Free Rides in Denmark: Lessons from Improperly Generated Mobile Transport Tickets

Publikation: Konference artikel i Proceeding eller bog/rapport kapitelKonferencebidrag i proceedingsForskningpeer review

Abstract

The term security ceremony describes a technical system extended with its human users. In this paper, we examine the inspection ceremony for the mobile transport ticket in Denmark. We find several security weaknesses that are ascribable to both human and computer components of the ceremony. The main vulnerabilities are due to the design choices of how the visual inspection ceremony is organised and the lack of information that is stored into the 2D barcode. These vulnerabilities allow a ticket holder to travel up to 8 zones with a 2-zone subscription and enable several people to travel with the same subscription. The attack is significant as it can be automated, and rather modest skills are necessary to break the inspection ceremony. We state four principles that aim at strengthening the security of inspection ceremonies and propose an alternative ceremony whose design is driven by the stated principles.
OriginalsprogEngelsk
Titel22nd Nordic Conference on Secure IT Systems (NordSec)
ForlagSpringer
Publikationsdato2017
Sider159-174
ISBN (Elektronisk)978-3-319-70290-2
DOI
StatusUdgivet - 2017
NavnLecture Notes in Computer Science
Vol/bind10674
ISSN0302-9743

Fingeraftryk

Dyk ned i forskningsemnerne om 'Free Rides in Denmark: Lessons from Improperly Generated Mobile Transport Tickets'. Sammen danner de et unikt fingeraftryk.

Citationsformater