skip to main content
10.1145/3422337.3447847acmconferencesArticle/Chapter ViewAbstractPublication PagescodaspyConference Proceedingsconference-collections
short-paper

Secure Pull Printing with QR Codes and National eID Cards: A Software-oriented Design and an Open-source Implementation

Published: 26 April 2021 Publication History

Abstract

With more systems becoming digitised, enterprises are adopting cloud technologies and outsourcing non-critical services to reduce the pressure on IT departments. In this process, it is crucial to achieving the right balance between costs, usability and security; prioritising security over the rest when handling sensitive data. Considering the print management, often off-premise, many enterprises report at least one print-related security incident that led to data loss in the past year. This problem can damage the enterprise business, especially considering the fines prescribed by current regulations or its reputation. Focusing on securing enterprise printing, pull printing is the set of technologies and processes that allow the release of print jobs according to specific conditions; typically user authentication and proximity to a printer. We design a software-oriented pull printing infrastructure that supports a print release mechanism using QR codes and electronic IDentity cards as a second-factor authenticator. Our solution addresses the costs, as any medium-size organisation can adopt our open-source solution without additional devices or access badges; and the user experience, as we offer a driverless print environment and a user-friendly mobile application.

Supplementary Material

MP4 File (CODASPY21-codas984d.mp4)
Matteo Leonelli from the Security&Trust (S&T) unit of the Fondazione Bruno Kessler (FBK) Italian research facility presents a software-oriented and open-source solution to adopt pull printing in enterprises. The goal is to take advantage of the benefits related to pull-printing while avoiding the costs and burdens typically associated with current software-oriented or hardware-based services. Matteo first introduces the benefits and drawbacks of pull-printing and then describes our approach: use employees' smartphones and QR codes for the print-release mechanism, and their eID cards as a second-factor authenticator. This solution avoids costly subscriptions, multi-function printers or dedicated smartcards. It also requires extra-steps only for sensitive prints. He then demonstrates the working from the user perspective and highlights the security mechanisms that protect the service and the privacy of user documents. He concludes with the preliminary performance evaluation and future directions.

References

[1]
European Parliament and Council of the European Union. Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market. http://data.europa.eu/eli/reg/2014/910/oj, 2014.
[2]
European Parliament and Council of the European Union. The General Data Protection Regulation (GDPR). https://eur-lex.europa.eu/eli/reg/2016/679, 2016.
[3]
OpenID Foundation. OpenID Connect Core 1.0 incorporating errata set 1. Technical report, OpenID Foundation, 2014.
[4]
GIXEL. European Card for e-Services and National e-ID Applications - IAS ECC. http://www.unsads.com/specs/IASECC/IAS_ECC_v1.0.1_UK.pdf, March 2008.
[5]
Google. Developer Security Best Practices. https://developer.android.com/topic/security/best-practices, Last accessed: 12/10/2020.
[6]
ICAO. Machine Readable Travel Documents. https://www.icao.int/publications/pages/publication.aspx?docnum=9303, 2015.
[7]
IPZS. CIE 3.0 -- Specifiche Chip. http://www.cartaidentita.interno.gov.it/wp-content/uploads/2016/07/cie_3.0_-_specifiche_chip.pdf, 2015.
[8]
Medium - Node.js Collection. Why the Hell Would You Use Node.js. https://link.medium.com/EN5qoDJIIdb, 2019.
[9]
European Network and Information Security Agency. Smartphone Guidelines Tool. https://www.enisa.europa.eu/topics/iot-and-smart-infrastructures/smartphone-guidelines-tool, 2019.
[10]
Quocirca. Global Print Security Landscape. https://quocirca.com/content/quocirca-global-print-security-landscape-2019, 2019.
[11]
Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP). A new fine for the application of gdpr. https://www.dataprotection.ro/index.jsp?page=O_noua_amenda_GDPR&lang=en, 2019.
[12]
Nat Sakimura, John Bradley, and Naveen Agarwal. Proof Key for Code Exchange by OAuth Public Clients (RFC7636). Internet Engineering Task Force (IETF), 2015.
[13]
Amir Sharif, Roberto Carbone, Silvio Ranise, and Giada Sciarretta. A Wizard-Based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps. In 16th International Conference on Security and Cryptography (SECRYPT), 2019.
[14]
Statcounter. Mobile Operating System Market Share Worldwide. https://gs.statcounter.com/os-market-share/mobile/worldwide, 2019.
[15]
The OWASP Foundation. OWASP Secure Coding Practices. Quick Reference Guide v2.0. https://www.owasp.org/images/0/08/OWASP_SCP_Quick_Reference_Guide_v2.pdf, 2010.
[16]
The OWASP Foundation. OWASP Mobile Top 10. https://owasp.org/www-project-mobile-top-10, 2016.
[17]
The OWASP Foundation. Top 10 Web Application Security Risks. https://owasp.org/www-project-top-ten/, 2017.

Index Terms

  1. Secure Pull Printing with QR Codes and National eID Cards: A Software-oriented Design and an Open-source Implementation

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      CODASPY '21: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy
      April 2021
      348 pages
      ISBN:9781450381437
      DOI:10.1145/3422337
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 26 April 2021

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. document confidentiality
      2. eid cards
      3. print management solutions

      Qualifiers

      • Short-paper

      Conference

      CODASPY '21
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 149 of 789 submissions, 19%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • 0
        Total Citations
      • 96
        Total Downloads
      • Downloads (Last 12 months)10
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 20 Feb 2025

      Other Metrics

      Citations

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media