RFID card security for public transportation applications based on a novel neural network analysis of cardholder behavior characteristics

This paper proposes a novel approach that applies neural network forecasting to security for closed-loop prepaid cards based on low-cost technologies such as RFID and 1-Wire. The security vulnerability of low-cost RFID closed-loop prepaid card systems originates mostly from the card itself. Criminal organizations counterfeit or clone card data. Although high-security prepaid cards exist, they are often too expensive for transport ticketing, and even their security is not guaranteed for a well-defined period of time. Therefore, data encryption systems are used widely against counterfeiting with success. However, it has not been possible to develop countermeasures with comparable success against cloning. Our proposed security application uses neural network forecasting to determine the recharge day behavioral characteristics of the cardholder and predict the next time the cardholder will recharge their card. Based on the prediction for the recharge time, the expiration date of the low-cost RFID prepaid card is defined, which is a good countermeasure against cloning. FTDNN, LRNN, and NARX network architectures with one hidden layer are considered in this research. The effects of the network architecture, the number of neurons, the training algorithm, and the prediction performance function on the recharge day forecast are investigated. Experimental results confirm the accuracy of the recharge time forecast and confirm countermeasures against cloning. Our proposed security approach with neural network forecasting is applied with success to the Turkish public transport without an online backend system.

Anahtar Kelimeler:

Low-cost, RFID, prepaid card, MIFARE, DST, iButton, security, neural network, NARX

RFID card security for public transportation applications based on a novel neural network analysis of cardholder behavior characteristics

Keywords:

Low-cost, RFID, prepaid card, MIFARE, DST, iButton, security, neural network, NARX,

PDF

___

Nohl K, Plöz H. Mifare, little security, despite obscurity. In: Congress of the Chaos Computer Club; 27—30 December 2007; Berlin, Germany.
Nohl K, Evans D, Starbug S, Plotz H. Reverse-engineering a cryptographic RFID tag. In: USENIX Security Symposium; 28 July—1 August 2008; San Jose, CA, USA.
Courtois NT, O’Neil S, Quisquater JJ. Practical algebraic attacks on the Hitag2 stream cipher. In: Information Security Conference; 7—9 September 2009; Pisa, Italy. pp. 167—176.
de Koning Gans G, Hoepman JH, Garcia FD. A practical attack on the MIFARE Classic. In: Smart Card Research and Advanced Application Conference; 8—11 September 2008; London, UK. pp. 267—282.
Mayes KE, Cid C. The MIFARE Classic story. Information Security Technical Report 2010; 15: 8—12.
Garcia FD, de Koning Gans G, Muijrers R, van Rossum P, Verdult R, Schreur RW, Jacobs B. Dismantling MIFARE Classic. In: European Symposium on Research in Computer Security; 6—8 October 2008; Malaga, Spain. pp. 97—114.
Courtois NT. The Dark side of security by obscurity and cloning MiFare Classic rail and building passes anywhere, anytime. In: International Conference on Security and Cryptography; 7—10 July 2009; Milan, Italy. pp. 331—338.
Teepe W. Making the Best of Mifare Classic. Nijmegen, the Netherlands: Radboud University, 2008.
Garcia FD, van Rossum P, Verdult R, Schreur, RW. Wirelessly pickpocketing a Mifare Classic card. In: IEEE Symposium on Security and Privacy; 17—20 May 2009; Berkeley, CA, USA. pp. 3—15.
Grand J. Protecting your crown jewels: an introduction to embedded security for hardware-based products. Comput Fraud Secur 2005; 10: 13—20.
Sanghera P, Thornton F, Haines B, Kleinschidt J, Das AM, Bhargava H, Campbell A. How to Cheat at Deploying and Securing RFID. Burlington, MA, USA: Syngress, 2007.
Bono SC, Green M, StubbleŞeld A, Juels A, Rubin AD, Szydlo M. Security analysis of a cryptographically—enabled RFID device. In: USENIX Security Symposium; 31 July—5 August 2005; Baltimore, MA, USA. pp. 1—16.
Russell R, Kaminsky D, Puppy RF, Grand J, Ahmad D, Flynn H, Dubrawsky I, Manzuik SW, Permeh R. Hack ProoŞng Your Network. 2nd ed. Rockland, MA, USA: Syngress, 2002.
Kasper T, Oswald D, Paar C. EM side-channel attacks on commercial contactless smartcards using low-cost
equipment. Lect Notes Comput Sc 2009; 5932: 79—93.
Kasper T, von Maurich I, Oswald D, Paar C. Cloning cryptographic RFID cards for 25$. In: Benelux Workshop on
Information and System Security; 29—30 November 2010; Nijmegen, the Netherlands.
Murdoch SJ, Drimer S, Anderson R, Bond M. Chip and PIN is broken. In: IEEE Symposium on Security and
Privacy; 16—19 May 2010; Berkeley, CA, USA. pp. 433—446.
Jain AK, Ross A, Prabhakar S. An introduction to biometric recognition. IEEE T Circ Syst Vid 2004; 14: 4—20.
Iranmanesh SH, Zarezadeh M. Application of artiŞcial neural network to forecast actual cost of a project to improve
Xie H, Tang H, Liao YH. Time series prediction based on Narx neural networks: an advanced approach. In:
International Conference on Machine Learning and Cybernetics; 12—15 July 2009; Baoding, Hebei, China. pp.
Pilka F, Oravec M. Multi—step ahead prediction using neural networks. In: International Symposium ELMAR;
—16 September 2011; Zadar, Croatia. pp. 269—272.
Khosravi A, Nahavandi S, Creighton D. Quantifying uncertainties of neural network-based electricity price forecasts.
Appl Energ 2013; 112: 120—129.
Svalina I, Galzina V, Lujic R, Simunovic G. An adaptive network-based fuzzy inference system (ANFIS) for the
forecasting: the case of close price indices. Expert Syst Appl 2013; 40: 6055—6063.
Henniger O, Nikolov D. Extending EMV payment smart cards with biometric on—card veriŞcation. Int Fed Info
Proc 2013; 396: 121—130.
Deutschmann I, Nilsson L, Nordstrom P. Continuous authentication, using behavioral biometrics, with keystroke
and mouse. IT Professional 2013; 99: 1—4.
Li Z, Rose JM, Hensher DA. Forecasting automobile petrol demand in Australia: an evaluation of empirical models.
Transport Res A-Pol 2010; 44: 16—38.
Mazloumi E, Rose G, Currie G, Moridpour S. Prediction intervals to account for uncertainties in neural network
predictions: methodology and application in bus travel time prediction. Eng Appl Artif Intel 2011; 24: 534—542.
Huang W, Lai KK, Nakamori Y, Wang S, Yu L. Neural networks in Şnance and economics forecasting. Int J Inf
Tech Decis 2007; 6: 113—140.
Swingler K. Applying Neural Networks: A Practical Guide. San Francisco, CA, USA: Morgan Kaufmann, 1996.
Heaton J. Introduction to the Math of Neural Networks (Beta-1, e-Book). ChesterŞeld, MO, USA: Heaton Research,
Florita AR, Henze GP. Comparison of short-term weather forecasting models for model predictive control. HVACXLR
Res 2009; 5: 835—853.
Medsker LR, Jain LC. Recurrent Neural Networks Design and Applications. Boca Raton, FL, USA: CRC Press, 2001.