RFID EXPERT VIEWS
Text size:
T
T
T
The Need for Collaborative Threat Modeling
Do we simply adopt a wait-and-see attitude in the hope that we will be able to catch the breech before it becomes a problem, or before a hacker discovers it? Do we simply cease all development of RFID systems until we have this all sorted out? I would say the answer to these questions is no, but how can we perhaps feel a bit more confident in the choices we make when it comes to RFID security, without any knowledge or understanding of the associated threats and risks?
One potential solution is collaborative threat modeling (click here for an example of a threat model output). The idea behind threat modeling is to view a security objective in a contextual environment, then posit potential threats and countermeasures in a structured manner in which each part of the system is represented, and in which the effect of either a security threat or countermeasure can be understood in terms of how it affects the system. The model's collaborative nature allows for the input of various factions (vendor, security expert, company executives, consultant and consumer), based on what each perceives to be valid points, and enables all collaborators to both view and comment on all inputs. This approach allows every stakeholder to make a logical determination based on a modeled representation of the system, rather than on the potentially biased perceptions of each individual part, which—when taken out of context—may have a tendency to skew judgment.
What is perhaps most important in this exercise is to understand the need to view this situation within a given context. In other words, if a threat model performed on the Mifare technology used in Boston's mass transit system leads us to conclude that the benefits of such technology far outweigh the risks, we cannot necessarily assume the same technology is appropriate for use in an identification system at, for instance, a nuclear power plant. Each context must have its own threat model associated with it.
Thalidomide was prescribed in the 1950s and 1960s for use by pregnant women to prevent morning sickness, yet inadequate studies of the drug's potential side effects had not yet been undertaken. As a result, women who took Thalidomide during pregnancy gave birth to children with severe birth defects. In response to these defects, the drug was banned from all use in the United States, and the ban was not lifted until 1997. Recently, however, the drug has been found to be potentially quite beneficial in the treatment of myeloma, a particularly nasty cancer of the plasma cells. How many potential victims of myeloma might have been saved if we had chosen to model the risks of using thalidomide within the context of anything other than as a sedative for pregnant women?
RFID, and its associated Near Field Communications (NFC) and contactless smart card platforms, are remarkable technologies with a vast number of uses, and many more still to be discovered. Let us not allow our lack of understanding to either give us a false sense of security, or create undue distress. We are all better than that. Let's try to work toward understanding the truth.
Mike Ahmadi is the chief operating officer at GraniteKey, a company that provides security technology services. He also heads the RFID Security Alliance, which aims to educate its members, potential users, analysts, educational institutions, the media and others about security and privacy issues related to radio frequency identification.
One potential solution is collaborative threat modeling (click here for an example of a threat model output). The idea behind threat modeling is to view a security objective in a contextual environment, then posit potential threats and countermeasures in a structured manner in which each part of the system is represented, and in which the effect of either a security threat or countermeasure can be understood in terms of how it affects the system. The model's collaborative nature allows for the input of various factions (vendor, security expert, company executives, consultant and consumer), based on what each perceives to be valid points, and enables all collaborators to both view and comment on all inputs. This approach allows every stakeholder to make a logical determination based on a modeled representation of the system, rather than on the potentially biased perceptions of each individual part, which—when taken out of context—may have a tendency to skew judgment.
What is perhaps most important in this exercise is to understand the need to view this situation within a given context. In other words, if a threat model performed on the Mifare technology used in Boston's mass transit system leads us to conclude that the benefits of such technology far outweigh the risks, we cannot necessarily assume the same technology is appropriate for use in an identification system at, for instance, a nuclear power plant. Each context must have its own threat model associated with it.
RFID, and its associated Near Field Communications (NFC) and contactless smart card platforms, are remarkable technologies with a vast number of uses, and many more still to be discovered. Let us not allow our lack of understanding to either give us a false sense of security, or create undue distress. We are all better than that. Let's try to work toward understanding the truth.
Mike Ahmadi is the chief operating officer at GraniteKey, a company that provides security technology services. He also heads the RFID Security Alliance, which aims to educate its members, potential users, analysts, educational institutions, the media and others about security and privacy issues related to radio frequency identification.
