Security Analysis of an RFID-based Fare Collection System
MetadataVis full innførsel
Radio frequency identification (RFID) systems aim to identify tags to readers in an open environment where neither visual nor physical contact is needed for communication. Because of their low production costs and small size, RFID tags are expected to replace traditional identification methods such as barcodes. Currently, RFID tags are deployed, for instance, in passports, in access control cards, in fare collection systems for public transportation, and in groceries.The widespread propagation of this identification technology has side effects that could lead to new security and privacy threats in its applications. In this thesis we conduct a security analysis of the RFID system used for fare collection in the public transport network in Luxembourg. The analysis exhibits common vulnerabilities and shows how they can be addressed. We also implement an extensible framework for the development of tools to automatize the analysis of similar systems.