If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
Most of NFC ticketing solutions are based on MIFARE ULTRALIGHT chips.
The main topic of our talk is why and how these implementations are vulnerable.
The whole talk will be divided in two main sections:
The first one we're going to deal with is about the vulnerabilities which may occur if you do not pay enough attention to security topics.
We're focusing on 3 areas in which frauds are possible:
I. Bad use of GPS and internet protocol to apply fees.
II. Correct use of OTP sector in ULTRALIGHT chips.
III. Correct data stamping on tickets.
In the second part we will show a proof of concept of a validation machine which uses a secure way to validate tickets. The machine is based on an Arduino Uno device, and we're going to use MIFARE ULTRALIGHT as kind of NFC chips to keep the whole solution low cost.
All source code will be made available as opensource just after the talk to let everyone use it to create secure solutions in the world.