research-article

Identity verification schemes for public transport ticketing with NFC phones

Authors:

Sandeep Tamrakar,

Jan-Erik Ekberg,

N. AsokanAuthors Info & Claims

STC '11: Proceedings of the sixth ACM workshop on Scalable trusted computing

Pages 37 - 48

https://doi.org/10.1145/2046582.2046591

Published: 17 October 2011 Publication History

Abstract

Public transport ticketing with mobile phones has in recent years become a possible reality as the standards for Near-Field Communications (NFC) are being taken up in mass transport ticketing, and the use of contactless smartcards for small value payments like ticketing is as well being deployed. We examine the feasibility of using mobile phone with a hardware Trusted Execution Environment for identity verification of transport ticketing with a perspective focusing on security and performance. We provide measurements based on an implementation in contemporary mobile phone hardware, and discuss our results by comparing with other proposed identity-verification ticketing solutions in light of the constraints set by usability and practical considerations as indicated by transport authorities.

References

[1]

R. Anderson, M. Bond, O. Choudary, S. J. Murdoch, and F. Stajano. Financial cryptography kill financial innovation? - the curious case of emv. In G. Danezis, editor, Financial Cryptography and Data Security, Lecture Notes in Computer Science. Springer Berlin / Heidelberg, 2011.

Digital Library

[2]

ARM. Technical reference manual: Arm 1176jzf-s (trustzone-enabled processor). http://www.arm.com/pdfs/DDI0301D_arm1176jzfs_r0p2_trm.pdf.

[3]

G. de Koning Gans. Analysis of the mifare classic used in the ov-chipkaart project. Master's thesis, Radboud University Nijmegen., June 2008. http://www.sos.cs.ru.nl/applications/rfid/2008-koning-thesis.pdf.

[4]

G. de Koning Gans, J.-H. Hoepman, and F. Garcia. A practical attack on the mifare classic. In G. Grimaud and F.-X. Standaert, editors, Smart Card Research and Advanced Applications, volume 5189 of Lecture Notes in Computer Science, pages 267--282. Springer Berlin / Heidelberg, 2008. 10.1007/978-3-540-85893-5_20.

Digital Library

[5]

G. de Koning Gans, J.-H. Hoepman, and F. Garcia. A practical attack on the mifare classic. In G. Grimaud and F.-X. Standaert, editors, Smart Card Research and Advanced Applications, volume 5189 of Lecture Notes in Computer Science, pages 267--282. Springer Berlin / Heidelberg, 2008. 10.1007/978-3-540-85893-5_20.

Digital Library

[6]

J.-E. Ekberg and M. Kylanpaa. Mobile trusted module. Technical Report NRC-TR-2007-015, Nokia Research Center, November 2007. http://research.nokia.com/files/NRCTR2007015.pdf.

[7]

EMV. Contactless Specifications for Payment System. Version 2.1, EMVCo, 2011.

[8]

F. Garcia, G. de Koning Gans, R. Muijrers, P. van Rossum, R. Verdult, R. Schreur, and B. Jacobs. Dismantling mifare classic. In S. Jajodia and J. Lopez, editors, Computer Security - ESORICS 2008, volume 5283 of Lecture Notes in Computer Science, pages 97--114. Springer Berlin / Heidelberg, 2008. 10.1007/978-3-540-88313-5_7.

Digital Library

[9]

F. Garcia, P. van Rossum, R. Verdult, and R. Wichers Schreur. Wirelessly pickpocketing a mifare classic card. Security and Privacy, IEEE Symposium on, 0:3--15, 2009.

Digital Library

[10]

S. Ghiron, S. Sposato, C. Medaglia, and A. Moroni. Nfc ticketing: A prototype and usability test of an nfc-based virtual ticketing application. In Near Field Communication, 2009. NFC '09. First International Workshop on, pages 45--50, feb. 2009.

Digital Library

[11]

Global platform. Globalplatform card specification v2.2.1, 2011. http://www.globalplatform.org/specificationscard.asp.

[12]

ISO/IEC 14443. Identification cards -- Contactless integrated circuit cards -- Proximity cards. ISO, Geneva, Switzerland, 2008.

[13]

ISO/IEC 18092:2004. Information technology - Telecommunications and information exchange between systems - Near Field Communication - Interface and Protocol (NFCIP-1). First edition, ISO, Geneva, Switzerland, 2004.

[14]

ISO/IEC 21481:2005. Information technology -- Telecommunications and information exchange between systems -- Near Field Communication Interface and Protocol -2 (NFCIP-2). First edition, Geneva, 2005.

[15]

ISO/IEC 7816-4:2005. Identification cards - Integrated circuit cards - Part 4: Organization, security and commands for interchange. Second edition, ISO, Geneva, Switzerland, 2005.

[16]

K. Kostiainen, J.-E. Ekberg, N.Asokan, and A. Rantala. On-board credentials with open provisioning. In ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pages 104--115, New York, NY, USA, 2009. ACM.

Digital Library

[17]

P. S. C. Lau. Developing a contactless bankcard fare engine for transport for london. Master's thesis, Massachusetts Institute of Technology, 2009. http://hdl.handle.net/1721.1/55337.

[18]

P. Luptak. Public transport sms ticket hacking, 2009. Presented in Hacking at Random https://har2009.org/program/events/89.en.html.

[19]

G. Madlmayr. Uncovered: The hidden nfc potential of the google nexus s and the nokia c7. http://www.nearfieldcommunicationsworld.com /2011/02/13/35913/uncovered-the-hidden-nfc-potential-of-the-google-nexus-s-and-the-nokia-c7/ (accessed July 2011).

[20]

K. E. Mayes, K. Markantonakis, and G. Hancke. Transport ticketing security and fraud controls. Information Security Technical Report, 14(2):87 -- 95, 2009. Smart Card Applications and Security.

Digital Library

[21]

S. Mehta. Analysis of future ticketing scenarios for transport for london. Master's thesis, Massachusetts Institute of Technology., June 2006. http://hdl.handle.net/1721.1/34592.

[22]

Smart Card Alliance. Transit and contactless financial payments: New opportunities for collaboration and convergence. A Smart Card Alliance Transportation Council White Paper, October 2006. http://www.smartcardalliance.org/resources/lib/ Transit_Retail_Pmt_Report.pdf (Accessed: August 2011).

[23]

J. Srage and J. Azema. M-Shield mobile security technology, 2005. TI White paper. http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf.

[24]

H. Wilcox. Mobile ticketing: Transport, sport, entertainment event 2008--2013. Technical report, Juniper Research, October 2008. http://www.juniperresearch.com/reports.php?id=155 (Accessed: July 2011).

Cited By

Bieler MSkretting ABudinger PGronli T(2022)Survey of Automated Fare Collection Solutions in Public TransportationIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2022.316160623:9(14248-14266)Online publication date: Sep-2022
https://doi.org/10.1109/TITS.2022.3161606
Koutroumpouchos NNtantogian CXenakis C(2021)Building Trust for Smart Connected Devices: The Challenges and Pitfalls of TrustZoneSensors10.3390/s2102052021:2(520)Online publication date: 13-Jan-2021
https://doi.org/10.3390/s21020520
Marsic VKampert EHiggins M(2021)Position Discrimination of a 2.4 GHz IEEE 802.15.4 RF Mobile Source Inside-Outside a Vehicle2021 International Conference on Smart Applications, Communications and Networking (SmartNets)10.1109/SmartNets50376.2021.9555414(1-6)Online publication date: 22-Sep-2021
https://doi.org/10.1109/SmartNets50376.2021.9555414
Show More Cited By

Index Terms

Identity verification schemes for public transport ticketing with NFC phones
1. Networks
  1. Network protocols

Recommendations

Mass transit ticketing with NFC mobile phones
INTRUST'11: Proceedings of the Third international conference on Trusted Systems

Mass transport ticketing with mobile phones is already deployed in many metropolitan areas, but current solutions and protocols are not secure, and they are limited to one-time or fixed-time ticketing in non-gated transport systems. The emergence of NFC-...
A secure NFC mobile payment protocol based on biometrics with formal verification

In this paper, we propose a secure NFC mobile payment protocol based on biometrics SNMPBs using wireless public key infrastructure WPKI and universal integrated circuit card UICC. Electronic signatures generated in this protocol are considered qualified ...
Toward a NFC Phone-Driven Context Awareness Smart Environment
UIC-ATC '09: Proceedings of the 2009 Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing

Near Field Communication (NFC) is a two-way communication technology based on RFID. NFC-equipped phone (NFC phone) that embed the NFC technology into cellular phone earns increasingly attention in business, such as payment and ticketing. This paper ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

STC '11: Proceedings of the sixth ACM workshop on Scalable trusted computing

October 2011

86 pages

ISBN:9781450310017

DOI:10.1145/2046582

Conference Chair:
Shouhuai Xu
University of Texas, San Antonio, USA
,
General Chair:
Yan Chen
Northwestern University, USA
,
Program Chairs:
Ahmad-Reza Sadeghi
TU Darmstadt, Germany
,
Xinwen Zhang
Huawei Research Center, USA

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 October 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'11

Sponsor:

SIGSAC

CCS'11: the ACM Conference on Computer and Communications Security

October 17, 2011

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 17 of 31 submissions, 55%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
1,192
Total Downloads

Downloads (Last 12 months)19
Downloads (Last 6 weeks)5

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Bieler MSkretting ABudinger PGronli T(2022)Survey of Automated Fare Collection Solutions in Public TransportationIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2022.316160623:9(14248-14266)Online publication date: Sep-2022
https://doi.org/10.1109/TITS.2022.3161606
Koutroumpouchos NNtantogian CXenakis C(2021)Building Trust for Smart Connected Devices: The Challenges and Pitfalls of TrustZoneSensors10.3390/s2102052021:2(520)Online publication date: 13-Jan-2021
https://doi.org/10.3390/s21020520
Marsic VKampert EHiggins M(2021)Position Discrimination of a 2.4 GHz IEEE 802.15.4 RF Mobile Source Inside-Outside a Vehicle2021 International Conference on Smart Applications, Communications and Networking (SmartNets)10.1109/SmartNets50376.2021.9555414(1-6)Online publication date: 22-Sep-2021
https://doi.org/10.1109/SmartNets50376.2021.9555414
Anggoro ODzulfikar MPurwandari BMishbah M(2019)Secure Smartphone-Based NFC Payment to Prevent Man-in-the-Middle Attack2019 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS)10.1109/ICIMCIS48181.2019.8985191(109-114)Online publication date: Oct-2019
https://doi.org/10.1109/ICIMCIS48181.2019.8985191
Bouazzouni MConchon EPeyrard F(2018)Trusted mobile computingFuture Generation Computer Systems10.1016/j.future.2016.05.03380:C(596-612)Online publication date: 1-Mar-2018
https://dl.acm.org/doi/10.1016/j.future.2016.05.033
Badra MBadra R(2016)A Lightweight Security Protocol for NFC-based Mobile PaymentsProcedia Computer Science10.1016/j.procs.2016.04.15683(705-711)Online publication date: 2016
https://doi.org/10.1016/j.procs.2016.04.156
Sabt MAchemlal MBouabdallah A(2015)Trusted Execution EnvironmentProceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 0110.1109/Trustcom.2015.357(57-64)Online publication date: 20-Aug-2015
https://dl.acm.org/doi/10.1109/Trustcom.2015.357
Gudymenko IPoet RMuttukrishnan R(2014)A Privacy-Preserving E-Ticketing System for Public Transportation Supporting Fine-Granular Billing and Local ValidationProceedings of the 7th International Conference on Security of Information and Networks10.1145/2659651.2659706(101-108)Online publication date: 9-Sep-2014
https://dl.acm.org/doi/10.1145/2659651.2659706
Zhuang ZZhang JGeng W(2014)Analysis and Optimization to an NFC Security Authentication Algorithm Based on Hash FunctionsProceedings of the 2014 International Conference on Wireless Communication and Sensor Network10.1109/WCSN.2014.56(240-245)Online publication date: 13-Dec-2014
https://dl.acm.org/doi/10.1109/WCSN.2014.56
Arfaoui GGambs SLacharme PLalande JLescuyer RPaillès J(2014)A Privacy-Preserving Contactless Transport Service for NFC SmartphonesMobile Computing, Applications, and Services10.1007/978-3-319-05452-0_24(282-285)Online publication date: 2014
https://doi.org/10.1007/978-3-319-05452-0_24
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents