Rhythmic RFID Authentication
Date
2022-09-14
Journal Title
Journal ISSN
Volume Title
Publisher
IEEE/ACM Transactions on Networking
Abstract
Passive RFID technology is widely used in user authentication and access control. We propose RF-Rhythm, a secure and usable two-factor RFID authentication system with strong resilience to lost/stolen/cloned RFID cards. In RF-Rhythm, each legitimate user performs a sequence of taps on his/her RFID card according to a self-chosen secret melody. Such rhythmic taps can induce phase changes in the backscattered signals, which the RFID reader can detect to recover the user’s tapping rhythm. In addition to verifying the RFID card’s identification information as usual, the backend server compares the extracted tapping rhythm with what it acquires in the user enrollment phase. The user passes authentication checks if and only if both verifications succeed. We also propose a novel phase-hopping protocol in which the RFID reader emits Continuous Wave (CW) with random phases for extracting the user’s secret tapping rhythm. Our protocol can prevent a capable adversary from extracting and then replaying a legitimate tapping rhythm from sniffed RFID signals. Comprehensive user experiments confirm the high security and usability of RF-Rhythm with false-positive and false-negative rates close to zero.
Description
© 2022 IEEE | ACM. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in IEEE/ACM Transactions on Networking, https://doi.org/10.1109/TNET.2022.3204204.
Keywords
RFID security, authentication
Citation
J. Li et al., "Rhythmic RFID Authentication," in IEEE/ACM Transactions on Networking, 2022, doi: 10.1109/TNET.2022.3204204.