism has two desirable benefits. The first benefit is that there can be no simple periodicity in the encrypted image because the encryption of each plain image pixel depends not only on the encryption key, but also on the previous cipher image pixel. The next is that any changes in the plain image are cascaded forward throughout the cipher image, which means that two almost identical plain images will encrypt to completely different cipher images[10]. Notably, all the QR images are almost identical and so is the reason we use the said technique 6. WELL- BUILT QRC AFTER ENCRYPTION The sensitivity to the plain image is also a plus to the security of the used CBFSC. High key sensitivity is required by secure image cryptosystems, which means that the cipher image (QRC) cannot be decrypted correctly although there is only a slight difference between encryption or decryption keys. This guarantees the security of the QRC against brute-force attacks [8][9] to some extent. An ideal image encryption procedure should be sensitive with respect to both the secret key and plain image. The change of a single bit in either the secret key or plain image should produce a

346

International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 6375(Online) Volume 4, Issue 4, July-August (2013), IAEME completely different encrypted image [10]. The basic concept is that the encryption of each part of the plain image depends not only on the key, but also on the previous cipher image.

a)Quick Response Code with information

b) The encrypted image of the QR Code

c) The decrypted image of the QR code 7. ENHANCED SECURITY BY CHUNKING THE QRC The Quick Response Code is chunked before the encryption is applied. The above is included in the proposed technique in order to enhance further security to the data in the QR container thus preventing the data against the cryptanalytic attacks during its transmission over an interconnected network. The robustness of the technique used has further reinforcement of a feedback mechanism, which leads the cipher to a cyclic behavior so that the encryption of each plain pixel depends on the key, the value of the previous cipher pixel and the output of the logistic map. On top of this, our idea is to chunk the QR code into pieces using any chunking algorithm which shall then be used in clustering the QR code chunks at the reception end. Once the actual Quick Response Code is chunked, we apply the CBFSC technique and then transmit it as packets over the network. When this is done, each chunk that is subjected to encryption will have separate and distinct secret keys and thus the chance for the cryptanalytic attack is very negligible. 8. RECEPTION OF THE QR SENT OVER NETWORK At the receiving end, we shall decrypt each and every packet that we call as the encrypted QR chunk using the reverse of CBFSC technique. In the decryption module, the same pad is generated but it is un-merged with the cipher text to retrieve the plaintext. The decryption module receives an encrypted image (cipher image) as input and the 256-bit secret key and returns the original image (QR chunk). In particular, the decryption module works in the same way as the encryption module[10] but now the output of the logistic map is subtracted from the corresponding cipherimage
347

International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 6375(Online) Volume 4, Issue 4, July-August (2013), IAEME pixel Ci providing the plainimage pixel Pi as we used the iterative procedure . The output of the decryption module is the original image (QR chunk).Decryption of each cipherimage pixel Ci to produce its corresponding plainimage pixel Pi [10]

a)Decrypted QR chunks Finally we cluster all the decrypted QR chunks [11] using the clustering (reverse of the one used for chunking).Finally we get the entire QR code as output that contains the large amount of information.

b)The entire QRC after clustering This actual QR code contains the original information that was intended for transmission. If there is an error in decryption of any of the QR chunks may be with a slightly wrong secret key, then we surely will fail to extract the actual information in the QR. Thus we increase the complexity for the bad attackers to attack the transmission. 9. PRACTICAL APPLICABILITY AND PRE-EMINENCE OF THE PROPOSAL The technique that we have proposed has got an immense applicability practically and hence this technique shall be used widely. We enlighten this because we use a very strong technique that stands against loss of information with an intention to disallow the cryptanalytic attacks any further. Another exclusive benefit of our proposed technique is that the transmission cost is comparatively less since we transfer a large amount of data into a single QR container and then apply the encryption algorithm rather than apply the encryption algorithm to the data itself. Yet again we can say that our proposed technique is efficient because we suggest to chunk the QR code before the encryption and cluster [11] the chunks after the decryption. Our chunking and clustering idea adds further security to the already secure and efficient encrypted transmission of the entire QR code over the network. 10. CONCLUSION In this paper we propose a technique for extremely safest and secure transmission of large amount of information using a efficient QR code and our use of the Chaos Based Feedback Stream Cipher technique adds further security to the transmission. Using this proposed technique, we shall put a large amount of information that is intended for the transmission into the data container called Quick Response Code and hence achieve the maximum effectiveness and security for transmission of large amount of data. Furthermore, we have also discussed the characteristics of image cryptosystems, chaos and cryptography and issues related to network transmission and the need for security is also brought to light.

348

International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 6375(Online) Volume 4, Issue 4, July-August (2013), IAEME 11. REFERENCES [1] www.qrcode.com [2] QR-Code Generator, http://qrcode.kaywa.com/, 2010. [3] International Standard. ISO/IEC 18004. Information technology --Automatic identification and data capture techniques -- QR Code 2005 bar code symbology specification. Second Edition. 2006-09-01. [4] E Ohbuchi, H Hanaizumi, LA Hock, Barcode readers using the camera device in mobile phones Cyber worlds, 2004 International Conference on (2004), pp. 260-265. [5] C.-H. Chu, D.-N. Yang and M.-S Chen, Image stabilization for 2D barcode in handheld devices, Proc. of the 15th ACM Int. Conf. on Multimedia, Augsburg, Germany, pp.697-706, Sep. 2007 [6] K. Fujita, M. Kuribayashi, and M. Morii, A study of image displayable design qr code, IEICE Tech Report (in Japanese), vol. 110, no. 374, pp. 3944, 2011. [7] GB/T 18284-2000 "Quick Response Code",Beijing, National Standards Press,2000 [8] W. Stallings., "Cryptography and Network Security: Principles and Practice," Prentice-Hall, New Jersey, 1999. [9] Bruce Schneier, "Applied Cryptography Protocols, algorithms, and source code in C,"John Wiley & Sons, Inc., New York, second edition, 1996 [10] An Efficient Chaos-Based Feedback Stream Cipher (ECBFSC) for Image Encryption and Decryption, Hossam El-din H. Ahmed, Hamdy M. Kalash, and Osama S. Farag Allah Menoufia University, [11] Kuo, S. P., Wu, B. J., Peng, W. C., and Tseng, Y. C. Cluster enhanced Techniques for Pattern Matching Localization Systems, in IEEE International Conference on Mobile Ad-hoc and Sensor Systems, 2007. [12] Ahmad Salameh Abusukhon, Block Cipher Encryption for Text-To-Image Algorithm, International journal of Computer Engineering & Technology (IJCET), Volume 4, Issue 3, 2013, pp. 50 - 59, ISSN Print: 0976 6367, ISSN Online: 0976 6375. [13] Santosh Abaji Kharat and Dr.B.M.Pange, Qr (Quick Response) Codes and Academic Libraries: Reaching to Mobile Users a Best Practices, International Journal of Library and Information Science (IJLIS), Volume 2, Issue 1, 2013, pp. 1 - 18, ISSN Print: 2277 3533, ISSN Online: 2277 3584.

349