Analysing security risks in computer and Radio Frequency Identification (RFID) networks using attack and protection trees

Authors:
George C. Dalton, II;Kenneth S. Edge;Robert F. Mills;Richard A. Raines
Affiliations:
Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, OH 45433, USA.;Air Force Research Laboratory, Wright-Patterson AFB, OH 45433, USA.;Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, OH 45433, USA.;Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, OH 45433, USA
Venue:
International Journal of Security and Networks
Year:
2010

Citing 9
Cited 4

Fundamentals of computer security technology

Fundamentals of computer security technology
Cleanroom software engineering: technology and process

Cleanroom software engineering: technology and process
Collaborative attack modeling

Proceedings of the 2002 ACM symposium on Applied computing
Secrets & Lies: Digital Security in a Networked World

Secrets & Lies: Digital Security in a Networked World
Automated Generation and Analysis of Attack Graphs

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
The Use of Attack and Protection Trees to Analyze Security for an Online Banking System

HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
An Enumeration of RFID Related Threats

UBICOMM '08 Proceedings of the 2008 The Second International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies
Using attack and protection trees to analyze threats and defenses to homeland security

MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Foundations of attack trees

ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology

Wireless telemedicine and m-health: technologies, applications and research issues

International Journal of Sensor Networks
A survey of security visualization for computer network logs

Security and Communication Networks
A survey of cyber crimes

Security and Communication Networks
Security analysis of LMAP using AVISPA

International Journal of Security and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

The commercial use of the internet has grown to a point where much of the world's economy is reliant on its ability to securely provide connectivity for most businesses and government agencies. Additionally the use of Radio Frequency Identification (RFID) technologies has permeated many aspects of our daily lives where accountability and access are involved. In recent years, attack trees have been developed to describe processes by which malicious users attempt to exploit or break computer software AND/OR networks. Attack trees are a way of decomposing, visualising, and determining the cost or likeliness of attacks. Attack trees by themselves do not offer enough analysis capability to determine which protections to implement and where to place them in the system to mitigate the vulnerabilities found. We propose the use of protection trees to offer a detailed risk analysis in the protection of a system. To illustrate their use, attack and protection trees are developed and analysed.