Peter J. Hawrylak

Security Risks Associated with Radio Frequency Identification in Medical Environments

Radio frequency identification (RFID) is a form of wireless communication that is used to identify assets and people. RFID has significant benefits to the medical environment. However, serious security threats are present in RFID systems that must be addressed in a medical environment. Of particular interest are threats to patient privacy and safety based on interception of messages, interruption of communication, modification of data, and fabrication of messages and devices. This paper presents an overview of these security threats present in RFID systems in a medical environment and provides guidance on potential solutions to these threats. This paper provides a roadmap for researchers and implementers to address the security issues facing RFID in the medical space.

Using hybrid attack graphs to model cyber-physical attacks in the Smart Grid

The Smart Grid is a large networked cyber-physical control system that is part of the critical infrastructure. This paper presents a cyber-physical attack against a substation where the attacker causes a transformer to overheat. The attack is modeled using a hybrid attack graph (HAG), which provides a means to model both the physical and cyber components of the attack. The HAG provides insight into potential attack vectors. Based on this information, key points in the system can be identified where security can be strengthened. Direction for future work to expand the capabilities of HAGs for modeling cyber-physical attacks is presented.

Radio frequency identification prototyping

While RFID is starting to become a ubiquitious technology, the variation between different RFID systems still remains high. This paper presents several prototyping environments for different components of radio frequency identification (RFID) tags to demonstrate how many of these components can be standardized for many different purposes. We include two active tag prototypes, one based on a microprocessor and the second based on custom hardware. To program these devices we present a design automation flow that allows RFID transactions to be described in terms of primitives with behavior written in ANSI C code. To save power with active RFID devices we describe a passive transceiver switch called the “burst switch” and demonstrate how this can be used in a system with a microprocessor or custom hardware controller. Finally, we present a full RFID system prototyping environment based on real-time spectrum analysis technology currently deployed at the University of Pittsburgh RFID Center of Excellence. Using our prototyping techniques we show how transactions from multiple standards can be combined and targeted to several microprocessors include the Microchip PIC, Intel StrongARM and XScale, and AD Chips EISC as well as several hardware targets including the Altera Apex, Actel Fusion, Xilinx Coolrunner II, Spartan 3 and Virtex 2, and cell-based ASICs.

Toward hybrid attack dependency graphs

This extended abstract presents a set of continuous-domain extensions to the attack graph, a formalism used to model the interactions of multiple exploits and assets in a network. These extensions result in a new modeling framework called the hybrid attack dependency graph, which provides the novel capability of modeling continuous state variables and their evolution over the execution of attacks with duration.

Analytic modelling methodology for analysis of energy consumption for ISO 18000-7 RFID networks

Active Radio Frequency Identification (RFID) networks consist of battery powered RFID tags. These tags have a lifetime limited by the on-board battery. Energy consumption of such a network is a critical metric. Future RFID networks are projected to continue to increase in size, eventually containing thousands or millions of nodes. Current simulation methods require evaluation of all entities resulting in extremely long execution time for large networks such as RFID networks. Simulations are a useful tool for designers to select the best design alternative for a given network. This paper presents a general framework and method that reduces the order of a given network providing a relatively simple tractable model. The energy consumption of this reduced order network can then be found quickly and efficiently. This order reduction method allows the designer to quickly analyse the design space and selects the best alternative for the network in question.

Interoperability Test Methodology for ISO 18000-7 Active RFID

Standards are developed by highly reputed organizations with a genuine intention that the document acts as a reference requirement and specification record for all manufacturers, and in this process the consumer is presented with a list of conforming products that are all interoperable. Active RFID tags and readers are designed with commercial intent by different manufacturers according to the ISO 18000-7 standard. Through intensive research and tests, it has come to our attention that it is possible to design two active RFID systems that in their entirety conform to the ISO 18000-7 standard and yet be not interoperable with each other. From this statement it can be inferred that conformance is not the sufficient condition for interoperability as is popularly believed, but only the necessary or minimum condition to satisfy interoperability. Therefore apart from preliminary conformance testing, it becomes absolutely essential to include additional and supplemental interoperability tests into the verification process of the production cycle. This research primarily establishes the requirement for interoperability testing giving instances where the standard fails to insure interoperable products. The traditional method to test interoperability currently in practice are investigated and their limitations are exposed. Further this research paper introduces an innovative and ingenious methodology to test active RFID systems for interoperability at the physical layer.

Automated Test System for ISO 18000-7 - Active RFID

When testing a system for compliance to a standard or interoperability with other systems compliant with a standard, the quality and repeatability of the testing methods is critical. This is especially true when the results are used to make a purchasing decision. The ideal test procedure will expose every device that is tested to the exact same stimuli, record the same measurements and evaluate those measurements using the same method. To this end the University of Pittsburgh RFID Center of Excellence has developed an automated test suite for testing compliance to and interoperability under ISO 18000-7, a leading active RFID standard. This automated system provides consistent input stimuli to all device and ensures that all results are calculated using the same method.

Modeling and simulation of electric power substation employing an IEC 61850 network

The timely delivery of messages is an important requirement in networks used to control physical processes such as those found in the Critical Infrastructure. These systems are also known as Process Control Systems (PCS) or Supervisory Control and Data Acquisition (SCADA) systems. In the electric power sector, the IEC 61850 family of standards defines the network protocol for communication between devices inside an electric substation and the interface the substation presents to the Internet (outside world) in the Smart Grid. IEC 61850 uses IEEE 802.3 Ethernet for the physical and data link layers as opposed to the previous generation substations, which used dedicated point-to-point connections between devices. IEC 61850 (and other industrial protocols) operate in an environment where messages must arrive in time to be processed and action taken by control equipment. Discrete event simulation is a widely used technique to evaluate performance of such systems. Cyber attacks on process control systems often aim at overloading a communications link. This type of cyber attack may negatively affect such physical processes by introducing delays in messages that carry control actions. Ultimately, this type of attack may also result in a complete DoS situation. Therefore, from a security perspective, it is important to understand the impact that link load changes may have on the control system. This paper presents an OPNET Modeler simulation library to help analyze network traffic in electric power substations that employ the IEC 61850 standard for communication and control. This library is then used to examine sample substation network architectures to determine if they meet the message delivery performance requirements.

Hybrid extensions for stateful attack graphs

Critical infrastructures and safety critical systems increasingly rely on the carefully orchestrated interactions between computers, networks and kinetic elements. The dominant formalisms for modeling such hybrid systems (those with discrete and continuous components) are geared towards simple reactive systems working in isolation. By contrast, modern cyber-physical systems depend on highly interconnected computational components and often function in potentially hostile environments. This paper describes linguistic and type extensions to the stateful attack graph, which models the functional nature of attacks on purely discrete information systems, to include continuous system elements and time evolution. The resulting formalism is called the hybrid attack graph, which captures an integrated view of the vulnerability space between information systems and a restricted but useful set of hybrid systems.

Graceful privilege reduction in RFID security

Intrusion prevention and detection in physical access control systems relying on radio frequency identification (RFID) can be problematic with the ease of cloning passive RFID tags and the apparent dichotomy between total privilege revocation and merely logging intrusion events. This paper proposes a means of gracefully reducing access privileges in RFID access control systems in response to intrusion detection by using Dynamic Risk Assessment Access Control (DRAAC), a risk-based access control system. This method enables one to secure the most sensitive areas of a facility while minimizing the extent to which legitimate users are restricted.