Securing KTP Data Using QR Code Modification and Elliptic Curve Cryptography
DOI:
https://doi.org/10.34818/INDOJC.2024.9.1.909Keywords:
QR Code, Identity Card, KTP, ECC, ECDSA, Elliptic Curve El-GamalAbstract
Identity Cards (KTP) are essential for Indonesian people. KTP contains personal information, such as National Identity Number (NIK), Name, Address, Gender, etc. Since KTP has essential data and is still printed conventionally, there is a vulnerability if the KTP is lost, and the owner's data is disclosed so that if an irresponsible person finds it, the data can be used for impersonating the owner. In the previous method proposed by Haque et al., [1], the data was stored in a QR Code. However, there was no verification method to legitimize the original owner, and the system did not have a login feature. To overcome the weakness of Haque et al., method [1], the owner's NIK is encrypted using the Elliptic Curve El-Gamal (ECEG) and further signed using ECDSA by the owners before storing it in the QR Code. For obtaining the owner's data in the database, the verification process should be done after the QR Code is scanned. Using the proposed method, the probability of success for a guessing attack is 1 / (n-1). Meanwhile, the probability of success for an impersonation attack is 1 / (q1 * q2 * l).
Downloads
References
S. Haque and R. Dybowski, “Advanced QR Code Based Identity Card: A New Era for Generating Student ID Card in Developing Countries,” in IEEE SIMS2014, Sheffield, UK, 2014, pp.76–82.
E. C. Ayeleso, A. Adekiigbe, N. C. Onyeka, and M. O. Oladele. (2017). Identity Card Authentication System Using QR Code and Smartphone. International Journal of Science, Engineering & Environmental Technology.2(9). 61- 68.Available:https://www.repcomseet.org/journal/AYELESO.pdf
Y. K. Saheed, T. T Salau-Ibrahim, and A. F. Kadri. (2016, December). Student Identity Card Based On Advanced Quick Response Code Technology. Computing, Information Systems, Development Informatics & Allied Research Journal. 7(4). 149-158. Available: https://www.researchgate.net/publication/328430187_Student_Identity_Card _Based_On_Advanced_ Quick_Response_Code_Technology
N. Koblitz. (1987, January). Elliptic Curve Cryptosystems. Mathematics of Computation. Volume 48, 203-209. Available: https://www.ams.org/mcom/1987-48-177/S0025-5718-1987-0866109-5/S0025- 5718-1987-0866109-5.pdf
D. Mahto and D. K. Yadav. (2017). RSA and ECC: A Comparative Analysis. International Journal of Applied Engineering Research. Volume 12, 9053-9061. Available: https://www.ripublication.com/ijaer17/ijaerv12n19_140.pdf
S. Ghoshal, P. Bandyopadhyay, S. Roy, and M. Baneree,"A Journey from MD5 to SHA-3," in Trends in Communication, Cloud, and Big Data, 2020, pp. 107–112.
N. J. G. Saho and E. C. Ezin, "Securing Document by Digital Signature through RSA and Elliptic Curve Cryptosystems," 2019 International Conference on Smart Applications, Communications and Networking (SmartNets), Sharm El Sheikh, Egypt, 2019, pp. 1-6.
T. Wellem, Y. Nataliani, and A. Iriani. (2022, September). Academic Document Authentication using Elliptic Curve Digital Signature Algorithm and QR Code. JOIV : International Journal on Informatics Visualization, 6(3), 667-675. Available: https://www.joiv.org/index.php/joiv/article/view/872
J. Holden, "Elliptic Curve Cryptography,” in The Mathematics of Secrets: Cryptography from Caesar Ciphers to Digital Encryption, 1st ed. New Jersey , US: Princeton University Press, 2017.
F. Mallouli, A. Hellal, N. S. Saeed, and F. A. Alzahrani, "A Survey on Cryptography: Comparative Study between RSA vs ECC Algorithms, and RSA vs El-Gamal Algorithms," 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), Paris, France, 2019, pp. 173-176.
L. C. Washington, "Elliptic Curve Cryptography," in Elliptic curves: Number Theory and Cryptography, 2nd ed. Florida, US: Chapman and Hall/CRC, 2008.
International Organization for Standardization & International Electrotechnical Commission, ISO/IEC 18004:2015 : Information technology - Automatic identification and data capture methods - QR Code bar code symbology specification, 3rd ed. Geneva, Switzerland: International Organization for Standardization & International Electrotechnical Commission, 2015.
Downloads
Published
How to Cite
Issue
Section
License
- Manuscript submitted to IndoJC has to be an original work of the author(s), contains no element of plagiarism, and has never been published or is not being considered for publication in other journals.Â
- Copyright on any article is retained by the author(s). Regarding copyright transfers please see below.
- Authors grant IndoJC a license to publish the article and identify itself as the original publisher.
- Authors grant IndoJC commercial rights to produce hardcopy volumes of the journal for sale to libraries and individuals.
- Authors grant any third party the right to use the article freely as long as its original authors and citation details are identified.
- The article and any associated published material is distributed under the Creative Commons Attribution 4.0License