RFID Security Evaluation Method Based On Random Petri Net

RFID(Radio Frequency Identification)is an important universal technology used to track and identify physical objects.It is applied in various high-security and high-integrity fields,but there are also some security and privacy risks.Currently,there is relatively little work on risk assessment of RFID systems from the perspective of RFID system attack modeling.This article summarizes the advantages and disadvantages of existing models and methods around the security analysis and assessment of RFID systems,and expands related modeling and analysis work.The main work includes three aspects:(1)To address the lack of appropriate models for describing concurrent and collaborative attack processes in RFID systems,a Hierarchical Generalized Stochastic Petri Net-Radio Frequency Identification(HGSPN-RFID)model based on hierarchical generalized stochastic Petri nets is proposed for RFID system security assessment.The model has better comprehensive descriptive ability for macro and micro attacks,as well as the ability to describe concurrent and collaborative intrusion behaviors,which can accurately describe the interrelationship between attack behaviors and is suitable for simulating RFID collaborative attacks.Additionally,it can effectively solve the problem of network space state explosion.Risk scores in RFID attacks are analyzed using multi-attribute utility theory.Experimental results show that the steady-state solving time efficiency of the model established in this paper is one order of magnitude better than that of the general Petri net model.Thus,the proposed security assessment model is effective and feasible.(2)In the models and methods for analyzing the vulnerability of RFID systems,most adopt a single indicator for analysis,which may lead to extreme results if the probability of atomic attack events is not set reasonably.Additionally,traditional single probability indicators are not enough to satisfy management’s control over the vulnerability status of the system.Based on HGSPN-RFID,a new attack chain analysis method based on stochastic Petri nets is proposed.This method can calculate the probability of each transition and attack method in the RFID attack model after the starting point,as well as the probability of each attack path.An attack chain evaluation method based on improved CVSS rating is also proposed to evaluate each attack chain and determine the risk level of each attack path.To verify the validity of the method,an RFID system attack simulation method based on Q-Learning is used to verify the evaluation results of the attack paths.With this approach,a comprehensive security assessment of the RFID system can be conducted to discover important security information such as the vulnerability location,risk utilization relationship,and attack chain.Adequate security protection measures can then be put in place based on findings.(3)Based on the proposed security analysis model for RFID systems using stochastic Petri nets and the RFID attack chain analysis method using stochastic Petri nets,this article designs and implements a prototype system for RFID security assessment based on stochastic Petri nets.Users can perform quantitative evaluation of different RFID systems,model attack chains,and assess the security of the system.The relevant functional modules were developed and tested,which verified the rationality and feasibility of the security analysis model and method.