Scytl Secure Electronic Voting, Spain
Universitat Autònoma de Barcelona, Spain
QR, Security, Steganography, Electronic Voting.
Data and Application Security and Privacy
Information and Systems Security
Quick Response (QR) codes, used to store machine readable information, have become very common nowadays and have found many applications in different scenarios. One of such applications is electronic voting systems. Indeed, some electronic voting systems are starting to take advantage of these codes, e.g. to hold the ballots used to vote, or even as a proof of the voting process. Nevertheless, QR codes are susceptible to steganographic techniques to hide information. This steganographic capability enables a covert channel that in
electronic voting systems can suppose an important threat. A misbehaving equipment (e.g. infected with malware) can introduce hidden information in the QR code with the aim of breaking voters’ privacy or enabling coercion and vote-selling. This paper shows a method for hiding data inside QR codes and an implementation of a QR writer/reader application with steganographic capabilities. The paper analyses different possible attacks to electronic voting systems
that leverage the steganographic properties of the QR codes. Finally, it proposes some solutions to detect the mentioned attacks.