A Secure End-to-End Key Exchange Mechanism by Cooperation of Multiple Devices Using QR Codes

Abstract

End-to-end key exchange for the subsequent secret sharing and secure communication between two remote parties has been an important issue due to the threats of eavesdropping and Man-In-The-Middle (MITM) attacks. In this paper, we propose a secure end-to-end key exchange mechanism between two remote parties by cooperation of multiple devices at each party using QR (Quick Response) codes. In the key exchange process, the data transmission will be conducted by two different applications via two different infrastructure networks, SMS (Short Message Service) via cellular network (e.g. LTE, 4G, etc) and Email via Ethernet respectively, between the two remote parties using two different devices at each party in order to mitigate security risks. Public-key cryptography will be adopted for the data transmission during the key exchange and the corresponding asymmetric key pair will be used only once. The data transmission within the multiple devices at each party only uses QR codes (scan and display) without involving any network based communication. The main contribution of this paper is that a novel secure end-to-end key exchange approach has been proposed in which unless both the devices using cellular network and Ethernet have been compromised or MITM attacked by the same attacker the key will not be leaked during the exchange process. We verified the main features of the proposed mechanism and confirmed the effectiveness of the design.