4,159 research outputs found
A Practical Set-Membership Proof for Privacy-Preserving NFC Mobile Ticketing
To ensure the privacy of users in transport systems, researchers are working
on new protocols providing the best security guarantees while respecting
functional requirements of transport operators. In this paper, we design a
secure NFC m-ticketing protocol for public transport that preserves users'
anonymity and prevents transport operators from tracing their customers' trips.
To this end, we introduce a new practical set-membership proof that does not
require provers nor verifiers (but in a specific scenario for verifiers) to
perform pairing computations. It is therefore particularly suitable for our
(ticketing) setting where provers hold SIM/UICC cards that do not support such
costly computations. We also propose several optimizations of Boneh-Boyen type
signature schemes, which are of independent interest, increasing their
performance and efficiency during NFC transactions. Our m-ticketing protocol
offers greater flexibility compared to previous solutions as it enables the
post-payment and the off-line validation of m-tickets. By implementing a
prototype using a standard NFC SIM card, we show that it fulfils the stringent
functional requirement imposed by transport operators whilst using strong
security parameters. In particular, a validation can be completed in 184.25 ms
when the mobile is switched on, and in 266.52 ms when the mobile is switched
off or its battery is flat
Future prospects for personal security in travel by public transport
This work was supported by the Engineering and Physical Sciences Research Council [grant number EP/I037032/1]. No other funding support from any other bodies was provided.Peer reviewedPublisher PD
Multi-RFID embedded Ticketing Kernel for MaaS
Trabalho de projeto de mestrado, Engenharia InformĂĄtica (Engenharia de Software) Universidade de Lisboa, Faculdade de CiĂȘncias, 2020The fast-growing human population is causing an ever-increasing trend of hyper urbanisation and globalisation, along with the popularisation of private cars to commute, which contributes to several environmental and health problems, for instance, high lev els of noise, congestion, and pollution. Hence, most cities are facilitating and enhancing commuting travel, thus, fostering the development of transportation. Todayâs urban transport networks are part of the daily lives of millions of people around the world, and in this era of digitalisation, servicising, and cashless economy the public transportation must also readjust. Therefore, contactless bank cards will make it reasonable to travel by public transport. It will be the first time in Portugal that a contactless bank card enables public transport to be accessed, travelled and charged. Such a solution would encourage the contactless debit or credit card to be an alternative to the proprietary transit card, thereby helping to enhance the usability and accessibility of public transport. With the launch of the contactless solution in public transport, a metropolitan area in Portugal will very well integrate a growing list of the worldâs major cities such as London, Singapore, Rio de Janeiro and New York. Moreover, new passengers gradually shift from maintaining a private car to the use of public transport means, which allows a diminution on the emission of fuel gases, and a reduction of the global pollution. In addition to that, public transport operators pains also decrease because proprietary cards are handled and managed by financial institutions, enabling the transport agencies to turn their attention to the core of their business, like the multi-modal mass transit and fare calculation. This pioneering project in Portugal involved several stakeholders, including Card4B, Visa, and Unicre. Accordingly, the project aimed to provide an open-loop model with con tactless and post-paid payments to integrate into the existing operation of transportation ticketing. Finally, the developed solution supports contactless transactions, and followed the âContactless Specifications for Payment Systemsâ. Successfully, the delivered solution was certified with an EMV Level 3 Certification for both Visa PayWave and MasterCard Contactless transactions
Contributions to the security and privacy of electronic ticketing systems
Un bitllet electrĂČnic Ă©s un contracte en format digital entre dues parts, l'usuari i el proveĂŻdor de serveis, on hi queda reflectit l'acord entre ambdĂłs per tal que l'usuari rebi el servei que desitja per part del proveĂŻdor. Els bitllets sĂłn emprats en diferents tipus de serveis, com esdeveniments lĂșdics o esportius, i especialment en l'Ă mbit del transport. En aquest cas permet reduir costos donat l'alt volum d'usuaris, a mĂ©s de facilitar la identificaciĂł del flux de viatges. Aquesta informaciĂł permet preveure i planificar els sistemes de transport de forma mĂ©s dinĂ mica.
La seguretat dels bitllets electrĂČnics Ă©s clau perquĂš es despleguin a l'entorn real, com tambĂ© ho Ă©s la privadesa dels seus usuaris. La privadesa inclou tant l'anonimitat dels usuaris, Ă©s a dir, una acciĂł no s'ha de poder atribuir fĂ cilment a un determinat usuari, com tambĂ© la no enllaçabilitat dels diferents moviments d'un determinat usuari.
En aquesta tesi proposem protocols de bitllets electrĂČnics que mantinguin les propietats dels bitllets en paper juntament amb els avantatges dels bitllets digitals. Primerament fem un estat de l'art amb les propostes relacionades, analitzant-ne els requisits de seguretat que compleixen. Presentem un protocol de bitllets electrĂČnics que incorpora els nous requisits de seguretat d'exculpabilitat i reutilitzaciĂł, diferents dels que haviem analitzat, tot complint tambĂ© la privadesa pels usuaris. Posteriorment, presentem una proposta de bitllets electrĂČnics adaptada als sistemes de pagament depenent de l'Ășs, bĂ sicament enfocat al transport, que incorpora tant l'anonimat pels usuaris, com tambĂ© la enllaçabilitat a curt termini, Ă©s a dir, complint la no enllaçabilitat dels diferents moviments del mateix usuari, perĂČ permetent la enllaçabilitat de les accions relacionades amb el mateix trajecte (p.ex. entrada i sortida). Finalment, mitjançant una evoluciĂł de la mateixa tĂšcnica criptogrĂ fica utilitzada en el sistema de pagament per Ășs, millorant-ne el temps de verificaciĂł per a mĂșltiples bitllets alhora (verificaciĂł en ``batch''), presentem una proposta que pot ser Ăștil per a varis sistemes de verificaciĂł massiva de missatges, posant com a cas d'Ășs l'aplicaciĂł a sistemes de xarxes vehiculars.An electronic ticket is a digital contract between two parties, that is, the user and the service provider. An agreement between them is established in order that the user can receive the desired service. These tickets are used in different types of services, such as sports or entertainment events, especially in the field of transport. In the case of transport, costs can be reduced due to the high volume of users, and the identification of the travel flow is facilitated. This information allows the forecast and planification of transport systems more dynamically.
The security of electronic tickets is very important to be deployed in the real scenarios, as well as the privacy for their users. Privacy includes both the anonymity of users, which implies that an action cannot be easily attributed to a particular user, and also the unlinkability of the different movements of that user.
This thesis presents protocols which keep the same security requirements of paper tickets while offering the advantages of digital tickets. Firstly, we perform a state of the art with the related proposals, by analysing the security requirements considered. We then present an electronic ticketing system that includes the security requirements of exculpability and reusability, thus guaranteeing the privacy for users. We later present a proposal of electronic ticketing systems adapted to use-dependant payment systems, especially focused on transport, which includes both the anonymity of users and the short-term linkability of their movements. The related actions of a journey of a determined user can be linkable between them (i.e. entrance and exit of the system) but not with other movements that the user performs. Finally, as an extension of the previous use-dependant payment system solution, we introduce the case of mass-verification systems, where many messages have to be verified in short time, and we present a proposal as a vehicular network use case that guarantees privacy for users with short-term linkability and can verify these messages efficiently
Recommended from our members
Exploring rail futures using scenarios: experience and potential
In 1995 the author of this paper undertook a scenario exercise for British Rail to identify priorities for rail science and technology developments under the new privatised regime. Four marketbased 2010 scenarios were developed for UK rail transport: 1) cost driven; 2) quality driven, 3)technology driven and 4) environmentally driven. These helped to identify areas of strategic R&D that were needed to improve railâs competitiveness.
It is now over a decade since this scenario exercise took place. This paper, updating an earlier review (Potter and Roy, 2000), revisits the 1995 scenarios and compares them to what actual market strategies emerged within the privatised railway industry. It explores whether the four scenarios did succeed in capturing the range of market responses that emerged from rail privatisation and what lessons this contains for the use of scenarios transport research
Revisiting public transport service delivery: exploring rail commutersâ attitudes towards fare collection and verification systems
Making Public Transport services more attractive and effective requires attractive and effective ticketing. This requires a clear understanding of user attitudes, needs and expectations. This study explored commutersâ attitudes to fare collection and verification and the underlying factors, their acceptance of the policy of âNo-ticket-purchase on-boardâ and their preferences for fare verification options. Commuters rated their agreement with 17 ticketing related statements in a cross-sectional questionnaire survey conducted along the corridor with the largest proportion of cross-county commuting in Sweden, Stockholm â Uppsala. Four sets of hypotheses were then tested. The average scores were normally distributed and hence analysed using a two-way ANOVA. A One-way chi-square test was conducted to determine the commutersâ preference for fare verification approach. A t-test was used to analyse the perceived quality of ticketing and the commutersâ reaction to the policy of âNo-ticket-purchase on-board PT vehicleâ. Whilst the results showed that the commuters were relatively uniform in their attitudes, income, commuting route, ticket type and ticket purchase channel affected their attitudes. They were neutral to the policy of âNo-ticket-purchase on-boardâ. Their attitude to fare collection was more positive than that of fare verification and they showed a preference for automatic fare verification. The study highlights a number of policy implications and recommends further research on the feasibility of passive fare verification and on commutersâ preferred options for fare verification
Blockchain based Identity Management and Ticketing for MaaS
Trabalho de projeto de mestrado, Engenharia Informatica (Engenharia de Software) Universidade de Lisboa, Faculdade de CiĂȘncias, 2020As time moves further into the 21st century, the world is progressively becoming more sophisticated, and our capacity to forecast the future is decreasing at the same rate. The emerging global problems require new kinds of tools paving the way to move forward. Across Europe, privatised public transport systems are frequently conceived in separation by an operator resulting in legacy systems with proprietary ticketing solutions causing fragmentation and lack of uniformity of information. The Mobility-as-a-Service (MaaS) concept promises to solve existing problems in the transport industry since it allows the integration of different mobility services, such as car and bicycle sharing, among others, with traditional public transport. To plan a trip, passengers have several mobility options, interconnected to each other, with a range of alternatives according to their preferences. However, it is a huge challenge to expand the MaaS network that includes several operators. Recent innovations in Blockchain and distributed ledger technologies, especially the current developments of smart contracts, it is expected that a novel distributed approach to MaaS is finally feasible. MaaS systems benefit from the power of Blockchain disruptive technology, improving transparency and trust among service providers thereby eliminat ing the middle tier. In order to implement the new MaaS concept and take advantage of the high volumes of data relating to passengers and their tickets, it is essential that trans port operators have a unified system, thus allowing each participant to create, view and modify the information. This project enables the development of a new ticketing solution based on Blockchain, with an Identity Management module capable of managing the identities of passengers across the entire system, as well as the creation of a MaaS application mock-up for the passenger. Finally, the proposed system is evaluated in terms of operation and perfor mance, according predefined use cases and requirements. Results are achieved in terms of the collaboration between multiple service providers operating on a single platform
- âŠ