Call for Paper - Upcoming Issues

QRIS and GOST: A Symbiotic Approach for Secure QR Code Transactions

International Journal of Electronics and Communication Engineering
© 2023 by SSRG - IJECE Journal
Volume 10 Issue 5
Year of Publication : 2023
Authors : Y. Wahyu Agung Prasetyo, Robbi Rahim, Melda Agnes Manuhutu, S Sujito
10.14445/23488549/IJECE-V10I5P113
pdf
How to Cite?

Y. Wahyu Agung Prasetyo, Robbi Rahim, Melda Agnes Manuhutu, S Sujito, "QRIS and GOST: A Symbiotic Approach for Secure QR Code Transactions," SSRG International Journal of Electronics and Communication Engineering, vol. 10,  no. 5, pp. 139-148, 2023. Crossref, https://doi.org/10.14445/23488549/IJECE-V10I5P113

Abstract:

This study investigates using the GOST encryption algorithm to enhance security within the QRCode Indonesia Standard (QRIS). Given the ubiquity of QR Codes in digital transactions, particularly for Micro, Small, and Medium Enterprises (MSMEs), robust security measures are paramount. We evaluated the GOST algorithm’s ability to secure data within the QR Code, converting the code into an encrypted data carrier decipherable only via a specially-equipped QR Code reader. Our findings reveal that the GOST algorithm presents a potent defence mechanism against potential malicious attacks, offering a promising path for QR Code security enhancement. However, the comprehensive application of this measure within QRIS poses challenges, including the need for specialized reader applications and a broader understanding of encryption procedures. Future research opportunities lie in optimizing encryption processes, exploring alternative encryption algorithms, and developing user-friendly, secure QR Code reader applications, which could ultimately support a more secure standard for QR Code usage.

Keywords:

Cryptography, GOST, Security, QR code, QRIS.

References:

[1] Maziyar Ghasemi et al., “The Impact of Information Technology (IT) on Modern Accounting Systems,” Procedia - Social and Behavioral Sciences, vol. 28, pp. 112–116, 2011.
[CrossRef] [Google Scholar] [Publisher Link]
[2] I Kadek Dwi Perdana, and Ni Kadek Sinarwati, “Penerapan Transaksi Payment Gateway Berbasis QRIS Pada UMKM (Study Empiris Pada Pedagang di Pantai Penimbangan),” Bisma: Jurnal Manajemen, vol. 8, no. 2, pp. 331–337, 2022.
[Google Scholar] [Publisher Link]
[3] Diah Rahayu Ningsih, “Peran Financial Technology (Fintech) Dalam Membantu Perkembangan Wirausaha Umkm,” Prosiding Seminar Nasional Pendidikan Program Pascasarjana Universitas Pgri Palembang, pp. 70–277, 2020.
[Google Scholar] [Publisher Link]
[4] M. Indre Wanof , and Abdul Gani, “MSME Marketing Trends in the 4.0 Era: Evidence from Indonesia,” Apollo: Journal of Tourism and Business, vol. 1, no. 2, pp. 36–41, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Abu Muna Almaududi Ausat, Tareq Al Bana, Gadzali, Silvy Sondari Gadzali, “Basic Capital of Creative Economy: The Role of Intellectual, Social, Cultural, and Institutional Capital,” Apollo: Journal of Tourism and Business, vol. 1, no. 2, pp. 42–54, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Uce Karna Suganda, Nanang Rohman, “Analysis of the Factors that Influence the Competitive Advantage of SMEs in the City of Bandung,” Quantitative Economics and Management Studies, vol. 4, no. 1, pp. 75–83, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[7] RahayuPuji Suci et al., “Performance Maximization Strategy of Micro, Small & Medium Enterprises Through the Implementation of Quality of Work Life and Job Involvement,” Journal of Advanced Research in Dynamical and Control Systems, vol. 11, no. 8, pp. 2933–2942, 2019.
[Publisher Link]
[8] Joshua Seth Bruhn et al, MSME FINANCE GAP: Assessment of the Shortfalls and Opportunities in Financing Micro, Small and Medium Enterprises in Emerging Markets, International Finance Corporation, 2017.
[Google Scholar] [Publisher Link]
[9] Rahmaini Rahmaini et al., “Comparison Analysis of Seismic Base Shear 23 Regencies in Aceh Province Based on SNI 03-1726-2012 and SNI 03-1726-2019,” International Journal of Engineering, Science and Information Technology, vol. 2, no. 3, pp. 83–89, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[10] Agus Dedi Subagja, “Analysis of Factors Leading to E-commerce Adoption,” Apollo: Journal of Tourism and Business, vol. 1, no. 1, pp. 1–5, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Embracing the E-Commerce Revolution in Asia and the Pacific, Asian Development Bank, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Emmanuel Mogaji, and Nguyen Phong Nguyen, “Managers’ Understanding of Artificial Intelligence about Marketing Financial Services: Insights from a Cross-Country Study,” International Journal of Bank Marketing, vol. 40, no. 6, pp. 1272-1298, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Nemoto, Naoko, and Yoshino, Naoyuki, “Fintech for Asian SMEs,” Asian Development Bank Institute, 2019.
[Google Scholar] [Publisher Link]
[14] Otoritas Jasa Keuanga, “MSMEs through FinTech Financial Inclusion for Supporting,” Otoritas Jasa Keusngan, 2020.
[Publisher Link]
[15] Chidiebere U. Enukoha et al., “ICT Revolutions in the Banking Sector of Nigeria: Determinants of E-Payment Channels By Customers,” Quantitative Economics and Management Studies, vol. 3, no. 5, pp. 680–690, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Fasih Ur Rehman et al., “Data Defense: Examining Fintech’s Security and Privacy Strategies,” Engineering Proceedings -2nd International Conference on Emerging Trends in Electronic and Telecommunication Engineering, vol. 32, no. 1, pp. 3, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[17] Surya Tjahyadi, “Development Of QR Code-Based Data Sharing Web Application Using System Development Life Cycle Method,” Journal of Information System and Technology, vol. 2, no. 2, pp. 64–73, 2021.
[Google Scholar] [Publisher Link]
[18] Shruti Ahuja, “QR Codes and Security Concerns,” International Journal of Computer Science and Information Technologies, vol. 5, no. 3, pp. 3878-3879, 2014. [Google Scholar] [Publisher Link]
[19] Abbas M. Al-Ghaili et al., “QR Code-Based Authentication Method for IOT Applications Using Three Security Layers,” Telecommunication Computing Electronics and Control (TELKOMNIKA), vol. 18, no. 4, pp. 2004-2011, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[20] Krassie Petrova et al., “QR Codes Advantages and Dangers,” Proceedings of the 13th International Joint Conference on E-Business and Telecommunications, pp. 112–115, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[21] M. Indrasena Reddy, A.P. Siva Kumar, and K. Subba Reddy, “A Secured Cryptographic System Based on DNA and a Hybrid Key Generation Approach, Biosystems, vol. 197, pp. 104207, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[22] Wenbo Mao, Modern Cryptography: Theory and Practice, 2023. [Online]. Available : https://www.amazon.in/Modern-Cryptography-paperback-Hewlett-Packard-Professional/dp/013288741X
[23] Ahmad Syahir, and Chuah Chai Wen, “Secure Login Mechanism for Online Banking,” International Journal on Informatics Visualization, vol. 2, no. 3–2, pp.179-183, 2018.
[CrossRef] [Publisher Link]
[24] Heri Nurdiyanto et al., “Enhanced Pixel Value Differencing Steganography with Government Standard Algorithm,” 3rd International Conference on Science in Information Technology (ICSITech), pp. 366–371, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[25] Using the GOST 28147-89, GOST R 34.11-94, GOST R 34.10-94, and GOST R 34.10-2001 Algorithms with Cryptographic Message Syntax (CMS), 2006. [Online]. Available : https://datatracker.ietf.org/doc/html/rfc4490
[26] Muhammad Iqbal, Yudi Sahputra, and Andysah Putera Utama Siahaan, “The Understanding of GOST Cryptography Technique,” International Journal of Engineering Trends and Technology, vol. 39, no. 3, pp.168–172, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[27] Ela Sibel Bayrak Meydanoglu, “QR Code: An Interactive Mobile Advertising Tool,” International Journal of Business and Social Research, vol. 3, no. 9, pp. 26–32, 2013.
[Google Scholar] [Publisher Link]
[28] Naura Nafisa et al., “Quick Response Code Indonesian Standard (QRIS) Payment in Indonesian MSMEs: A Bibliometric Study,” Journal of Pharmaceutical Negative Results, vol. 13, no. 10, pp. 1223–1233, 2022.
[Google Scholar] [Publisher Link]
[29] Ming Tu et al., “The Adoption of QR Code Mobile Payment Technology During COVID-19: A Social Learning Perspective,” Frontiers in Psychology, vol. 12, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[30] Luh Putu Mahyuni, and I Wayan Arta Setiawan Bagaimana, “QRIS Menarik Minat UMKM ? Sebuah Model Untuk Memahani Intensi UMKM Menggunakan QRIS (How Does QRIS Attract Msmes ? A Model To Understand The Intentions Of SMES Using QRIS),” FORUM EKONOMI: Jurnal Ekonomi, Manajemen dan Akuntansi, vol. 23, no. 4, pp. 735–747, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[31] Jeevan M. Meruga et al., “Multi-Layered Covert QR Codes for Increased Capacity and Security,” International Journal of Computers and Applications, vol. 37, no. 1, pp. 17–27, 2015.
[CrossRef] [Google Scholar] [Publisher Link]
[32] Heider A. M. Wahsheh, and Flaminia L. Luccio, “Security and Privacy of QR Code Applications: A Comprehensive Study, General Guidelines and Solutions,” Information, vol. 11, no. 4, pp. 217, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[33] Ryan Randy Suryono, Indra Budi, and Betty Purwandari, “Challenges and Trends of Financial Technology (Fintech): A Systematic Literature Review,” Information, vol. 11, no. 12, pp. 590, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[34] Pulkit Garg et al., “Security and Privacy Issues Related to Quick Response Codes, Advances in Digital Forensics XVII, pp. 255–267, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[35] M. Taraka Rama Mokshagna Teja, and K. Praveen, “Prevention of Phishing Attacks Using QR Code Safe Authentication,” Inventive Computation and Information Technologies, vol. 336, pp. 361–372, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[36] Pei-Yu Lin et al., “A Confidential QR Code Approach with Higher Information Privacy,” Entropy, vol. 24, no. 2, pp. 284, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[37] Tasnuva Mahjabin et al., “A Survey of Distributed Denial-of-Service Attack, Prevention, and Mitigation Techniques,” International Journal of Distributed Sensor Networks, vol. 13, no. 12, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[38] Pooja Khandare, Sanjay Deokar, and Aarti Dixit, “Improvement of Traditional Protection System in the Existing Hybrid Microgrid with Advanced Intelligent Method,” International Journal of Data Science, vol. 1, no. 2, pp. 72–81, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[39] Philip R Zimmermann, “The official PGP user’s guide,” MIT Press, vol. 5, 1995. [Online]. Available :
https://web.pa.msu.edu/reference/pgpdoc1.html
[40] Rara Audia Utami et al., “Web-Based of The Regency Apparatus Work Unit Application at the Communications, Informatics, and Encryption Service of Bireuen Regency in Aceh Province,” International Journal of Engineering, Science and Information Technology, vol. 2, no. 4, pp. 162–171, 2022.
[Google Scholar] [Publisher Link]
[41] Ludmila Babenko, and Ekaterina Maro, “Algebraic Cryptanalysis of GOST Encryption Algorithm,” Journal of Computer and Communications, vol. 2, pp. 10–17, 2014.
[CrossRef] [Google Scholar] [Publisher Link]
[42] Tonni Limbong et al., “The Implementation of Computer-Based Instruction Model on Gost Algorithm Cryptography Learning, IOP Conference Series: Materials Science and Engineering, vol. 420, pp. 012094, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[43] Pratiksha Sethi, and V. Kapoor, “A Proposed Novel Architecture for Information Hiding in Image Steganography by Using Genetic Algorithm and Cryptography,” Procedia Computer Science, vol. 87, pp. 61–66, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[44] Vincent Rijmen, and Elisabeth Oswald, “Update on SHA-1,” Topics in Cryptology – CT-RSA 2005, pp. 58–71, 2005.
[CrossRef] [Google Scholar] [Publisher Link]
[45] Nicolas T. Courtois, “Cryptanalysis of Two GOST Variants with 128-Bit Keys,” Cryptologia, vol. 38, no. 4, pp. 348–361, 2014.
[CrossRef] [Google Scholar] [Publisher Link]
[46] Bingke Ma et al., “Improved Cryptanalysis on Reduced-Round GOST and Whirlpool Hash Function,” Applied Cryptography and Network Security, pp. 289–307, 2014.
[CrossRef] [Google Scholar] [Publisher Link]
[47] Ardabek Khompysh et al., “Design of Substitution Nodes (S-Boxes) of a Block Cipher Intended for Preliminary Encryption of Confidential Information,” Cogent Engineering, vol. 9, no. 1, pp. 1-14, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[48] P.Priya, and R.Jayakumar, “Cryptography Based Privacy Preserving Data Transmission in Hybrid Wireless Networks,” International Journal of Computer & organization Trends (IJCOT), vol. 6, no. 6, pp. 5-9, 2016.
[Publisher Link]
[49] Koji Nagata, Do Ngoc Diep, and Tadao Nakamura, “Quantum Cryptography Based on An Algorithm of Determining all the Mappings of a Function” International Journal of P2P Network Trends and Technology, vol. 9, no. 6, pp. 1-4, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[50] Hamza Faham et al., “A New Fast Iterative Decoder of Product Codes Based on Hash and Syndromes and Optimized by Genetic Algorithms,” International Journal of Engineering Trends and Technology, vol. 70, no. 12, pp. 289-295, 2022.
[CrossRef] [Publisher Link]
[51] Abdülkadir Çakir, and Seyit Akpancar, “ROS-Based Control of the DJI Matrice 100 Robot with QR Images Obtained from DJI Guidance,” International Journal of Engineering Trends and Technology, vol. 68, no. 1, pp. 45-50, 2020.
[CrossRef] [Google Scholar] [Publisher Link]