The T or MBTA - whatever you want to call it - the Boston Subway has introduced the charliecard similar to London, Washington & Chicago. It turns out that stored value smartcards are sort of dumb - the only thing they store is the ID, and no information about the actual value remaining. This makes a lot of sense because otherwise hackers could easily compromise these cards in the comfort of their homes.
I can imagine how such a system is architected in real subway stations - the readers at the turnstiles can be connected to the central server. But then I see that the same card works on buses! What is more, if you transfer from Bus A to Bus B within x mins, you dont have to pay a fee. So clearly the reader at Bus A has to transmit some information to Bus B.
So, is there a wireless network of the Boston buses? It would be fun to think of how such a network could be constructed. It definitely needs reliable transport. But, the information only has to get to all other points in the network on a human timescale - minutes at least. i.e. I cant use a reader in Bus A and 1 sec later use it at Bus B.
Of course, things are much simpler if the card was read-write. The only information that needs to be propagated is the list of routes I have traveled since yesterday or whenever the last time
an update was sent out about how much value I have left. The reader in Bus A could then store a digitally signed bit recording the last use, and Bus B would then charge me 0$ if it could verify the signature of Bus A. If I used the transit system much later in the day, Bus C could charge me x$ and display my stored value as yesterdays-stored-value - 2x.
MBTA could even get away with weaker encryption by updating the keys every few days (faster than a hacker could computationally hack through using a systematic attack).
But MBTA has a whole new problem now - how to store the stored value of potentially a few million cards in each bus, and update it every day? One realistic option (again assuming read-write cards) is to store both the stored value & the ID of the card. The reader in each bus will believe the current stored value and deduct it after each use and re-write the value. At the end of each day, a sync operation can happen with the central server. If misuse of the card is detected, that card can be blacklisted. A much shorter list of blacklisted cards can be stored on each bus so that the hacker can be caught the next time the compromised card is used.
But this would involve storing the values left on millions of cards at each reader at the end of each day...
Wednesday, May 23, 2007
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment