Risk Assessment

There are certain risks inherent in the system as it is being designed. We have attempted to minimize the risks, but there are some risks that may not be feasible or possible to eliminate completely in this system. Accompanying each risk assessment is a proposed strategy that we project may help to lower the risk factor.

• hardware failure - low risk
  • have backups of routers on hand: 5% of total number of routers, minimum 3 routers
  • have backups of badges on hand: 10% of total number of badges, minimum 15 badges
  • client should include BadgeTracker servers and database in their offsite backup strategy
• using others' badges - minimal risk
  • have instructors verify the students shown on the interface against the students actually present
  • include pictures on badges
• cloning badges - minimal risk
  • use of highest level of Zigbee encryption protocols should preclude all but the most determined attacks
• hacking badges - minimal risk
  • an attacker would need close proximity to the badge for extended periods of time
  • an attacker would also need to defeat the encryption of the badge
• DoS-like attack - minimal risk
  • an attacker would need to be able to broadcast on the same frequencies as the badges and routers
  • an attacker would also need to be in relatively close proximity to the site and would need to remain there, or leave behind equipment, for the duration of the attack
• hacking into database and/or server - minimal risk
  • an attacker would need access to the internal network
  • an attacker would then need to find holes into a hardened server running minimal services
  • use of non-trivial passwords and full encryption of all network traffic would prevent almost all external attackers
• cracking encryption - minimal risk
  • properly implemented, AES encryption, the encryption used in Zigbee and to encrypt the filesystem, is industry standard and can not be brute forced using current technology
  • possible improvements in technology could change this, however no such technology is on the horizon
• dead batteries - moderate risk
  • keep spare batteries easily accessible to teachers and staff, and swap out the battery of any student whose badge does not register
• not securing interface after use - moderate risk
  • have interface time out after a specified period of inactivity
• password security / password policies (assumed already built into server) - minimal risk
  • set up minimal password length and require use of numbers and special characters
• nuclear armageddon - risk depends on state of country and world
  • Vote!