Implementation of QR Code Attendance Security System Using RSA and Hash Algorithms
Abstract
The quick response (QR) code-based attendance application contributes to reducing paper usage and attendance input errors. However, in its implementation process, the QR-code-based attendance at a Bandung school demonstrates weaknesses. Absent students can fake their attendance for themselves or friends. This type of attack is known as fake QR code generation. This research proposes a security authentication system using the Rivest–Shamir–Adleman (RSA) encryption algorithm and the secure hash algorithm 1 (SHA-1) to secure QR code-based attendance applications from fake QR code generation attacks. The RSA algorithm encrypts QR code data to maintain privacy, while the SHA-1 algorithm ensures data integrity. Based on this method, the mutual authentication process between the QR code data generated by the student and the attendance reading application by the teacher can be established. The results obtained from a series of tests showed that the security system in the student attendance recording application that had been implemented at Madrasah Aliyah (MA) Al-Mukhlishin could detect and prevent fake QR code generation attacks. The test was conducted by changing the impact of the key length on RSA-1024 bits and RSA-2048 bits. The results showed that in RSA-1024 bits, energy consumption of 0.14 J and time of 1.66 s is more efficient than that in RSA-2048 bits, with energy consumption of 0.19 J and time of 2.09 s. Interestingly, if a higher level of security is required, the key length should be increased at the expense of some energy and time efficiency.
References
V. Uzun, “QR-code based hospital systems for healthcare in Turkey,” 2016 IEEE 40th Annu. Comput. Softw. Appl. Conf. (COMPSAC), 2016, pp. 71–76, doi: 10.1109/COMPSAC.2016.173.
M.E. Çoban, B. Çubukçu, R. Yayla, and U. Yüzgeç, “Raspberry Pi based robot application using QR code: QR-Robot,” 2019 4th Int. Conf. Comput. Sci. Eng. (UBMK), 2019, pp. 119–123, doi: 10.1109/UBMK.2019.8907129.
A.D.B. Sadewo, E.R. Widasari, and A. Muttaqin, “Perancangan pengendali rumah menggunakan smartphone Android dengan konektivitas Bluetooth,” J. Pengemb. Teknol. Inf. Ilmu Komput., vol. 1, no. 5, pp. 415–425, May 2017.
P. Tilala, A.K. Roy, and M.L. Das, “Home access control through a smart digital locking-unlocking system,” TENCON 2017-2017 IEEE Region 10 Conf., 2017, pp. 1409–1414, doi: 10.1109/TENCON.2017.8228079.
S. Tiwari, “An introduction to QR code technology,” 2016 Int. Conf. Inf. Technol. (ICIT), 2016, pp. 39–44, doi: 10.1109/ICIT.2016.38.
M.S. Akbar et al., “Face recognition and RFID verified attendance system,” 2018 Int. Conf. Comput. Electron. Commun. Eng. (iCCECE), 2018, pp. 168–172, doi: 10.1109/iCCECOME.2018.8658705.
E. Susanto, D. Perdana, A.I. Irawan, and R. Yasirandi, “Pengembangan sistem presensi menggunakan quick response code dinamis untuk Madrasah Aliyah Al Mukhlisin Bandung,” J. Rekayasa Elekt., vol. 15, no. 2, pp. 139–144, Aug. 2019, doi: 10.17529/jre.v15i2.13769.
K.S.C. Yong, K.L. Chiew, and C.L. Tan, “A survey of the QR code phishing: The current attacks and countermeasures,” 2019 7th Int. Conf. Smart Comput. Commun. (ICSCC), 2019, pp. 1–5, doi: 10.1109/ICSCC.2019.8843688.
A. Averin and N. Zyulyarkina, “Malicious QR-code threats and vulnerability of blockchain,” 2020 Glob. Smart Ind. Conf. (GloSIC), 2020, pp. 82–86, doi: 10.1109/GloSIC50886.2020.9267840.
“Hubungan antara QR code dan dunia industri dan perdagangan,” Pusdiklat Industri, 2020.
T.M. Fernandez-Carames and P. Fraga-Lamas, “A review on human-centered IoT-connected smart labels for the Industry 4.0,” IEEE Access, vol. 6, pp. 25939–25957, 2018, doi: 10.1109/ACCESS.2018.2833501.
L. Tan et al., “Visual secret sharing scheme for color QR code,” 2018 IEEE 3rd Int. Conf. Image Vis. Comput. (ICIVC), 2018, pp. 961–965, doi: 10.1109/ICIVC.2018.8492724.
S. Liu, Z. Fu, and B. Yu, “Rich QR codes with three-layer information using Hamming code,” IEEE Access, vol. 7, pp. 78640–78651, Jun. 2019, doi: 10.1109/ACCESS.2019.2922259.
N.V. Akhil, A. Vijay, and D.S. Kumar, “QR code security using proxy re-encryption,” 2016 Int. Conf. Circuit Power Comput. Technol. (ICCPCT), 2016, pp. 1–5, doi: 10.1109/ICCPCT.2016.7530286.
A. Mendhe, D.K. Gupta, and K.P. Sharma, “Secure QR-code based message sharing system using cryptography and steganography,” 2018 1st Int. Conf. Secure Cyber Comput. Commun. (ICSCCC), 2018, pp. 188–191, doi: 10.1109/ICSCCC.2018.8703311.
V. Malathi, B. Balamurugan, and S. Eshwar, “Achieving privacy and security using QR code by means of encryption technique in ATM,” 2017 2nd Int. Conf. Recent Trends Chall. Comput. Models (ICRTCCM), 2017, pp. 281–285, doi: 10.1109/ICRTCCM.2017.36.
P.-Y. Lin and Y.-H. Chen, “QR code steganography with secret payload enhancement,” 2016 IEEE Int. Conf. Multimedia Expo Workshops (ICMEW), 2016, pp. 1-5, doi: 10.1109/ICMEW.2016.7574744.
Y.-M. Wang et al., “Secured graphic QR code with infrared watermark,” 2018 IEEE Int. Conf. Appl. Syst. Invent. (ICASI), 2018, pp. 690–693, doi: 10.1109/ICASI.2018.8394351.
L.F. Freitas, A.R. Nogueira, and M.E.V. Melgar, “Visual authentication scheme based on reversible degradation and QR code,” 2020 4th World Conf. Smart Trends Syst. Secur. Sustain. (WorldS4), 2020, pp. 58–63, doi: 10.1109/WorldS450073.2020.9210412.
M. Alajmi, I. Elashry, H.S. El-Sayed, and O.S.F. Allah, “Steganography of encrypted messages inside valid QR codes,” IEEE Access, vol. 8, pp. 27861–27873, Feb. 2020, doi: 10.1109/ACCESS.2020.2971984.
I. Tkachenko et al., “Two-level QR code for private message sharing and document authentication,” IEEE Trans. Inf. Forensics Secur., vol. 11, no. 3, pp. 571–583, Mar. 2016, doi: 10.1109/TIFS.2015.2506546.
Y. Zhou, B. Hu, Y. Zhang, and W. Cai, “Implementation of cryptographic algorithm in dynamic QR code payment system and its performance,” IEEE Access, vol. 9, pp. 122362–122372, Aug. 2021, doi: 10.1109/ACCESS.2021.3108189.
A.G. Konheim, Computer Security and Cryptography. Hoboken, USA: John Wiley & Sons, 2007.
Y. Zhao, Y. Li, and S. Wang, “Asymmetric deep hashing for person re-identifications,” Tsinghua Sci. Technol., vol. 27, no. 2, pp. 396–411, Apr. 2022, doi: 10.26599/TST.2021.9010014.
T. Kleinjung et al., “Factorization of a 768-Bit RSA Modulus,” in Advances in Cryptology – CRYPTO 2010, T. Rabin, Ed., Heidelberg, Germany: Springer Berlin, 2010, pp. 333–350, doi: 10.1007/978-3-642-14623-7_18.
© Jurnal Nasional Teknik Elektro dan Teknologi Informasi, under the terms of the Creative Commons Attribution-ShareAlike 4.0 International License.