Back in Fall 2003, David Wagner and I were looking at the FasTrak transponders used in the San Francisco Bay Area. We were more interested in the privacy aspects than in security, but we found some basic information that may be of interest given the current discussion about EZPass issues.
* FasTrak transponders use a spec called "Title 21," so called because it is specified in Title 21 of the California Code. You can find a copy here: http://www.dot.ca.gov/hq/traffops/elecsys/title21/title21a.htm Highlights - 915Mhz band - Protocol includes a 16-bit "Agency ID" and a 32-bit "Reader ID" in the message from reader to transponder. (Unfortunately, neither appear to be authenticated in any way.) - 32-bit transponder ID * In principle, anyone can manufacture Title 21 compliant equipment. In practice, SIRIT Technologies is a major vendor of Title 21 transponders and readers in the Bay Area. You can find them at http://www.sirit.com/default.asp?sectionID=2&action=open&pageID=79 (includes data sheets - check the reader controller card) Another such vendor is TransCore (aka AmTech) http://www.transcore.com/technology/techapps.htm We looked into purchasing a reader controller card and antenna from SIRIT, but were informed a) such a kit would cost $7K+ b) they would not sell to anyone w/o CalTrans authorization. We asked CalTrans about b) and were told that they would not authorize SIRIT to sell transponders to us, but we were free to build our own. They also suggested we talk to the university's transportation department to come up with a research proposal "acceptable to CalTrans." We then became occupied with library RFID and didn't come back to FasTrak. I don't have the EE skills to build FasTrak readers, and right now don't have the time to spend acquiring them. If anyone out there feels like building this sort of thing, though, please let me know. * Automatic number plate recognition (ANPR) has apparently improved greatly in recent years. I gather this from reading recent articles in transportation magazines and journals -- do not have the references on me but can look them up this weekend. Unfortunately I didn't find any hard data on how much, exactly, it has improved. >From what I understand, the London congestion charging scheme relies entirely on automatic plate recognition. See also this web page on police uses of ANPR in the UK: http://www.pito.org.uk/what_we_do/identification/anpr.htm Also interesting is this list of cities with congestion pricing, which has some information on the technologies they use for vehicle identification: http://www.tfl.gov.uk/tfl/cc_fact_sheet_other_schemes.shtml --- We were interested in the setting where a 3rd party has FasTrak readers, but not access to the database mapping ID to account. This seems like the weakest reasonable threat model, but there are still some interesting things you can do. For example, you could set up a device that takes photographs of cars and associates them with FasTrak IDs. Then buy a lot of pop-under ads, put the photos on them, and offer people a prize if they identify the make of car correctly. (You could use something like the ESP Game framework of Blum and Von Ahn to make sure the answers are right, or at least right more often.) Now filter out everything but the expensive (or easy to steal) cars. This gives you the FasTrak IDs of expensive cars. Place a few readers in parking garages, and then you know when expensive cars have been left alone and where they are. That might be useful. By the way, a friend mentioned that someone at AT&T had some recent work on EZPass privacy issues. Does anyone know more? -David Molnar --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]