Pay-as-you-Go investigates security and privacy for Integrated Transportation Payment Systems (ITPS). The research addresses integrated payments for trains, subways, buses, ferries, and recharging of electric cars, as well as toll collection for roads, bridges, and tunnels. Multi-disciplinary aspects include novel cryptographic protocols and lightweight implementations of privacy-preserving payment systems. Challenges include providing security and privacy in a low-cost, usable, and reliable manner. Payments for transportation differ significantly from general-purpose e-commerce in terms of both security and engineering constraints. For instance, transportation operators wish to observe user behavior to improve the overall performance of the system---seemingly contradicting privacy. Moreover, payment devices must be extremely cheap, mass produced, and tolerant of a wide range of passenger demands. The expected results and activities include: (1) design of novel cryptographic algorithms achieving privacy at low cost while retaining the benefits of meaningful data collection for ITPS; (2) implementation of hardware and software to perform modern cryptographic operations on low-cost devices; and (3) testing of human factors and performance under realistic conditions that must balance security and privacy with cost and usability. The broader impacts are extensive as transportation systems are a critical part of most aspects of society, from the economy, to defense, to public safety. Moreover, information gathered from ITPS applications can facilitate advanced traffic management, travel time estimation, emergency management, congestion pricing, carbon emissions control, and environmental justice assessments. A substantial outreach plan builds on the research team?s significant experience working with transportation professionals in industry and government.
Electronic Transportation Payment System, ETPS, via smart cards or tolling tags and transponders facilitate payment transactions for tolls, transit and parking, thus, improving operational efficiency of transportation systems. They provide the possibility of providing a new revenue source. These same applications that collect electronic payments such as tolls, can improve travelers’ safety as well as optimize traffic by gathering traffic flow data, position and travel time, thus, enabling more timely identification of traffic incidents. However, trends indicate there is a gradual increase in awareness of security hacks or threats within the world’s electronic tolling industry and within large transit authorities that are adopting smart cards and electronic and cell-phone payment systems. It is also apparent, that the public has become aware, not only of the security threat but of the possible disclosure threat to personal information requiring privacy protection during electronic toll collection, ETC. News articles indicate that agencies aware of the breach problem, also desire to protect and secure their systems. Furthermore, it is apparent that security and privacy breaches have evolved both in frequency and sophistication, however, the implementation of complex protective measures remains challenging and therefore absent. Sophisticated encryption algorithms are not commonly employed. This research investigates the security and privacy breaches or violations that arise with such payment systems and determines the extent of the breach problem within the transportation electronic payment community. A website was created to develop awareness of the problem. It contains a database of news articles reporting violations of security and privacy breaches over a 16-year period from 1997 to 2012, see the attached figure. The website defines ten breach attributes that characterize breaches and determines statistically the frequency of breach attribute occurrence, also attached. The website makes articles available to transportation departments and agencies as well as provides a quick summary of each article on the webpage. Users can sort news articles by year, location, breach type (security or privacy), and by breach event identification number; in other words, there may be several news reports for the same breach event. It also provides statistical counts and in the form of bar graphs displaying the number of breach events that have occurred worldwide yearly, and the number of breach events by type and by attribute. There are 90 news articles on the website currently reporting on 62 events. Only one, two or no breach events reportedly occurred yearly from 1997 until the year 2007, at which time, three events were then reported. A sudden jump to thirteen reported events occurred in the following year, 2008. Thirteen additional breach events were again reported in 2009.This corrresponds to the transponder and smart card usage being on the rise during this period. After 2009, however, there is a gradual decrease in yearly reported breach events with five reported breach events in 2012. Of the 62 events, only eight events involved a privacy breach without a security breach. Most were security breaches, 29. However, 25 of the breaches involved both a security as well as a privacy breach. In addition, each event may have several breached attributes. A total of 168 attributes were reportedly breached in all 62 breach events collected. Of these, 57% were security related and 43% were privacy related. This research also investigated one case study of the impact on traffic operations when complex protective algorithms were adopted on ETPS hardward. Researchers created simulations of existing peak hour conditions on a tolling facility via VISSIM traffic simulation software and compared traffic performance when vehicles with transponders became equipped with complex protective algorithms. The simulations included three consecutive toll facilities on a 12 miles stretch of the I-90 Massachusetts Turnpike ticketing tolling system. Working closely with MassDOT, Massachusetts Department of Transportation, April 2013 traffic data was acquired that facilitated the simulation construction. Transponders imprinted with complex protective algorithms need adequate time to communicate with gantry transmitters and receivers. By slowing down the ETPS vehicles with transponders within the VISSIM simulation, this research graphically determined the 'traffic volume throughput' in units of maximum vehicles per hour possibly passing through the plaza as a function of speed, see attached graphs. A sudden drop in ‘throughput’ occurs at a particular speed characteristic to each plaza. The simulation demonstrates that when ETPS vehicles are queued behind cash paying vehicles on the entrance ramps to the plazas, utilization of the plaza's dedicated ETPS lanes nearly disappears, thus the sudden reduction in the plaza's throughput capacity due to non-utilization of several lanes. One recommendation is to re-design geometric entrance ramps and buffer zone regions to reduce the negative operational impacts of adopting protective measures on transponders. Adoption of open-road-tolling would certainly be a less restrictive design for AVI vehicles.
