Electronic Toll Collection

by Don Flint
Sept. 1, 2017 0 comments SANS Institute threats/vulnerabilities

Since 1992 active Radio Frequency Identification (RFID) tags have been used in vehicles to automate the toll process on toll roads, bridges, and tunnels in a process called Electronic Toll Collection (ETC). These tags are mounted to the windshield or externally surrounding the license plate on a vehicle and read as the vehicle proceeds without stopping through special lanes at the toll plaza. This paper looks at the security behind these transactions and the possibility for this toll process to be compromised. It also addresses the supporting infrastructure briefly as a standard banking network. Given the state of the art within the automated toll collection process and systems, it is indeed possible to cheat this system through a variety of means on a small scale. However all of the methods to cheat have inherent in them significant risk of identification and thus prosecution. The backend infrastructure should be further examined for large-scale disruption potential.