Privacy in RFID Transit Systems : A case study of SL - Storstockholms Lokaltrafik

Sammanfattning: Radio Frequency Identification (RFID) is a technology that facilitates wirelesscommunication. It is being widely used for access control purposes to aid administration ofservices. As with most wireless technologies, RFID has its challenges, due to its medium (radio waves) of communication, which makes it susceptible to signal interception and other possible attacks. The goal of this project is to investigate the insecurities in the implementation of the RFID system in transit (Storstockholms Lokaltrafik, Stockholm) systems. Due to the nature of the system, spatial information about consumers are accumulated over time thereby attracting some level of interests either legitimate or illegitimate, and raising some concerns. This thesis, takes into consideration the vulnerabilities of the RFID system and the potential security risks consumers of the system are exposed to, a detailed analysis is carried out on the existing infrastructure with the goal of exposing the shortcomings of the systems and proposing mitigating solutions. After an extensive work, seven (7) threats to privacy and security of RFID users were elaborated. Also discussion, about how different legislations around the world enforced data handling regulations in relation to commuter data, is carried out. Finally, most recent threats to consumer privacy are taken into consideration, as well as security in the mass transit field to put together a list of recommended safe practices. The work shows that RFID does pose significant threat to consumer privacy. One might argue that RFID has its benefits in its various implementations. However the fact remains that there are issues with regards to privacy that must to be addressed.