Privacy-Preserving Public Transport Ticketing System

  • Milica Milutinovic
  • Koen Decroix
  • Vincent Naessens
  • Bart De Decker
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9149)


The public transport ticketing systems are undergoing significant changes in recent years. The tickets can now be issued and presented in digital form, significantly improving the user experience. The digital data is also used to improve the services’ efficiency. Travelling patterns and route occupancy can be analysed to adjust the frequency and coverage of the service. However, data recorded by the providers extends the information that is needed for simple analysis. The travel passes that are issued usually contain unique identifiers, allowing to trace the movement of users, which can even be linked to their identities. In order to tackle these privacy issues, we propose a novel, privacy-preserving ticketing system, based on a scheme for issuing and redemption of unlinkable certified tokens. The design also allows offering advanced services, such as reduction plans or monthly passes, without introducing privacy concerns. Even though the travellers’ actions cannot be linked, the service providers are given assurances against possible misuse, and are able to control the usage of the issued products. Additionally, experimental evaluation shows that the system performance is adequate for practical applications.


Smart Card Privacy Concern Blind Signature Commitment Scheme Blind Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abe, M., Okamoto, T.: Provably Secure Partially Blind Signatures. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 271–286. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  2. 2.
    Balasch, J., Rial, A., Troncoso, C., Preneel, B., Verbauwhede, I., Geuens, C.: PrETP: privacy-preserving electronic toll pricing. In USENIX Symposium (2010)Google Scholar
  3. 3.
    Bellare, M., Goldreich, O.: On defining proofs of knowledge. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 390–420. Springer, Heidelberg (1993) Google Scholar
  4. 4.
    Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000) Google Scholar
  5. 5.
  6. 6.
    Camenisch, J.L., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  7. 7.
    Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology, pp. 199–203. Springer, Boston (1982)Google Scholar
  8. 8.
    de Koning Gans, G., Hoepman, J.-H., Garcia, F.D.: A practical attack on the MIFARE classic. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 267–282. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  9. 9.
    Eun, H., Lee, H., Oh, H.: Conditional privacy preserving security protocol for NFC applications. IEEE Trans. Consum. Electron. 59(1), 153–160 (2013)CrossRefGoogle Scholar
  10. 10.
    Foss, T.: Safe and secure intelligent transport systems (ITS). In: Transport Research Arena 5th Conference: Transport Solutions from Research to Deployment (2014)Google Scholar
  11. 11.
    Heydt-Benjamin, T.S., Chae, H.-J., Defend, B., Fu, K.: Privacy for public transportation. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 1–19. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  12. 12.
    Jorns, O., Jung, O., Quirchmayr, G.: A privacy enhancing service architecture for ticket-based mobile applications. In: The Second International Conference on Availability, Reliability and Security, ARES 2007, pp. 139–146. IEEE (2007)Google Scholar
  13. 13.
    Kerschbaum, F., Lim, H.W., Gudymenko, I.: Privacy-preserving billing for e-ticketing systems in public transportation. In: Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, WPES 2013 (2013)Google Scholar
  14. 14.
    Meiklejohn, S., Mowery, K., Checkoway, S., Shacham, H.: The phantom tollbooth: privacy-preserving electronic toll collection in the presence of driver collusion. In: USENIX Symposium (2011)Google Scholar
  15. 15.
    Milutinovic, M., Dacosta, I., Put, A., De Decker, B.: An efficient and unlinkable incentives scheme. CW Reports CW659, Department of Computer Science, KU Leuven (2014)Google Scholar
  16. 16.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992) Google Scholar
  17. 17.
    Pelletier, M.-P., Trpanier, M., Morency, C.: Smart card data use in public transit: a literature review. Transp. Res. Part C Emerg. Technol. 19(4), 557–568 (2011)CrossRefGoogle Scholar
  18. 18.
    Rupp, A., Hinterwälder, G., Baldimtsi, F., Paar, C.: P4R: privacy-preserving pre-payments with refunds for transportation systems. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 205–212. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  19. 19.
    Sadeghi, A., Visconti, I., Wachsmann, C.: User privacy in transport systems based on RFID e-tickets. In: Proceedings of the 1st International Workshop on Privacy in Location-Based Applications, Malaga, Spain, 9 Oct 2008 (2008)Google Scholar
  20. 20.
    N. Semiconductors. Mifare standard 4kbyte card IC functional specification (2012)Google Scholar
  21. 21.
    The Smart Card Alliance. Hong Kong Octopus Card (2006). (January issue)Google Scholar
  22. 22.
    The Smart Card Alliance. Smart Card Talk Standards (2006). (January issue)Google Scholar
  23. 23.
    Verslype, K., De Decker, B., Naessens, V., Nigusse, G., Lapon, J., Verhaeghe, P.: A privacy-preserving ticketing system. In: Atluri, V. (ed.) DAS 2008. LNCS, vol. 5094, pp. 97–112. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  24. 24.
    Winters, N.: Personal privacy and popular ubiquitous technology. In: Proceedings of Ubiconf (2004)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2015

Authors and Affiliations

  • Milica Milutinovic
    • 1
  • Koen Decroix
    • 2
  • Vincent Naessens
    • 2
  • Bart De Decker
    • 1
  1. 1.Department of Computer Science, iMinds/DistriNetKU LeuvenLeuvenBelgium
  2. 2.TC Ghent, Department of Computer Science, MSec, iMinds/DistriNetKU LeuvenGhentBelgium

Personalised recommendations