Privacy-Preserving Electronic Ticket Scheme with Attribute-based Credentials

Electronic tickets (e-tickets) are electronic versions of paper tickets, which enable users to access intended services and improve services' efficiency. However, privacy may be a concern of e-ticket users. In this paper, a privacy-preserving electronic ticket scheme with attribute-based credentials is proposed to protect users' privacy and facilitate ticketing based on a user's attributes. Our proposed scheme makes the following contributions: (1) users can buy different tickets from ticket sellers without releasing their exact attributes; (2) two tickets of the same user cannot be linked; (3) a ticket cannot be transferred to another user; (4) a ticket cannot be double spent; (5) the security of the proposed scheme is formally proven and reduced to well known (q-strong Diffie-Hellman) complexity assumption; (6) the scheme has been implemented and its performance empirically evaluated. To the best of our knowledge, our privacy-preserving attribute-based e-ticket scheme is the first one providing these five features. Application areas of our scheme include event or transport tickets where users must convince ticket sellers that their attributes (e.g. age, profession, location) satisfy the ticket price policies to buy discounted tickets. More generally, our scheme can be used in any system where access to services is only dependent on a user's attributes (or entitlements) but not their identities.Comment: 18pages, 6 figures, 2 table

Passengers information in public transport and privacy: Can anonymous tickets prevent tracking?

Abstract Modern public transportation companies often record large amounts of information. Privacy can be safeguarded by discarding nominal tickets, or introducing anonymization techniques. But is anonymity at all possible when everything is recorded? In this paper we discuss travel information management in the public transport scenario and we present a revealing case study (relative to the city of Cesena, Italy), showing that even anonymous 10-ride bus tickets may betray a user's privacy expectations. We also propose a number of recommendations for the design and management of public transport information systems, aimed at preserving the users’ privacy, while retaining the useful analysis features enabled by the e-ticketing technology

Privacy-Preserving Observation in Public Spaces

One method of privacy-preserving accounting or billing in cyber-physical systems, such as electronic toll collection or public transportation ticketing, is to have the user present an encrypted record of transactions and perform the accounting or billing computation securely on them. Honesty of the user is ensured by spot checking the record for some selected surveyed transactions. But how much privacy does that give the user, i.e. how many transactions need to be surveyed? It turns out that due to collusion in mass surveillance all transactions need to be observed, i.e. this method of spot checking provides no privacy at all. In this paper we present a cryptographic solution to the spot checking problem in cyber-physical systems. Users carry an authentication device that authenticates only based on fair random coins. The probability can be set high enough to allow for spot checking, but in all other cases privacy is perfectly preserved. We analyze our protocol for computational efficiency and show that it can be efficiently implemented even on plat- forms with limited computing resources, such as smart cards and smart phones

Privacy-preserving E-ticketing Systems for Public Transport Based on RFID/NFC Technologies

Pervasive digitization of human environment has dramatically changed our everyday lives. New technologies which have become an integral part of our daily routine have deeply affected our perception of the surrounding world and have opened qualitatively new opportunities. In an urban environment, the influence of such changes is especially tangible and acute. For example, ubiquitous computing (also commonly referred to as UbiComp) is a pure vision no more and has transformed the digital world dramatically. Pervasive use of smartphones, integration of processing power into various artefacts as well as the overall miniaturization of computing devices can already be witnessed on a daily basis even by laypersons. In particular, transport being an integral part of any urban ecosystem have been affected by these changes. Consequently, public transport systems have undergone transformation as well and are currently dynamically evolving. In many cities around the world, the concept of the so-called electronic ticketing (e-ticketing) is being extensively used for issuing travel permissions which may eventually result in conventional paper-based tickets being completely phased out already in the nearest future. Opal Card in Sydney, Oyster Card in London, Touch & Travel in Germany and many more are all the examples of how well the e-ticketing has been accepted both by customers and public transport companies. Despite numerous benefits provided by such e-ticketing systems for public transport, serious privacy concern arise. The main reason lies in the fact that using these systems may imply the dramatic multiplication of digital traces left by individuals, also beyond the transport scope. Unfortunately, there has been little effort so far to explicitly tackle this issue. There is still not enough motivation and public pressure imposed on industry to invest into privacy. In academia, the majority of solutions targeted at this problem quite often limit the real-world pertinence of the resultant privacy-preserving concepts due to the fact that inherent advantages of e-ticketing systems for public transport cannot be fully leveraged. This thesis is aimed at solving the aforementioned problem by providing a privacy-preserving framework which can be used for developing e-ticketing systems for public transport with privacy protection integrated from the outset. At the same time, the advantages of e-ticketing such as fine-grained billing, flexible pricing schemes, and transparent use (which are often the main drivers for public to roll out such systems) can be retained

Cloud terminals for ticketing systems

In this research work, we introduce the concept of a thin device implemented on a cloud platform for terminal devices on the front end of ticketing systems. Therefore, we propose the evolution of the traditional architecture of ticketing for a cloud based architecture in which the core processes of ticketing are offered through a Software-as-a-Service (SaaS) business model, which can be subscribed by transport operators that pay-per-use. Ticketing terminal devices (e.g., gates, validators, vending machines) are integrated in the cloud environment creating the concept for a ‘thin’ device. This approach is achieved by moving business logic from terminals to the cloud. Each terminal is registered to be managed by each own operator, configuring a multi-tenancy implementation which is vendor hardware independent, allowing to address elasticity and interoperability issues. The elasticity of the cloud will support the expansion/implosion of small (transport) operators business around electronic ticketing. In the near future, this ticketing solution will promote collaboration between operators

Leveraging Distributed Ledger Technology for Decentralized Mobility-as-a-Service Ticket Systems

Mobility-as-a-Service (MaaS) is a concept for combining different transport modes, including diverse mobility services, while facilitating their use through customer centricity (e.g., pay-as-you-go tariffs, unified interfaces). MaaS platforms offer access to different mobility services of various providers via MaaS ticket systems. IT governance of current ticket systems is largely assigned to central organizations that guide decisions on the ticket system design, modalities, and the participation of mobility providers. Mobility providers depend on decisions of system providers, which can cause discrimination of competitors in MaaS ticket systems and limit flexibility for customers. By distributing decision rights to multiple mobility providers, IT governance for MaaS ticket systems can be decentralized so that dependencies on single providers are reduced. Distributed Ledger Technology (DLT) can be suitable to technically support such decentralization. However, DLT causes new challenges (e.g., regarding confidentiality, cost, latency, and maintainability), which question the viable use of DLT in real-world deployments of MaaS ticket systems. We present a preliminary sociotechnical model of a decentralized ticket system, point out technical challenges for using DLT in decentralized ticket systems based on common requirements for MaaS platforms, and describe exemplary solutions to address these challenges. Thereby, we contribute to a better understanding about the viable use of DLT in MaaS ticket systems. Our results indicate that the use of Trusted Execution Environments (TEEs) is especially promising to increase performance and confidentiality. We outline future research directions regarding the applicability of TEEs in real-world MaaS ticket systems

An Enhancement of Security Standards based on Pseudonyms

ABSTRACT: Nowadays, numerous mobile terminals have been released into market with NFC which stands for Near Field Communication. The smart devices equipped with NFC have made to improve the effective utility range of NFC. Particularly, NFC electronic payment is expected to take place of credit cards in epayment. Regarding that, it is necessary to direct the attention of security issues in NFC. At present, the security standards make use of user's public key at a fixed value in key agreement process. The message's relevancy can be obtained at the public key of NFC. Based on, malicious attacker can form a profile by collecting the required messages which leads to the infringement of privacy of user. The planned work presents conditional privacy protection method based on pseudonyms to overcome the problems mentioned earlier. Two users can communicate to each other based on some set of rules by sending the conditional privacy preserved Protocol Data Unit through NFC terminals. Additionally, the communicating party's identity can be computed to resolve problem if occurs. The proposal is implemented in hardware using ARM 7processor and NFC readers. It works well in decreasing the update cost and computation overhead by taking the merit of physical characteristics of NFC

Privacy-preserving Payments for Transportation Systems

The operation of our society heavily relies on high mobility of people. Not only our social life but also our economy and trade are built upon a system where people need to be able to move around easily. The costs for building and maintaining a suitable transportation infrastructure to satisfy those needs are high, and to charge users is thus a central requirement. This calls for well functioning payment systems satisfying the multitude of requirements that transportation systems impose on them. Electronic payment systems have many benefits over traditional cash payments as they are easy to maintain, can be more secure, reduce revenue collection costs, and can reduce the execution time of a payment. However, as a drawback, currently employed electronic payment systems usually reveal a payer’s identity during a payment which greatly infringes customer privacy. In the transportation domain this allows to generate fine grain patterns of customers’ locations. Cryptographic payment protocols called e-cash have been proposed which allow to preserve a customer’s privacy. E-cash provides provable guarantees for both security and user privacy, as it allows secure, unlinkable payments which do not reveal the identity of the payer during a payment. From a security and privacy perspective these protocols present a good solution. However, even though e-cash protocols have been proposed three decades ago, there are relatively few actual implementations. One reason for this is their high computational complexity which makes an implementation on potential mobile payment devices rather difficult. While customers usually value their privacy they often do not accept to sacrifice convenience. A fast execution of payments is thus a hard constraint, which conflicts with the computational complexity of e-cash schemes. This dissertation analyzes how e-cash can be used to solve the issue of privacy in the domain of transportation payments while satisfying the unique requirements of transportation payment systems and achieving high security and ease of use. Highlyefficient implementations of the underlying cryptographic primitives of e-cash schemes on constrained devices as they might be used in the transportation setting are presented. Based on the efficient implementations of these primitives, e-cash schemes are analyzed with regards to speed and hardware requirements. The results show that e-cash presents a good solution for privacy-preserving payments in the domain of public transport, if the number of coins that have to be spent can be limited. It is further practically shown that this limitation can be alleviated relying on the e-cash based privacy-preserving pre-payments with refunds scheme (P4R). Moreover, it is demonstrated that the promising feature of supporting the encoding of user attributes into electronic coins can be implemented at only moderate extra cost. Finally, an ecash based e-mobility payment scheme is presented which highlights the flexibility and unique advantages of e-cash based transportation payment schemes