The CARS model. Drag and drop the labels into text to classify the sentences into CARS moves and steps. Some steps from the model are not included in this exercise. Note that some steps may occur more than once.

Introduction

In recent years, the development of information technology has led to the evolution of transportation ticketing systems. Conventionally, paper-based tickets and RFID (Radio-frequency identification) tickets [12] are the main ticket forms due to their portability and simplicity. In these ticketing systems, each passenger is issued a ticket for their corresponding travel itinerary. Passengers need to present the ticket to inspectors or at a ticket gate to access the transportation service. The main disadvantages of these ticket forms are the high cost of issuing tickets, the environmental impact of the ticket printing process, and the inconvenience for customers to keep their tickets. Additionally, RFID tickets are prone to security vulnerabilities [6] [10].

The growth of mobile industry has promoted the popularity of mobile tickets. In mobile ticketing systems, customers store the tickets on an electronic device and utilize them to access transportation services. Compared to the two above-mentioned ticket types, mobile ticketing systems provide many advantages However, electronic ticketing systems also pose many security issues due to the complexity of technology. For example, a vulnerability in the design of the ticket generation algorithm allows attackers to forge a fake ticket and therefore have free access to the transportation service. This paper reviews common security issues of an electronic ticket system and applies reverse-engineering techniques to study whether the HSL mobile application, a public transportation application in the Helsinki region of Finland, is affected by these security vulnerabilities.

The paper is organized as follows. Section 2 introduces the components of the HSL ticketing system. Section 3 presents security risks of a ticketing system, while Section 4 summarizes the common vulnerabilities of a mobile application. Section 5 analyzes the implementation of the HSL application and the observed technical weaknesses. Finally, Section 6 discusses the results and gives summarizing remarks.

Adapted from Le, Q. D. 2020. "Security risks of an electronic ticketing system". Proceedings of the Seminar in Computer Science (CS-E4000), Spring 2020..
Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Correct: Wrong: