Abstract
There have been significant developments in the field of transport ticketing. Major transport operators are transitioning from closed-loop, proprietary systems to open systems that utilise the global payment infrastructure for ticketing via smart cards and, increasingly, smartphones.
Modern smartphones support Near Field Communication (NFC) which can be used to emulate contactless smart card tickets. NFC transactions are quick, making them a viable technology for use in transport ticketing where speed is very critical. NFC transactions initially required a Secure Element (SE) for security reasons. However, commercial constraints and restrictive security practices relating to the SE have paved the way for Host Card Emulation (HCE). HCE facilitates NFC transactions without requiring an SE; this provides a simpler and more flexible ecosystem, at the expense of security.
This thesis investigates the impact of the aforementioned developments on the security and performance of mobile devices in ticketing. A comparative analysis of various security mechanisms that have been put forward as options to mitigate the security risks of HCE is carried out, and their suitability for ticketing is determined. A novel ticketing protocol based on Linkable Digital Signatures is proposed to solve the problem of blacklisting (the barring of invalid tickets/smartphones) in tokenised payments. A novel tokenisation framework based on Format Preserving Encryption (FPE) algorithms and Trusted Execution Environments (TEE) for secure token generation on the user's device has been proposed. All proposals were implemented on mobile devices to test the performance for efficiency.
The work conducted in this thesis shows that mobile devices, and particularly HCE, offer several benefits in ticketing, however, a new approach to security is required. It also shows that despite the clear advantages of adopting open payments, careful considerations must be taken for it to be successful in ticketing.
Modern smartphones support Near Field Communication (NFC) which can be used to emulate contactless smart card tickets. NFC transactions are quick, making them a viable technology for use in transport ticketing where speed is very critical. NFC transactions initially required a Secure Element (SE) for security reasons. However, commercial constraints and restrictive security practices relating to the SE have paved the way for Host Card Emulation (HCE). HCE facilitates NFC transactions without requiring an SE; this provides a simpler and more flexible ecosystem, at the expense of security.
This thesis investigates the impact of the aforementioned developments on the security and performance of mobile devices in ticketing. A comparative analysis of various security mechanisms that have been put forward as options to mitigate the security risks of HCE is carried out, and their suitability for ticketing is determined. A novel ticketing protocol based on Linkable Digital Signatures is proposed to solve the problem of blacklisting (the barring of invalid tickets/smartphones) in tokenised payments. A novel tokenisation framework based on Format Preserving Encryption (FPE) algorithms and Trusted Execution Environments (TEE) for secure token generation on the user's device has been proposed. All proposals were implemented on mobile devices to test the performance for efficiency.
The work conducted in this thesis shows that mobile devices, and particularly HCE, offer several benefits in ticketing, however, a new approach to security is required. It also shows that despite the clear advantages of adopting open payments, careful considerations must be taken for it to be successful in ticketing.
| Original language | English |
|---|---|
| Qualification | Ph.D. |
| Awarding Institution |
|
| Supervisors/Advisors |
|
| Award date | 1 Jun 2018 |
| Publication status | Unpublished - 2018 |
Keywords
- Ticketing
- Mobile Ticketing
- Mobile Payments
- Mobile Security
- Automated Fare Collection
- Open Loop Ticketing
- EMV Ticketing
- Contactless Ticketing
- Transit
- Host Card Emulation
- Near Field Communication
- Smart Cards
- Closed Loop Ticketing
- Transit Systems
- Linkable Signatures
- Tokenisation
- Tokenization