Projects per year
Abstract
The term security ceremony describes a technical system extended with its human users. In this paper, we examine the inspection ceremony for the mobile transport ticket in Denmark. We find several security weaknesses that are ascribable to both human and computer components of the ceremony. The main vulnerabilities are due to the design choices of how the visual inspection ceremony is organised and the lack of information that is stored into the 2D barcode. These vulnerabilities allow a ticket holder to travel up to 8 zones with a 2-zone subscription and enable several people to travel with the same subscription. The attack is significant as it can be automated, and rather modest skills are necessary to break the inspection ceremony. We state four principles that aim at strengthening the security of inspection ceremonies and propose an alternative ceremony whose design is driven by the stated principles.
Original language | English |
---|---|
Title of host publication | 22nd Nordic Conference on Secure IT Systems (NordSec) |
Publisher | Springer |
Publication date | 2017 |
Pages | 159-174 |
ISBN (Electronic) | 978-3-319-70290-2 |
DOIs | |
Publication status | Published - 2017 |
Series | Lecture Notes in Computer Science |
---|---|
Volume | 10674 |
ISSN | 0302-9743 |
Keywords
- Security Ceremony
- Mobile Transport Ticket
- Inspection Ceremony
- Security Vulnerabilities
- 2D Barcode
Fingerprint
Dive into the research topics of 'Free Rides in Denmark: Lessons from Improperly Generated Mobile Transport Tickets'. Together they form a unique fingerprint.Prizes
-
Best NordSec 2017 Paper Award
Giustolisi, R. (Recipient), 2017
Prize: Prizes, scholarships, distinctions
Press/Media
-
ITU-forsker: Østdansk mobilpendlerkort-app kan forfalskes
21/11/2017
1 item of Media coverage
Press/Media: Press / Media
Projects
- 1 Finished
-
DemTech: Trustworthy Democratic Technology
Schürmann, C. (PI), Boulus-Rødje, N. (CoI), Gad, C. (CoI), Kiniry, J. R. (CoI), Markussen, R. (CoI), Gustafsson, D. (CoI), Wang, J. (CoI), Vadgaard, A. K. P. (CoI), Murawska, A. A. (CoI) & Bock, P. B. (CoI)
01/07/2011 → 31/01/2018
Project: Research