"Matthew" wrote in message
om...
I am interested in the mechanics of these cards, which are smart cards
for use on London's transport system. One would hope given the
reported £1billion+ that they are secure.

This is funny: "Because the Oyster card is contactless, customers only need
to touch the cardreaders with their Oyster cards as they pass through ticket
gates at London Underground or National Rail stations or board a bus. "

If they are contactless, then whey do the customers need touch the
cardreaders?

Here's a bit of info on the cards themselves:
http://rapidttp.com/transponder/presre13.html

I have one similar (dumb card) produced by honeywell for my work badge. It
simply contains an eprom with an embedded code, which is activiated when
swiped near a transponder containing an EM field. The transponder reads the
code, sends the information to a computer which then decided whether or not
to unlock the door. (Oddly enough I have no physical access to the
mainframe. Probably a good idea.)

I read recently that Phillips - who makes the Oyster card - is going to roll
these out in a massive scale in China for transportation purposes.

K (Smile, you're happy now.)

On Tue, 18 Nov 2003 18:50:53 +0000, Paul Corfield wrote:

On 18 Nov 2003 03:47:35 -0800, (Matthew) wrote:

I am interested in the mechanics of these cards, which are smart cards
for use on London's transport system. One would hope given the
reported £1billion+ that they are secure.
[snip]
I don't know if the mechanics system of this are documented anywhere,
or have been analyzed by anyone independent, but I am wondering about
the cryptographic approach used for this system.
[snip]

I can see potentially two (or three) ways of doing this system:
[snip]
Any insights better than mine into how the system works, and where
vulnerabilites lie would be welcomed.

...and more importantly, what strategies have been built into the system to cope when (not if) they
are hacked. Anyone deigning a system on the assumption that it is totally secure is a fool, although
can we expect any better from the morons who run most things in the UK ?

Kai wrote:

"Matthew" wrote in message
om...
I am interested in the mechanics of these cards, which are smart cards
for use on London's transport system. One would hope given the
reported £1billion+ that they are secure.

This is funny: "Because the Oyster card is contactless, customers only need
to touch the cardreaders with their Oyster cards as they pass through ticket
gates at London Underground or National Rail stations or board a bus. "

If they are contactless, then whey do the customers need touch the
cardreaders?

They originally said you could keep it in your pocket and sail through
the gates, but you can't! So they then changed it to the above wording.

However, you can leave it in your bag and wave your bag over the reader
(I have done it).

I think they are just overstating the case so that people don't hold it
six inches above the reader and then complain that it doesn't work.

In message , Dave Newt
writes


Kai wrote:

"Matthew" wrote in message
om...
I am interested in the mechanics of these cards, which are smart cards
for use on London's transport system. One would hope given the
reported £1billion+ that they are secure.

This is funny: "Because the Oyster card is contactless, customers only need
to touch the cardreaders with their Oyster cards as they pass through ticket
gates at London Underground or National Rail stations or board a bus. "

If they are contactless, then whey do the customers need touch the
cardreaders?

They originally said you could keep it in your pocket and sail through
the gates, but you can't! So they then changed it to the above wording.

However, you can leave it in your bag and wave your bag over the reader
(I have done it).

I think they are just overstating the case so that people don't hold it
six inches above the reader and then complain that it doesn't work.

Sometimes just waving it over the reader doesn't work; you may have been
lucky. From my observation and experience, some readers are more
sensitive than others.
--
Kat Women and cats will do as they please, and men and dogs should relax
and get used to the idea - Robert A. Heinlein

Mok-Kong Shen wrote in message ...
John Hadstate wrote:

(Matthew) wrote in message
Access to the information is only possible using secret keys
specific to that card, known only to devices permitted to process the
cards. These cards are very difficult to break into, making the cards
very secure; in the unlikely event that a card has its key broken
then the system - and all other cards - will remain secure.


If memory serves the system is based on the Philips MiFare system
which you can read all about (including the 3 pass authentication
procedure) at:
http://www.semiconductors.philips.co...sheets/#mifare

The key length in use is 48 bits per sector of the card, given the
fastest that the select and authentication phase can be completed in
is 5ms then it would take over 44.5 thousand years to try all the
combinations. And this would only grant you access to a single part of
the card. I would expect several sectors to be used in practise,
perhaps split up between ticket types and stored payment uses.

Direct attack on the cards is clearly out of the question, since all
the cards should (I say should, given the vulnerability that used to
be present in the old magnetic ticketing system I would not put it
past Cubic to screw it up again) have different keys programmed onto
them, then attacking multiple cards at the same time is a pointless
exercise - unless you were lucky to get a card with a key near the
beginning of your test range.

We already know that the system 'trusts' the content of the card and
there is no live database link available to all of the readers,
otherwise we would not have to 'collect' tickets purchased online from
a designated gateline. Giving everything a live link would be
prohibitively expensive (mobile and handheld units are in use on
moving vehicles that may be underground) and would only ever be
required if the keys were broken. However if the keys are broken and
cards rewritten then I do not see how the system can detect it. Other
then perhaps some kind of off line database crawling process looking
for anomalies.


All of the above adds up to a classic case of "security by obscurity."
This might mean that the inventors have already identified or suspect
weaknesses in their system that they hope will remain undiscovered if
no one is permitted to analyze their system too closely.

I believe the card interface system is fairly secure on paper, the
question is how secure is the rest of the infrastructure around it? I
would expect the keys to leak out of the staff that designed the
system before they are cracked, or the website backend to be hacked to
start issuing recharge requests without payment. Even if the keys were
broken they can be rewritten on the cards making the whole system
secure again, although the amount of time it would take to rewrite all
the cards may be vast, certainly not an overnight fix - but could be
done quietly without anyone having to own up to the problem. Also once
a suspect card gets a cancel request raised it then I would expect all
mobile terminals to know about it within hours (as soon as they are
docked next). Overall I believe the system does have good potential to
recover from a compromise BUT it has to be noticed first.


On the other hand, if the cost/risk of analysis is
sufficiently high, there would be 'practical' security,
I suppose. (Actually, banknotes are similar in this
respect, I believe. There are saying, though, that
the techniques/knowhow of the fraudsters are now quite
comparable to those of the governments in making
banknotes.)

M. K. Shen

The rewards in cracking this system are also very high though, given
the retail cost of travel passes. I personally spend about 800UKP on
travel in London each year, and I live and work about 4 miles from the
centre. People made money selling tickets that exploited a problem in
the magnetic ticketing system because of this cost but these tickets
were obviously not valid for travel to the naked eye.

However the real fraud with the smart cards is already happening and
is far less technical. Most of the railway companies operating out of
London have not equipped their ticket barriers to accept the
smartcards or issued their staff with scanners (or maybe they just
can't be bothered to carry them). The result is the staff have to
assume you have a valid ticket loaded onto your smart card if you are
carrying one because they have no way of checking otherwise. For those
of you who have never seen one, they all look identical and you
usually do not get a printed paper receipt to go with it if you book
online.

Pretending you have a valid pass on a line where you know it will not
get scanned is the real weakness at the moment, and it is this that
makes the whole system a bit of a joke.

I'm sure the tens of millions could have been better spent elsewhere
on the network with a much larger benefit for the passengers.

--
Gareth Davis

On 18 Nov 2003 13:40:14 -0800, (Gareth
Davis) wrote:

Pretending you have a valid pass on a line where you know it will not
get scanned is the real weakness at the moment, and it is this that
makes the whole system a bit of a joke.

The solution to this, for the short term, is to issue a paper ticket
with the electronic one. For online transactions, this could be sent
through the post or maybe even collected from a ticket machine?

MK Metro issue a "validation receipt" from the bus ticket machine when
a pass is loaded onto one of their contact-type smartcards. This is
required when using one of the many Council-subsidised services not
operated by MK Metro on which the tickets are valid. (I do wonder,
out of interest, if MK Metro was involved in any research prior to
implementation - are there any other bus operators in the country
using a similar system, I wonder?)

Of course, this won't work for pay-as-you go - but before that can be
implemented for National Rail, there'll need to be as good as 100%
reader coverage anyway.

Neil

--
Neil Williams
is a valid email address, but is sent to /dev/null.
Try my first name at the above domain instead if you want to e-mail me.

This thread is filling me with dread,Judge.
Over here in Ireland we have recently had a gent called Mr Churcher writing
to the papers about his involvement in a "New Integrated Ticketing" system
for Dublin`s public transport providers.
Mr Churcher avers to his involvement with other systems such as Octopus in
Hong Kong and speaks of adapting this technology to suit our particular
operating conditions.
The projected cost for the design and introduction of this Irish Octopus is
27 Million Euro.
However given Mr Carmodys post re Helsinki`s adaptation I am now somewhat
a-tremble at what lies ahead......

Volker Hetzer wrote:


Actually, today banknotes aren't naively stuffed fithe anti-forgery-features
but the idea is to make it unprofitable to fake a banknote in a small-scale
production. So, a forger is forced to go large-scale which in turn is easily
detectable (duplicate serial numbers or unexplainable inflation for instance)
and which also justifies a large-scale counteraction to find and disable him.

I am not sure duplicated serial numbers or unexplainable
inflation, especially the latter, are practical
characteristics that are 'effectively' checkable.
(Define 'unexplainable inflation'!) It's 'olds' now that
e.g. 50 Euro banknotes had been forged quite well. They
were presumably produced in regions not within EU
influences. Someone told me that certain sophisticated
techniques previously employed in DM are not used in Euro
because Euro is made by diverse member countries and not
all of them had such techniques at their disposal and so
they agreed on sort of a gcd.

M. K. Shen

Paul Corfield wrote in message . ..
On 18 Nov 2003 03:47:35 -0800, (Matthew) wrote:

I am interested in the mechanics of these cards, which are smart cards
for use on London's transport system. One would hope given the
reported £1billion+ that they are secure.
[snip]
I don't know if the mechanics system of this are documented anywhere,
or have been analyzed by anyone independent, but I am wondering about
the cryptographic approach used for this system.
[snip]

I can see potentially two (or three) ways of doing this system:
[snip]
Any insights better than mine into how the system works, and where
vulnerabilites lie would be welcomed.

Out of curiosity why do you wish to know?


So why don't you simply attempt to board a bus in a zone outside the
validity of your card and see what happens? This is far easier than
divulging the coding and interrogation details of a secure system in a
public forum.

Apparently one of the sub threads got itself crossposted to
alt.2600 :-O. Since when have hackers not divulged the details
of secure systems in public forums?

But just to put your mind at rest I'll include a special sig line
that should attact some attention.

---

' The decline of the nuclear family and the fission of traditonal
communities, has lead to an inertia in the pouplation time-bomb, sex
can now also be used
as a 'weapon of mass destruction' against those that that are seen as
undesirable. All it takes is the suppourt of an extremist faction to
ensure
that a 'massacre'or atorcity of the rights of otherwise inocent lives
is fufilled.

"Ernst Lippe" wrote in message ...
On Tue, 18 Nov 2003 03:47:35 +0000, Matthew wrote:

I am interested in the mechanics of these cards, which are smart cards
for use on London's transport system. One would hope given the
reported £1billion+ that they are secure.

Apparently they work using a form of RFID
very large snip

Given the fact that these cards are smart cards, I believe
that your speculations are wrong. I could not find any
technical information about the card, but I have some
experience with smart cards, so here are my speculations.

The cards are manufactured by Philips, and are described here
http://www.semiconductors.philips.co...nders/ebg0038/

Here is some interesting information regarding what is and isn't on
the card (all the information is stored on the chip) from
http://www.computerweekly.com/Article123251.htm

Monk added that memory capacity is a key benefit of the Oyster card.

"For example, the technology could offer discounts right across the
different modes of transport in London," he said. "Current magnetic
cards cannot provide the level of stored data that smartcards can."

He also expects to see a decline in the amount of travelcard-related
fraud and theft. "If someone steals an Oyster card we can deactivate
it immediately and they are left holding nothing more than a piece of
plastic."

Apparently the promised ability to recharge the card by telephone and
internet will operate in a rather inconvenient way (you will have to
make your way to specific stations, even if your card happens to be a
bus pass)

'Travellers can renew Travelcards on their Oyster card over the
telephone or using the internet. The ticket is automatically loaded
when the smartcard is touched on a dedicated card terminal at a Tube
station gate at a nominated station.'

It's difficult to see how something that operates in this way can hope
to replace cash fares, as it is more difficult to charge the card than
to even buy one of the current generation of magnetic cards (bus
passes and travel cards), which are currently available from
newsagents and other retailers, providing a convient service, as well
as revenue source for the retailers.