Arnau VIVES-GUASCH †a) , Student Member, Maria-Magdalena PAYERAS-CAPELLÀ † †b) , Macià MUT-PUIGSERVER † †c) , Jordi CASTELLÀ-ROCA †d) , and Josep-Lluís FERRER-GOMILA † †e) , Nonmembers SUMMARY An electronic ticket is a contract, in digital format, between the user and the service provider, and reduces both economic costs and time in many services such as air travel industries or public transport. However, the security of the electronic ticket has to be strongly guaranteed, as well as the privacy of their users. We present an electronic ticketing system that considers these security requirements and includes the exculpability as a security requirement for these systems, i.e. users and the service provider can not falsely accuse each other of misbehavior. The system ensures that either both parties receive their desired data from other or neither does (fair exchange). Another interesting property is reusability. Thanks to reusability the tickets can be used a predefined number of times with the same security as single tickets. Furthermore, this scheme takes special care of the computational requirements on the users side by using light-weight cryptography. We show that the scheme is usable in practice by means of its implementation using mobile phones with Near Field Communication (NFC) capabilities.
Automatic Fare Collection (AFC) systems calculate the fare that the users must pay depending on the time of service (time-based) or the points of entrance and exit of the system (distance-based). The progressive introduction of Information and Communication Technologies (ICT) allows the use of electronic tickets, which helps to reduce costs and improve the control of the infrastructures. Nevertheless, these systems must be secure against possible fraud and they must also preserve users' privacy. Therefore, we have studied the security requirements for the timebased and distance-based systems and we have proposed a protocol for each of the AFC systems. The protocols offer strong privacy for honest users, i.e., the service provider is not able to disclose the identity of its users and, moreover, different journeys of the same user are not linkable between them. However, anonymity for users could be revoked if they misbehave. The protocols have been implemented in the Android mobile platform and its performance has been evaluated in two Android smartphones. The results remark that protocols are suitable to be used on AFC system with a medium class mobile device although they offer a better experience with a high-class smartphone. The appearance in the market of more powerful mobile devices suggests a better usability of our proposal in a near future.
Automatic Fare Collection (AFC) systems calculate the fare that the user must pay which depends on the points of entrance and exit of the system. These systems were paperbased, but the progressive introduction of Information and Communication Technologies (ICT) allows the use of electronic tickets which helps to reduce costs and it improves the control of the infrastructures. Nevertheless, these systems must be secure against possible fraud, and they must also preserve users' privacy. We propose an AFC system that offers strong privacy for honest users. The service provider can not disclose the identity of its users and, moreover, different journeys of the same user are unlinkable. However, anonymity for users could be revoked if they misbehave. This system has been designed in order to use personal mobile devices.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.