An official website of the United States government
Continuous location authentication (CLA) seeks to continuously and automatically verify the physical presence of legitimate users in a protected indoor area. CLA can play an important role in contexts where access to electrical or physical resources must be limited to physically present legitimate users. In this paper, we present WearRF-CLA, a novel CLA scheme built upon increasingly popular wrist wearables and UHF RFID systems. WearRF-CLA explores the observation that human daily routines in a protected indoor area comprise a sequence of human-states (e.g., walking and sitting) that follow predictable state transitions. Each legitimate WearRF-CLA user registers his/her RFID tag and also wrist wearable during system enrollment. After the user enters a protected area, WearRF-CLA continuously collects and processes the gyroscope data of the wrist wearable and the phase data of the RFID tag signals to verify three factors to determine the user's physical presence/absence without explicit user involvement: (1) the tag ID as in a traditional RFID authentication system, (2) the validity of the human-state chain, and (3) the continuous coexistence of the paired wrist wearable and RFID tag with the user. The user passes CLA if and only if all three factors can be validated. Extensive user experiments on commodity smartwatches and UHF RFID devices confirm the very high security and low authentication latency of WearRF-CLA.
more »
« less
Secure UHF RFID Authentication With Smart Devices
Commodity ultra-high-frequency (UHF) RFID authentication systems only provide weak user authentication, as RFID tags can be easily stolen, lost, or cloned by attackers. This paper presents the design and evaluation of SmartRFID, a novel UHF RFID authentication system to promote commodity crypto-less UHF RFID tags for security-sensitive applications. SmartRFID explores extremely popular smart devices and requires a legitimate user to enroll his smart device along with his RFID tag. Besides authenticating the RFID tag as usual, SmartRFID verifies whether the user simultaneously possesses the associated smart device with both feature-based machine learning and deep learning techniques. The user is considered authentic if and only if passing the dual verifications. Comprehensive user experiments on commodity smartwatches and RFID devices confirmed the high security and usability of SmartRFID. In particular, SmartRFID achieves a true acceptance rate of above 97.5% and a false acceptance rate of less than 0.7% based on deep learning. In addition, SmartRFID can achieve an average authentication latency of less than 2.21s, which is comparable to inputting a PIN on a door keypad or smartphone.
more »
« less
- Award ID(s):
- 2055751
- PAR ID:
- 10501426
- Publisher / Repository:
- IEEE
- Date Published:
- Journal Name:
- IEEE Transactions on Wireless Communications
- Volume:
- 22
- Issue:
- 7
- ISSN:
- 1536-1276
- Page Range / eLocation ID:
- 4520 to 4533
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
UHF RFID tags have been widely used for contactless inventory and tracking applications. One fundamental problem with RFID readers is their limited tag reading rate. Existing RFID readers (e.g., Impinj Speedway) can read about 35 tags per second in a read zone, which is far from enough for many applications. In this paper, we present the first-of-its-kind RFID reader (mReader), which borrows the idea of multi-user MIMO (MU-MIMO) from cellular networks to enable concurrent multi-tag reading in passive RFID systems. mReader is equipped with multiple antennas for implicit beamforming in downlink transmissions. It is enabled by three key techniques: uplink collision recovery, transition-based channel estimation, and zero-overhead channel calibration. In addition, mReader employs a Q-value adaptation algorithm for medium access control to maximize its tag reading rate. We have built a prototype of mReader on USRP X310 and demonstrated for the first time that a two-antenna reader can read two commercial off-the-shelf (COTS) tags simultaneously. Numerical results further show that mReader can improve the tag reading rate by 45% compared to existing RFID readers.more » « less
-
In this work, we demonstrate that it is possible to read UHF RFID tags without a carrier. Specifically, we introduce an alternative reader design that does not emit a carrier and allows reading RFID tags intended for conventional carrier-based systems. While traditional RFID tags modulate a carrier, it is important to note that a modulation circuit used for backscatter also modulates the inherent noise of the tag circuitry, including the Johnson noise, irrespective of whether a carrier is present or not. Our Modulated Noise Communication (MNC) approach leverages recent work on Modulated Johnson Noise (MJN) and can be read by an alternative RFID reader design that enables simpler, more accessible RFID readings than a conventional backscatter reader by eliminating self-jamming obstructions. MNC is shown to support wireless transmission of data packets between 2 cm to 10 cm of separation between a standard UHF RFID tag and the proposed alternative reader for data rates of 1 bps and 2 bps.more » « less
-
Tag cloning and spoofing pose great challenges to RFID applications. This paper presents the design and evaluation of RCID, a novel system to fingerprint RFID tags based on the unique reflection coefficient of each tag circuit. Based on a novel OFDM-based fingerprint collector, our system can quickly acquire and verify each tag’s RCID fingerprint which are independent of the RFID reader and measurement environment. Our system applies to COTS RFID tags and readers after a firmware update at the reader. Extensive prototyped experiments on 600 tags confirm that RCID is highly secure with the authentication accuracy up to 97.15% and the median authentication error rate equal to 1.49%. RCID is also highly usable because it only takes about 8 s to enroll a tag and 2 ms to verify an RCID fingerprint with a fully connected multi-class neural network. Finally, empirical studies demonstrate that the entropy of an RCID fingerprint is about 202 bits over a bandwidth of 20 MHz in contrast to the best prior result of 17 bits, thus offering strong theoretical resilience to RFID cloning and spoofing.more » « less
-
Passive RFID technology is widely used in user authentication and access control. We propose RF-Rhythm, a secure and usable two-factor RFID authentication system with strong resilience to lost/stolen/cloned RFID cards. In RF-Rhythm, each legitimate user performs a sequence of taps on his/her RFID card according to a self-chosen secret melody. Such rhythmic taps can induce phase changes in the backscattered signals, which the RFID reader can detect to recover the user’s tapping rhythm. In addition to verifying the RFID card’s identification information as usual, the backend server compares the extracted tapping rhythm with what it acquires in the user enrollment phase. The user passes authentication checks if and only if both verifications succeed. We also propose a novel phase-hopping protocol in which the RFID reader emits Continuous Wave (CW) with random phases for extracting the user’s secret tapping rhythm. Our protocol can prevent a capable adversary from extracting and then replaying a legitimate tapping rhythm from sniffed RFID signals. Comprehensive user experiments confirm the high security and usability of RF-Rhythm with false-positive and false-negative rates close to zero.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.1109/TWC.2022.3226753
