Abstract
Mass transport ticketing with mobile phones is already deployed in many metropolitan areas, but current solutions and protocols are not secure, and they are limited to one-time or fixed-time ticketing in non-gated transport systems. The emergence of NFC-enabled phones with trusted execution environments makes it possible to not only integrate mobile phone ticketing with existing and future transport authority ticket readers, but also to construct secure protocols for non-gated travel eliminating many associated possibilities for ticketing fraud. This paper presents an architecture and implementation for such a system.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Smart Card Alliance. Transit and contactless financial payments: New opportunities for collaboration and convergence. A Smart Card Alliance Transportation Council White Paper (October 2006), http://www.smartcardalliance.org/resources/lib/Transit_Retail_Pmt_Report.pdf (accessed: August 2011)
Anderson, R., Bond, M., Choudary, O., Murdoch, S.J., Stajano, F.: Might Financial Cryptography Kill Financial Innovation? – The Curious Case of EMV. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 220–234. Springer, Heidelberg (2012)
ARM. Technical reference manual: Arm 1176jzf-s (trustzone-enabled processor), http://www.arm.com/pdfs/DDI0301D_arm1176jzfs_r0p2_trm.pdf
Brakewood, C.E.: Contactless prepaid and bankcards in transit fare collection systems. Master’s thesis, Massachusetts Institute of Technology (2010), http://hdl.handle.net/1721.1/60796
Coron, J.-S., Naccache, D., Stern, J.: On the Security of RSA Padding. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 1–18. Springer, Heidelberg (1999)
de Koning Gans, G., Hoepman, J.-H., Garcia, F.: A Practical Attack on the MIFARE Classic. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 267–282. Springer, Heidelberg (2008), 10.1007/978-3-540-85893-5_20
Ekberg, J.-E., Kylanpaa, M.: Mobile trusted module. Technical Report NRC-TR-2007-015, Nokia Research Center (November 2007), http://research.nokia.com/files/NRCTR2007015.pdf
EMV. Integrated Circuit Card Specifications for Payment System. Version 4.2, EMVCo (2008)
EMV. Contactless Specifications for Payment System. Version 2.1, EMVCo (2011)
NFC Forum. Logical Link Control Protocol. NFCForum-TS-LLCP_1.0, Technical Specification (2009)
Ghiron, S.L., Sposato, S., Medaglia, C.M., Moroni, A.: Nfc ticketing: A prototype and usability test of an nfc-based virtual ticketing application. In: First International Workshop on Near Field Communication, NFC 2009, pp. 45–50 (February 2009)
ISO/IEC 14443. Identification cards – Contactless integrated circuit cards – Proximity cards. ISO, Geneva, Switzerland (2008)
ISO/IEC 18092:2004. Information technology – Telecommunications and information exchange between systems – Near Field Communication – Interface and Protocol (NFCIP-1), 1st edn., ISO, Geneva, Switzerland (2004)
ISO/IEC 21481:2005. Information technology – Telecommunications and information exchange between systems – Near Field Communication Interface and Protocol -2 (NFCIP-2), 1st edn., Geneva (2005)
ISO/IEC 7812-1:2006. Identification Cards - Idnetification of issuers - Part 1: Numbering system, 3rd edn., ISO, Geneva (2006)
ISO/IEC 7816-4:2005. Identification cards - Integrated circuit cards - Part 4: Organization, security and commands for interchange, 2nd edn., ISO, Geneva, Switzerland (2005)
KooMan, F.: Using mobile phones for public transport payment. Master’s thesis, Radboud University Nijmegen (2009)
Kostiainen, K., Ekberg, J.-E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: ASIACCS 2009: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 104–115. ACM, New York (2009)
Lau, P.S.C.: Developing a contactless bankcard fare engine for transport for london. Master’s thesis, Massachusetts Institute of Technology (2009), http://hdl.handle.net/1721.1/55337
Luptak, P.: Public transport sms ticket hacking. Presented in Hacking at Random (2009), https://har2009.org/program/events/89.en.html
Mayes, K.E., Markantonakis, K., Hancke, G.: Transport ticketing security and fraud controls. Information Security Technical Report 14(2), 87–95 (2009); Smart Card Applications and Security
Mehta, S.: Analysis of future ticketing scenarios for transport for london. Master’s thesis, Massachusetts Institute of Technology (June 2006), http://hdl.handle.net/1721.1/34592
Parno, P., Lorch, J., Douceur, J., Mickens, J., McCune, J.: Memoir: Practical state continuity for protected modules. In: IEEE Symposium on Research in Security and Privacy (2011)
Global platform. Globalplatform card specification v2.2.1 (2011), http://www.globalplatform.org/specificationscard.asp
Srage, J., Azema, J.: M-Shield mobile security technology. TI White paper (2005), http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf
Wilcox, H.: Mobile ticketing: Transport, sport, entertainment event 2008-2013. Technical report, Juniper Research (October 2008), http://www.juniperresearch.com/reports.php?id=155 (accessed: July 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ekberg, JE., Tamrakar, S. (2012). Mass Transit Ticketing with NFC Mobile Phones. In: Chen, L., Yung, M., Zhu, L. (eds) Trusted Systems. INTRUST 2011. Lecture Notes in Computer Science, vol 7222. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32298-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-32298-3_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32297-6
Online ISBN: 978-3-642-32298-3
eBook Packages: Computer ScienceComputer Science (R0)