RFID system security assessment methodology based on attack graph model

In order to effectively evaluate the security level of an applicable RFID system, researchers usually need to carry out a series of penetration test from the view of attackers. According to the extent of the attacker's effort, security level of the RFID system can be assessed by both qualitative and quantitative method. A new attack graph mechanism based on the characteristics of the RFID offensive and defensive attack strategy is proposed by analyzing the activities of existing RFID attacks. By analyzing the attack characteristics of different RFID systems, the proposed graph model can automatically evaluate the attack vulnerabilitie and dynamically predict the trend of attack effect in RFID system. By analyzing the attack instances on RFID UHF EPC C1 Gen2 protocol, the validity of the attack graph model is verified.

[1]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[2]  Jeannette M. Wing,et al.  Scenario graphs and attack graphs , 2004 .

[3]  Marc Girault,et al.  Security of privacy-preserving RFID systems , 2010, 2010 IEEE International Conference on RFID-Technology and Applications.

[4]  Serge Vaudenay,et al.  Mutual authentication in RFID: security and privacy , 2008, ASIACCS '08.

[5]  S. Bharath,et al.  Attack Graphs for EPCglobal RFID , 2007, 2007 IEEE Region 5 Technical Conference.

[6]  Sushil Jajodia,et al.  Efficient minimum-cost network hardening via exploit dependency graphs , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[7]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[8]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[9]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[10]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.