Malware detection and prevention in RFID systems
Contribuinte(s) |
Bessis, Nik Xhafa, Fatos Varvarigou, Dora Hill, Richard Li, Maozhen |
---|---|
Data(s) |
01/01/2013
|
Resumo |
The threat that malware poses to RFID systems was identified only recently. Fortunately, all currently known RFID malware is based on SQLIA. Therefore, in this chapter we propose a dual pronged, tag based SQLIA detection and prevention method optimized for RFID systems. The first technique is a SQL query matching approach that uses simple string comparisons and provides strong security against a majority of the SQLIA types possible on RFID systems. To provide security against second order SQLIA, which is a major gap in the current literature, we also propose a tag data validation and sanitization technique. The preliminary evaluation of our query matching technique is very promising, showing 100% detection rates and 0% false positives for all attacks other than second order injection. |
Identificador | |
Idioma(s) |
eng |
Publicador |
Springer |
Relação |
http://dro.deakin.edu.au/eserv/DU:30055202/evid-internetofthings-2013.pdf http://dro.deakin.edu.au/eserv/DU:30055202/fernando-malwaredetection-2013.pdf http://doi.org/10.1007/978-3-642-34952-2_6 |
Direitos |
2012, Springer |
Tipo |
Book Chapter |