Visible to the public RF-Rhythm: Secure and Usable Two-Factor RFID Authentication

TitleRF-Rhythm: Secure and Usable Two-Factor RFID Authentication
Publication TypeConference Paper
Year of Publication2020
AuthorsLi, Jiawei, Wang, Chuyu, Li, Ang, Han, Dianqi, Zhang, Yan, Zuo, Jinhang, Zhang, Rui, Xie, Lei, Zhang, Yanchao
Conference NameIEEE INFOCOM 2020 - IEEE Conference on Computer Communications
Date PublishedJuly 2020
ISBN Number978-1-7281-6412-0
Keywordsauthentication, feature extraction, Human Behavior, human factors, Protocols, pubcrawl, Radio frequency, radiofrequency identification, rhythm, Servers, Two factor Authentication
AbstractPassive RFID technology is widely used in user authentication and access control. We propose RF-Rhythm, a secure and usable two-factor RFID authentication system with strong resilience to lost/stolen/cloned RFID cards. In RF-Rhythm, each legitimate user performs a sequence of taps on his/her RFID card according to a self-chosen secret melody. Such rhythmic taps can induce phase changes in the backscattered signals, which the RFID reader can detect to recover the user's tapping rhythm. In addition to verifying the RFID card's identification information as usual, the backend server compares the extracted tapping rhythm with what it acquires in the user enrollment phase. The user passes authentication checks if and only if both verifications succeed. We also propose a novel phase-hopping protocol in which the RFID reader emits Continuous Wave (CW) with random phases for extracting the user's secret tapping rhythm. Our protocol can prevent a capable adversary from extracting and then replaying a legitimate tapping rhythm from sniffed RFID signals. Comprehensive user experiments confirm the high security and usability of RF-Rhythm with false-positive and false-negative rates close to zero.
Citation Keyli_rf-rhythm_2020