Classifying RFID attacks and defenses

RFID (Radio Frequency Identification) systems are one of the most pervasive computing technologies with technical potential and profitable opportunities in a diverse area of applications. Among their advantages is included their low cost and their broad applicability. However, they also present a number of inherent vulnerabilities. This paper develops a structural methodology for risks that RFID networks face by developing a classification of RFID attacks, presenting their important features, and discussing possible countermeasures. The goal of the paper is to categorize the existing weaknesses of RFID communication so that a better understanding of RFID attacks can be achieved and subsequently more efficient and effective algorithms, techniques and procedures to combat these attacks may be developed.     

RFID malware: Design principles and examples

This paper explores the concept of malware for Radio Frequency Identification (RFID) systems — including RFID exploits, RFID worms, and RFID viruses. We present RFID malware design principles together with concrete examples; the highlight is a fully illustrated example of a self-replicating RFID virus. The various RFID malware approaches are then analyzed for their effectiveness across a range of target platforms. This paper concludes by warning RFID middleware developers to build appropriate checks into their RFID middleware before it achieves wide-scale deployment in the real world.     

RFID malware: truth vs. myth

On 15 March 2006, our research team at Vrije Universiteit published a paper about RFID malware entitled "Is Your Cat Infected with a Computer Virus?" as well as a companion Web site (www.rfidvirus.org). Our paper introduced the concept of RFID malware and presented an accompanying proof-of-concept RFID virus. The paper ultimately resulted in a huge amount of media attention; within 24 hours of presenting it at the Fourth Annual IEEE International Conference on Pervasive Computing and Communications (IEEE PerCom), we received more than 200 email messages. Amid this chaos, our research paper received the conference's best paper award for high impact. In the months that followed, reports of RFID malware prompted reactions from the RFID industry, the antivirus industry, and the US and Dutch governments.     

SQL infections through RFID

Automatic identification and collection (AIDC) technologies have made the life of a man much easier on numerous platforms. Of the various such technologies the radio frequency identification devices (RFID) have become pervasive essentially because they can track from a greater physical distance than the rest. The back end that supports these RFID systems has always been working well until they encounter a sbadly-formatted RFID tag. There have hardly been any incidents where such tags, once identified by the back-end systems, can in fact wreak havoc via the interacting databases in the RFID infrastructure. Recently, there has been significant research in this area. In the previous work, the author managed to do an attack using a self-referential query on Linux, Oracle, and PHP. However, they have been unable to test it on SQL Server 2005. This paper differs from the previous work in the way that it extends the attack using a self-referential query to Windows, SQL Server 2005, and ASP with their respective latest updates installed. The query itself is more robust by making certain that the table can contain it.     

MalFamAware: automatic family identification and malware classification through online clustering

International Journal of Information Security - The skyrocketing growth rate of new malware brings novel challenges to protect computers and networks. Discerning truly novel malware from variants...     

Automatic malware classification and new malware detection using machine learning

The explosive growth of malware variants poses a major threat to information security. Traditional anti-virus systems based on signatures fail to classify unknown malware into their corresponding families and to detect new kinds of malware programs. Therefore, we propose a machine learning based malware analysis system, which is composed of three modules: data processing, decision making, and new malware detection. The data processing module deals with gray-scale images, Opcode n-gram, and import functions, which are employed to extract the features of the malware. The decision-making module uses the features to classify the malware and to identify suspicious malware. Finally, the detection module uses the shared nearest neighbor (SNN) clustering algorithm to discover new malware families. Our approach is evaluated on more than 20 000 malware instances, which were collected by Kingsoft, ESET NOD32, and Anubis. The results show that our system can effectively classify the unknown malware with a best accuracy of 98.9%, and successfully detects 86.7% of the new malware.     

RFID技术及其应用

介绍了RFID技术基本工作原理和组成部分,以及无线射频识别技术应用及电子标签原理的相关信息,并用Java语言开发了一个原型系统,说明如何通过RS-232端口实现对RFID阅读器MP9210 Reader的控制,使EPC标签内的信息与后台数据库关联完成业务处理。     

Structural entropy and metamorphic malware

Metamorphic malware is capable of changing its internal structure without altering its functionality. A common signature is nonexistent in highly metamorphic malware and, consequently, such malware can remain undetected under standard signature scanning. In this paper, we apply previous work on structural entropy to the metamorphic detection problem. This technique relies on an analysis of variations in the complexity of data within a file. The process consists of two stages, namely, file segmentation and sequence comparison. In the segmentation stage, we use entropy measurements and wavelet analysis to segment files. The second stage measures the similarity of file pairs by computing an edit distance between the sequences of segments obtained in the first stage. We apply this similarity measure to the metamorphic detection problem and show that we obtain strong results in certain challenging cases.     

无线射频识别及其在制造业中的应用

介绍了无线射频识别（RFID）的电子标签和阅读器.着重分析了RFID的工作原理和技术实现,包括：RFID的射频传输、反向散射调制（back scatter modulation）,标签先发言（TTF）和阅读器先发言（RTF）、数据交换和多标签同时识别.阐述了RFID的应用系统,它包括RFID系统、计算机处理系统、应用软件和系统软件.还阐述了RFID在制造业中的具体应用,包括：生产自动化,仪器、工具、器材和仓储的管理,门禁保安和产品防伪等.     

Support vector machines and malware detection

In this research, we test three advanced malware scoring techniques that have shown promise in previous research, namely, Hidden Markov Models, Simple Substitution Distance, and Opcode Graph based detection. We then perform a careful robustness analysis by employing morphing strategies that cause each score to fail. We show that combining scores using a Support Vector Machine yields results that are significantly more robust than those obtained using any of the individual scores.     

Nonnegative matrix factorization and metamorphic malware detection

Metamorphic malware change their internal code structure by adopting code obfuscation technique while maintaining their malicious functionality during each infection. This causes change of their signature pattern across each infection and makes signature based detection particularly difficult. In this paper, through static analysis, we use similarity score from matrix factorization technique called Nonnegative Matrix Factorization for detecting challenging metamorphic malware. We apply this technique using structural compression ratio and entropy features and compare our results with previous eigenvector-based techniques. Experimental results from three malware datasets show this is a promising technique as the accuracy detection is more than 95%.

     

On normalized compression distance and large malware

Normalized Compression Distance (NCD) is a popular tool that uses compression algorithms to cluster and classify data in a wide range of applications. Existing discussions of NCD’s theoretical merit rely on certain theoretical properties of compression algorithms. However, we demonstrate that many popular compression algorithms do not seem to satisfy these theoretical properties. We explore the relationship between some of these properties and file size, demonstrate that this theoretical problem is actually a practical problem for classifying malware with large file sizes, and propose some variants of NCD that mitigate this problem.     

Distributed denial of service attacks and its defenses in IoT: a survey

The Journal of Supercomputing - A distributed denial of service (DDoS) attack is an attempt to partially or completely shut down the targeted server with a flood of internet traffic. The primary...     

A defense framework against malware and vulnerability exploits

Current anti-malware tools have proved to be insufficient in combating ever-evolving malware attacks and vulnerability exploits due to inevitable vulnerabilities present in the complex software used today. In addition, the performance penalty incurred by anti-malware tools is magnified when security approaches designed for desktops are migrated to modern mobile devices, such as tablets and laptops, due to their relatively limited processing capabilities and battery capacities. In this paper, we propose a fine-grained anomaly detection defense framework that offers a cost-efficient way to detect malicious behavior and prevent vulnerability exploits in resource-constrained computing platforms. In this framework, a trusted third party (e.g., the publisher) first tests a new application by running it in a heavily monitored testing environment that emulates the target system and extracts a behavioral model from its execution paths. Extensive security policies are enforced during this process. In case of a violation, the program is denied release to the user. If the application passes the tests, the user can download the behavioral model along with the tested application binary. At run-time, the application is monitored against the behavioral model. In the unlikely event that a new execution path is encountered, conservative but lightweight security policies are applied. To reduce overhead at the user end, the behavioral model may be further reduced by the publisher through static analysis. We have implemented the defense framework using a netbook with the Intel Atom processor and evaluated it with a suite of 51 real-world Linux viruses and malware. Experiments demonstrate that our tool achieves a very high coverage (98 %) of considered malware and security threats. The four antivirus tools we compare our tool against were found to have poor virus coverage, especially of obfuscated viruses. By removing safe standard library blocks from the behavioral model, we reduce the model size by 8.4 \(\times \) and the user’s run-time overhead by 23 %.     

Extremely scalable storage and clustering of malware metadata

The sheer volume of new malware samples presents some big data challenges for antivirus vendors. Not only does the metadata for tens (or even hundreds) of millions of samples need to be stored, but all this data also needs to be clustered - mined to find groups of related samples. Existing techniques cannot easily scale to the magnitudes of samples already arriving today, yet alone those that we expect to receive in the future. This paper proposes the use of a data structure called an aggregation overlay graph to simplify these problems. By exploiting the similarities shared between most malware variants, we can reduce the total volume of metadata by more than an entire magnitude without any loss of information. Furthermore, by including a wide variety of features from each sample, this process of reduction also creates groups of similar samples, a clustering technique that is capable of handling extremely high volumes. The versatility of this approach is demonstrated by applying it not only to large corpuses of Windows PE metadata, but also for Android APK files.     

SRD建模及其在无芯片RFID系统中的应用

通过对SRD的模型的研究,提出了一种能够减弱该模型非线性特性的模型。利用此模型设计了一款可重构的超宽带皮秒级脉冲发生器。SRD为脉冲产生的核心器件,使用PIN二极管和可调的RC微分电路提供两种不同脉冲波形的输出,并用射频仿真软件ADS对其改变脉冲宽度和波形的机理进行了分析和仿真。理论计算和仿真研究表明,该脉冲发生器能够很容易地同时产生脉冲宽度分别为330 ps和670 ps的高斯脉冲和单周期脉冲。所提出的脉冲发生器能够有效地重构,并且能够产生更加复杂的脉冲形状,例如多周期脉冲。这种脉冲产生方法简化了无芯片射频识别系统的电路结构。