Abstract
Electronic tickets (e-tickets) gain increasing popularity among operators of public transportation. E-tickets offer several advantages to transit enterprises as well as to their customers, e.g., they aggravate forgeries by cryptographic means whereas customers benefit from fast and convenient verification of tickets or replacement of lost ones.
Existing proprietary solutions for e-tickets are mainly based on RF technology where RFID chips prove authorization by releasing spatio-temporal data, implying that customers run the risk of losing privacy, particularly their location privacy.
Existing literature on e-tickets as well as on privacy-preserving RFID-based protocols either does not consider privacy or lacks practicability for real world scenarios. This thesis analyzes e-tickets to derive appropriate security and privacy requirements and tackles the shortcomings of existing proposals. Then it sets up a framework for practical privacy-preserving e-tickets based on known cryptographic techniques and RFID technology.