RFID Privacy Risk Evaluation Based on Synthetic Method of Extended Attack Tree and Information Feature Entropy

Abstract

Evaluation of security risks in radio frequency identification (RFID) systems is a challenging problem in Internet of Things (IoT). This paper proposes an extended attack tree (EAT) model to identify RFID system's flaws and vulnerabilities. A corresponding formal description of the model is described which adds a probability SAND node together with the probability attribute of the node attack. In addition, we model the process of an RFID data privacy attack based on EAT, taking a sensitive information theft attack on an RFID tag as an example. To resolve the problem of assessing the risk probability of each node in EAT, we present the information feature entropy evaluation method for RFID privacy assessment. Finally, an evaluation is carried out to calculate the RFID privacy attack tree sequences and information feature entropy of the atomic node. Analysis shows that our scheme can calculate the overall risk evaluation result value for RFID privacy and comprehensively determine the risk of the weakest atomic node in RFID system.