Survivability Experiment and Attack Characterization for RFID

Radio Frequency Identification (RFID) has been developed as an important technique for many high security and high integrity settings. In this paper, we study survivability issues for RFID. We first present an RFID survivability experiment to define a foundation to measure the degree of survivability of an RFID system under varying attacks. Then we model a series of malicious scenarios using stochastic process algebras and study the different effects of those attacks on the ability of the RFID system to provide critical services even when parts of the system have been damaged. Our simulation model relates its statistic to the attack strategies and security recovery. The model helps system designers and security specialists to identify the most devastating attacks given the attacker's capacities and the system's recovery abilities. The goal is to improve the system survivability given possible attacks. Our model is the first of its kind to formally represent and simulate attacks on RFID systems and to quantitatively measure the degree of survivability of an RFID system under those attacks.

[1]  Upkar Varshney,et al.  Reliability and Survivability of Wireless and Mobile Networks , 2000, Computer.

[2]  Jane Hillston,et al.  A compositional approach to performance modelling , 1996 .

[3]  Yanjun Zuo,et al.  A Framework for RFID Survivability Requirement Analysis and Specification , 2009, SCSS.

[4]  John McDermott,et al.  Attack-potential-based survivability modeling for high-consequence systems , 2005, Third IEEE International Workshop on Information Assurance (IWIA'05).

[5]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[6]  John C. Knight,et al.  Dependability through Assured Reconfiguration in Embedded System Software , 2006, IEEE Transactions on Dependable and Secure Computing.

[7]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[8]  Zhaoyu Liu,et al.  A Secure RFID Identity Reporting Protocol for Physical Attack Resistance , 2006, J. Commun..

[9]  Paul F. Syverson,et al.  High-Power Proxies for Enhancing RFID Privacy and Utility , 2005, Privacy Enhancing Technologies.

[10]  Ari Juels,et al.  Minimalist Cryptography for Low-Cost RFID Tags , 2004, SCN.

[11]  Gregg Schudel,et al.  Adversary work factor as a metric for information assurance , 2001, NSPW '00.

[12]  Ross J. Anderson,et al.  On a new way to read data from memory , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[13]  Tomas Olovsson,et al.  A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior , 1997, IEEE Trans. Software Eng..

[14]  Ingrid Verbauwhede,et al.  Elliptic-Curve-Based Security Processor for RFID , 2008, IEEE Transactions on Computers.

[15]  Kwangjo Kim,et al.  RFID mutual Authentication Scheme based on Synchronized Secret Information , 2006 .

[16]  Nancy R. Mead,et al.  Survivable Network Systems: An Emerging Discipline , 1997 .

[17]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[18]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[19]  Jonathan Katz,et al.  Parallel and Concurrent Security of the HB and HB+ Protocols , 2006, EUROCRYPT.

[20]  Selwyn Piramuthu,et al.  Protocols for RFID tag/reader authentication , 2007, Decis. Support Syst..

[21]  Sumit Roy,et al.  Enhancing RFID Privacy via Antenna Energy Analysis , 2003 .

[22]  Ted Taekyoung Kwon,et al.  Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer , 2006, ICICS.

[23]  Tim Kerins,et al.  An Elliptic Curve Processor Suitable For RFID-Tags , 2006, IACR Cryptol. ePrint Arch..

[24]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, PerCom Workshops.

[25]  Kevin J. Sullivan,et al.  Towards a rigorous definition of information system survivability , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[26]  Andrew S. Tanenbaum,et al.  Is your cat infected with a computer virus? , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[27]  Jonathan Katzand,et al.  Parallel and Concurrent Security of the HB and HB + Protocols , 2006 .

[28]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[29]  Markus Schumacher,et al.  Collaborative attack modeling , 2002, SAC '02.

[30]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.