This is my most recent university project. For this project, I had to work as part of a team to create a secure ticketing system. Firstly we performed a literature review, to gain a better understanding of the current systems and technological solutions that already exist (QR codes, low Bluetooth energy, NFC). We then decided to build a cross-platform QR code ticketing app using React Native, NodeJS and Firebase (and Firebase cloud functions). My team and I then had to apply some techniques we had read about in the literature review (such as dynamic qr codes) to plan and implement a solution. Firstly we created functionality designs, security designs (such as a threat tree and security model) and figma screen designs.

After this we then began development. We divided the project into different branches such as front_end, and cloud-functions. Code was created in the relevant branch and then merged to the main branch if there were no errors identified. I have contributed to both the cloud functions and front-end development within this project and made the presentation that my team and I used to present our project.

The app implements RBAC. There are two types of users: admins and customers. If a user is an admin then they are directed to the QR code scanning page. This page allows a user to scan a QR code and then query the database to check if it is valid or not. If a user is a customer then they are directed to the home page where they can buy tickets or view their already existing tickets. In order to combat ticket reselling we implemented a system where data such as the timestamp of when the QR code is generated is encrypted in the QR code. Only a QR code generated in the last 60 seconds is deemed valid. This is to help prevent screenshots of tickets to resell them. Whenever a user clicks on their purchased tickets and opens an event, a new QR code for that ticket will be generated. To further help combat ticket reselling I also prevented screenshots from being taken on android devices.