RFID System Security Analysis Model Based on Stochastic Petri Net

doi:10.3969/j.issn.1006-2475.2023.09.017

Abstract

Abstract: To solve the problem of RFID system breakdown risk caused by frequent RFID system attacks， this paper proposes a RFID system security analysis model based on hierarchical generalized stochastic Petri net. The model uses the existing knowledge reserve to simulate the real RFID virtual environment， accurately and effectively deduces the attack process in the RFID system， and quantifies the risk of the RFID system. Firstly， the RFID attacker model is constructed using the information of attack hierarchy，attack authority and permission-based attacks. Secondly， the description of the attacker's behavior is modeled and described its impact on the RFID system state. Finally， based on the constructed model， the attack probability， weak nodes and other aspects of the RFID system are assessed. The experimental results show that the proposed model can effectively evaluate the risk of RFID system， and greatly reduce the complexity of evaluation time.

Key words: stochastic Petri net, safety assessment, time complexity, combination of attack

CLC Number:

TP393.08

XIAO Hang, LI Peng, MA Hui-ping, ZHU Feng, . RFID System Security Analysis Model Based on Stochastic Petri Net[J]. Computer and Modernization, 2023, 0(09): 105-114.

References

［1］高通. RFID安全认证协议的研究［D］. 呼和浩特:内蒙古大学， 2017.
［2］肖亮. RFID系统的轻量级安全认证协议研究与设计［D］. 南京:南京邮电大学， 2021.
［3］魏忠. 基于本体的网络攻击建模与分析方法研究［D］. 上海:上海交通大学， 2018.
［4］乐成利，高秀峰. 基于Perti网的移动AdHoc网络改进攻击网建模方法研究［J］. 兵器装备工程学报， 2020，41（4）:148-155.
［5］李辉，侯义斌，黄樟钦，等. 一种智能攻击模型在RFID防伪协议中的研究［J］. 电子学报， 2009，37（11）:2565-2573.
［6］李俊霖，周华，夏金虎，等. 物联网安全协议攻击者模型形式化构建研究［J］. 云南大学学报（自然科学版）， 2013，35（S2）:147-151.
［7］黄义夫. RFID系统安全检测关键技术研究［D］. 成都:电子科技大学， 2014.
［8］杨晓明. RFID攻击建模及安全技术研究［D］. 成都:电子科技大学， 2015.
［9］ WANG Y S， SHEN J J， GUO X F， et al. Research on RFID attack methods［C］// 2020 IEEE 3rd International Conference on Automation， Electronics and Electrical Engineering （AUTEEE）. 2020:433-437.
［10］ AI X， CHEN H L， LIN K， et al. Nowhere to hide: Efficiently identifying probabilistic cloning attacks in large-scale RFID systems［J］. IEEE Transactions on Information Forensics and Security， 2021，16:714-727.
［11］ CHEN T M， SANCHEZ-AARNOUTSE J C， BUFORD J. Petri net modeling of cyber-physical attacks on smart grid［J］. IEEE Transactions on Smart Grid， 2011，2（4）:741-749.
［12］高翔，祝跃飞，刘胜利. 一种基于广义随机着色Petri网的网络攻击组合模型［J］. 电子与信息学报， 2013，35（11）:2608-2614.
［13］ ALMUTAIRI L M， SHETTY S. Generalized stochastic Petri Net model based security risk assessment of software defined networks［C］// IEEE Military Communications Conference （MILCOM）. 2017:545-550.
［14］ ALMUTAIRI L M， HONG L， SHETTY S. Security analysis of multiple SDN controllers based on stochastic Petri nets［C］// 2019 Spring Simulation Conference （SpringSim）. 2019:1-12.
［15］毋泽南，田立勤，陈楠. 基于随机Petri网的系统安全性量化分析研究［J］. 信息网络安全， 2020，20（9）:27-31.
［16］ HE L， REN Q， MA B， et al. Anti-attacking modeling and analysis of cyberspace mimic DNS［J］. China Communications， 2022，19（5）:218-230.
［17］李鹏，郑田甜，徐鹤，等. 基于区块链技术的RFID安全认证协议［J］. 信息网络安全， 2021，21（5）:1-11.
［18］雷璨，陈治宇. 基于RFID的物联网轻量级安全认证方案［J］. 电子技术与软件工程， 2021（24）:252-254.
［19］王小骥，杨竞，刘瑶，等. 基于PUF的轻量级RFID安全认证协议［J］. 信息安全与通信保密， 2022（1）:74-80.
［20］翟禹尧，史贤俊，秦玉峰，等. 基于层次广义随机Petri网的测试性建模新方法［J］. 兵工学报， 2020，41（1）:161-170.
［21］崔文岩，孟相如. 基于层次Petri网的信息物理融合系统安全博弈建模［J］. 计算机应用研究， 2017，34（8）:2439-2442.
［22］ MITROKOTSA A， RIEBACK M R， TANENBAUM A S. Classifying RFID attacks and defenses［J］. Information Systems Frontiers， 2010，12（5）:491-505.
［23］王振，杜玉越，亓亮. 扩展颜色逻辑Petri网及其可达性分析［J］. 山东科技大学学报（自然科学版）， 2020，39（3）:84-98.
［24］韩耀军. 基于带标记的并发可达标识图的关键路径的求解方法［J］. 计算机科学， 2016，43（11）:121-125.
［25］何炎祥，沈华. 随机Petri网模型到马尔可夫链的转换规则与实现［J］. 计算机科学与探索， 2013，7（1）:55-62.
［26］ RAHULAMATHAVAN Y， RAJARAJAN M， RANA O F， et al. Assessing data breach risk in cloud systems［C］// 2015 IEEE 7th International Conference on Cloud Computing Technology and Science. 2015:363-370.
［27］ DUBA D. Refitting PIPE: Extending the Petri Net Tool PIPE 5［R］. Leiden: Leiden University， 2016.

[1]	DENG Jia-jia1, CHEN Hai-yan1, ZHANG Yu-ping1, HE Yi-zheng2. SysML-based Avionics System Architecture Safety Evaluation [J]. Computer and Modernization, 2017, 0(4): 44-47,126.
[2]	YAO Xiang-ju1, XIE Ying-hua2. An Improved Mapping Method of Comprehensive Ontology Similarity [J]. Computer and Modernization, 2014, 0(11): 61-65.
[3]	XIE Ke;WU Wen-quan;LIU Hong-jiang. A Method for Determining Two Graphs’ Isomorphism Based on Dissimilarity of Subgraphs’ Vertex Valency [J]. Computer and Modernization, 2013, 1(4): 18-21.
[4]	LIU Ai-dong;HUANG Bin;LU Zhong-wu. Research on Methods of Coordinate Rotation and Interpolation Based on Quaternion [J]. Computer and Modernization, 2012, 198(2): 44-47.
[5]	WANG Zhenling;ZHENG Xiaoyan. Research on Division Datum of Linear Time Selection [J]. Computer and Modernization, 2010, 1(12): 27-29.