Nothing Special   »   [go: up one dir, main page]
Skip to main content
SpringerLink
Log in

The security of mass transport ticketing systems

  • Chapter
ISSE 2008 Securing Electronic Business Processes

Abstract

Mass transport ticketing systems in most developed countries are making a rapid transition from ‘traditional’ paper or carton-based ticketing systems towards a contactless ‘smart card‘ based approach. This article discusses the main IT security aspects of mass transport ticketing systems (metro, bus, etc).

We introduce the standards that emerged over the years, and we outline the core functionality of the IT aspects of a mass transport ticketing system.

We discuss some examples, and subsequently we address security and anti-fraud aspects. We also put some security breaches related to the use of the Philips/NXP Mifare family in perspective. We describe an alternative approach such as proposed by Calypso, and formulate conclusions and lessons learnt.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Mifare Classic hack: Karsten Nohl, Starbug, HenrykPlötz, CCC report CCC’ 07, http://events.ccc.de/congress/2007/Fahrplan/events/2378.en.html

    Google Scholar 

  2. Calypso Network Association — www.calypsonet-asso.org

    Google Scholar 

  3. Eurosmart — ‘the voice of the smartcard industry’ — www.eurosmart.com

    Google Scholar 

  4. Refer to www.keylength.com

    Google Scholar 

  5. Public Transport Data Model — www.transmodel.org

    Google Scholar 

  6. Radbout University OV-chipcard wiki: https://ovchip.cs.ru.nl

    Google Scholar 

  7. Adam Laurie’s www.rfidiot.org library and website

    Google Scholar 

  8. Transport for London, the London Oyster card: tfl.gov.uk

    Google Scholar 

  9. TNO, ‘Security Analysis of the Dutch OV-Chipkaart,’ TNO report 34643, 2008. http://www.translink.nl/media/bijlagen/nieuws/TNO_ICT_-_Security_Analysis_OV-Chipkaart_-_public_report.pdf

    Google Scholar 

  10. UITP — the International Association of Public Transport — www.uitp.org

    Google Scholar 

  11. Mifare Ultralight hack report: http://staff.science.uva.nl/~delaat/sne-2006-2007/p41/report.pdf

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. PricewaterhouseCoopers Enterprise Advisory Services, Belgium

    Marc Sel, Stefaan Seys & Eric Verheul

Authors
  1. Marc Sel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefaan Seys
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eric Verheul
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Norbert Pohlmann Helmut Reimer Wolfgang Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Vieweg+Teubner | GWV Fachverlage GmbH, Wiesbaden

About this chapter

Cite this chapter

Sel, M., Seys, S., Verheul, E. (2009). The security of mass transport ticketing systems. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2008 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9283-6_37

Download citation

  • DOI: https://doi.org/10.1007/978-3-8348-9283-6_37

  • Publisher Name: Vieweg+Teubner

  • Print ISBN: 978-3-8348-0660-4

  • Online ISBN: 978-3-8348-9283-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation