- Open Access
- Authors : Jyoti Yadav , Yash Aggarwal , Vaishali Goel , Ayush Bahuguna
- Paper ID : IJERTV10IS060417
- Volume & Issue : Volume 10, Issue 06 (June 2021)
- Published (First Online): 06-07-2021
- ISSN (Online) : 2278-0181
- Publisher Name : IJERT
- License: This work is licensed under a Creative Commons Attribution 4.0 International License
PDF Security using QR Captcha
Implementation of QR Captcha for PDF Security and Ease for Visually Impaired using QR Scanner App
Jyoti Yadav
Student B.Tech, Computer Science Engineering. , A.D.G.I.T.M Delhi, India.
Yash Aggarwal
Student B.Tech, Computer Science Engineering. , A.D.G.I.T.M, Delhi, India.
Vaishali Goel
Assistant Professor, Department Of Computer Science Engineering. , A.D.G.I.T.M (Formerly Northern India Engineering College)Delhi, India
Ayush Bahuguna
Student B.Tech, Computer Science Engineering. , A.D.G.I.T.M, Delhi, India.
AbstractThis is an extension to our previously published paper presented in IJERT Journal in which we describe how can we eliminate security concerns related to captchas using the concept of QR Captcha which is equally beneficial for person with special needs and solves numerous problems related to captcha security. Now this an implementation of our previously researched topic. The emerging technologies of this new world are a devastating threat to the society. We will be looking various threats associated with Portable Document Format (PDF) security, why PDF security is a big concern and how can QR captcha helps us to solve this problem. There is also an extension amended in the QR captcha model by implementing our own customized two way authentication QR scanning application which is used to enhance the security to another level. The integrated system is always a add on security feature, which we are trying to create through our application development idea. We are implementing the QR Captcha protection technique on PDF downloading process to protect it from various threats available online like spamming, phishing, file injection etc. and make PDF downloading a hassle free process without any worries about malwares. An extension in QR Captcha is made by developing an application which is built using latest React Native 5 technology.
KeywordsDocument Malware Protection, PDF Security, QR Code Authentication
- INTRODUCTIONSecurity is a highly concerned issue in this fast growing road to 5G world, but we have to remind ourself that with great power comes great responsibility. We cant ignore the alarming concerns which are rising with advancement of various technologies. We have to keep evolving and make the necessary advancement in the existing available technologies. We did our research on the available security concerns of PDF downloading and came to a solution of using QR captcha as a way to make it a secure process [1]. We will look into all the concerns and then describe our idea how we implemented it to cope up with all the security concerns available. We also describe the progressive functioning of our application which will create a integratedenvironment or our idea implementation of QR Captcha and will be including the available images of our live project. The paper is organized in a way in which firstly we will make an analysis of various threats available with PDF security. Next, we see how we are implementing QR captcha as a gateway in downloading various files[4]. Lastly we are here presenting our newly developed application which will work as a two way authentication QR scanner, which is going to be an upgrade in already existing QR captcha technology.
- VARIOUS THREATS AVAILABLE FOR PDF DOWNLOADINGPortable Document Format (PDF) is the widely used file format available in todays world but with greater use comes greater security concerns and there are several arising security problems associated with their use and downloading. PDF has acquired various powerful programming features from different progressive version[10]. Various PDF security analysis are done till date which throw light on various vulnerabilities associated with PDF security we will be looking at them one by one as mentioned below :
- Phishing Attack PDF BasedThis attack exploits the capabilities of PDF language to accurately and faithfully describe a given document or data. The full screen mode enables the user to display a PDF document that perfectly mimics any website. The attack is performed through following steps:
- User opens the fake website and enter his details like email and password.
- while connecting, the PDF file transparently launches the email client and displays a fake. This email proposes to send a security certificate to the bank for security control reasons. [8].
- If the user accept the request to send the email then his details will be hacked.
- PDF Based Two Step AttackIn this attack the hacker wants to make fool of a privileged user and make him execute a executable code which is being attached to the PDF file. The executable code later targets the windows OS[8].
- PDF File InjectionAll There are several ways of injecting a hacked code along with PDF file as mentioned below[8]:
- JavaScript Code This code could end up running malicious files.
- URLS They are used to bypass various antivirus and other engines from detecting threats in email content, they embedded malicious content in PDF.
- Embedded File There are many other types of file that can be embedded and exploited by hackers.
- Encrypted File To deceive detection engines it is possible to embed a malicious file inside PDF.
There are various ways to exploit the content of PDF but not a single measure is available to solve this problem so our idea is to implement a two way authentication in form of QR captcha which has its own advantage as mentioned in earlier published research related to QR Captcha which is also suitable for visually impaired people.
- Phishing Attack PDF BasedThis attack exploits the capabilities of PDF language to accurately and faithfully describe a given document or data. The full screen mode enables the user to display a PDF document that perfectly mimics any website. The attack is performed through following steps:
- IMPLEMENTATION OF QR CAPTCHA The pdf security is implemented by using QR captcha asits base , a QR scanner app is used to scan the provided QR code which stores the encrypted password. The QR scanner app then decrypts the password and display it to the user (QR scanner app can also recite the password for visually impaired ).User then verifies the password which gives them the access to some protected URL or Data (In our case PDF ) and the download of the requested pdf in initiated automatically [1].Figure 1. (Downloaded PDF)
Figure 2. (Download button)
Figure 3. (Welcome Page)
Figure 4. (Description)
Figure 5. (QR Code)
These are the live images of our website which we create to show the actual functioning of our idea. Website is having
a download button which will fetch a QR code and a pdf will only get opens after scanning the QR code and decrypts its code then only it shows the content of actual PDF which is exactly what depicted by the above images.
- IDEA PROTOTYPE & APPLICATION DEVELOPMENTThe implementation of QR Captcha remains the same and the idea prototype is described below:Figure 6. (Idea Prototype) [1]The implementation of QR captcha will require an application for scanning which is developed this time on our own. Which will use to decrypt the authenticated code and make the PDF secure so that it will protect itself from spam alerts and download safely.
The implementation of QR captcha remains the same the add on is the application development part which is shown below: We are using react native to create our app for both Android and IOS. Also we are using latest react-navigation 5 in our project. QR code scanner is implemented by using QR-code-scanner library.
Figure 7. (Application welcome page)
Figure 8. (figure caption)
Fgure 9. (scanner-image)
The application is developed using react- navigation 5 as we mentioned earlier which is basically a QR scanner to decrypt the code. It is simply depicting the same in above images. It is not highly customized as per design but we are constantly making changes to turn this into a fully furnished product. All the changes will be reflected in the future upgradation because there will always some scope of improvement left in any technology developed ever.
- RESULT AND DISCUSSION
This is a small contribution from our side to this humongous evolving world of new technologies. We tried our best to provide every minute detail regarding this project. As mentioned in previous paper we have already implemented the QR scanning application in this paper to make greater advancement in PDF security. But the evolution still can be done further. There is scope of extending this technology
further and we are keeping this opportunity open to all. If anyone reading this want to make use this idea and do further extension you are most welcome to use this paper and do further research based on your perspective and this a great way of giving back to the society.
We are also planning to not stop here and dont miss this opportunity to dig this topic further because this is a completely new technology and there is a lot to research further as a possible way of making high upgradation to this new world of captcha.
FUTURE SCOPE
As a future endeavor we are planning to implement this technology of QR captcha on some different available cybersecurity tools which need a protection also for human with special needs. There are immense number of opportunities available around us on which we can use this idea which will be beneficial for society and there is no logic to stop here. Hope to really make a comeback soon with a massive upgradation cum implementation. Till then everyone reading this is allowed to make extensions. We tried our best to solve the major concerns related to PDF downloading protection problem but there will always some space left for improvement and everyone is allowed to do so.
ACKNOWLEDGEMENT
We would like to thank our college professor and our guide in this project Ms. Vaishali Mam, who provided insight and expertise which are immensely helpful in completion of this project. We are immensely grateful for her comments on earlier version of manuscript although any errors are our own. Through their guidance it has been a cakewalk for us and we would like to take her supervision in our future endeavors also. I am grateful for the generosity and expertise of all the people behind completion of this research paper without them it would not have been possible. Thanks to each one of them.
CONCLUSION
Cybersecurity is a very vast topic which keeps on expanding as the world in which we are living, is becoming far more connected than ever before as every day we are making new inventions and improvements. In this research paper we have shown, a successfully implemented QR captcha authentication on PDF security, to minimize the security concerns related to malware detection when hackers inject a JavaScript code which get self-executed while downloading the PDF file. We also developed a self-customized application to provide maximum protection. We tried our best to solve the major concerns related to PDF downloading protection problem but there will always some space. We have also showed different threats available to PDF security and attaching malware to the PDF is a major concern which will hopefully minimize the problem to certain extent.
REFERENCES
- QR Captcha by Jyoti Yadav, Yash Aggarwal, Vaishali Goel. https://www.ijert.org/research/qr-captcha- IJERTV9IS120169.pdf..
- How secure is PDF? www.cs.cmu.edu
- Cyber Security: Understanding Cyber Crimes- Sunit Belapure Nina Godbole.
- What are the Risk associated with PDF files? By security.stackexchange.com
- A Study Of Cybersecurity Challenges and Its emerging Trends On latest Technology by G. Nikhita Reddy G.J. Ugander Reddy
- IEEE Security and Privacy Magazine
- The Security risk Assessment Methodology by Chunlin Liu,Chong-Kuan Tan, Yea Saen Fang
- PDF Security Analysis And Malware Threats by Eric Filiol.
- V. Premanand, A. Meipppane, V. Arulalan, V. Arulalan”Survey on CAPTCHA and its Techniques for BOT protection , Smashing Magazine , 2015 International Journal Of Computer Applications 109(5):1-4
- Can PDF files be dangerous? Article by gatefy.com