Privacy for Public Transportation

  • Thomas S. Heydt-Benjamin
  • Hee-Jin Chae
  • Benessa Defend
  • Kevin Fu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4258)


We propose an application of recent advances in e-cash, anonymous credentials, and proxy re-encryption to the problem of privacy in public transit systems with electronic ticketing. We discuss some of the interesting features of transit ticketing as a problem domain, and provide an architecture sufficient for the needs of a typical metropolitan transit system. Our system maintains the security required by the transit authority and the user while significantly increasing passenger privacy. Our hybrid approach to ticketing allows use of passive RFID transponders as well as higher powered computing devices such as smartphones or PDAs. We demonstrate security and privacy features offered by our hybrid system that are unavailable in a homogeneous passive transponder architecture, and which are advantageous for users of passive as well as active devices.


Credit Card Smart Card Transit System Cloning Detection High Power Computing Device 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Juels, A., Molnar, D., Wagner, D.: Security and Privacy Issues in E-passports. In: Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm, Athens, Greece, IEEE, Los Alamitos (2005)Google Scholar
  2. 2.
    Molnar, D., Wagner, D.: Privacy and Security in Library RFID: Issues, Practices, and Architectures. In: Pfitzmann, B., Liu, P. (eds.) Conference on Computer and Communications Security – ACM CCS, Washington DC, USA, pp. 210–219. ACM Press, New York (2004)Google Scholar
  3. 3.
    Avoine, G., Oechslin, P.: RFID Traceability: A Multilayer Problem. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 125–140. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Dimitriou, T.: A Lightweight RFID Protocol to Protect Against Traceability and Cloning Attacks. In: Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm, Athens, Greece, IEEE, Los Alamitos (2005)Google Scholar
  5. 5.
    Sarma, S., Weis, S., Engels, D.: Radio-Frequency Identification: Security Risks and Challenges. Cryptobytes, RSA Laboratories 6, 2–9 (2003)Google Scholar
  6. 6.
    Vajda, I., Buttyán, L.: Lightweight Authentication Protocols for Low-Cost RFID Tags. In: Second Workshop on Security in Ubiquitous Computing – Ubicomp 2003, Seattle, WA, USA (2003)Google Scholar
  7. 7.
    Handschuh, H., Paillier, P.: Smart Card Crypto-Coprocessors for Public Key Cryptography. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820, pp. 386–394. Springer, Heidelberg (2000)Google Scholar
  8. 8.
    Trichina, E., Bucci, M., Seta, D.D., Luzzi, R.: Supplemental Cryptographic Hardware for Smart Cards. IEEE Micro 21, 26–35 (2001)CrossRefGoogle Scholar
  9. 9.
    Mohammed, E., Emarah, A., El-Shennawy, K.: Elliptic Curve Cryptosystems on Smart Cards. In: SEC 2002: Proceedings of the IFIP TC11 17th International Conference on Information Security, Deventer, The Netherlands, pp. 311–322. Kluwer, B.V, Dordrecht (2002)Google Scholar
  10. 10.
    Poupard, G., Stern, J.: On the Fly Signatures Based on Factoring. In: CCS 1999: Proceedings of the 6th ACM conference on Computer and communications security, pp. 37–45. ACM Press, New York (1999)CrossRefGoogle Scholar
  11. 11.
    Juels, A.: Minimalist Cryptography for Low-Cost RFID Tags. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 149–164. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Camenisch, J., Lysyanskaya, A.: An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: EUROCRYPT, Innsbruck(Typrol), Austria, IACR (2001)Google Scholar
  13. 13.
    Camenisch, J., Lysyanskaya, A.: Signature Schemes and Anonymous Credentials from Bilinear Maps. In: CRYPTO, Santa Barbara, CA, USA (2004)Google Scholar
  14. 14.
    Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact E-Cash. In: EUROCRYPT, Aarhus, Denmark, IACR, pp. 302–321 (2005)Google Scholar
  15. 15.
    Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS) (2005)Google Scholar
  16. 16.
    Ateniese, G., Hohenberger, S.: Proxy Re-Signatures: New Definitions, Algorithms, and Applications. In: Proceedings of the 12th ACM conference on Computer and communications security (CCS 2005), Alexandria, VA, USA, pp. 310–319. ACM Press, New York (2005)CrossRefGoogle Scholar
  17. 17.
    Federal Transit Administration: Federal Transit Administration National Transit Database. WWW (2006),
  18. 18.
    The Smart Card Alliance: Hong Kong Octopus Card. WWW (2006),
  19. 19.
    Winters, N.: Personal Privacy and Popular Ubiquitous Technology. In: Ubiconf, London, United Kingdom (2004)Google Scholar
  20. 20.
    Roschke, G.: Notes from an Information Law Student. In: WWW (2006) (Last viewed February 24, 2006),
  21. 21.
    Maxey, C., Benjamin, P.: Seamless Fare Collection: Using Smart Cards for Multiple-Mode Transit Trips. In: WWW (2006),
  22. 22.
    Bono, S., Green, M., Stubblefield, A., Juels, A., Rubin, A., Szydlo, M.: Security Analysis of a Cryptographically-Enabled RFID Device. In: USENIX Security Symposium, Baltimore, Maryland, USA, USENIX, pp. 1–16 (2005)Google Scholar
  23. 23.
    The Smart Card Alliance: Smart Card Talk Standards. The Smart Card Alliance Newsletter (2006) January issueGoogle Scholar
  24. 24.
    Washington Metropolitan Area Transit Authority: WMATA Privacy Policy Proposal. WWW (2006),
  25. 25.
    Washington Metropolitan Area Transit Authority: WMATA Privacy Policy. WWW (2006),
  26. 26.
    San Francisco Bay Area Rapid Transit District: Bay Area Rapid Transit (BART) Fiscal Year 2004 Annual Report. WWW (2006)Google Scholar
  27. 27.
    Chaum, D.: Security without Identification: Transaction Systems to Make Big Brother Obsolete. CACM 28 (1985)Google Scholar
  28. 28.
    Guerineau, P.: Active RFID Technology Applied to Security Improvement and Statistical Control in Public Transit. In: Automatic Fare Collection. New Horizons in Public Transport with Smart Cards, Brussels, Belgium, International Union of Public Transport (2002)Google Scholar
  29. 29.
    Juels, A., Syverson, P., Bailey, D.: High-Power Proxies for Enhancing RFID Privacy and Utility. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  30. 30.
    McDaniel, T.L., Haendler, F.: Advanced RF Cards for Fare Collection. In: Commercial Applications and Dual-Use Technology Conference Proceedings, National Telesystems Conference, pp. 31–35 (1993)Google Scholar
  31. 31.
    Ateniese, G., Camenisch, J., de Medeiros, B.: Untraceable RFID Tags via Insubvertible Encryption. In: Conference on Computer and Communications Security – CCS 2005, Alexandria, Virginia, USA, ACM Press, New York (2005)Google Scholar
  32. 32.
    Kang, J., Nyang, D.: RFID Authentication Protocol with Strong Resistance Against Traceability and Denial of Service Attacks. In: Molva, R., Tsudik, G., Westhoff, D. (eds.) ESAS 2005. LNCS, vol. 3813, pp. 164–175. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  33. 33.
    Ranasinghe, D., Engels, D., Cole, P.: Low-Cost RFID Systems: Confronting Security and Privacy. In: Auto-ID Labs Research Workshop, Zurich, Switzerland (2004)Google Scholar
  34. 34.
    Juels, A., Rivest, R., Szydlo, M.: The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy. In: Atluri, V. (ed.) 8th ACM Conference on Compuer and Communications Security, pp. 103–111 (2003)Google Scholar
  35. 35.
    Attoh-Okine, N., Shen, L.: Security Issues of Emerging Smart Cards Fare Collection Application in Mass Transit. In: Vehicle Navigation and Information Systems Conference, pp. 523–526 (1995)Google Scholar
  36. 36.
    Sim, L., Seow, E., Prakasam, S.: Implementing an Enhanced Integrated Fare System for Singapore. Public Transport International 53, 34–37 (2004)Google Scholar
  37. 37.
    Neve, M., Peeters, E., Samyde, D., Quisquater, J.J.: Memories: A Survey of Their Secure Uses in Smart Cards. In: IEEE Security in Storage Workshop, pp. 62–72 (2003)Google Scholar
  38. 38.
    Anderson, R., Kuhn, M.: Tamper Resistance - A Cautionary Note. In: The Second USENIX Workshop on Electronic Commerce Proceedings, pp. 1–11 (1996)Google Scholar
  39. 39.
    Damgård, I., Dupont, K., Pedersen, M.Ø.: Unclonable Group Identification. Cryptology ePrint Archive, Report 2005/170 (2005),
  40. 40.
    Burgess, J., Gallagher, B., Jensen, D., Levine, B.: Maxprop: Routing for vehicle-based disruption-tolerant networks. In: Proc. IEEE INFOCOM (2006)Google Scholar
  41. 41.
    Zhao, W., Ammar, M., Zegura, E.: A Message Ferrying Approach for Data Delivery in Sparse Mobile Ad Hoc Networks. In: MobiHoc 2004: Proceedings of the 5th ACM international symposium on Mobile ad hoc networking and computing, pp. 187–198. ACM Press, New York (2004)CrossRefGoogle Scholar
  42. 42.
    Zhao, W., Ammar, M.H.: Message Ferrying: Proactive Routing in Highly-Partitioned Wireless Ad Hoc Networks. In: FTDCS 2003: Proceedings of the The Ninth IEEE Workshop on Future Trends of Distributed Computing Systems (FTDCS 2003), p. 308. IEEE Computer Society, Washington (2003)CrossRefGoogle Scholar
  43. 43.
    Chaum, D., Fiat, A., Naor, M.: Untraceable Electronic Cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, New York (1990)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Thomas S. Heydt-Benjamin
    • 1
  • Hee-Jin Chae
    • 1
  • Benessa Defend
    • 1
  • Kevin Fu
    • 1
  1. 1.University of MassachusettsAmherstUSA

Personalised recommendations