Abstract:

Security authentication verifies the identity of an entity in a networked system. Risk assessment of an authentication mechanism is paramount to assure the security of a system, especially for today's ubiquitous deployment of Radio Frequency Identification (RFID) systems. Though experts in performability engineering have extended model-based evaluation techniques to assess security attributes such as system availability, confidentiality, and data integrity, authentication has so far not been found any connections to classical dependability measures. This paper presents a predictability modeling approach to quantify the risk of authentication violations. It measures the uncertainty, i.e., unpredictability, associated with system behavior. An exemplary networked system, a RFID-based Electronic Toll Collection (ETC) system, demonstrates that the approach provides a meaningful metric.