1 / 18

Attack graphs for EPCglobal RFID

Attack graphs for EPCglobal RFID. Senthilkumar Chinnappa gounder Periaswamy, Suman Bharath, Manideep Chagarlamudi, Scott Estes and Dale R. Thompson, Ph.D., P.E. Goals. To identify and categorize the threats to the security of the EPCglobal RFID system and the threats to privacy by it

Mercy
Download Presentation

Attack graphs for EPCglobal RFID

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Attack graphs for EPCglobal RFID Senthilkumar Chinnappa gounder Periaswamy, Suman Bharath, Manideep Chagarlamudi, Scott Estes and Dale R. Thompson, Ph.D., P.E.

  2. Goals • To identify and categorize the threats to the security of the EPCglobal RFID system and the threats to privacy by it • Decomposing these threats to the threat targets • Building attack graph for selected threat targets

  3. EPCglobal RFID • Radio frequency signals to provide no-contact and non-line-of-sight automatic identification • Most common form is EPC system managed by EPCglobal Inc. • The potential features of RFID has made its deployment in a wide range of applications

  4. Threats to Security and Privacy • RFID can pose invasive threats to rights, privacy of individuals, and security of organizations • The low cost of the tags limits the resources needed for the security of the system • Threat modeling needs to be done to determine the highest risks and to identify how attacks occur

  5. Threats • Potential events that cause a system to respond in a way in which it was not designed, including a damaging way • A list of threats to the system and by the system was identified • Security and Privacy issues • Based on known attacks and attack that are possible on the system

  6. Threat targets • Threats decomposed into threat targets • Threats targets are the states which an attacker or intruder tries to achieve in the system • Categorized based on social and economical conditions • Top priority threats for the generation of attack graphs

  7. Attack Graphs • An attack graph is a graph-based approach to network-vulnerability analysis • Identify the set of attack paths through which an intruder or attacker achieves the target

  8. Attack Graphs • Node - Possible attack state • Level of penetration • Configuration changes • Vulnerabilities at the current state • Capabilities the attacker acquired • State of the system • Edge - A change of state caused by a single action • Weighed by a metric (effort, time) • Action by the attacker • Required condition

  9. Inputs for the attack graph • Configuration files • Architectural information about the system • Based on the EPCglobal Class-1 Generation-2 tags • Attackers profile • Assumed capabilities of the attacker • Advanced level • Attack templates • Known possible and assumed attacks on the system broken into atomic steps

  10. Generation of attack graph • Threat target taken as initial node of the graph • The attack templates which matched the current node are customized to join with the goal node • The process of matching done recursively on the new nodes formed till the initial or default configuration of the system was reached • Discard nodes that didn’t have any match

  11. Duplicate nodes • Merging the nodes and edges from both the nodes were applied to the merged node

  12. Redundant edges • Removed by making a loop of the original or the initial edges

  13. Subset of other targets • In attack graphs built there existed subsets of the graph, which represented other threat targets. • Therefore to avoid redundancy and due to space constraints • Replaced the whole subset by the threat target to be achieved.

  14. Subset representing Blocker tag

  15. Subset representing Physical damage

  16. Future work • Automated generation • Simulation of attacks • Multiple attacker capabilities • Generated based on vulnerabilities which could possibly identify new attacks • Probabilistic measure on the edges with availability of more technical details of the attack

  17. Thank you

  18. Contact • Senthil kumar • schinna@uark.edu • Dale R. Thompson, Ph.D., P.E. • d.r.thompson@ieee.org

More Related