Home |
Search |
Today's Posts |
|
London Transport (uk.transport.london) Discussion of all forms of transport in London. |
|
LinkBack | Thread Tools | Display Modes |
#22
|
|||
|
|||
Security of Oyster Cards
On Tue, 18 Nov 2003 07:42:09 +0000, John Hadstate wrote:
(Matthew) wrote in message . com... I am interested in the mechanics of these cards, which are smart cards for use on London's transport system. One would hope given the reported £1billion+ that they are secure. Smartcards are amongst the most secure ways to store information and users of Oyster can be confident of the security of the data on their card. Says who? Of course, this was a quote from either the transport company, who spent a lot of money on this and is therefore convinced that it must be secure or from the manufacurer that certainly will not make much money by selling insecure products. Nevertheless, I think that the statement that smart cards are one of the most secure ways to store information is basically correct. Access to the information is only possible using secret keys specific to that card, known only to devices permitted to process the cards. These cards are very difficult to break into, making the cards very secure; in the unlikely event that a card has its key broken then the system - and all other cards - will remain secure. All of the above adds up to a classic case of "security by obscurity." It might, when they have let some incompetent persons design the system. On the other hand, virtually all companies are highly secretive about their security measures, but this does not necessarily imply that these measures are inadequate. This might mean that the inventors have already identified or suspect weaknesses in their system that they hope will remain undiscovered if no one is permitted to analyze their system too closely. Smartcard companies have employed some very competent people. For example, one of the main designers of the electronic smart card purse, that we use here, was Joan Daemen (also responsible for Rijndael). Smartcards are basically dedicated crypto engines, and you can use them to build very secure systems (and yes you can also use them to build insecure systems). Just like other forms of cryptography smartcards are generally the strongest part of the system, and most attackers will simply try to attack the other parts. greetings, Ernst Lippe |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Oyster Cards damaged by proximity door entry cards | London Transport | |||
Oyster and the b***y security question!! | London Transport | |||
New National Security Technology ignored that might have stopped the bombing | London Transport | |||
removing staff? What happens to security? | London Transport | |||
How do you enter your security answer on the Oyster Sales site? | London Transport |