RFID System Security Evaluation And Analysis Based On Bayesian Attack Graph

Radio Frequency Identification(RFID)is an essential technology in the field of the Internet of Things,which has many advantages such as fast identification,strong anti-interference,and low cost,and has been widely used in many fields of life.However,as RFID technology develops,the security risks exposed in its actual application are increasingly being valued.Attackers can implement various attack methods such as eavesdropping,impersonation,and replay attacks against RFID systems,causing severe economic losses to users.Therefore,how to improve the security of RFID systems has become a research focus for scholars.At present,in view of the lack of comprehensive and effective risk management and security assessment of RFID systems,this paper proposes a Bayesian attack graph evaluation model for RFID systems and an offensive and defensive game security analysis method to proactively avoid or reduce security problems caused by vulnerability points.The main contributions of this paper are shown as follows:(1)This thesis proposes an RFID risk assessment model based on Bayesian attack graph.First of all,this paper defines RFID atomic attack in a standardized way,establishes an RFID attack library,and determines the attack graph structure based on the topological structure and device information of the target RFID system.Then,the characteristics of RFID attack are summarized,and a hierarchical quantitative standard for RFID attack is proposed from the perspective of access path,access complexity,authority and impact combined with the CVSS evaluation model.The Bayesian attack graph model is established based on the Bayes idea.atomic attack node is linked with the security attribute node of the RFID system in the form of conditional transfer probability.It can not only infer the risk probability of the attacker successfully reaching each attribute node,but also dynamically display the changes in the system risk status according to the different behaviors of the attacker,so as to realize the assessment of the risk status of the target RFID system under different states.(2)This thesis proposes a game-theoretic analysis method for RFID system attack and defense.In a real RFID system environment,administrators often adopt certain defensive strategies based on attackers’ attacking behaviors.Therefore,in the risk assessment analysis process,the dynamic impact of the different game strategies adopted by attackers and defenders on the system risk status should be taken into consideration.Based on the Bayesian attack graph model,this article introduces the concept of game theory.Firstly,the feasible strategy space for both attackers and defenders is determined by combining the target RFID system information.Then,the utility of each strategy is calculated one by one,and an attack-defense game matrix is constructed.Next,the Nash equilibrium point of the attack-defense game matrix is calculated,and the optimal mixed strategy for both sides is obtained.Finally,strategy analysis is conducted to determine the security status of the system by comparing the expected benefits of both sides.(3)With the proposed Bayesian attack graph evaluation model and attack-defense game security analysis method,combined with system requirement analysis,system experimental equipment design,system architecture design,system functional module design,and database design,an RFID vulnerability assessment and analysis system based on Bayesian attack graph was implemented,and relevant functions were tested.The feasibility and rationality of the Bayesian attack graph evaluation model and the attack-defense game security analysis method were also verified in experiments.