[LINK] E-Tag security?
gramadan at umd.com.au
Sat Dec 16 11:37:38 AEDT 2006
Doing some further investigation on this, and if you check out CityLinks
It will give you some idea of the operation of the system.
Of particular interest is:
"The e-TAG device itself does not emit a
signal of its own. Rather, it modifies and reflects the
signal emitted by the roadside equipment."
This will make the "scanning sniffer" more difficult.
It also seams to indicate that images are only kept if there is no e-tag.
Howard Lowndes wrote:
> Geoffrey Ramadan wrote:
>> I don't know what the protocol is, but the scheme is unlikely to
>> work, as City link also takes photographs of all vehicles.
> That may be the case, but do they cross check every photo with its
> etag, or does the system only trigger when a photo does not have an
> etag input. If they don't cross check every photo/etag, and I could
> see that being a substantial system load, then the scam could still
> work. Since the system is purely a revenue raiser then I don't see
> Transurban being interested in cross checking. Having said that, I
> have no other idea what other surveillance purposes may be attached to
> the system.
>> Geoffrey Ramadan B.E.(Elec)
>> Chairman, Automatic Data Capture Association (www.adca.com.au)
>> Managing Director, Unique Micro Design (www.umd.com.au)
>> Paul McGowan wrote:
>>> Hi Linkers,
>>> This is mainly idle curiosity, but I was wondering if anyone knew
>>> what sort of security safeguards are in place for E-Tags as used on
>>> Melbourne and Sydney (and no doubt many other) tollways?
>>> Specifcally, I was wondering what sort of protections there are in
>>> the scanning protocol to ensure that things like replay attacks
>>> can't happen.
>>> The scenario I am pondering involves producing a scanner that can
>>> elicit a reply from a parked car where an E-tag is visible, then
>>> replaying this reply to the toll gantry as you pass under it. If it
>>> worked (and I sincerely hope it wouldn't) it would make a very easy
>>> way to steal from innocent motorists and use the tollways free, not
>>> to mention anonymously. I would imagine that collecting many
>>> different replies and playng a random one would make it even harder
>>> to detect.
>>> Can anyone point me to information on the actual protocol(s)?
>>> Best regards,
>>> Paul McGowan
>>> Link mailing list
>>> Link at mailman.anu.edu.au
>> Link mailing list
>> Link at mailman.anu.edu.au
More information about the Link