Analysing security risks in computer and Radio Frequency Identification (RFID) networks using attack and protection trees

摘要

The commercial use of the internet has grown to a point where much of the world's economy is reliant on its ability to securely provide connectivity for most businesses and government agencies. Additionally the use of Radio Frequency Identification (RFID) technologies has permeated many aspects of our daily lives where accountability and access are involved. In recent years, attack trees have been developed to describe processes by which malicious users attempt to exploit or break computer software AND/OR networks. Attack trees are a way of decomposing, visualising, and determining the cost or likeliness of attacks. Attack trees by themselves do not offer enough analysis capability to determine which protections to implement and where to place them in the system to mitigate the vulnerabilities found. We propose the use of protection trees to offer a detailed risk analysis in the protection of a system. To illustrate their use, attack and protection trees are developed and analysed.