Development of a Cryptographically Secure Booking Reference System for Air Travels

International Journal of Computer Trends and Technology (IJCTT)          
© 2019 by IJCTT Journal
Volume-67 Issue-6
Year of Publication : 2019
Authors : Orimoloye Segun Michael
DOI :  10.14445/22312803/IJCTT-V67I6P117


MLA Style:Orimoloye Segun Michael"Development of a Cryptographically Secure Booking Reference System for Air Travels" International Journal of Computer Trends and Technology 67.6 (2019): 105-108.

APA Style Orimoloye Segun Michael. Development of a Cryptographically Secure Booking Reference System for Air TravelsInternational Journal of Computer Trends and Technology, 67(6),105-108.

PNR otherwise known as Passenger Name Record in the airlines and travel industry is a record in the database of a Computer Reservation system (CRS) that consists of the passenger information for a passenger, PNR code (Booking Reference) and the itinerary for the passenger or a group of passengers travelling together. The PNR code is frequently used to enable online check-in and ticket retrievals for flights and rail travels. The coding system currently used in the travel industry by Amadeus-a foremost Global Distribution System (GDS), for PNR generation is a six (6)-character alphanumeric code comprising four (4) pseudorandom numbers, generated by the rand() function and the first two (2) characters of the passenger’s first name. This coding system has been subjected to a lot of cyber-attacks such that hackers have been able to successfully guess the PNR code time and time again owing to the limitations inherent in the rand() function and overall process of the code generation. They have been able to have access to flight information of passengers, canceling flights in exchange for airline credits which they use to book new tickets, at the expense of the genuine owners of the tickets. This work therefore proposes a cryptographicallysecure booking reference system that is 8-character long with two added layer of security: an implementation specific cryptographically secure pseudorandom number and a security question/answer pair.

[1] Samipatra Das (2002), „Global Distribution Systems in Present Times? Mineola, New York City.
[2] Buhalis, D. (2003) E-tourism, „Information Technology for Strategic Tourism Management?Gosport, UK: Prentice Hall.
[3] ICAO (2005),?International Civil Aviation Authority Facilitation Programme- API Guidelines and PNR reporting standards?,Available online at
[4] Mironenko O. (2009), „Data protection and security in civil aviation? University of Oslo
[5] The Guardian (2016), „Airline passengers details easy prey for hackers, says researchers?. Available online at
[6] Kasthurirangan Gopalakrishnan, Maniman Govindarasu, Douglas Jacobson and Brent M. Phares (2013), „Cyersecurity for Airports?, International Journal for Traffic and Transport Engineering, Vol. 3 No 4, Pages 365-376
[7] Karsten Nohl and Nemanja Nikodijevic (2016), „Airline passengers details easy prey for hackers?, Techical session at Chaos Communication Congress (33C3), Hamburg, Germany
[8] Georgia Lykou, Argiro Anagnostopoulou and Dimitris Gritzalis (2018), „Smart Airport Cybersecurity: Threat mitigation and Cyber-resilience controls?, Proceedings of the 2018 IEEE Global IoT Summit (GIoTS), Bilbao, Spain.

Passenger Name Record, Booking reference, Cryptography, Amadeus, Information security