Advanced Security Protocols for Preventing QR Code Hacking

Abstract

The proposed project involves the development of a QR OTP-based authentication system, offering three distinct modes of operation: QR OTP Authentication,QR OTP Authentication with Time, and QR OTP Authentication with Location. The system aims to enhance security by integrating QR code scanning with One-Time Password (OTP) generation, which is verified by a server-side application. A Flask-based web application serves as the backend for displaying the QR code, OTP, and the relevant time or location for the authentication process.The system is designed to improve the overall security of mobile applications, especially in scenarios where enhanced authentication methods are required. The system integrates multiple layers of security: QR code scanning, OTP generation, time-based authentication, and location-based authentication. The QR OTP Authentication mode works by generating a unique OTP that is encoded into a QR code. The user then scans the QR code using an Android app developed on the Kodular platform, which includes a QR scanner, OTP generator, time checker, and location checker. Once the QR code is scanned, the OTP is extracted and validated. In the time-based authentication mode, the OTP is only valid for a specific time window, adding an additional layer of security. The location-based authentication mode ensures that the OTP is only valid within a specific geographical location, further enhancing the authentication process. The system employs ThingSpeak for database management, providing an efficient platform for real-time data storage and retrieval. APIs for authentication are implemented to allow seamless communication between the Flask backend and the Kodular Android app. The project’s primary objective is to ensure secure and convenient authentication, which could be applied to various online platforms, financial applications, and secure access systems.

Introduction

The increasing demand for secure authentication has led to the development of multi-factor systems beyond traditional passwords, biometrics, and OTPs, which have vulnerabilities like phishing and interception. This project proposes a QR OTP-based authentication system combining QR code scanning, time-sensitive OTPs, and location-based restrictions to enhance security against attacks such as man-in-the-middle and session hijacking.

The system consists of a Flask web app generating QR-encoded OTPs and an Android app that scans these codes and verifies the OTP with added checks for time and location validity, using ThingSpeak for cloud-based data management. This layered approach aims to provide stronger, flexible authentication suitable for high-security contexts.

Literature review highlights that integrating QR codes with OTPs reduces interception risks, time-based OTPs limit credential validity windows, and location-based checks confirm physical presence to prevent unauthorized access. Multi-factor approaches combining these elements improve overall resilience. Cloud-based OTP authentication is also emphasized for securing online services.

Challenges include dependency on GPS accuracy and internet connectivity, which may affect reliability in certain environments.

The system employs encryption (AES, RSA) to protect QR data and AI-driven phishing detection using NLP models (BERT, LSTM) to identify malicious QR codes before scanning. Experiments demonstrate high accuracy in distinguishing real versus phishing QR codes, improving security while maintaining usability with minimal delays. Scan logging enhances traceability by recording time, location, and device data.

Conclusion

The QR OTP-based authentication system provides a highly secure and efficient solution for user authentication, integrating multiple layers of security such as QR code scanning, OTP generation, time-based validation, and location-based authentication. By combining these factors, the system ensures that only authorized users can access sensitive information, making it significantly more secure than traditional password-based methods. The use of a Flask backend and Kodular Android app ensures scalability, flexibility, and a user-friendly experience. The integration with ThingSpeak as a cloud database adds real-time data management capabilities, ensuring that the authentication process is fast and reliable. This project addresses the growing demand for secure, multi-factor authentication systems, providing ascalable and adaptable solution suitable for a wide range of applications, from online banking to corporate security.

References

[1] Liu, M. S. \"QR Code-Based OTP Authentication for Enhanced Security,\" International Journal of Security and Applications, 2019. [2] Lee, J., & Hwang, K. \"Time-based Authentication Systems: A Review of Methods and Security,\" Journal of Computer Security, 2020. [3] Ahmed, K., & Sharma, P. R. \"Location-basedAuthentication in Mobile Systems,\" Journal of Mobile Computing, 2018. [4] Quick Response Code and Securities: https://www.ijsr.net/archive/v6i6/ART20174279.pdf. [5] QR Codes: How to Integrate A QR Code into Marketinghttp://www.crwgraphics.com/qr-codes-how-tointegrate-qrcode-into-marketingcampaign.htm. [6] Jun-Chou Chuang, Yu-Chen Hu & Hsien Ju Ko. A Novel Secret Sharing Technique Using QR Code, International Journal of Image Processing (IJIP), Volume. (4) : Issue (5), pp. 468-475, https://www.researchgate.net/publication/4960 3949_A_Novel_Secret_Sharing_Technique_U singQRCode. [7] R. L. Mason, \"Authentication Systems in Cloud Computing: Trends and Challenges,\" Cloud Computing Review, 2021. This paper examines the evolving trends in cloud-based authentication systems, particularly OTP-based solutions and their integration with various platforms, including mobile apps and web servers. [8] A. P. Jacobs and S. Zhang, \"Multi-Factor Authentication: Combining OTPs with Other Security Mechanisms,\" Cybersecurity Journal, 2019. The authors explore the concept of multi-factor authentication by combining OTPs with other factors such as time and location, emphasizing how these techniques can improve security in high-risk applications. [9] Quick Response (QR) Codes and Security Best Practiceshttps://krishisanskriti.org/vol_image/30Jan201902013002b%20%2 0%20%20%20Aquil%20Ahmad%20Khan%20%20372-374.pdf. [10] A. P. Jacobs and S. Zhang, \"Multi-Factor Authentication: Combining OTPs with Other Security Mechanisms,\" Cybersecurity Journal, 2019. The authors explore the concept of multi-factor authentication by combining OTPs with other factors such as time and location, emphasizing how these techniques can improve security in high-risk applications.

Copyright

Copyright © 2025 Ankita Shirfule, Pradnaya Talkhande, Prajkta Waghmare, Vaishnavi Shadangule, Prof. Gaurav Agrawal. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.