TY - GEN
T1 - RF-Rhythm
T2 - 38th IEEE Conference on Computer Communications, INFOCOM 2020
AU - Li, Jiawei
AU - Wang, Chuyu
AU - Li, Ang
AU - Han, Dianqi
AU - Zhang, Yan
AU - Zuo, Jinhang
AU - Zhang, Rui
AU - Xie, Lei
AU - Zhang, Yanchao
N1 - Funding Information:
ACKNOWLEDGMENT This work was supported in part by the US National Science Foundation under grants CNS-1514381, CNS-1619251, CNS-1651954 (CAREER), CNS-1700039, CNS-1718078, CNS-1824355, CNS-1933047, and CNS-1933069.
Publisher Copyright:
© 2020 IEEE.
PY - 2020/7
Y1 - 2020/7
N2 - Passive RFID technology is widely used in user authentication and access control. We propose RF-Rhythm, a secure and usable two-factor RFID authentication system with strong resilience to lost/stolen/cloned RFID cards. In RF-Rhythm, each legitimate user performs a sequence of taps on his/her RFID card according to a self-chosen secret melody. Such rhythmic taps can induce phase changes in the backscattered signals, which the RFID reader can detect to recover the user's tapping rhythm. In addition to verifying the RFID card's identification information as usual, the backend server compares the extracted tapping rhythm with what it acquires in the user enrollment phase. The user passes authentication checks if and only if both verifications succeed. We also propose a novel phase-hopping protocol in which the RFID reader emits Continuous Wave (CW) with random phases for extracting the user's secret tapping rhythm. Our protocol can prevent a capable adversary from extracting and then replaying a legitimate tapping rhythm from sniffed RFID signals. Comprehensive user experiments confirm the high security and usability of RF-Rhythm with false-positive and false-negative rates close to zero.
AB - Passive RFID technology is widely used in user authentication and access control. We propose RF-Rhythm, a secure and usable two-factor RFID authentication system with strong resilience to lost/stolen/cloned RFID cards. In RF-Rhythm, each legitimate user performs a sequence of taps on his/her RFID card according to a self-chosen secret melody. Such rhythmic taps can induce phase changes in the backscattered signals, which the RFID reader can detect to recover the user's tapping rhythm. In addition to verifying the RFID card's identification information as usual, the backend server compares the extracted tapping rhythm with what it acquires in the user enrollment phase. The user passes authentication checks if and only if both verifications succeed. We also propose a novel phase-hopping protocol in which the RFID reader emits Continuous Wave (CW) with random phases for extracting the user's secret tapping rhythm. Our protocol can prevent a capable adversary from extracting and then replaying a legitimate tapping rhythm from sniffed RFID signals. Comprehensive user experiments confirm the high security and usability of RF-Rhythm with false-positive and false-negative rates close to zero.
UR - http://www.scopus.com/inward/record.url?scp=85090281092&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85090281092&partnerID=8YFLogxK
U2 - 10.1109/INFOCOM41043.2020.9155427
DO - 10.1109/INFOCOM41043.2020.9155427
M3 - Conference contribution
AN - SCOPUS:85090281092
T3 - Proceedings - IEEE INFOCOM
SP - 2194
EP - 2203
BT - INFOCOM 2020 - IEEE Conference on Computer Communications
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 6 July 2020 through 9 July 2020
ER -