A Lightweight Authentication Scheme for Transport System Farecards
Proximity Integrated Circuit Cards (PICC) are widely used for public transport fare collection. The stored contents in the card can only be accessed or modified after the card is able to authenticate the Proximity Coupling Device (PCD) or reader using a shared secret key. We propose a new authentication scheme that is not based on shared secret keys. Instead, authentication is based on the card and reader being able to compute an identical pairwise key using their own private keying material obtained from the same source. The computation is done off-line and does not require the participation of a third party. It uses simple modular arithmetic operations over a small binary extension field, achieving fast computation speed using the limited resources in cards. In addition, should the keys be stolen from the cards or readers, the security of the other parts of the system cannot be compromised.