The Community for Technology Leaders
RSS Icon
Issue No.02 - March/April (2012 vol.9)
pp: 289-302
Yanjun Zuo , University of North Dakota, Grand Forks
Radio Frequency Identification (RFID) has been developed as an important technique for many high security and high integrity settings. In this paper, we study survivability issues for RFID. We first present an RFID survivability experiment to define a foundation to measure the degree of survivability of an RFID system under varying attacks. Then we model a series of malicious scenarios using stochastic process algebras and study the different effects of those attacks on the ability of the RFID system to provide critical services even when parts of the system have been damaged. Our simulation model relates its statistic to the attack strategies and security recovery. The model helps system designers and security specialists to identify the most devastating attacks given the attacker's capacities and the system's recovery abilities. The goal is to improve the system survivability given possible attacks. Our model is the first of its kind to formally represent and simulate attacks on RFID systems and to quantitatively measure the degree of survivability of an RFID system under those attacks.
RFID, survivability, quantification, experiment, and adversary.
Yanjun Zuo, "Survivability Experiment and Attack Characterization for RFID", IEEE Transactions on Dependable and Secure Computing, vol.9, no. 2, pp. 289-302, March/April 2012, doi:10.1109/TDSC.2011.30
[1] M. Rieback, B. Crispo, and A. Tanenbaum, “Is Your Cat Infected with a Computer Virus?” Proc. Fourth Ann. IEEE Int'l Conf. Pervasive Computing Comm., pp. 179-189, Mar. 2006.
[2] R. Ellison, D. Fisher, R. Linger, and H. Lipson, “Survivable Network Systems: An Emerging Discipline,” Tech. Rep. CMU/SEI-97-TR-013, Software Eng. Inst., Carnegie Mellon Univ., 1997.
[3] J. Knight, E. Strunk, and K. Sullivan, “Towards a Rigorous Definition of Information System Survivability,” Proc. DARPA Information Survivability Conf. and Exposition, Apr. 2003.
[4] E. Strunk and J. Knight, “Dependability Through Assured Reconfiguration in Embedded Systems Software,” IEEE Trans. Dependable and Secure Computing, vol. 3, no. 3, pp. 172-187, July 2006.
[5] A. Snow, U. Varshney, and A. Malloy, “Reliability and Survivability of Wireless and Mobile Networks,” Computer, vol. 33, no. 7, pp. 49-55, July 2000.
[6] M. Feldhofer and C. Rechberger, “A Case against Currently Used Hash Functions in RFID Protocols,” On the Move to Meaningful Internet Systems 2006: Proc. OTM 2006 Workshops, LNCS, vol. 4277, pp. 372-381, 2006.
[7] L. Batina, J. Guajardo, T. Kerins, N. Mentens, P. Tuyls, and I. Verbauwhede, “An Elliptic Curve Processor Suitable for RFID-Tags,” IEEE Trans. Computers, vol. 57, no. 11, pp. 1514-1527, Aug. 2008.
[8] A. Juels, “RFID Security and Privacy: A Research Survey,” IEEE J. Selected Areas Comm., vol. 24, no. 2, pp. 381-394, Feb. 2006.
[9] S. Piramuthu, “Protocols for RFID Tag/Reader Authentication,” Decision Support System, vol. 43, pp. 897-914, 2007.
[10] C. Lim and T. Kwon, “Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer,” Proc. Eighth Conf. Information Comm. Security, pp. 1-20, Dec. 2006.
[11] N. Hopper and M. Blum, “Secure Human Identification Protocols,” Proc. Conf. Advances in Cryptology - ASIA CRYPT 2001, vol. 2248, C. Boyd ed., pp. 52-66, 2001.
[12] A. Juels and S. Weis, “Authenticating Pervasive Devices with Human Protocols,” Proc. Advances in Cryptology-Crypto 05, V. Shoup ed., pp. 293-308, 2005.
[13] J. Katz and J. Shin, “Parallel and Concurrent Security of the HB and HB++ Protocols,” Advances in Cryptology - EURO CRYPT 2006, vol. 4004, pp. 73-87, Springer, 2006.
[14] K.K. Fishkin and S. Roy, “Enhancing RFID Privacy via Antenna Energy Analysis,” Proc. MIT RFID Privacy Workshop, Nov. 2003.
[15] M. Rieback, B. Crispo, and A. Tanenbaum, “RFID Guardian: A Battery-powered Mobile Device for RFID Privacy Management,” Proc. Australian Conf. Information Security Privacy, vol. 3574, pp. 184-194, July 2005.
[16] A. Juels, P. Syverson, and D. Bailey, “High-Power Proxies for Enhancing RFID Privacy and Utility,” Proc. Workshop Privacy Enhancing Technology (PET), pp. 210-226, May/June 2005.
[17] A. Juels and S. Weis, “Defining Strong Privacy for RFID,” Proc. Fifth IEEE Int'l Conf. Pervasive Computing and Comm. Workshops, pp. 342-347, Mar. 2007.
[18] D. Dolev and A.C. Yao, “On the security of public key protocols” IEEE Trans. Information Theory, vol. 29, no. 2, pp. 198-208, Mar. 1983.
[19] J. McDermott, “Attack-Potential-Based Survivability Modeling for High-Consequence Systems,” Proc. Third IEEE Int'l Information Assurance Workshop, pp. 119-130, Mar. 2005.
[20] E. Jonsson and T. Olovssson, “A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior,” IEEE Trans. Software Eng., vol. 23, no. 4, pp. 235-245, Apr. 1997.
[21] J. Steffan and M. Schumacher, “Collaborative Attack Modeling,” Proc. 2002 ACM Symp. Applied Computation, pp. 253-259, 2002.
[22] G. Schudel and B. Wood, “Adversary Work Factor as a Metric for Information Assurance,” Proc. Workshop New Security Paradigms, pp. 23-30, 2001.
[23] J. Hillston, “A Compositional Approach to Performance Modeling,” PhD thesis, Univ. of Edinburgh. 1994.
[24] Z. Liu and D. Peng, “A Secure RFID Identity Reporting Protocol for Physical Attack Resistance,” J. Comm., vol. 1, p. 4, July 2006.
[25] D. Samyde, S. Skorobogatov, R. Anderson, and J. Quisquater, “On a New Way to Read Data from Memory,” Proc. First Int'l IEEE Security Storage Workshop, p. 65, 2002.
[26] S. Lee, T. Asano, K. Kim, “RFID Mutual Authentication Scheme Based on Synchronized Secret Information,” Proc. Symp. Cryptographic Information Security, Jan. 2006.
[27] A. Juels, “Minimalist Cryptography for Low-Cost RFID Tags,” Proc. Fourth Int'l Conf. Security Comm. Network, pp. 149-164, 2004.
[28] Y. Zuo, M. Pimple, and S. Lande, “A Framework for RFID Survivability Requirement Analysis and Specification,” Proc. Int'l Joint Conf. Computing, Information and Systems Sciences and Engineering, pp. 153-159, 2009.
[29] Y. Zuo, “A Holistic Approach for Specification of Security Requirements in Ubiquitous Computing,” Proc. Int'l Conf. Information Systems (ICIS '10) p. 18, 2010.
378 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool