Vulnerability aware graphs for RFID protocol security benchmarking

Security and privacy issues in Radio Frequency Identification (RFID) systems mainly result from limited storage and computation resources of RFID tags and unpredictable communication environment. Although many security protocols for RFID system have been proposed, most of them have various flaws. We propose a random graph-based methodology enabling automated benchmarking of RFID security. First, we formalize the capability of adversaries by a set of atomic actions. Second, Vulnerability Aware Graphs (VAGs) were developed to elaborate the interactions between adversaries and RFID systems, which are used to discover the potential attacks of adversaries via some paths on the graphs. The quantitative analysis on VAGs can predict the probability that the adversary leverages the potential flaws to perform attacks. Moreover, a joint entropy-based method is provided to measure the indistinguishability of RFID tags under passive attacks. Analysis and simulation were conducted to show the validity and effectiveness of VAGs.

[1]  Frédéric Thiesse,et al.  Extending the EPC network: the potential of RFID in anti-counterfeiting , 2005, SAC '05.

[2]  B. Bollobás The evolution of random graphs , 1984 .

[3]  Gildas Avoine Adversarial Model for Radio Frequency Identification , 2005, IACR Cryptol. ePrint Arch..

[4]  Pierre Wolper,et al.  Simple on-the-fly automatic verification of linear temporal logic , 1995, PSTV.

[5]  Stavros Tripakis,et al.  On-the-fly symbolic model checking for real-time systems , 1997, Proceedings Real-Time Systems Symposium.

[6]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .

[7]  Robert H. Deng,et al.  RFID privacy: relation between two notions, minimal condition, and efficient construction , 2009, CCS.

[8]  Serge Vaudenay,et al.  On Privacy Models for RFID , 2007, ASIACRYPT.

[9]  Brian King,et al.  Modeling RFID Security , 2005, CISC.

[10]  Hui-Huang Hsu,et al.  A mobile RFID-based tour system with instant microblogging , 2011, J. Comput. Syst. Sci..

[11]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[12]  David Wetherall,et al.  An empirical study of UHF RFID performance , 2008, MobiCom '08.

[13]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[14]  Ivan Damgård,et al.  RFID Security: Tradeoffs between Security and Efficiency , 2008, CT-RSA.

[15]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[16]  Jeannette M. Wing,et al.  Scenario graphs and attack graphs , 2004 .

[17]  Ari Juels,et al.  Defining Strong Privacy for RFID , 2007, PerCom Workshops.

[18]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[19]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[20]  Julian Jang,et al.  A survey of emerging threats in cybersecurity , 2014, J. Comput. Syst. Sci..

[21]  Somesh Jha,et al.  Survivability analysis of networked systems , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[22]  Hui Li,et al.  Security Analysis of Some Recent Authentication Protocols for RFID , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[23]  W. K. Chan,et al.  A Combinatorial Methodology for RFID Benchmarking , 2006 .

[24]  Sebastian Maneth,et al.  Parameter reduction and automata evaluation for grammar-compressed trees , 2012, J. Comput. Syst. Sci..

[25]  Rabab Kreidieh Ward,et al.  Security Analysis and Complexity Comparison of Some Recent Lightweight RFID Protocols , 2011, CISIS.

[26]  Feng Cheng,et al.  Exploring the impact of RFID on supply chain dynamics , 2004, Proceedings of the 2004 Winter Simulation Conference, 2004..

[27]  Philippe Oechslin,et al.  Reducing Time Complexity in RFID Systems , 2005, Selected Areas in Cryptography.

[28]  Ryumduck Oh,et al.  A Development of Active Monitoring System for Intelligent RFID Logistics Processing Environment , 2008, 2008 International Conference on Advanced Language Processing and Web Information Technology.

[29]  Giuseppe Vignali,et al.  Reducing out of stock, shrinkage and overstock through RFID in the fresh food supply chain: Evidence from an Italian retail pilot , 2013, Int. J. RF Technol. Res. Appl..

[30]  Edmund M. Clarke,et al.  Learning abstractions for model checking , 2006 .