QR Code Authentication with Embedded Message Authentication Code

摘要

Quick Response (QR) code is widely used nowadays but its authenticity is an open issue. Attackers can easily replace the original barcode by a modified one which is generated through the standard encoder. This paper proposes to embed the authentication data such as message authentication code and cryptographic signature for QR code authentication. The scheme utilizes the redundancy of the error correction codewords to store the authentication data while still maintaining the default error correction capability. The stego barcode can be decoded by common users with a standard barcode decoder. The embedded data can be extracted with the knowledge of the barcode structure and the embedding process. The authenticity of the QR codes can then be verified off-line by the authorized user as and when needed. In our experiment, 100 % of the embedded data and encoded information can be retrieved correctly in the decodable barcodes with the off-the-shelf cameras. Security analysis shows that the proposed scheme is secure against attacks in tampering the barcode content. Compared with the existing data hiding scheme, the proposed method has much higher embedding capacity under the same error correction level.