<div class="csl-bib-body">
<div class="csl-entry">Krombholz, K., Frühwirt, P., Kieseberg, P., Kapsalis, I., Huber, M., & Weippl, E. (2014). QR Code Security: A Survey of Attacks and Challenges for Usable Security. In <i>Human Aspects of Information Security, Privacy, and Trust</i> (pp. 79–90). Springer. https://doi.org/10.1007/978-3-319-07620-1_8</div>
</div>
-
dc.identifier.uri
http://hdl.handle.net/20.500.12708/157880
-
dc.description.abstract
QR (Quick Response) codes are two-dimensional barcodes
with the ability to encode di erent types of information. Because of their
high information density and robustness, QR codes have gained popularity
in various elds of application. Even though they o er a broad range
of advantages, QR codes pose signi cant security risks. Attackers can encode
malicious links that lead e.g. to phishing sites. Such malicious QR
codes can be printed on small stickers and replace benign ones on billboard
advertisements. Although many real world examples of QR code
based attacks have been reported in the media, only little research has
been conducted in this eld and almost no attention has been paid on
the interplay of security and human-computer interaction. In this work,
we describe the manifold use cases of QR codes. Furthermore, we analyze
the most signi cant attack scenarios with respect to the speci c
use cases. Additionally, we systemize the research that has already been
conducted and identi ed usable security and security awareness as the
main research challenges. Finally we propose design requirements with
respect to the QR code itself, the reader application and usability aspects
in order to support further research into to making QR code processing
both secure and usable.
de
dc.description.abstract
QR (Quick Response) codes are two-dimensional barcodes
with the ability to encode di erent types of information. Because of their
high information density and robustness, QR codes have gained popularity
in various elds of application. Even though they o er a broad range
of advantages, QR codes pose signi cant security risks. Attackers can encode
malicious links that lead e.g. to phishing sites. Such malicious QR
codes can be printed on small stickers and replace benign ones on billboard
advertisements. Although many real world examples of QR code
based attacks have been reported in the media, only little research has
been conducted in this eld and almost no attention has been paid on
the interplay of security and human-computer interaction. In this work,
we describe the manifold use cases of QR codes. Furthermore, we analyze
the most signi cant attack scenarios with respect to the speci c
use cases. Additionally, we systemize the research that has already been
conducted and identi ed usable security and security awareness as the
main research challenges. Finally we propose design requirements with
respect to the QR code itself, the reader application and usability aspects
in order to support further research into to making QR code processing
both secure and usable.
en
dc.language.iso
en
-
dc.relation.ispartofseries
Lecture Notes in Computer Science
-
dc.title
QR Code Security: A Survey of Attacks and Challenges for Usable Security
en
dc.type
Konferenzbeitrag
de
dc.type
Inproceedings
en
dc.relation.publication
Human Aspects of Information Security, Privacy, and Trust
-
dc.relation.isbn
978-3-319-07620-1
-
dc.relation.doi
10.1007/978-3-319-07620-1
-
dc.relation.issn
0302-9743
-
dc.description.startpage
79
-
dc.description.endpage
90
-
dc.type.category
Full-Paper Contribution
-
dc.relation.eissn
1611-3349
-
tuw.booktitle
Human Aspects of Information Security, Privacy, and Trust
-
tuw.container.volume
8533
-
tuw.journal.peerreviewed
false
-
tuw.peerreviewed
true
-
tuw.book.ispartofseries
Lecture Notes in Computer Science
-
tuw.relation.publisher
Springer
-
tuw.researchTopic.id
I6
-
tuw.researchTopic.name
Business Informatics
-
tuw.researchTopic.value
100
-
tuw.publication.orgunit
E194-01 - Forschungsbereich Software Engineering
-
tuw.publisher.doi
10.1007/978-3-319-07620-1_8
-
dc.description.numberOfPages
12
-
tuw.event.name
Second International Conference, HAS 2014, Held as Part of HCI International 2014
-
wb.sci
false
-
tuw.event.startdate
22-06-2014
-
tuw.event.enddate
27-06-2014
-
tuw.event.online
On Site
-
tuw.event.type
Event for scientific audience
-
tuw.event.place
Heraklion
-
tuw.event.country
GR
-
tuw.event.presenter
Krombholz, Katharina
-
wb.sciencebranch
Informatik
-
wb.sciencebranch.oefos
1020
-
item.fulltext
no Fulltext
-
item.cerifentitytype
Publications
-
item.openairecristype
http://purl.org/coar/resource_type/c_5794
-
item.languageiso639-1
en
-
item.openairetype
conference paper
-
item.grantfulltext
none
-
crisitem.author.dept
E194 - Institut für Information Systems Engineering
-
crisitem.author.dept
E194 - Institut für Information Systems Engineering
-
crisitem.author.dept
E194-01 - Forschungsbereich Information und Software Engineering
-
crisitem.author.orcid
0000-0001-7559-0912
-
crisitem.author.parentorg
E180 - Fakultät für Informatik
-
crisitem.author.parentorg
E180 - Fakultät für Informatik
-
crisitem.author.parentorg
E194 - Institut für Information Systems Engineering