Department of Computer Science

Vrije Universiteit

Discussion between Translink and Researchers

On Monday January 14, RTL Nieuws [1] broadcast a TV program about the successful attack on the single-use RFID-based Dutch public transit card by computer science student Roel Verdult of the Radboud University in Nijmegen. Security researchers normally report to the company whose product has been attacked before seeking publicity. However, due to the speed at which this story developed, Roel's supervisors in the Nijmegen Systems Security group were only able to contact Trans Link Systems (TLS) on the day of the broadcast and to invite them to a meeting to tell them about all the technical details.

That meeting took place the next day in Nijmegen. Three TLS employees were present along with Roel, his supervisor, and other members of the Nijmegen security group. The head of the group. Prof. Bart Jaocbs could not attend because he was abroad. RFID security expert Melanie Rieback of the Vrije Universiteit in Amsterdam was also present. The discussion was pleasant and friendly.

During the meeting, Roel Verdult began by explaining his attack. With an RFID reader, the contents of the single-user card were copied to a laptop, then the information was transferred to an electronic device Roel built, the "Ghost." The Ghost can repeatedly act as a transit card, allowing unlimited free transit on the public transit system [2]. The TLS employees complimented Roel on his brilliant work.

The TLS employees expressed their concern at this attack, in particular, because the necessary equipment to carry it out is easy to obtain. Next there was a lively discussion about countermeasures, both short term and long term, however without a clear result. All proposed countermeasures were either very expensive or difficult to implement.

The researchers emphasized the need for openness and transparency as necessary conditions for adequate security and public trust in the system. Putting that in more technical terms, the specification and implementation details should be public from the very beginning so that researchers, hackers, consumers' groups and other interested experts can try to find design errors and propose solutions. The TLS employees admitted that in theory this is the best method to getting a secure system. Last week the importance of openness was already pointed out [3]. This open approach matches the bill recently passed by the Parliament entitled "The Netherlands Open in Connection" [4].

Because the current public transit card was not developed from this "open" approach, the chance is present that more exploitable errors will be found. For this reason, the TLS staff were hesitant to make the current design suddenly public.

The people present regarded the meeting as useful and valuable. Additional meetings will soon take place, for discussing how the system and infrastructure can be improved both in the short term and the long term.

Flavio Garcia (RU)
Ruben Muijrers (RU)
Melanie Rieback (VU)
Peter van Rossum (RU)
Wouter Teepe (RU)
Roel Verdult (RU)

[1] RTL Nieuws. RTL 4, Maandag 14 januari 2008, 19:30.
[2] R. Verdult. Proof of Concept, Cloning the OV Chip card.
[3] Infrastructuur voor Openbare Diensten Vereist Veiligheid en Transparantie.
[4] Nederland Open in Verbinding, Ministerie van Economische Zaken, Sept. 2007