|Home||Internet of Things||Aerospace||Apparel||Energy||Defense||Health Care||Logistics||Manufacturing||Retail|
The Need for Collaborative Threat Modeling
To make a logical determination of an RFID system's privacy and security risks, rather than one based on potentially biased perceptions of each individual part, we need to work together to view a security objective in a contextual environment.
Dec 08, 2008—We live in an era in which searching the term "security" on Google brings up a whopping 850 million hits, while the term "contentment" results in only 4.6 million hits. Whether that is prescient is debatable, but I think we can all agree that security (and privacy) weigh heavily on our collective consciousness.
This becomes a cause for concern when the decisions we make regarding security—specifically, RFID security—are based more on perception than on logical reasoning. Yet logical reasoning is somewhat difficult to achieve when there is either a lack of empirical evidence or, perhaps more importantly, available empirical evidence that tends to skew our perspective. If, for instance, it is determined that a secure RFID chip can be hacked by a particular method, we may be led to believe the entire system is fraught with security vulnerabilities, which may or may not be the case.
Jonathan Collins, in an opinion piece he wrote for RFID Journal (see Behind the Headlines) in response to headlines regarding the hacking of Mifare chips by a group of Dutch scientists and researchers, raised this point when he stated that "...a system's security level is based on a number of checks, as well as design choices. One key choice is balancing technology costs with security requirements for each element of the system." He then went on to suggest that the security level NXP Semiconductors chose for the Mifare system was commensurate with the associated financial risk. This is, indeed, a valid point—and difficult to argue against. Where this view begins to cause me to wrinkle my forehead, however, is when Mr. Collins stated: "All told, that puts the benefits of Mifare ticketing systems ahead of any threat from cloning. In addition, Mifare Plus, with a new strengthened security encryption, is due by year's end."
Can you see where this breaks down? Let me attempt to explain. Consumers who do not truly understand the intricacies of system security might very well be led to believe the empirical evidence surrounding the Mifare chip's clonability (and the reduced clonability of the Mifare Plus chip) is somehow all they need to be concerned with. But as a security professional, I would postulate that it is only one small (yet significant) piece of the entire security equation.
Breaking the security of a Mifare chip does not prove the system is secure or insecure, nor does replacing the Mifare chip with the Mifare Plus chip. The Mifare hack simply demonstrates a hole in the armor, and the Mifare Plus chip simply represents a patch for that hole. What I want to know is what's happening in the rest of the system. How vulnerable is the interrogator, the database and so forth? Someone attempting to infiltrate a fortified system does not always try to enter through a door that has now been barricaded and is being guarded.
Login and post your comment!
Not a member?
Signup for an account now to access all of the features of RFIDJournal.com!
SEND IT YOUR WAY
RFID JOURNAL EVENTS
ASK THE EXPERTS
Simply enter a question for our experts.