Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

The Need for Collaborative Threat Modeling

To make a logical determination of an RFID system's privacy and security risks, rather than one based on potentially biased perceptions of each individual part, we need to work together to view a security objective in a contextual environment.
By Mike Ahmadi
Dec 08, 2008We live in an era in which searching the term "security" on Google brings up a whopping 850 million hits, while the term "contentment" results in only 4.6 million hits. Whether that is prescient is debatable, but I think we can all agree that security (and privacy) weigh heavily on our collective consciousness.

This becomes a cause for concern when the decisions we make regarding security—specifically, RFID security—are based more on perception than on logical reasoning. Yet logical reasoning is somewhat difficult to achieve when there is either a lack of empirical evidence or, perhaps more importantly, available empirical evidence that tends to skew our perspective. If, for instance, it is determined that a secure RFID chip can be hacked by a particular method, we may be led to believe the entire system is fraught with security vulnerabilities, which may or may not be the case.

On the other hand, we may also be led to believe a secure RFID chip can, indeed, solve all problems related to the security of an RFID-based system, which may or may not be true either. In addition, we may fail to realize that simply breaking the security of a single RFID chip, or of a portion of the system, does not necessarily scale to a level where we should be concerned. It soon becomes clear that it is exceedingly important to determine the value we place on both security threats and security countermeasures within a given context.

Jonathan Collins, in an opinion piece he wrote for RFID Journal (see Behind the Headlines) in response to headlines regarding the hacking of Mifare chips by a group of Dutch scientists and researchers, raised this point when he stated that "...a system's security level is based on a number of checks, as well as design choices. One key choice is balancing technology costs with security requirements for each element of the system." He then went on to suggest that the security level NXP Semiconductors chose for the Mifare system was commensurate with the associated financial risk. This is, indeed, a valid point—and difficult to argue against. Where this view begins to cause me to wrinkle my forehead, however, is when Mr. Collins stated: "All told, that puts the benefits of Mifare ticketing systems ahead of any threat from cloning. In addition, Mifare Plus, with a new strengthened security encryption, is due by year's end."

Can you see where this breaks down? Let me attempt to explain. Consumers who do not truly understand the intricacies of system security might very well be led to believe the empirical evidence surrounding the Mifare chip's clonability (and the reduced clonability of the Mifare Plus chip) is somehow all they need to be concerned with. But as a security professional, I would postulate that it is only one small (yet significant) piece of the entire security equation.

Breaking the security of a Mifare chip does not prove the system is secure or insecure, nor does replacing the Mifare chip with the Mifare Plus chip. The Mifare hack simply demonstrates a hole in the armor, and the Mifare Plus chip simply represents a patch for that hole. What I want to know is what's happening in the rest of the system. How vulnerable is the interrogator, the database and so forth? Someone attempting to infiltrate a fortified system does not always try to enter through a door that has now been barricaded and is being guarded.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations
© Copyright 2002-2016 RFID Journal LLC.
Powered By: Haycco