[LINK] SMH: 'Students crack ticket algorithm'
Roger Clarke
Roger.Clarke at xamax.com.au
Wed Nov 14 07:34:15 AEDT 2012
Free ride: students crack ticket algorithm
Ben Grubb
Deputy technology editor
SMH
November 12, 2012
http://www.smh.com.au/digital-life/consumer-security/free-ride-students-crack-ticket--algorithm-20121112-2984x.html
A team of university students in Sydney have cracked the secret
algorithm used on Sydney's public transport tickets for buses, trains
and ferries, which they say could allow them to print their own
tickets.
The students - Damon Stacey, Dougall Johnson, Karla Burnett and Theo
Julienne - presented their research at the Ruxcon security conference
in Melbourne last month but did not name the organisation affected, a
common practice for ethical "white hat" security researchers not
wishing to do damage to an organisation.
Since the talk was delivered and reported by specialist IT security
publication SCMagazine, Transport for NSW has owned up to being the
affected organisation in an emailed statement to Fairfax, in which it
said it had met with the group and taken steps to minimise the risk
of fare evasion. For "security purposes" it said it didn't want to
provide any detail about what action it had taken or what measures
were in place to prevent fraud.
In an email interview with Fairfax, Mr Julienne, of UNSW, said he and
the other researchers took about 1000 used tickets purchased over
about five years and analysed the data on them to work out how it was
stored and encrypted.
"We looked for correlations - bits of data that were the same across
similar tickets, and slowly found enough patterns to work out the
entire algorithm used to encode the ticket," Mr Julienne said. "We
have not written tickets, but we are certain that it is possible
seeing as we have uncovered every aspect of the algorithm."
Mr Julienne said he and the other university students started looking
at a public transport's ticketing system because they were fans of
public transport and interested in how the data was encrypted. They
were also interested in what protections were in place against
malicious users creating fake tickets, Mr Julienne said.
To crack the algorithm used on the transport system's tickets they
targeted, Mr Julienne said he and the other students used about $300
worth of equipment (magnetic card readers and some specially
purchased tickets), their laptops and a "a few weeks" worth of their
time at night (a few days of which was full-time work).
"We were surprised at how simple the encryption was," Mr Julienne
said. "Ideally cryptography should be impossible to crack, even if a
potential attacker or reverse engineer knows every detail about how
it is implemented. This system on the other hand is relying
completely on users not knowing how it is implemented, which may have
been fine when it was introduced in the early '90s because much fewer
people had access to the technology required to read the tickets, or
computers fast enough to analyse the data."
Mr Julienne assured Fairfax that he and the other students had not
written their own tickets, though was "absolutely certain" that it
would be possible since he and the others knew every detail about the
algorithm.
Their suspicions of being able to print tickets were confirmed by the
reaction from the transport organisation affected when they met with
it to inform it of their research, Mr Julienne said. "They said they
were already aware of the potential flaws, but it was a large and
expensive operation to change the tickets."
In a statement, Transport for NSW said that it was a serious offence
under the Rail Safety (Offences) Regulation 2008 to travel without a
valid ticket. "This includes a ticket which has been altered."
It added that the new electronic ticketing system to be gradually
introduced to Sydney's transport system starting with a testing
period later this year did not use the cracked magnetic stripe used
on paper tickets.
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Faculty of Law University of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list