Secure Recharge of Disposable RFID Tickets

  • Riccardo Focardi
  • Flaminia L. Luccio
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7140)


We study the Mifare Ultralight cards in detail, and we present a new secure method for the recharge of these RFID disposable tickets that also extends to the case of multiple resources on a single device. We specify a formal but yet realistic semantics of these cards, and we also define a simple imperative language suitable to program secure APIs. In fact, the language is provided with a type-system enforcing security properties on resources stored in the card.


Message Authentication Code Authorization Policy Page Index Single Ride Resource Counter 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Moscow metro: the worlds first major transport system to operate fully contactless with nxps mifare technology. press statement (2009),
  2. 2.
    Mifare ultralight contactless single-ticket IC, Product data sheet. Rev. 3.8 028638 (December 22 , 2010),
  3. 3.
    Bugliesi, M., Calzavara, S., Eigner, F., Maffei, M.: Resource-aware Authorization Policies for Statically Typed Cryptographic Protocols. In: Proc. of 24th IEEE Symposium on Computer Security Foundations (2011)Google Scholar
  4. 4.
    Centenaro, M., Focardi, R., Luccio, F., Steel, G.: Type-Based Analysis of PIN Processing APIs. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 53–68. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Gordon, A., Jeffrey, A.: A Type and Effect Analysisof Security Protocols. In: Cousot, P. (ed.) SAS 2001. LNCS, vol. 2126, p. 432. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Siekerman, P., van der Schee, M.: Security evaluation of the disposable ov-chipkaart v1.7. Research Project, University of Amsterdam (2007),
  7. 7.
    Steel, G.: Formal Analysis of PIN Block Attacks. Theoretical Computer Science 367(1-2), 257–270 (2006)MathSciNetzbMATHCrossRefGoogle Scholar
  8. 8.
    Tanenbaum, A.: Dutch public transit card broken (2008),
  9. 9.
    Verdult, R.: Proof of concept, cloning the ov-chip card, Technical report, Radboud University Nijmegen (2008),

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Riccardo Focardi
    • 1
  • Flaminia L. Luccio
    • 1
  1. 1.DAISUniversità Ca’ Foscari VeneziaItaly

Personalised recommendations