Steganography of Encrypted Messages Inside Valid QR Codes

Steganography is considered the first line of defense in information security as it hides a secret message (payload) inside an innocent looking file (container) to transfer the payload under the adversary's nose without noticing it. Steganographic systems only use the container to hide the payload. In this paper, we present a steganographic system that uses the container not only to hide the payload, but also to give misleading information to the adversary. To achieve this goal, we use quick response (QR) code as a container. QR codes generated by our proposed system can carry its ordinary message in addition to the payload. Anyone can read the message, but the payload can only be obtained using a secret key. The message and the payload are unrelated; i.e. any message can be generated regardless of the payload and vise versa. We can take advantage of that by generating a message that gives misleading information to the adversary. We test the proposed system and show that the generated QR code is (valid) i.e indistinguishable from an ordinary QR code which makes it look innocent and less susceptible to an adversary's attack. Moreover, it is space-efficient, has an acceptable level of noise immunity and is prone to steganalysis attacks.