Skip to main content
placeholder image

Authentication and transaction verification using QR codes with a mobile device

Journal Article


Download full-text (Open Access)

Abstract


  • User authentication and the verification of online transactions that are performed on an untrusted computer or device is an important and challenging problem. This paper presents an approach to authentication and transaction verification using a trusted mobile device, equipped with a camera, in conjunction with QR codes. The mobile device does not require an active connection (e.g., Internet or cellular network), as the required information is obtained by the mobile device through its camera, i.e. solely via the visual channel. The proposed approach consists of an initial user authentication phase, which is followed by a transaction verification phase. The transaction verification phase provides a mechanism whereby important transactions have to be verified by both the user and the server. We describe the adversarial model to capture the possible attacks to the system. In addition, this paper analyzes the security of the propose scheme, and discusses the practical issues and mechanisms by which the scheme is able to circumvent a variety of security threats including password stealing, man-in-the-middle and man-in-the-browser attacks. We note that our technique is applicable to many practical applications ranging from standard user authentication implementations to protecting online banking transactions.

Publication Date


  • 2016

Citation


  • Chow, Y., Susilo, W., Yang, G., Au, M. Ho. & Wang, C. (2016). Authentication and transaction verification using QR codes with a mobile device. Lecture Notes in Computer Science, 10066 437-451. Zhangjiajie, China Security, Privacy, and Anonymity in Computation, Communication, and Storage 9th International Conference, SpaCCS 2016, Zhangjiajie, China, November 16-18, 2016, Proceedings

Scopus Eid


  • 2-s2.0-84996798736

Ro Full-text Url


  • http://ro.uow.edu.au/cgi/viewcontent.cgi?article=7205&context=eispapers

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers/6175

Has Global Citation Frequency


Number Of Pages


  • 14

Start Page


  • 437

End Page


  • 451

Volume


  • 10066

Place Of Publication


  • Germany

Abstract


  • User authentication and the verification of online transactions that are performed on an untrusted computer or device is an important and challenging problem. This paper presents an approach to authentication and transaction verification using a trusted mobile device, equipped with a camera, in conjunction with QR codes. The mobile device does not require an active connection (e.g., Internet or cellular network), as the required information is obtained by the mobile device through its camera, i.e. solely via the visual channel. The proposed approach consists of an initial user authentication phase, which is followed by a transaction verification phase. The transaction verification phase provides a mechanism whereby important transactions have to be verified by both the user and the server. We describe the adversarial model to capture the possible attacks to the system. In addition, this paper analyzes the security of the propose scheme, and discusses the practical issues and mechanisms by which the scheme is able to circumvent a variety of security threats including password stealing, man-in-the-middle and man-in-the-browser attacks. We note that our technique is applicable to many practical applications ranging from standard user authentication implementations to protecting online banking transactions.

Publication Date


  • 2016

Citation


  • Chow, Y., Susilo, W., Yang, G., Au, M. Ho. & Wang, C. (2016). Authentication and transaction verification using QR codes with a mobile device. Lecture Notes in Computer Science, 10066 437-451. Zhangjiajie, China Security, Privacy, and Anonymity in Computation, Communication, and Storage 9th International Conference, SpaCCS 2016, Zhangjiajie, China, November 16-18, 2016, Proceedings

Scopus Eid


  • 2-s2.0-84996798736

Ro Full-text Url


  • http://ro.uow.edu.au/cgi/viewcontent.cgi?article=7205&context=eispapers

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers/6175

Has Global Citation Frequency


Number Of Pages


  • 14

Start Page


  • 437

End Page


  • 451

Volume


  • 10066

Place Of Publication


  • Germany