A Cost-based Model for Risk Management in RFID-Enabled Supply Chain Applications
3. Proposed cost model for RFID cloning detector
4.3 Quantifying RFID tag fraud attack and system administrator testing
This section looks at DcA and RcA the respective Damage and Response Costs in detecting a fraudulent act. Fraud involves injection of products with future EPC codes or past batch EPC codes. It involves first cloning and then modifying existing EPC codes. The cost types for fraudulent events are similar to that of cloning attacks. The difference is the need to monitor the progress of the attack when calculating Damage Cost and Response Cost, as a fraud attack has a greater impact on the performance of the system than a cloning attack.
The contributing factors for its greater impact include:
a. An inconsistent number of tags and readers b. A higher bandwidth
c. Unauthorized locations /sites visited by tags (as obtained from tracking and tracing processes)
d. The transaction time – greater or smaller than a given transaction time range.
We consider fraud attacks and SA testing damage (DcS) together since they have similar cost impact factors. In a real-time situation, a fraud attack is potentially in progress by the
A Cost-based Model for Risk Management in RFID-Enabled Supply Chain Applications 223 time it is detected, meaning that its measured Damage Cost at a point in time is potentially only a part of its total Damage Cost. This is represented by the formula ‘Progress X Damage Cost’, where attack progress is represented by the percentage of the attack’s progress. We use the simpler ‘skimming’ attack cost ($11.80) obtained from Table 8 when calculating fraud attack Damage and Response Costs. Table 16 displays relative costs for fraud attacks and associated SA testing.
Progress of attacks|
Attacks
Progress attack
Damage Cost (Fraud)
Progress attack for SA
Damage Cost (SA)
Sum
Tags Count 1 11.8 1 11.8
Location 0.8 9.44 0.5 5.9
Time 0.8 9.44 0.5 5.9
Bandwidth 0.5 5.9 0.5 5.9
Sum 36.6 29.5 66.0
Normalized
Score 55% 45% 100%
Table 16. Cost relative to Damage Cost for fraud attack and SA test and Progress attack value
There is no reason to calculate Response Cost for SA testing, since SA testing is done using an upfront authentication mechanism and requires secure identification of a system administrator, thus preventing their injection of cloned or fraudulent tags in the system.
Response Cost is thus associated only with fraud attacks, and not with SA tests. Table 17 shows the Response Cost for fraud attack and response cost used is similar to response to handle skimming attack. The amount of Response Cost is related to the number of affected tags.
Progress of attacks|
Attacks
Progress attack Response Cost (Fraud)
Sum
Tags Count 1 8.9
Location 0.8 7.12
Time 0.8 7.12
Bandwidth 0.3 2.67
Sum 25.8 25.8
Normalized Score
100% 100%
Table 17. Cost relative to Response Cost (Attacks vs. Target resources) and Progress attack value
We analyse CCost in terms of its difference between cloning and fraud attacks. The cloning Damage and Response Costs are captured from section 4.1. Based on these results, we are able to conclude that cloning attacks have higher Damage as well as Response Costs than fraud attacks. This occurs because a fraud attack is only part of a cloning attack. A cloning attack needs to occur before a fraud attack can occur.
Costs |Attacks Cloning Fraud Range
Damage 53.7 36.6 1-100
Response 53.7 25.8 1-100
Sum 107.4 62.4 170.02
Normalized Score
63.2% 36.8% 100%
Table 18. Consequential Cost (CC) Evaluation for summation between Damage and Response Cost
Operating cost for fraud attack will follows the similar formulation in section 4.2. Table 19 and Table 20, compares both time taken in handling fraud and cloning and test features for fraud and cloning. Detection of fraud is much simpler than any cloning attack. This is because in practical and based on our theory, fraud tags will have identifiers which are not in the system. Thus simple similarity test is good enough to distinguish the EPC tags stored in the database. By using similar weight in cloning attack operational example in Table 12, we have allocated an average of 30 minutes to detect a fraud attack and features test used for skimming attack.
Features
|Attacks Weight
s Skimmi
ng Eavesdroppi
ng MIM Physica
l attack Fraud attack
L1 0.9% 10.00 15.00 15.00 30.00 63.90
L2 4.3% 11.01 11.01 13.21 17.62 28.14
L3 8.6% 21.46 17.17 25.76 25.76 27.43
L4 86.2% 21.41 21.41 26.77 26.77 17.10
Sum 100.0% 63.9 64.6 80.7 100.1 136.6 445.9
Normalized
Score 14.3% 14.5% 18.1% 22.5% 30.6% 1
Table 19. Operational Cost (OcA) Evaluation based on scores of test features for cloning and fraud attacks
Features
|Attacks Weights Skimming Eavesdropping MIM Physical attack Fraud
attack Features 70.0% 19.2 19.4 24.2 30.3 19.2
Time 30.0% 0.9 2.0 2.6 3.5 1.7
Sum 100.0% 20.0 21.4 26.8 33.8 20.9 122.9
Normalized
Score 16.3% 17.4% 21.8% 27.5% 17.0% 100.0%
Table 20. Operational Cost Evaluation based on scores of test features and cloning attacks types
A Cost-based Model for Risk Management in RFID-Enabled Supply Chain Applications 225 Cumulative Cost calculations for fraud attack are different based on two scenarios. In this scenario CCost is added to the relative cost of different test features for computing resource related cost and time taken in handling attack (as shown in Figure 20). We have compared Cumulative Cost for both cloning and fraud attacks, and though the difference is not great, cloning attacks take up more operating time due to related countermeasures, which causes it to have a slightly greater cost. The operational cost for SA testing purposes will be a constant figure of 20.0, similar to operational cost to handle skimming attack.
Fig. 8. Overall Cost Evaluation for summation between Consequential Cost and Operational Cost (Time taken to handled fraud and cloning attacks)