Last week we released some details about work we did for the Morgan’s Wonderland fun park for special-needs children. One of the exciting aspects of that project was the integration with the park’s RFID tracking system. The RFID system itself was built by RFIDTec, based in California, and we integrated their work with the online reservation platform we constructed.
RFID Journal did a write-up on the Morgan’s Wonderland RFID system, including some comments from Denim Group’s Sheridan Chambers.
An important aspect of securing this integration was the use of Threat Modeling to proactively identify potential security problems during the design stage so they could be addressed early in the development process. Understanding the communication channels in a system as well as trust boundaries between parts of the system is critical to creating secure applications. This applies to RFID systems, Web 2.0 mashups, software as a service (SaaS) and smartphone applications – any system that is composed of multiple independent subsystems.
Here are some photos of different aspects of the RFID tracking system:
The tracking wristband
A closed location station.
Identifying a user to the location station.
dan _at_ denimgroup.com