Thread: Security of Oyster Cards
View Single Post
  #1   Report Post  
Old November 18th 03, 10:47 AM posted to uk.transport.london,alt.2600,sci.crypt
Matthew Matthew is offline
external usenet poster
  
First recorded activity at LondonBanter: Nov 2003
Posts: 6
Default Security of Oyster Cards
I am interested in the mechanics of these cards, which are smart cards
for use on London's transport system. One would hope given the
reported £1billion+ that they are secure.

Apparently they work using a form of RFID

According to http://www.google.co.uk/search?q=cac...hl=en&ie=UTF-8

Embedded in the smartcard is a small microchip, which can handle and
store information, and an ariel. When the card is touched to the
cardreader, power flows through the aerial and information moves from
the card to the reader and back again. Communication between the card
and reader is by radio signals and takes less than a fifth of a
second.

Once issued, Oyster cards can be topped up to meet the travel needs of
each customer. This can be done at the upgraded ticket machines in
stations, at any of the local ticket outlets or at a station ticket
office. The ability for customers to purchase and top up smartcards
away from the station i.e. internet and telesales are being developed
for introduction next year.

Individual members of the TranSys consortium have successfully
installed, operated or are developing similar systems around the
world, including in San Francisco, Los Angeles and Hong Kong and
therefore can use their experience to build and maintain a world class
system for London.

Smartcards are amongst the most secure ways to store information and
users of Oyster can be confident of the security of the data on their
card. Access to the information is only possible using secret keys
specific to that card, known only to devices permitted to process the
cards. These cards are very difficult to break into, making the cards
very secure; in the unlikely event that a card has its key broken
then the system - and all other cards - will remain secure.

----

I don't know if the mechanics system of this are documented anywhere,
or have been analyzed by anyone independent, but I am wondering about
the cryptographic approach used for this system.

I can see potentially two (or three) ways of doing this system:

using a globally unique identifier - a unique ID on the card. All
information is stored on London Transport's servers. When a card is
used, radio contact is made to the central server to find what value
is remaining on the card.

I don't believe that this is the case. Considering the large number of
readers (handheld, fitted to buses and underground gates), and the
speed of operation, this doesn't seem feasible. The only security
problem I can see with this method, assuming it is in use, is cloning:
e.g., cloning an annual travel card (value up to £2500). This could be
detected fairly easily, in that I assume that the train readers store
information, which is regularly analyzed to detect fraudulent
acitivity.

secondly: using encrypted information stored on the card as to what
the card's capabilities (e.g., 1 month bus pass, expiring 20th
November, valid zones 1-4). Some kind of public/private key would work
well here, in that the public key would not be keept secure.

The problem with this is that the cards are reusable, and have some
kind of recharge functionality. This means that a potentially large
number of devices would have to have the ability to modify the
information. It also doesn't really handle the question of how the
promised ability to renew online will be functionality.

This appears to be implied from the fact that the blurb states that
there is a private key technology work 'known only to the device
readers'. Given that there are thousands of these readers fitted to
every bus, train station, and possibly some other forms of transport
as well, how secure can something equipped to thousands of devices be;
if the system can be cracked, you can be sure that it will be worth
someone's while to do so.

thirdly: a combination of the two: the cards do appear to have some
kind of unique identifier, as it is possible to enter your id number
into their website, which is linked to your details. This does not
preclude them from storing validity information as well, for the
benefit of devices that are not connected up to the central database.


Any insights better than mine into how the system works, and where
vulnerabilites lie would be welcomed.

Thanks

PS. Does anyone know whether the bus passes actually store zone
information, and whether this is checked by the buses? I have a
single-zone pass and I'm curious to know whether it would work in
other zones.
Reply With QuoteReply With Quote