Title: Analysing security risks in computer and Radio Frequency Identification (RFID) networks using attack and protection trees

Authors: George C. Dalton II, Kenneth S. Edge, Robert F. Mills, Richard A. Raines

Addresses: Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, OH 45433, USA. ' Air Force Research Laboratory, Wright-Patterson AFB, OH 45433, USA. ' Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, OH 45433, USA. ' Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, OH 45433, USA

Abstract: The commercial use of the internet has grown to a point where much of the world|s economy is reliant on its ability to securely provide connectivity for most businesses and government agencies. Additionally the use of Radio Frequency Identification (RFID) technologies has permeated many aspects of our daily lives where accountability and access are involved. In recent years, attack trees have been developed to describe processes by which malicious users attempt to exploit or break computer software AND/OR networks. Attack trees are a way of decomposing, visualising, and determining the cost or likeliness of attacks. Attack trees by themselves do not offer enough analysis capability to determine which protections to implement and where to place them in the system to mitigate the vulnerabilities found. We propose the use of protection trees to offer a detailed risk analysis in the protection of a system. To illustrate their use, attack and protection trees are developed and analysed.

Keywords: attack trees; attack modelling; protection trees; protection modelling; metrics; computer security; radio frequency identification; RFID security; risk assessment; system protection; RFID networks.

DOI: 10.1504/IJSN.2010.032207

International Journal of Security and Networks, 2010 Vol.5 No.2/3, pp.87 - 95

Available online: 17 Mar 2010 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article