Thread: Security of Oyster Cards
View Single Post
  #8   Report Post  
Old November 18th 03, 05:50 PM posted to uk.transport.london
Paul Corfield Paul Corfield is offline
external usenet poster
  
First recorded activity at LondonBanter: Jul 2003
Posts: 3,995
Default Security of Oyster Cards
On 18 Nov 2003 03:47:35 -0800, (Matthew) wrote:

I am interested in the mechanics of these cards, which are smart cards
for use on London's transport system. One would hope given the
reported £1billion+ that they are secure.
[snip]
I don't know if the mechanics system of this are documented anywhere,
or have been analyzed by anyone independent, but I am wondering about
the cryptographic approach used for this system.
[snip]

I can see potentially two (or three) ways of doing this system:
[snip]
Any insights better than mine into how the system works, and where
vulnerabilites lie would be welcomed.

Out of curiosity why do you wish to know?

As one of the people who wrote the spec for Prestige (but not to the
technical level of detail you are enquiring about) I am somewhat
concerned. Perhaps you can enlighten me as to your motives?

PS. Does anyone know whether the bus passes actually store zone
information, and whether this is checked by the buses? I have a
single-zone pass and I'm curious to know whether it would work in
other zones.

So why don't you simply attempt to board a bus in a zone outside the
validity of your card and see what happens? This is far easier than
divulging the coding and interrogation details of a secure system in a
public forum.
--
Paul C
Admits to Working for London Underground!

Reply With QuoteReply With Quote