On Protection of the User’s Privacy in Ubiquitous E-ticketing Systems based on RFID and NFC Technologies

Ivan Gudymenko

2013

Abstract

The issues of customer privacy in e-ticketing systems for public transport based on RFID/NFC technologies are addressed in this paper. More specifically, having described the target system, the specific privacy threats are identified and respectively classified. This is performed by analyzing the system under concern against the specifically defined privacy properties (pseudonymity, confidentiality, unlinkability). The process of the respective countermeasures development together with the recommendations for their integration into the real e-ticketing system for public transportation are further discussed.

References

  1. Bartels, C. et al. (2009). TR 03126 - Technische Richtlinie fr den sicheren RFID-Einsatz. TR 03126- 1: Einsatzgebiet “eTicketing im ffentlichen Personenverkehr”. BSI, Deutschland.
  2. Batina, L., , et al. (2010). Developing Efficient Blinded Attribute Certificates on Smart Cards via Pairings. In Gollmann, D. et al., editors, Smart Card Research and Advanced Application, volume 6035 of Lecture Notes in Computer Science, pages 209-222. Springer Berlin Heidelberg.
  3. Choi, W. and Roh, B.-h. (2006). Backward Channel Protection Method for RFID Security Schemes Based on Tree-Walking Algorithms. In Gavrilova, M. et al., editors, Computational Science and Its Applications - ICCSA 2006, volume 3983 of Lecture Notes in Computer Science, pages 279-287. Springer Berlin / Heidelberg.
  4. de Chantrac, G. and Graindorge, J.-L. (2009). Focus Paper on Privacy in Transport IFM Applications. IFM Project, http://www.ifm-project.eu/ fileadmin/WP2/Draft Deliverable 2.2.pdf. Draft Deliverable 2.2.
  5. Gudymenko, I. (2011). Protection of the Users Privacy in Ubiquitous RFID Systems. Masters thesis, Technische Universitt Dresden, Faculty of Computer Science.
  6. Heydt-Benjamin, T. et al. (2006). Privacy for Public Transportation. In Danezis, G. and Golle, P., editors, Privacy Enhancing Technologies, volume 4258 of Lecture Notes in Computer Science, pages 119. Springer Berlin Heidelberg.
  7. Hoepman, J.-H. et al. (2010). Privacy and Security Issues in e-Ticketing Optimisation of Smart Card-based Attribute-proving. In Cortier, V. et al., editors, Workshop on Foundations of Security and Privacy, FCSPrivMod 2010.
  8. ISO (2008-2011). ISO 14443 Standards family. Identification cards Contactless integrated circuit cards Proximity cards.
  9. Juels, A. and Pappu, R. (2002). Squealing Euros: Privacy Protection in RFID-Enabled Banknotes. In Financial Cryptography 03, pages 103-121. Springer-Verlag.
  10. Land Transport Authority (2012). www.ezlink.com.sg/index.php. 30.10.2012.
  11. Lim, T.-L. et al. (2008a). A Cross-layer Framework for Privacy Enhancement in RFID systems. Pervasive and Mobile Computing, 4(6):889-905.
  12. Lim, T.-L. et al. (2008b). Randomized Bit Encoding for Stronger Backward Channel Protection in RFID Systems. In Proceedings of the 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications, PERCOM 08, pages 40-49, Washington, DC, USA. IEEE Computer Society.
  13. Octopus Cards Limited (2012). Octopus. http:// www.octopus.com.hk/home/en/index.html. Accessed on 30.10.2012.
  14. Pfitzmann, A. (1999). Multilateral Security in Communications, chapter Technologies for Multilateral Security, pages 85-91. Addison-Wesley-Longman.
  15. Rannenberg, K. (2000). Multilateral Security A Concept And Examples for Balanced Security. In Proceedings of the 2000 workshop on New Security Paradigms, NSPW 00, pages 151-162, New York, NY, USA. ACM.
  16. Sadeghi, A.-R. et al. (2008). User Privacy in Transport Systems Based on RFID E-Tickets. In Bettini, C. et al., editors, Proceedings of the 1st InternationalWorkshop on Privacy in Location-Based Applications (PiLBA), Malaga, Spain.
  17. Trans Link Systems (2012). OV-Chipkaart. http:// www.ov-chipkaart.nl/. Accessed on 30.10.2012.
  18. Transport for London (2012). Oyster Online. https:// oyster.tfl.gov.uk/oyster/entry.do. Accessed on 30.10.2012.
  19. Weiser, M. (1991). The computer for the 21st century. Scientific American Special Issue on Communications, Computers, and Networks.
  20. Zanetti et al. (2011). On the Practicality of UHF RFID Fingerprinting: How Real is the RFID Tracking Problem? In Fischer-Hubner, S. and Hopper, N., editors, Privacy Enhancing Technologies, volume 6794 of Lecture Notes in Computer Science, pages 97-116. Springer Berlin / Heidelberg.
Download


Paper Citation


in Harvard Style

Gudymenko I. (2013). On Protection of the User’s Privacy in Ubiquitous E-ticketing Systems based on RFID and NFC Technologies . In Proceedings of the 3rd International Conference on Pervasive Embedded Computing and Communication Systems - Volume 1: PECCS, ISBN 978-989-8565-43-3, pages 86-91. DOI: 10.5220/0004339300860091


in Bibtex Style

@conference{peccs13,
author={Ivan Gudymenko},
title={On Protection of the User’s Privacy in Ubiquitous E-ticketing Systems based on RFID and NFC Technologies},
booktitle={Proceedings of the 3rd International Conference on Pervasive Embedded Computing and Communication Systems - Volume 1: PECCS,},
year={2013},
pages={86-91},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004339300860091},
isbn={978-989-8565-43-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Pervasive Embedded Computing and Communication Systems - Volume 1: PECCS,
TI - On Protection of the User’s Privacy in Ubiquitous E-ticketing Systems based on RFID and NFC Technologies
SN - 978-989-8565-43-3
AU - Gudymenko I.
PY - 2013
SP - 86
EP - 91
DO - 10.5220/0004339300860091