摘要
该文为物联网应用中安全要求较高的有源RFID标签类产品建立了一套满足评估保证级(EAL)4级的一组安全要求。此安全要求的建立,以通用评估准则(ISO15408)为依据,通过对有源标签保护的资产价值和潜在威胁的分析,为有源标签界定了合理的评估保证级别及相应的安全保证要求,并通过分析其在物联网应用中可能面临的潜在威胁,导出了有源标签需要满足的安全目的,进一步得出了需要满足的最小安全功能要求,并论证了它们之间的对应性。建立的安全要求框架可以作为指引研发者对有源标签进行全面安全性设计考量的重要参考,也可以为有源标签类产品的采购、测评提供依据。
A framework is given for evaluation assurance level 4(EAL4) security requirements for radio frequency identification(RFID) active tags in applications for the Internet of Things(IOT).The evaluation assurance level and the security assurance requirements are chosen based on ISO/IEC standard 15 408 and an analysis of the asset value and potential threat.Then,the potential threats are related to the active tags to set security objectives for the target to resist potential attacks.A minimal set of security function requirements is given to specify the functionality of active tags.Finally,the consistency between the Abstractions is analyzed to justify the rationale behind the framework.This work provides a reference for designers of security mechanisms for active tags and a basis for the evaluation and procurement of active tags.
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2012年第10期1453-1459,共7页
Journal of Tsinghua University(Science and Technology)
关键词
物联网
射频识别(RFID)
有源标签
通用评估准则
安全要求框架
the Internet of Things(IOT)
radio frequency identification(RFID)
active tags
common criteria
framework of security requirement
