Title: Advanced security of two-factor authentication system using stego QR code

Authors: Yacouba Kouraogo; Ghizlane Orhanou; Said Elhajji

Addresses: Laboratory of Mathematics, Computing and Applications – Information Security, Faculty of Sciences, Mohammed V University in Rabat, Rabat, Morroco ' Laboratory of Mathematics, Computing and Applications – Information Security, Faculty of Sciences, Mohammed V University in Rabat, Rabat, Morroco ' Laboratory of Mathematics, Computing and Applications – Information Security, Faculty of Sciences, Mohammed V University in Rabat, Rabat, Morroco

Abstract: Many financial institutions are trying to protect their customers by offering improved and more secure technologies for authentication. One of the most common is two-factor authentication (2FA), which presents many vulnerabilities that allow attackers to retrieve confidential information such as mobile transaction authentication (mTAN). Thus, according to NIST (National Institute of Standards and Technology), 2FA based on SMS is deprecated and aims to find a secure communication channel other than SMS. Therefore in this paper, we propose a 2FA communication channel based on steganography in the QR-code. So, the mTAN can only be read by a specific scanner that implements the technique of extracting the hidden information while having the shared key and the public information in the QR-code readable by the standard scanners. Finally, we implement our proposed method and then do the test by simulating a line banking service.

Keywords: steganography; QR code; two-factor authentication; 2FA; mobile transaction authentication number; mTAN; mobile security.

DOI: 10.1504/IJICS.2020.107451

International Journal of Information and Computer Security, 2020 Vol.12 No.4, pp.436 - 449

Received: 12 Jan 2018
Accepted: 22 Mar 2018
Published online: 29 May 2020 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article