RF-Rhythm: Secure and Usable Two-Factor RFID Authentication

Passive RFID technology is widely used in user authentication and access control. We propose RF-Rhythm, a secure and usable two-factor RFID authentication system with strong resilience to lost/stolen/cloned RFID cards. In RF-Rhythm, each legitimate user performs a sequence of taps on his/her RFID card according to a self-chosen secret melody. Such rhythmic taps can induce phase changes in the backscattered signals, which the RFID reader can detect to recover the user’s tapping rhythm. In addition to verifying the RFID card’s identification information as usual, the backend server compares the extracted tapping rhythm with what it acquires in the user enrollment phase. The user passes authentication checks if and only if both verifications succeed. We also propose a novel phase-hopping protocol in which the RFID reader emits Continuous Wave (CW) with random phases for extracting the user’s secret tapping rhythm. Our protocol can prevent a capable adversary from extracting and then replaying a legitimate tapping rhythm from sniffed RFID signals. Comprehensive user experiments confirm the high security and usability of RF-Rhythm with false-positive and false-negative rates close to zero.

[1]  P.V. Nikitin,et al.  Antennas and Propagation in UHF RFID Systems , 2008, 2008 IEEE International Conference on RFID.

[2]  Lei Yang,et al.  RF-Dial: An RFID-based 2D Human-Computer Interaction via Tag Array , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[3]  Rama Chellappa,et al.  Human Action Recognition by Representing 3D Skeletons as Points in a Lie Group , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition.

[4]  Swarun Kumar,et al.  WiSh: Towards a Wireless Shape-aware World using Passive RFIDs , 2018, MobiSys.

[5]  Wei Xi,et al.  Preventing Unauthorized Access on Passive Tags , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[6]  Wei Wang,et al.  Moving tag detection via physical layer analysis for large-scale RFID systems , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[7]  Aggelos Bletsas,et al.  Fully-Coherent Reader With Commodity SDR for Gen2 FM0 and Computational RFID , 2015, IEEE Wireless Communications Letters.

[8]  Fadel Adib,et al.  Minding the Billions: Ultra-wideband Localization for Deployed RFID Tags , 2017, MobiCom.

[9]  Lei Yang,et al.  Analog On-Tag Hashing: Towards Selective Reading as Hash Primitives in Gen2 RFID Systems , 2017, MobiCom.

[10]  Yong Guan,et al.  Lightweight Mutual Authentication and Ownership Transfer for RFID Systems , 2010, 2010 Proceedings IEEE INFOCOM.

[11]  Xin Li,et al.  Towards Replay-resilient RFID Authentication , 2018, MobiCom.

[12]  Lei Yang,et al.  Beat-PIN: A User Authentication Mechanism for Wearable Devices Through Secret Beats , 2018, AsiaCCS.

[13]  Srdjan Capkun,et al.  Physical-layer identification of UHF RFID tags , 2010, MobiCom.

[14]  Lei Yang,et al.  Anti-counterfeiting via federated RFID tags' fingerprints and geometric relationships , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[15]  Xinyu Zhang,et al.  Gyro in the air: tracking 3D orientation of batteryless internet-of-things , 2016, MobiCom.

[16]  Lei Yang,et al.  Making sense of mechanical vibration period with sub-millisecond accuracy using backscatter signals , 2016, MobiCom.

[17]  Jian Liu,et al.  Multi - Touch in the Air: Device-Free Finger Tracking and Gesture Recognition via COTS RFID , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[18]  Tadayoshi Kohno,et al.  Securing RFIDs by Randomizing the Modulation and Channel , 2015, NSDI.

[19]  Shigang Chen,et al.  Privacy-preserving RFID authentication based on cryptographical encoding , 2012, 2012 Proceedings IEEE INFOCOM.

[20]  Ting Liu,et al.  RF-Mehndi: A Fingertip Profiled RF Identifier , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[21]  Swarun Kumar,et al.  Towards Wearable Everyday Body-Frame Tracking using Passive RFIDs , 2018, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[22]  Rui Zhang,et al.  Your song your way: Rhythm-based two-factor authentication for multi-touch mobile devices , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).