Contributions to the security and privacy of electronic ticketing systems

An electronic ticket is a digital contract between two parties, that is, the user and the service provider. An agreement between them is established in order that the user can receive the desired service. These tickets are used in different types of services, such as sports or entertainment events,...

Descripción completa

Detalles Bibliográficos
Autor: Vives Guasch, Arnau
Tipo de recurso: tesis doctoral
Estado:Versión publicada
Fecha de publicación:2013
País:España
Institución:Universitat Rovira i virgili (URV)
Repositorio:Repositori Institucional de la Universitat Rovira i Virgili
OAI Identifier:oai:urv.cat:TDX:1225
Acceso en línea:https://hdl.handle.net/20.500.11797/TDX1225
http://hdl.handle.net/10803/119683
Access Level:acceso abierto
Palabra clave:004 - Informàtica
Descripción
Sumario:An electronic ticket is a digital contract between two parties, that is, the user and the service provider. An agreement between them is established in order that the user can receive the desired service. These tickets are used in different types of services, such as sports or entertainment events, especially in the field of transport. In the case of transport, costs can be reduced due to the high volume of users, and the identification of the travel flow is facilitated. This information allows the forecast and planification of transport systems more dynamically. The security of electronic tickets is very important to be deployed in the real scenarios, as well as the privacy for their users. Privacy includes both the anonymity of users, which implies that an action cannot be easily attributed to a particular user, and also the unlinkability of the different movements of that user. This thesis presents protocols which keep the same security requirements of paper tickets while offering the advantages of digital tickets. Firstly, we perform a state of the art with the related proposals, by analysing the security requirements considered. We then present an electronic ticketing system that includes the security requirements of exculpability and reusability, thus guaranteeing the privacy for users. We later present a proposal of electronic ticketing systems adapted to use-dependant payment systems, especially focused on transport, which includes both the anonymity of users and the short-term linkability of their movements. The related actions of a journey of a determined user can be linkable between them (i.e. entrance and exit of the system) but not with other movements that the user performs. Finally, as an extension of the previous use-dependant payment system solution,