*5.2. Threat Analysis*

Based on the result of asset analysis and system components identified, which are susceptible to security risks, a threat analysis is therefore performed against NAS, with every threat as described in Appendix B.2. Every possible threat to NAS could be categorized into either (1) physical NFC tag threats or (2) system threats.

Regarding physical NFC tag threats, the most probable and risky threats identified are as follows:


These physical NFC tag threats are primarily attributed by a weak and fully centralized authentication and authorization mechanism adopted to change data states stored in NFC tags and any unsecured configuration on NFC tags during every tag writing and tag reading process.

While regarding system threats, the most probable and risky threats identified are as follows:


These system threats are majorly attributed by the single-point processing, storage, and failure due to the fact that operations and data of NAS are managed and controlled solely by winemakers as the anti-counterfeiting and traceability features of NAS are built

on specific winemakers and around industrial operations enabled by NFC technology or other tag-communication technologies. Furthermore, vulnerabilities such as weak authentication and authorization as well as in lack of sufficient auditing logs and effective API monitoring tools could also give rise to threats, such as man-in-the-middle relay attack, tracking-and-tracing, and spoofing attack. Adversaries could manipulate vulnerabilities to obtain unauthorized access or unintentional information disclosure over the confidential data such as the transaction data, wine pedigree data, or supply chain data. The disclosure of confidential data would then lead to adverse manipulation on product records and so disability of anti-counterfeiting functionalities of NAS could be expected. Adversaries could also make use of vulnerabilities, such as unsecured configuration on servers, poor security implementation over the code base on possible attacks, as well as lacking audit logs and API performance monitoring, to perform denial-of-service (DoS) attacks on different system components of NAS affecting its service availability, stability, and performance.
