Back in Fall 2003, David Wagner and I were looking at the FasTrak
transponders used in the San Francisco Bay Area. We were more interested
in the privacy aspects than in security, but we found some basic
information that may be of interest given the current discussion about
EZPass issues.
* FasTrak transponders use a spec called Title 21, so called because
it is specified in Title 21 of the California Code. You can find a copy
here:
http://www.dot.ca.gov/hq/traffops/elecsys/title21/title21a.htm
Highlights
- 915Mhz band
- Protocol includes a 16-bit Agency ID and a 32-bit Reader ID
in the message from reader to transponder. (Unfortunately, neither
appear to be authenticated in any way.)
- 32-bit transponder ID
* In principle, anyone can manufacture Title 21 compliant equipment. In
practice, SIRIT Technologies is a major vendor of Title 21 transponders
and readers in the Bay Area. You can find them at
http://www.sirit.com/default.asp?sectionID=2action=openpageID=79
(includes data sheets - check the reader controller card)
Another such vendor is TransCore (aka AmTech)
http://www.transcore.com/technology/techapps.htm
We looked into purchasing a reader controller card and antenna from SIRIT,
but were informed
a) such a kit would cost $7K+
b) they would not sell to anyone w/o CalTrans authorization.
We asked CalTrans about b) and were told that they would not authorize
SIRIT to sell transponders to us, but we were free to build our own. They
also suggested we talk to the university's transportation department to
come up with a research proposal acceptable to CalTrans.
We then became occupied with library RFID and didn't come back to FasTrak.
I don't have the EE skills to build FasTrak readers, and right now don't
have the time to spend acquiring them. If anyone out there feels like
building this sort of thing, though, please let me know.
* Automatic number plate recognition (ANPR) has apparently improved
greatly in recent years. I gather this from reading recent articles in
transportation magazines and journals -- do not have the references on me
but can look them up this weekend. Unfortunately I didn't find any hard
data on how much, exactly, it has improved.
From what I understand, the London congestion charging scheme relies
entirely on automatic plate recognition. See also this web page on police
uses of ANPR in the UK:
http://www.pito.org.uk/what_we_do/identification/anpr.htm
Also interesting is this list of cities with congestion pricing, which has
some information on the technologies they use for vehicle identification:
http://www.tfl.gov.uk/tfl/cc_fact_sheet_other_schemes.shtml
---
We were interested in the setting where a 3rd party has FasTrak readers,
but not access to the database mapping ID to account. This seems like the
weakest reasonable threat model, but there are still some interesting
things you can do. For example, you could set up a device that takes
photographs of cars and associates them with FasTrak IDs. Then buy a lot
of pop-under ads, put the photos on them, and offer people a prize if they
identify the make of car correctly. (You could use something like the ESP
Game framework of Blum and Von Ahn to make sure the answers are right, or
at least right more often.)
Now filter out everything but the expensive (or easy to steal) cars. This
gives you the FasTrak IDs of expensive cars. Place a few readers in
parking garages, and then you know when expensive cars have been left
alone and where they are. That might be useful.
By the way, a friend mentioned that someone at ATT had some recent
work on EZPass privacy issues. Does anyone know more?
-David Molnar
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
