Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy for Public Transportation

Published byTracy Preston Modified over 5 years ago

Similar presentations

Presentation on theme: "Privacy for Public Transportation"— Presentation transcript:

1 Privacy for Public Transportation
Thomas S. Heydt-Benjamin with Hee-Jin Chae, Benessa Defend, Kevin Fu University of Massachusetts at Amherst Department of Computer Science

2 Who knows your travel information?

3 Who knows your travel information?
Transit Authority

4 Who knows your travel information?
Law Enforcement

5 Who knows your travel information?
That weird guy sitting across from you!?

6 What data are vulnerable?

7 What data are vulnerable?
Unique card ID (not shown) Current Balance Entrance and exit date and station Details of merchandise purchase Beginning Balance

8 Why protect travel data?
Sensative records are published in anonymized form Medical data for epidemiology and early detection of bioterrorism [Mandl 06] US law requires reporting of domestic abuse shelters [Sweeney 06]

9 Re-Identification

10 Exposure to data is a liability for the TA
Data gets stolen 40 million records exposed due to improper data retention at CardSystems Solutions according to NY Times. Privacy preserving transit ticketing: Protects transit passenger Protects transit authority

11 Models and assumptions
Who are our adversaries? What does privacy mean?

12 Adversaries TA (Transit Authority) Malicious third party: Mallory
Global active adversary with respect to privacy Malicious third party: Mallory Active man in the middle adversary Wants to steal Alice's ticket Wants to identify and track Alice The passenger: Alice Wants to steal service from TA

13 What is privacy? Some transactions will be identifying
passenger may provide credit card at purchase time Degree of privacy defined as: Degree of difficulty with which adversary can link identifying transactions with past and future transactions

14 Challenges

15 Challenge #1: Migration to RF technologies
RF: Different threat model With magstripe, personal data unencrypted

16 Challenge #2: Systems Constraints
Resource constraints Maintain compatibility with passive RFID transponders Communications: Support for offline operation

17 Challenge #3: State without privacy degradation
Transfer between transit system segments but: transfers imply some degree of linkability Variable rate fare structure Many transit systems charge based on distance travelled Information necessary for fare calculation implies limit to anonymity

18 Approaches

19 Some popular approaches
No secure channel Fails Challenge #1 (RF vulnerabilities) Per card symmetric key looked up by card id Fails Challenges #2 (offline) and #3 (privacy preservation) E (transaction) Sorry! I'm offline at the moment!

20 Approach to Challenge #1 (RF)
Secure channel Protect against eavesdropping adversary Verifiable authorisation of reader Protect against middleman attack Protect against third party adversarial readers Good key management properties Graceful revocation Offline private key

21 Re-Encryption Authorisation
Re-Cryptography E (nonce) E (nonce) Only works if reader has unexpired authorization key

22 Secure channel meets Challenge #1(RF)
??? E ($3000) nonce $3000

23 Meets constraints of legacy system (Challenge #2)
Ticket stores only a single key Ticket performs only a single asymmetric crypto operation confidence of reader authorisation and session key Limits scope of damage when reader compromised Revocation: no computation, communication, or storage Suitable for offline authorisation

24 Ticket Types Passive RFID transponder Active mobile device
Already has widespread deployment Has no user interface In order to communicate with user, must broadcast state! Active mobile device Has user interface Secure mobile devices for payment [Chaum 85] Active proxy for RFID privacy [Juels 05]

25 Ticket Types and State (Challenge #3)
We observe that active transponders can provide privacy enhancements for many passengers, not just their owners $3000 ??? $3000 $3000 $200 $1.50

26 Current Approach to State (Challenge #3)

27 Current Approach to State (Challenge #3)
TA Stores: Card #1234 = Alice Card #1234

28 Current Approach to State (Challenge #3)
TA Stores: Alice entered at 17:30 Grand Central

29 This state is linkable to identity! Fails Challenge #3
TA Stores: Alice exited at 17:50 Hospital Station TA Computes: Trip fare = $3.50

30 This state is linkable to identity! Fails Challenge #3
TA Computes: Card #1234 (Alice) exited system 30 minutes ago Card #1234 (Alice) exited from adjacent station Therefore Transfer is valid

31 Our Approach to state is privacy preserving
Parameterized single-show anonymous credential Proof of parameter validity in zero knowledge without revealing exact values For example: proof of non-expiry without revealing exit time Who are you? From subway, Unexpired

32 Summary of our approach

33 Future Work Cloning detection for online anonymous credentials systems exists [Damgård 05] Similar systems needed for offline environment Indistinguishability of active transponder and commercial passive transponder must be studied in greater depth Our preliminary measurements show our active transponder design to be indistinguishable.

34 Conclusions Existing systems offer insufficient protection both for passengers and for transit authorities Preservation of passenger privacy is possible without relinquishing features needed by TA Fraud Protection Transfers Variable rate fare structure

Download ppt "Privacy for Public Transportation"

Similar presentations

Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI 2010. All rights reserved.

Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.
CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE. CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE 2 Digital Watermarking Alliance Charter The Digital Watermarking.

CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE. CONFIDENTIAL DIGITAL WATERMARKING ALLIANCE 2 Digital Watermarking Alliance Charter The Digital Watermarking.
1 fairCASH: Concepts and Framework Yen Choon Ching Institute of Computer Science, University of Kiel, Germany Ver 3.1 15 Sept 2008.

1 fairCASH: Concepts and Framework Yen Choon Ching Institute of Computer Science, University of Kiel, Germany Ver Sept 2008.
Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.

Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.
VIS-À-VIS CRYPTOGRAPHY : PRIVATE AND TRUSTWORTHY IN-PERSON CERTIFICATIONS IAN MIERS*, MATTHEW GREEN* CHRISTOPH U. LEHMANN †, AVIEL D. RUBIN* *Johns Hopkins.

VIS-À-VIS CRYPTOGRAPHY : PRIVATE AND TRUSTWORTHY IN-PERSON CERTIFICATIONS IAN MIERS*, MATTHEW GREEN* CHRISTOPH U. LEHMANN †, AVIEL D. RUBIN* *Johns Hopkins.
Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.

Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.

#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
 A device that has the ability to read or identify a product or an object  Mainly tracks and identifies objects  Used for security and identification,

 A device that has the ability to read or identify a product or an object  Mainly tracks and identifies objects  Used for security and identification,
The Study of Security and Privacy in Mobile Applications Name: Liang Wei

The Study of Security and Privacy in Mobile Applications Name: Liang Wei
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.

Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.

Similar presentations

Ads by Google