RFID wristbands for resort guests

[chartle]

1. My issue comes with the security. The only thing that should be stored on the actual chip is a reference ID. The actual guest information should be stored in a secure database and queried with the ID from the wrist band.

2. If the first consideration is security it can be done right but, sadly, security is often an after-thought when implementing these kinds of solutions. The best way to handle the encryption is most likely a dual key pair (public/private keys like SSL). It is transactionally lightweight and the public keys can be easily revoked or set to expire.

3. Also, if they are going to allow charging they really need to have a second factor of authentication. A simple PIN (not stored on the RFID bracelet or hashed if it is) would drastically increase the security.

4. In reality the key to the world cards are most likely not very secure either.

1. Thats pretty much how it works with the current KTTW cars and tickets. Nothing except a number is stored on the card. Other info maybe there like simple ticket info but it doesn't need to be there.

2. Doesn't really work for RFID. The reader sends a signal and the RFID passively send back a number, the same one every time. If I gave you an encrypted code for my CC number its no different than if I gave you the number. Yes you don't know the real number but it doesn't matter if the encrypted code works just like the real number.

3. This could cause problems with forgotten PINS. Remember Disney wants you to buy things with as little barriers as possible. Its like when people first started to use credit cards over cash. You never handed over any real money so its difficult to keep track. Disney wants you to pick up the item touch your band and be off.

4. Yes but KTTW cards can only be read by physically holding the card.

 

[eliza61]

Come on' Is it a slow day or what? people are actually getting excited because of a plastic wristband?
Heck, my job has had them for 3 years now.

So what, it replaces your KTTW card Yeah , because that was such a hassle to lug around all day.

 

[notnothin]

2. Doesn't really work for RFID. The reader sends a signal and the RFID passively send back a number, the same one every time. If I gave you an encrypted code for my CC number its no different than if I gave you the number. Yes you don't know the real number but it doesn't matter if the encrypted code works just like the real number.

Actually, depending on what type of system they implement, this may be right or wrong. There are technical papers, journals, etc. available that discuss RFID along with digital signature and PKE integration. In other words, don't be too quick to dismiss it a simple transaction as you have described. If they truly want to (read $$$), encryption can be implemented and would certainly put a quick stop to any skimming concerns.

 

[grimley1968]

What a stupid idea.

I cant imagine wearing a stupid band on my wrist my entire vacation, especially in the summer months. I hope Disney does not do this!

Agreed. That reason, added to the difficulty of FP running (we do this big time with me as the "runner") with such a system, makes me opposed to it. I could understand switching to something besides the old magnetic strip system, which is antiquated technology now, but people still need to be able to carry around cards, whether they use a mag strip, a barcode, or even RFID.

 

[pilferk]

Actually, depending on what type of system they implement, this may be right or wrong. There are technical papers, journals, etc. available that discuss RFID along with digital signature and PKE integration. In other words, don't be too quick to dismiss it a simple transaction as you have described. If they truly want to (read $$$), encryption can be implemented and would certainly put a quick stop to any skimming concerns.

You'd think (given the descriptions offered), they'd need to use a relatively robust transmitter. Otherwise, how do you do "tailored guest experiences"...unless they know where you are within a few feet.

If they're doing that, you'd think they'd have to enact some sort of encryption.

 

[chartle]

Actually, depending on what type of system they implement, this may be right or wrong. There are technical papers, journals, etc. available that discuss RFID along with digital signature and PKE integration. In other words, don't be too quick to dismiss it a simple transaction as you have described. If they truly want to (read $$$), encryption can be implemented and would certainly put a quick stop to any skimming concerns.

I still don't see how that's possible without being able to rotate the keys like on a car fob, but I haven't taken calculus in many years.

 

[notnothin]

You'd think (given the descriptions offered), they'd need to use a relatively robust transmitter. Otherwise, how do you do "tailored guest experiences"...unless they know where you are within a few feet.

If they're doing that, you'd think they'd have to enact some sort of encryption.

Yes, I just have a hard time thinking this will roll out sans encryption. For those that say that security is typically an afterthought when implementing something of this scale, I have to guess that either you don't really work in IT or you work in a relatively small shop. I'm involved in the financial sector and I can tell you that security is always at the forefront of our decision making process. The "oh noes, hack!!!" crowd likely doesn't have a thorough understanding of either the technology and/or its nextgen capabilities.

 

[notnothin]

I still don't see how that's possible without being able to rotate the keys like on a car fob, but I haven't taken calculus in many years.

Think 'private key'.

 

[grimley1968]

I just watched Idiocracy for about the 100th time this weekend. Everyone in that version of the future has a bar code tattooed on their wrists. That bar code tracks people's entire lives in the movie. This wristband idea sounds a little too close to that for my taste, even though Idiocracy is a ridiculous comedy. Disney, please stick with KTTW cards of some sort. I can do without the "tailored guest experiences" if need be.

 

[chartle]

Think 'private key'.

I have a rough idea how private/public keys work.

But if my cc number is 5656 6787 6789 5675 and its 128 bit NSA encrypted number is

dkjsfhdksjhf jkldhjhjJJUhJjk%^$&%^$&%^LKJKL FDKLSLJKLDJ LKFKL;JF;LDKSJF

it doesn't make a difference. If the info is encoded that just means I can't go to Amazon.com because I don't have the unencrypted CC number and buy something but I can send that code to Disney computers I can.

Oddly enough I like the wristbands I think I must just be here for an augment.

http://youtu.be/kQFKtI6gn9Y

 

[FireDancer]

Think 'private key'.

Exactly. No need to rotate codes when you use a key-pair.

 

[pilferk]

I have a rough idea how private/public keys work.

But if my cc number is 5656 6787 6789 5675 and its 128 bit NSA encrypted number is

dkjsfhdksjhf jkldhjhjJJUhJjk%^$&%^$&%^LKJKL FDKLSLJKLDJ LKFKL;JF;LDKSJF

it doesn't make a difference. If the info is encoded that just means I can't go to Amazon.com because I don't have the unencrypted CC number and buy something but I can send that code to Disney computers I can.

Which, really, isn't any different than what can happen NOW with KTTW cards...with the exception that you'll likely NOTICE your missing card. You won't know if your RFID signature has been picked up.

I'm not sold on the security of a widespread RFID system that allows charging, of any type.

I'm just saying that...the systems not perfect, now, either.

 

[notnothin]

I have a rough idea how private/public keys work.

But if my cc number is 5656 6787 6789 5675 and its 128 bit NSA encrypted number is

dkjsfhdksjhf jkldhjhjJJUhJjk%^$&%^$&%^LKJKL FDKLSLJKLDJ LKFKL;JF;LDKSJF

it doesn't make a difference. If the info is encoded that just means I can't go to Amazon.com because I don't have the unencrypted CC number and buy something but I can send that code to Disney computers I can.

OK, consider this. You activate your wristband, and as part of that activation, the wristband's public key goes on Disney's ring. With encryption implemented, anyone that 'sniffs/skims' the connection is going to see pure ciphertext as you mentioned above. However, if Disney's system has your wristband's public key on their ring, they'll be able to communicate with you, no issue.

If someone does 'sniff/skim' the device and tries to clone, they will be missing one crucial component: the private key that exists on the wristband itself. This private key on the wristband would never be transmitted during any sort of 'exchange' between your device and Disney, yet is absolutely required in order to decrypt communications.

In other words, skim all you want. Without the private key on the cloned card/ID, it is entirely useless.

ETA: Now if someone manages to get their hands on Disney's private key, then we have a problem. However, systems such as this are abstracted a few layers and aren't typically accessible by traditional means.

 

[linzbear]

OK, consider this. You activate your wristband, and as part of that activation, the wristband's public key goes on Disney's ring. With encryption implemented, anyone that 'sniffs/skims' the connection is going to see pure ciphertext as you mentioned above. However, if Disney's system has your wristband's public key on their ring, they'll be able to communicate with you, no issue.

If someone does 'sniff/skim' the device and tries to clone, they will be missing one crucial component: the private key that exists on the wristband itself. This private key on the wristband would never be transmitted during any sort of 'exchange' between your device and Disney, yet is absolutely required in order to decrypt communications.

In other words, skim all you want. Without the private key on the cloned card/ID, it is entirely useless.

ETA: Now if someone manages to get their hands on Disney's private key, then we have a problem. However, systems such as this are abstracted a few layers and aren't typically accessible by traditional means.

Now this makes much more sense. I hadn't realized that the wristband itself could have a non-transmittable private key for decoding, though I imagine Disney has already dealt with this, otherwise the RFID cup codes could be easily copied, couldn't they?

I'm actually pretty stoked about this, I love new technologies and seeing how they can be used

Also, if someone could steal Disney's private key, they could also probably just create their own bands with DDP & park entitlements on them. Less likely it would affect me, anyway.

 

[pilferk]

ETA: Now if someone manages to get their hands on Disney's private key, then we have a problem. However, systems such as this are abstracted a few layers and aren't typically accessible by traditional means.

With enough cast off stock (ie: used wristbands), a hacker could probably, eventually, ferret out the private key's generation algo.

But they'd almost have to brute force it. It would probably (unless they were ridiculously lucky) take them longer to ferret it out than the tech would have legs for.

University of Michagan students managed to do it with a private RSA key by fluctuating power to the CPU, which would throw an error code and cause it to "leak" single bits of the key at a time.

They could hack a single key in about 104 hours of processing time, once they got the system figured out.

http://au.ibtimes.com/articles/20100310/rsa-1024-hacked.htm

ANYTHING is hackable given enough time and hardware to test on.

 

[W.E.D.]

I just realized that it asked for your phone number...it will prob text you when your fast pass is ready!

Aw geez! Now I have to have a cell phone to go to WDW?!?

 

[notnothin]

ANYTHING is hackable given enough time and hardware to test on.

Agree that anything will go down given enough resources and determination. It takes a tremendous amount of clock cycles to brute force something like this, but it could be done over time.

I really just wanted to point out that, if implemented correctly, this would not have the same immediate concerns that plague a typical RFID system that so many are reading/concerned about.

 

[chartle]

OK, consider this. You activate your wristband, and as part of that activation, the wristband's public key goes on Disney's ring. With encryption implemented, anyone that 'sniffs/skims' the connection is going to see pure ciphertext as you mentioned above. However, if Disney's system has your wristband's public key on their ring, they'll be able to communicate with you, no issue.

If someone does 'sniff/skim' the device and tries to clone, they will be missing one crucial component: the private key that exists on the wristband itself. This private key on the wristband would never be transmitted during any sort of 'exchange' between your device and Disney, yet is absolutely required in order to decrypt communications.

In other words, skim all you want. Without the private key on the cloned card/ID, it is entirely useless.

ETA: Now if someone manages to get their hands on Disney's private key, then we have a problem. However, systems such as this are abstracted a few layers and aren't typically accessible by traditional means.

OK I think I'm getting it. No I just lost it again. Maybe it will come back. I want to think about how this looks like there is still a problem.

I'll be back.

 

[sam_gordon]

OK, consider this. You activate your wristband, and as part of that activation, the wristband's public key goes on Disney's ring. With encryption implemented, anyone that 'sniffs/skims' the connection is going to see pure ciphertext as you mentioned above. However, if Disney's system has your wristband's public key on their ring, they'll be able to communicate with you, no issue.

If someone does 'sniff/skim' the device and tries to clone, they will be missing one crucial component: the private key that exists on the wristband itself. This private key on the wristband would never be transmitted during any sort of 'exchange' between your device and Disney, yet is absolutely required in order to decrypt communications.

In other words, skim all you want. Without the private key on the cloned card/ID, it is entirely useless.

ETA: Now if someone manages to get their hands on Disney's private key, then we have a problem. However, systems such as this are abstracted a few layers and aren't typically accessible by traditional means.

I don't understand. Sorry, I've never understood the public/private key issue. If the 'public' key from the band is programmed into Disney's system when you pick up the band, but the 'private' key is NEVER transmitted, how does the band get used?

 

[ccudmore]

OK, consider this. You activate your wristband, and as part of that activation, the wristband's public key goes on Disney's ring. With encryption implemented, anyone that 'sniffs/skims' the connection is going to see pure ciphertext as you mentioned above. However, if Disney's system has your wristband's public key on their ring, they'll be able to communicate with you, no issue.

If someone does 'sniff/skim' the device and tries to clone, they will be missing one crucial component: the private key that exists on the wristband itself. This private key on the wristband would never be transmitted during any sort of 'exchange' between your device and Disney, yet is absolutely required in order to decrypt communications.

In other words, skim all you want. Without the private key on the cloned card/ID, it is entirely useless.

ETA: Now if someone manages to get their hands on Disney's private key, then we have a problem. However, systems such as this are abstracted a few layers and aren't typically accessible by traditional means.

As an IT security/PKI Consultant, I never thought there'd come a day where I'd see PKI technology discussed on The Dis!! I love it!!

For those who don't have a security background, this is very much like what's being done with the ePassports to prevent skimming. The "state of the art" of RFID, especially as it relates to security has really advanced in the last couple years.