Abstract
Mass transport ticketing systems in most developed countries are making a rapid transition from ‘traditional’ paper or carton-based ticketing systems towards a contactless ‘smart card‘ based approach. This article discusses the main IT security aspects of mass transport ticketing systems (metro, bus, etc).
We introduce the standards that emerged over the years, and we outline the core functionality of the IT aspects of a mass transport ticketing system.
We discuss some examples, and subsequently we address security and anti-fraud aspects. We also put some security breaches related to the use of the Philips/NXP Mifare family in perspective. We describe an alternative approach such as proposed by Calypso, and formulate conclusions and lessons learnt.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Mifare Classic hack: Karsten Nohl, Starbug, HenrykPlötz, CCC report CCC’ 07, http://events.ccc.de/congress/2007/Fahrplan/events/2378.en.html
Calypso Network Association — www.calypsonet-asso.org
Eurosmart — ‘the voice of the smartcard industry’ — www.eurosmart.com
Refer to www.keylength.com
Public Transport Data Model — www.transmodel.org
Radbout University OV-chipcard wiki: https://ovchip.cs.ru.nl
Adam Laurie’s www.rfidiot.org library and website
Transport for London, the London Oyster card: tfl.gov.uk
TNO, ‘Security Analysis of the Dutch OV-Chipkaart,’ TNO report 34643, 2008. http://www.translink.nl/media/bijlagen/nieuws/TNO_ICT_-_Security_Analysis_OV-Chipkaart_-_public_report.pdf
UITP — the International Association of Public Transport — www.uitp.org
Mifare Ultralight hack report: http://staff.science.uva.nl/~delaat/sne-2006-2007/p41/report.pdf
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2009 Vieweg+Teubner | GWV Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
Sel, M., Seys, S., Verheul, E. (2009). The security of mass transport ticketing systems. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2008 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9283-6_37
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9283-6_37
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-0660-4
Online ISBN: 978-3-8348-9283-6
eBook Packages: Computer ScienceComputer Science (R0)