What a month at Transport for London (TfL) who has experienced two major outages of the Oyster card system. In the first system failure on the morning of Saturday 12th July which lasted some 5 hours 60,000 cards were corrupted such that TfL had to issue 42,000 new cards holding the existing balances. The second shutdown on Friday 25th July started at 5:30am and lasted several hours, on this occasion according to TfL there were no corrupted cards (although some commuters were overcharged because they were unable to check out) but the barriers had to be kept open during the morning rush hour.
TfL have been quick to blame Transys the Oyster Travelcard provider consortium that includes EDS, Cubic Transportation Systems, Fujitsu Services Ltd and W. S. Atkins. Apparently Transys had sent 'incorrect data tables' to the Oyster card readers at 275 underground stations (there are 287 in total).
TfL has a 17 year contract with Transys which was awarded in 1998 and commenced operation in November 2002. The contract is worth £100m annually to Transys which supplies, operates and markets the RFID ticket system. Apparently the contract has a number of break clauses that allow for early termination and although Peter Hendry the Transport Commissioner has been reported as enraged at the Oyster malfunctions any such talk seems rather premature. It has been claimed that about 200,000 pay as you go Oyster card users got a free ride on the second system failure for fares that would normally incur costs from £1-50 for a single Zone 1 journey to £4-90 for a maximum journey day cost. Given the time of day of the outage one suspects the direct lost revenue to be no more than £500,000. Perhaps this can be covered by a few forfeited bonuses in the Transys camp.
So what on earth is going on here? Two major outages within two weeks both due to the transmission of 'incorrect data tables' to all the Oyster Card Terminals, is such an accident possible or is there something more going on behind the scenes?
We have been reporting in SCN this year of the breaches in the security of the Mifare chip which is the platform used by the Oyster card. In January we reported on the discoveries of Karsten Nohl (University of Virginia) and Henryk Plotz who effectively publically revealed much of the cryptographic architecture at the core of the Mifare chip. In March we revealed the work of the digital security group at Radboud University in the Netherlands who carried on with where Noel and Plotz left off. There can be no doubt that both teams had cracked the Mifare Crypto-1 algorithms and last month we reported on the Radboud team travelling the London Underground for free.
It gets worse because NXP (nee Philips Semiconductors) who own (Mifare is proprietary technology) and manufacture the Mifare chips have now lost a ruling in the Netherlands to block the Radboud University team from publishing their results. Mifare is now used in up to a billion smart cards in mass transit and physical access control applications. Nobody doubts that it will take years and significant costs to fix the problem which means changing the cards, the smart card readers and some of the software middleware that handles the application on the card. Involved in all of this is the cryptographic key management, let nobody fool you, this needs to be changed as well.
If you were Transys the first thing you would try to do is to enhance the application security around the use of the smart card. You can't do anything about the cryptography because that is deeply buried in the chips and can't be changed (without changing the chip). So the next best thing is to try and detect counterfeit cards or even authentic cards where the data on the card has been manipulated. Can you imagine somebody selling a kit for Oyster card users to reset the value on their cards, this is effectively what the Radboud University team demonstrated in London.
So more about those 'incorrect data tables' what could that mean? Now as far as I know the cost of the journeys on the London Underground have not changed for some time and certainly not in the month of July so it's not obvious that there would be any changes here. But how about hot card lists? At the end of the day software on the Transys servers could examine what the cards are up to, and notice everything seems to be linked to pay as you go, which has a weaker registration system? If cards were being manipulated then it should be possible to detect this back at base which should have a record of value loads and spends. Each Mifare card has a unique (well its supposed to be although there have been reports of duplicates) ID number which would be more difficult for the home user to change although given the attacks reported previously any thing else relating to the Oyster card application could be changed. With all this information Transys could send out hot card lists to disable these suspect cards, this is what appeared to happen on the first system failure. As an alternative you could just refuse access to the suspect cards on the hot list and that perhaps is what happened on the latest system failure.
A much longer conversation is what do you do in such a situation? Conceptually there is nothing new here, magnetic stripe bank cards were around for years, long after it was widely reported on how easy it was (complete with instructions) to create counterfeit cards. It's all about risk management and most important the stakeholders, who actually loses money (and/or credibility) when the system is attacked?
Rumours abound that ITSO has produced a migration strategy from the use of Mifare cards to another approved Customer Media. At first sight that would appear to provide two options or three if you count the new NXP Mifare Plus chip yet to be released. That would mean the NXP DESFire or the general purpose CPU card with an ISO 7816-4 file structure configured as an ITSO structure. Given the opportunity which way wouldn't you go? Watch this space for more news on DESFire.
According to the Transys website the 'Oyster' brand was adopted as a name representing security and value coming from the concepts of the oyster shell and pearl, I expect right now they might want to eat their words. Thinking of food I wonder if the Octopus card in Hong Kong has similar problems?
by David Everett, Technical Editor, Smart Card & Identity News