Security Analysis of the Norwegian Toll Road System AutoPASS
MetadataShow full item record
Electronic Fee Collection (EFC) systems are used overall to describe ICT solutions that automatically collects road user charges without the need of stopping. EFC systems consists of two main units; the on board unit (OBU) and the roadside equipment (RSE). These units uses the Dedicated Short Range Communications (DSRC) at 5.8 GHz as communication protocol. The European standard EN 15509:2007 defines requirements for both the OBU, RSE and the DSRC, and it also specifies a set of transactions between the units. The GET_STAMPED messages are a central part of these transactions. It is through these messages the units authenticates themselves. The Message Authentication Code (MAC), included in the GET_STAMPED messages, is calculated based on an AttributeIDList, a Random Number and an Authentication Key. The Data Encryption Standard (DES) is used in the calculation of the authentication codes. This is a cipher that is considered to be insecure for many applications, and can be cracked by doing a brute force search on the key space. Based on this, MACs are assumed obtained in this thesis, and an attack on these MACs are investigated. Rainbow tables are used in this thesis in order to make an attack on a lot of message authentication keys efficient. A rainbow table are described as a time-memory trade-off for breaking keys in a chosen plaintext attack. A simple rainbow table are implemented i C++, and generation times are discussed.