On the security of digital tachographs

  • Ross Anderson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1485)


Tachographs are used in most heavy vehicles in Europe to control drivers’ hours, and for secondary purposes ranging from accident investigation and environmental enforcement to the prevention of fraud. Their effectiveness is under threat from increasing levels of sophisticated fraud and manipulation. We examine this in the context of recent EU proposals to move to smartcard-based tachograph systems, which are aimed at cutting fraud and improving the level of enforcement generally. We conclude that the proposed new regime will be extremely vulnerable to the wholesale forgery of smartcards and to system-level manipulation, which in turn could lead to a large-scale breakdown in control. We present this as an interesting and important problem to the security community.


smartcard tampering fraud tachographs 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    RJ Anderson, “Why Cryptosystems Fail”, in Proceedings of the 1st ACM Conference on Computer and Communications Security (November 1993) pp 215–227Google Scholar
  2. 2.
    RJ Anderson, MG Kuhn, “Tamper Resistance — a Cautionary Note”, in The Second USENIX Workshop on Electronic Commerce Proceedings (Nov 1996) pp 1–11Google Scholar
  3. 3.
    E Bovenlander, invited talk on smartcard security, Eurocrypt 97Google Scholar
  4. 4.
    Licensing of Trusted Third Parties for the Provision of Encryption Services’, Department of Trade and Industry, March 1997Google Scholar
  5. 5.
    EU Regulation 3820/85 (drivers’ rules)Google Scholar
  6. 6.
    Council Regulation (EEC) no 3821/85 of 20 December 1985 on recording equipment in road transport’ No L 370/8, 31/12/85Google Scholar
  7. 7.
    Draft Council Regulation Amending Council Regulation (EEC) no 3821/85 and Council Directive 88/599/EEC on Recording Equipment in Road Transport’, EU, The Council, Interinstitutional file no 94/0187 (SYN), 2 July 1997Google Scholar
  8. 8.
    Euraxiat — Security Analysis, March 1997Google Scholar
  9. 9.
    “False Records: Analogue Tachographs”, G Geldart, Vehicle Inspectorate, 22nd January 1998Google Scholar
  10. 10.
    Hampshire police training videoGoogle Scholar
  11. 11.
    “Sleep related vehicle accidents”, JA Horne, LA Reyner, in British Medical Journal v 310 (4/3/95) pp 565–567Google Scholar
  12. 12.
    “Falling Asleep at the Wheel”, J Horne, L Reyner, preprint, 29/2/96; distributed at Falling Asleep at the Wheel, Loughborough University 18-19/11/96Google Scholar
  13. 13.
    “Ex-radio chief ‘masterminded’ TV cards scam’ Irish Independent 17/2/98 Google Scholar
  14. 14.
    “Vulnerability Assessment of Security Seals”, RG Johnson, ARE Garcia, in Journal of Security Administration v 20 no 1 (June 97) pp 15–27Google Scholar
  15. 15.
    Driver Card 16kByte version 00.01.01’, 24/11/97Google Scholar
  16. 16.
    Workshop, Control and Company Card version 00.01.01’, 24/11/97Google Scholar
  17. 17.
    External Interface version 00.01.01’, 25/11/97Google Scholar
  18. 18.
    Card Issuing version 00.02.00’, 25/11/97Google Scholar
  19. 19.
    O Kocar, “Hardwaresicherheit von Mikrochips in Chipkarten”, in Datenschutz und Datensicherheit v 20 no 7 (July 96) pp 421–424Google Scholar
  20. 20.
    “Falling Asleep at the Wheel”, JS Martin, report on conference of the same name, Loughborough University 18–19/11/96Google Scholar
  21. 21.
    “Principal frauds used on the current tachographs”, J Martin, UK response to ERTICO consultation document on tachograph falsificationGoogle Scholar
  22. 22.
    Principales fraudes partant atteinte à l’intégrité du chronotachygraphe’, Ministère de l’équipement, des Transports et du Tourisme, Direction des Transports Terrestres, Sous-direction des transports routiers, bureau R3 (France)Google Scholar
  23. 23.
    “Denial of Service: An Example”, RM Needham, in Communications of the ACM v 37 no 11 (Nov 94) pp 42–46Google Scholar
  24. 24.
    “Spying tags could stop fuel fraud”, N Nuttall, in The Times (Interface Section) 28/1/98 p 7Google Scholar
  25. 25.
    Common Criteria for IT Security Evaluation — Smartcard Integrated Circuit Protection Profile’, registered at the French Certification Body under the number PP/9704; Motorola, Philips, Siemens, SGS-Thomson, Texas Instruments, October 1997.Google Scholar
  26. 26.
    “Driver sleepiness as a causal factor in accidents on the M180/A180 in South Humberside: A Preliminary Analysis”, L Reyner, at Falling Asleep at the Wheel, Loughborough University 18–19/11/96Google Scholar
  27. 27.
    Tachosmart 3 Digital Tachograph — Final report’, Thomson CSF, 1996Google Scholar
  28. 28.
    “Ministers unveil plans to toughen drink-drive laws”, in The Times 2/2/98 p 2Google Scholar
  29. 29.
    “Commission wants black box, smart cards to enforce road safety”, A Torres, Reuters news item 0804 (2/9/94)Google Scholar
  30. 30.
    A Report on the Fitment of Tachograph Interruptors’, 10/8/95, Vehicle Inspectorate, Wighill Lane, Walton, Wetherby, West YorkshireGoogle Scholar
  31. 31.
    Integrated Circuit Chip Card — Security Guidelines Summary for IC Chip Design, Operating System and Application Design, Implementation Verification’ v 2.1, 4/11/97Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Ross Anderson
    • 1
  1. 1.Computer LaboratoryCambridge UniversityCambridge

Personalised recommendations