Abstract
We propose an application of recent advances in e-cash, anonymous credentials, and proxy re-encryption to the problem of privacy in public transit systems with electronic ticketing. We discuss some of the interesting features of transit ticketing as a problem domain, and provide an architecture sufficient for the needs of a typical metropolitan transit system. Our system maintains the security required by the transit authority and the user while significantly increasing passenger privacy. Our hybrid approach to ticketing allows use of passive RFID transponders as well as higher powered computing devices such as smartphones or PDAs. We demonstrate security and privacy features offered by our hybrid system that are unavailable in a homogeneous passive transponder architecture, and which are advantageous for users of passive as well as active devices.
This research was partially supported by NSF CNS-052072 and a Ford Foundation Diversity Fellowship.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Juels, A., Molnar, D., Wagner, D.: Security and Privacy Issues in E-passports. In: Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm, Athens, Greece, IEEE, Los Alamitos (2005)
Molnar, D., Wagner, D.: Privacy and Security in Library RFID: Issues, Practices, and Architectures. In: Pfitzmann, B., Liu, P. (eds.) Conference on Computer and Communications Security – ACM CCS, Washington DC, USA, pp. 210–219. ACM Press, New York (2004)
Avoine, G., Oechslin, P.: RFID Traceability: A Multilayer Problem. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)
Dimitriou, T.: A Lightweight RFID Protocol to Protect Against Traceability and Cloning Attacks. In: Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm, Athens, Greece, IEEE, Los Alamitos (2005)
Sarma, S., Weis, S., Engels, D.: Radio-Frequency Identification: Security Risks and Challenges. Cryptobytes, RSA Laboratories 6, 2–9 (2003)
Vajda, I., Buttyán, L.: Lightweight Authentication Protocols for Low-Cost RFID Tags. In: Second Workshop on Security in Ubiquitous Computing – Ubicomp 2003, Seattle, WA, USA (2003)
Handschuh, H., Paillier, P.: Smart Card Crypto-Coprocessors for Public Key Cryptography. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820, pp. 386–394. Springer, Heidelberg (2000)
Trichina, E., Bucci, M., Seta, D.D., Luzzi, R.: Supplemental Cryptographic Hardware for Smart Cards. IEEE Micro 21, 26–35 (2001)
Mohammed, E., Emarah, A., El-Shennawy, K.: Elliptic Curve Cryptosystems on Smart Cards. In: SEC 2002: Proceedings of the IFIP TC11 17th International Conference on Information Security, Deventer, The Netherlands, pp. 311–322. Kluwer, B.V, Dordrecht (2002)
Poupard, G., Stern, J.: On the Fly Signatures Based on Factoring. In: CCS 1999: Proceedings of the 6th ACM conference on Computer and communications security, pp. 37–45. ACM Press, New York (1999)
Juels, A.: Minimalist Cryptography for Low-Cost RFID Tags. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)
Camenisch, J., Lysyanskaya, A.: An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: EUROCRYPT, Innsbruck(Typrol), Austria, IACR (2001)
Camenisch, J., Lysyanskaya, A.: Signature Schemes and Anonymous Credentials from Bilinear Maps. In: CRYPTO, Santa Barbara, CA, USA (2004)
Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact E-Cash. In: EUROCRYPT, Aarhus, Denmark, IACR, pp. 302–321 (2005)
Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS) (2005)
Ateniese, G., Hohenberger, S.: Proxy Re-Signatures: New Definitions, Algorithms, and Applications. In: Proceedings of the 12th ACM conference on Computer and communications security (CCS 2005), Alexandria, VA, USA, pp. 310–319. ACM Press, New York (2005)
Federal Transit Administration: Federal Transit Administration National Transit Database. WWW (2006), http://www.ntdprogram.com
The Smart Card Alliance: Hong Kong Octopus Card. WWW (2006), http://www.smarcardalliance.org/pdf/about_alliance/user_profiles/Hong_Kong_Octopus_Card.pdf
Winters, N.: Personal Privacy and Popular Ubiquitous Technology. In: Ubiconf, London, United Kingdom (2004)
Roschke, G.: Notes from an Information Law Student. In: WWW (2006) (Last viewed February 24, 2006), http://luminousvoid.net/archives/16/wmata-responds
Maxey, C., Benjamin, P.: Seamless Fare Collection: Using Smart Cards for Multiple-Mode Transit Trips. In: WWW (2006), http://www.apta.com/research/info/briefings/documents/maxey.pdf
Bono, S., Green, M., Stubblefield, A., Juels, A., Rubin, A., Szydlo, M.: Security Analysis of a Cryptographically-Enabled RFID Device. In: USENIX Security Symposium, Baltimore, Maryland, USA, USENIX, pp. 1–16 (2005)
The Smart Card Alliance: Smart Card Talk Standards. The Smart Card Alliance Newsletter (2006) January issue
Washington Metropolitan Area Transit Authority: WMATA Privacy Policy Proposal. WWW (2006), http://www.wmata.com/about/parp2.cfm
Washington Metropolitan Area Transit Authority: WMATA Privacy Policy. WWW (2006), http://www.wmata.com/about/parp_docs/pi_9_2_0.pdf
San Francisco Bay Area Rapid Transit District: Bay Area Rapid Transit (BART) Fiscal Year 2004 Annual Report. WWW (2006)
Chaum, D.: Security without Identification: Transaction Systems to Make Big Brother Obsolete. CACM 28 (1985)
Guerineau, P.: Active RFID Technology Applied to Security Improvement and Statistical Control in Public Transit. In: Automatic Fare Collection. New Horizons in Public Transport with Smart Cards, Brussels, Belgium, International Union of Public Transport (2002)
Juels, A., Syverson, P., Bailey, D.: High-Power Proxies for Enhancing RFID Privacy and Utility. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, Springer, Heidelberg (2006)
McDaniel, T.L., Haendler, F.: Advanced RF Cards for Fare Collection. In: Commercial Applications and Dual-Use Technology Conference Proceedings, National Telesystems Conference, pp. 31–35 (1993)
Ateniese, G., Camenisch, J., de Medeiros, B.: Untraceable RFID Tags via Insubvertible Encryption. In: Conference on Computer and Communications Security – CCS 2005, Alexandria, Virginia, USA, ACM Press, New York (2005)
Kang, J., Nyang, D.: RFID Authentication Protocol with Strong Resistance Against Traceability and Denial of Service Attacks. In: Molva, R., Tsudik, G., Westhoff, D. (eds.) ESAS 2005. LNCS, vol. 3813, pp. 164–175. Springer, Heidelberg (2005)
Ranasinghe, D., Engels, D., Cole, P.: Low-Cost RFID Systems: Confronting Security and Privacy. In: Auto-ID Labs Research Workshop, Zurich, Switzerland (2004)
Juels, A., Rivest, R., Szydlo, M.: The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy. In: Atluri, V. (ed.) 8th ACM Conference on Compuer and Communications Security, pp. 103–111 (2003)
Attoh-Okine, N., Shen, L.: Security Issues of Emerging Smart Cards Fare Collection Application in Mass Transit. In: Vehicle Navigation and Information Systems Conference, pp. 523–526 (1995)
Sim, L., Seow, E., Prakasam, S.: Implementing an Enhanced Integrated Fare System for Singapore. Public Transport International 53, 34–37 (2004)
Neve, M., Peeters, E., Samyde, D., Quisquater, J.J.: Memories: A Survey of Their Secure Uses in Smart Cards. In: IEEE Security in Storage Workshop, pp. 62–72 (2003)
Anderson, R., Kuhn, M.: Tamper Resistance - A Cautionary Note. In: The Second USENIX Workshop on Electronic Commerce Proceedings, pp. 1–11 (1996)
Damgård, I., Dupont, K., Pedersen, M.Ø.: Unclonable Group Identification. Cryptology ePrint Archive, Report 2005/170 (2005), http://eprint.iacr.org/
Burgess, J., Gallagher, B., Jensen, D., Levine, B.: Maxprop: Routing for vehicle-based disruption-tolerant networks. In: Proc. IEEE INFOCOM (2006)
Zhao, W., Ammar, M., Zegura, E.: A Message Ferrying Approach for Data Delivery in Sparse Mobile Ad Hoc Networks. In: MobiHoc 2004: Proceedings of the 5th ACM international symposium on Mobile ad hoc networking and computing, pp. 187–198. ACM Press, New York (2004)
Zhao, W., Ammar, M.H.: Message Ferrying: Proactive Routing in Highly-Partitioned Wireless Ad Hoc Networks. In: FTDCS 2003: Proceedings of the The Ninth IEEE Workshop on Future Trends of Distributed Computing Systems (FTDCS 2003), p. 308. IEEE Computer Society, Washington (2003)
Chaum, D., Fiat, A., Naor, M.: Untraceable Electronic Cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, New York (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Heydt-Benjamin, T.S., Chae, HJ., Defend, B., Fu, K. (2006). Privacy for Public Transportation. In: Danezis, G., Golle, P. (eds) Privacy Enhancing Technologies. PET 2006. Lecture Notes in Computer Science, vol 4258. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11957454_1
Download citation
DOI: https://doi.org/10.1007/11957454_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68790-0
Online ISBN: 978-3-540-68793-1
eBook Packages: Computer ScienceComputer Science (R0)