‹#›
September
25, 2012
Risk Analysis
•Risk analysis was performed for various
attack/attacker combinations and scenarios. Analysis done for 24 attacks, 11
attackers, and 3 scenarios,
so overall a total of 792 risk assessments.
•Expert judgment and a NIST-like model were
used to find likelihood and impact levels, and finally risk
levels.
•Risk levels are low, medium and high. A high
risk level may, for example,
mean frequent false warnings that may deter user acceptance.
•Assuming connectivity only every 3 years,
Sybil attacks on the OBEs in the full
deployment model showed up as
high risk.
•This risk can be mitigated by having more
frequent connectivity. Connectivity requirements analysis results are on the
next slide.