Jinsong Han,Chen Qian,Panlong Yang,Dan Ma,Zhiping Jiang,Wei Xi,Jizhong Zhao

DOI: https://doi.org/10.1109/tnet.2015.2391300

2016-01-01

IEEE/ACM Transactions on Networking

Abstract:Physical-layer identification utilizes unique features of wireless devices as their fingerprints, providing authenticity and security guarantee. Prior physical-layer identification techniques on radio frequency identification (RFID) tags require nongeneric equipments and are not fully compatible with existing standards. In this paper, we propose a novel physical-layer identification system, GenePrint, for UHF passive tags. The GenePrint prototype system is implemented by a commercial reader, a USRP-based monitor, and off-the-shelf UHF passive tags. Our solution is generic and completely compatible with the existing standard, EPCglobal C1G2 specification. GenePrint leverages the internal similarity among pulses of tags' RN16 preamble signals to extract a hardware feature as the fingerprint. We conduct extensive experiments on over 10 000 RN16 preamble signals from 150 off-the-shelf RFID tags. The results show that GenePrint achieves a high identification accuracy of 99.68%. The feature extraction of GenePrint is resilient to various malicious attacks, such as the feature replay attack.

Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Lei Yang,Pai Peng,Fan Dang,Cheng Wang,Xiang-Yang Li,Yunhao Liu

DOI: https://doi.org/10.1109/infocom.2015.7218580

2015-01-01

Abstract:RFID has been widely adopted as an effective method for anti-counterfeiting. Legacy systems based on security protocol are either too heavy to be affordable by passive tags or suffering from various protocol-layer attacks, e.g. reverse engineering, cloning, side-channel. In this work, we present a novel anti-counterfeiting system, TagPrint, using COTS RFID tags and readers. Achieving a low-cost and offline genuineness validation utilizing passive tags has been a daunting task. Our system achieves these three goals by leveraging a few of federated tags' fingerprints and geometric relationships. In TagPrint, we exploit a new kind of fingerprint, called phase fingerprint, extracted from the phase value of the backscattered signal, provided by the COTS RFID readers. To further solve the separation challenge, we devise a geometric solution to validate the genuineness. We have implemented a prototype of TagPrint using COTS RFID devices. The system has been tested extensively over 6,000 tags. The results show that our new fingerprint exhibits a good fitness of uniform distribution and the system achieves a surprising Equal Error Rate of 0.1 % for anti-counterfeiting.

Yuanchao Shu,Yu Gu,Jiming Chen

DOI: https://doi.org/10.1109/MASS.2012.6502522

2012-01-01

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges can not be transferred among trusted users. In this work, we introduce a sensory-data-enhanced authentication for access control systems. By combining sensory-data obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss and stolen. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with simple sensor data and empirically demonstrate simple rotations can increase key space by more than 30, 000 times with an authentication accuracy of 95%. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Xingyu Chen,Jia Liu,Xia Wang,Haisong Liu,Dong Jiang,Lijun Chen

2020-01-01

Abstract:RFID tag authentication is challenging because most advanced cryptographic algorithms cannot be afforded by passive tags. Recent physical-layer identification utilizes unique features of RF signals as the fingerprint to authenticate a tag. This approach is effective but difficult for practical use because it either requires a purpose-built device to extract the signal features or is sensitive to environmental conditions. In this paper, we present a new energy-related fingerprint called Eingerprint to authenticate passive tags with commodity RFID devices. The competitive advantage of Eingerprint is that it is fully compatible with the RFID standard EPC-global Gen2, which makes it more applicable and scalable in practice. Besides, it takes the electrical energy stored in a tag's resistor-capacitor (RC) circuit as the fingerprint, which is robust to environmental changes such as tag position, communication distance, transmit power, and multi-path effects. We propose a new metric called persistence time to indirectly estimate the energy level in the RC circuit. A select-query based scheme is designed to extract the persistence time by flipping and observing a flag in the tag's volatile memory. We implement a prototype of Eingerprint with commodity RFID devices without any modifications to the hardware or the firmware. Experiment results show that Eingerprint is able to achieve a high authentication accuracy of 99:4% when three persistence times are used, regardless of device diversity and environmental conditions.

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

Changzhan Gu,Zhiguang Fan,Shaoyuan Zheng,Jiangtao Huangfu,Lixin Ran

DOI: https://doi.org/10.2529/piers061129101136

2007-01-01

Abstract:RFID (Radio Frequency Identification) is now attracting many interests for its bright future in commercial and daily use. For the low-frequency (LF, typically 125KHz) and the high-frequency (HF, typically 13.6MHz) RFIDs, the Readers have already come into our daily life out of their matured technologies, while the ultra-high frequency (UHF) RFID Readers are still in the process for the reliability and functionality. This paper represents a systematic design of a UHF RFID reader. Received backscatter modulation waves (carrier wave frequency 915 MHz) are directly demodulated to baseband signals using the Zero IF technology. The reader is designed as a quadrature (I/Q) one, which can avoid null points of the received signals [41 and enhance the demodulation sensitivity.

Han Ding,Jinsong Han,Yanyong Zhang,Fu Xiao,Wei Xi,Ge Wang,Zhiping Jiang

DOI: https://doi.org/10.1109/infocom.2018.8486424

2018-01-01

Abstract:As the Ultra High Frequency (UHF) passive Radio Frequency IDentification (RFID) technology becomes increasingly deployed, it faces an array of new security attacks. In this paper, we consider a type of attack in which a malicious RFID reader could arbitrarily modify the tags via standard commands, e.g., IDs or other data in the memory. To deal with this type of attack, we propose a physical-layer RF signal based reader authentication solution, namely Arbitrator, that involves passively listening on RF channels, analyzing the communication signals, identifying unauthorized readers and jamming the commands from such readers. Our solution does not need to modify RFID devices or the underlying communication standards, hence fully compatible with the existing RFID infrastructure. In this study, we have implemented a prototype Arbitrator over the Universal Software Radio Peripheral (USRP) platform, and conducted extensive experiments to evaluate its performance. Our results show that Arbitrator can detect unauthorized RFID readers with high accuracy, and thus effectively diminish the unauthorized access attacks.

Weiye Xu,Jianwei Liu,Shimin Zhang,Yuanqing Zheng,Feng Lin,Fu Xiao,Jinsong Han

DOI: https://doi.org/10.1109/infocom42981.2021.9488737

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Current facial authentication (FA) systems are mostly based on the images of human faces, thus suffering from privacy leakage and spoofing attacks. Mainstream systems utilize facial geometry features for spoofing mitigation. which are still easy to deceive with the feature manipulation, e.g., 3D-printed human faces. In this paper, we propose a novel privacy-preserving anti-spoofing FA system, named RFace, which extracts both the 3D geometry and inner biomaterial features of faces using a COTS RFID tag array. These features are difficult to obtain and forge, hence are resistant to spoofing attacks. RFace only requires users to pose their faces in front of a tag array for a few seconds, without leaking their visual facial information. We build a theoretical model to rigorously prove the feasibility of feature acquisition and the correlation between the facial features and RF signals. For practicality, we design an effective algorithm to mitigate the impact of unstable distance and angle deflection from the face to the array. Extensive experiments with 30 participants and three types of spoofing attacks show that RFace achieves an average authentication success rate of over 95.7% and an EER of 4.4%. More importantly, no spoofing attack succeeds in deceiving RFace in the experiments.

Cui Zhao,Zhenjiang Li,Han Ding,Wei Xi,Ting Liu,Ruowei Gui,Jinsong Han

DOI: https://doi.org/10.1109/tmc.2020.3014092

IF: 6.075

2020-01-01

IEEE Transactions on Mobile Computing

Abstract:This paper presents RF-Mehndi, a passive commercial RFID tag array formed identifier. The key RF-Mehndi novelty is that when the user’s fingertip touching on the tag array surface during the communication, the backscattered signals by the tag array become user-dependent and unique. Hence, if we enhance the communication modality of many personal cards nowadays by RF-Mehndi, in case that a card gets lost or stolen, it cannot be used illegally by the adversaries. To harvest such a benefit, we have two key observations in designing RF-Mehndi. The first observation is when tags are nearby, their interrogated currents can change each other’s circuit characteristics, based on which unique phase features can be obtained from backscattered signals. The second observation is that when the user’s fingertip touches the tag array surface during communication, the phase feature can be further profiled by this user. Based on these observations, the card and its holder can be potentially authenticated at the same time. To transfer the RF-Mehndi idea to a practical system, we further address technical challenges. We implement a prototype system. Extensive evaluations show the effectiveness of RF-Mehndi, achieving excellent authentication performance.

Z. G. Fan,S. Qiao,J. T. Huangfu,L. X. Ran

DOI: https://doi.org/10.2528/pier07021501

2007-01-01

Abstract:In this paper, signal descriptions and formulations for the radio frequency ( RF) front-end of a passive backscatter radio frequency identification ( RFID) reader working at ultra high frequencies ( UHF) are discussed in detail, and a set of design considerations aiming to improve the read range are outlined. The reader's architecture is proposed and the design details of its RF frond-end are presented. The read range is formulated through calculating the time-averaging power absorbed by the tag and the signal-noise-ratio ( SNR) of the demodulation, and accordingly RFID systems can be classified into tag-determining and reader-determining ones. It is concluded that the gain of the reader antenna, the phase noise of the local oscillation ( LO) and the receive-transmit isolation coefficient dominate the demodulation output noise of the reader, and consequently the reader-determining maximum operational distance. A prototype reader working at the frequency of 915MHz was built with off-the-shelf components and was evaluated with a commercial tag in an indoor environment. The measured results show that this RFID system is of tag-determining and has a read range of 8.4 meters, which are in good agreement with the calculated results.

Jia Liu,Xingyu Chen,Shigang Chen,Wei Wang,Dong Jiang,Lijun Chen

2020-01-01

Abstract:Radio frequency identification has been gaining popularity in a variety of applications from shipping and transportation to retail industry and logistics management. With a limited reader-tag communication range, multiple readers (or reader antennas) must be used to provide full coverage to any deployment area beyond a few meters across. However, reader contention can seriously degrade the performance of the system or even block out some tags from being read. Most prior work on this problem requires hardware and protocol support that is incompatible with the EPC Gen2 standard. Moreover, they assume the knowledge of a reader network that precisely describes the contention relationship among all readers, but the efficient acquisition of the reader network in a practical system with commercial-off-the-shelf (COTS) tags is an open problem. This study fills the gap by proposing a novel protocol Retwork, which works under the limitations imposed by commercial Gen2-compatible tags and identifies all possible reader contentions efficiently through careful protocol design that exploits the flag-setting capability of these tags. We have implemented a prototype with 8,000 commercial tags. Extensive experiments demonstrate that Retwork can reduce communication overhead by an order of magnitude, in comparison to an alternative solution.

J Yang,Kui Ren,Kwangjo Kim

2005-01-01

Abstract:In the near future, radio frequency identiflcation (RFID) technology is expected to play an important role for object identiflcation as a ubiquitous infrastructure. However, low-cost RFID tags are highly resource-constrained and cannot support its long-term security, so they have potential risks and may violate privacy for their bearers. To remove security vulnerabilities, we propose a robust mutual authentication protocol between a tag and a back-end server for low-cost RFID system that guarantees data privacy and location privacy of tag bearers. Difierent from the previous works (4, 14), our protocol flrstly provides reader authentication and prevent active attacks based on the assumption that a reader is no more a trusted third party and the communication channel between the reader and the back-end server is insecure like wireless channel. Also, the proposed protocol exhibits forgery resistant against simple copy, or counterfeiting prevailing RFID tags. As tags only have hash function and exclusive-or operation, our proposed protocol is very feasible for low-cost RFID system compared to the previous works. The formal proof of correctness of the proposed authentication protocol is given based on GNY logic.

Hung-Min Sun,Chen-En Lu,Shuai-Min Chen

DOI: https://doi.org/10.1109/tencon.2007.4429060

2007-01-01

Abstract:RFIDs have been popularly used in daily life. To avoid being intruded on user privacy, proper protection is necessary. The privacy issues, such as object tracking and forgery of tags, are widely studied in the literature. Traditionally, the reader is regarded as a part of the system. In mobile RFID environment, however, anyone who holds the reader can connect to the server and acquire other information about the objects he owns. To verify whether a reader has the rights to access the tags has become essential. In this paper, we propose an RFID authentication protocol that can achieve the above goal and provide tag anonymity and forgery resistance. Hence, the user privacy is guaranteed.

Ge Wang,Haofan Cai,Chen Qian,Jinsong Han,Shouqian Shi,Xin Li,Han Ding,Wei Xi,Jizhong Zhao

DOI: https://doi.org/10.1145/3241539.3241541

2020-01-01

IEEE/ACM Transactions on Networking

Abstract:We provide the first solution to an important question, "how a physical-layer authentication method can defend against signal replay attacks''. It was believed that if an attacker can replay the exact same reply signal of a legitimate authentication object (such as an RFID tag), any physical-layer authentication method will fail. This paper presents Hu-Fu, the first physical layer RFID authentication protocol that is resilient to the major attacks including tag counterfeiting, signal replay, signal compensation, and brute-force feature reply. Hu-Fu is built on two fundamental ideas, namely inductive coupling of two tags and signal randomization. Hu-Fu does not require any hardware or protocol modification on COTS passive tags and can be implemented with COTS devices. We implement a prototype of Hu-Fu and demonstrate that it is accurate and robust to device diversity and environmental changes, including locations, distance, and temperature. Hu-Fu provides a new direction of battery-free/low-power device authentication that enables numerous IoT applications.

Ben Niu,Xiaoyan Zhu,Hui Li

DOI: https://doi.org/10.1109/WCNC.2013.6554848

2013-01-01

Abstract:Existing work on RFID authentication problems always make assumptions that 1) hash function can be fully used in designing RFID protocols; 2) channels between readers and the server are always secure. However, the first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be adopted in mobile RFID applications where the wireless channels between readers and the server are always insecure. In this paper, we propose a new ultralightweight authentication protocol for mobile RFID systems. We only use bitwise XOR, and special constructed pseudo-random number generators (RNGs) to achieve our aims in insecure mobile RFID environment. Security analysis shows that our protocol can provide several privacy properties and avoid suffering from kinds of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare authentication delays with several existing work, the results indicate us that our protocol significantly improves the efficiency. © 2013 IEEE.

Jiawei Li,Chuyu Wang,Ang Li,Dianqi Han,Yan Zhang,Jinhang Zuo,Rui Zhang,Lei Xie,Yanchao Zhang

DOI: https://doi.org/10.1109/infocom41043.2020.9155427

2020-01-01

Abstract:Passive RFID technology is widely used in user authentication and access control. We propose RF-Rhythm, a secure and usable two-factor RFID authentication system with strong resilience to lost/stolen/cloned RFID cards. In RF-Rhythm, each legitimate user performs a sequence of taps on his/her RFID card according to a self-chosen secret melody. Such rhythmic taps can induce phase changes in the backscattered signals, which the RFID reader can detect to recover the user’s tapping rhythm. In addition to verifying the RFID card’s identification information as usual, the backend server compares the extracted tapping rhythm with what it acquires in the user enrollment phase. The user passes authentication checks if and only if both verifications succeed. We also propose a novel phase-hopping protocol in which the RFID reader emits Continuous Wave (CW) with random phases for extracting the user’s secret tapping rhythm. Our protocol can prevent a capable adversary from extracting and then replaying a legitimate tapping rhythm from sniffed RFID signals. Comprehensive user experiments confirm the high security and usability of RF-Rhythm with false-positive and false-negative rates close to zero.

Ang Li,Jiawei Li,Yan Zhang,Dianqi Han,Tao Li,Yanchao Zhang

DOI: https://doi.org/10.1109/twc.2022.3226753

IF: 10.4

2022-01-01

IEEE Transactions on Wireless Communications

Abstract:Commodity ultra-high-frequency (UHF) RFID authentication systems only provide weak user authentication, as RFID tags can be easily stolen, lost, or cloned by attackers. This paper presents the design and evaluation of SmartRFID, a novel UHF RFID authentication system to promote commodity crypto-less UHF RFID tags for security-sensitive applications. SmartRFID explores extremely popular smart devices and requires a legitimate user to enroll his smart device along with his RFID tag. Besides authenticating the RFID tag as usual, SmartRFID verifies whether the user simultaneously possesses the associated smart device with both feature-based machine learning and deep learning techniques. The user is considered authentic if and only if passing the dual verifications. Comprehensive user experiments on commodity smartwatches and RFID devices confirmed the high security and usability of SmartRFID. In particular, SmartRFID achieves a true acceptance rate of above 97.5% and a false acceptance rate of less than 0.7% based on deep learning. In addition, SmartRFID can achieve an average authentication latency of less than 2.21 s, which is comparable to inputting a PIN on a door keypad or smartphone.

telecommunications,engineering, electrical & electronic

Jiawei Li,Chuyu Wang,Ang Li,Dianqi Han,Yan Zhang,Jinhang Zuo,Rui Zhang,Lei Xie,Yanchao Zhang

DOI: https://doi.org/10.1109/TNET.2022.3204204

2023-01-01

Abstract:Passive RFID technology is widely used in user authentication and access control. We propose RF-Rhythm, a secure and usable two-factor RFID authentication system with strong resilience to lost/stolen/cloned RFID cards. In RF-Rhythm, each legitimate user performs a sequence of taps on his/her RFID card according to a self-chosen secret melody. Such rhythmic taps can induce phase changes in the backscattered signals, which the RFID reader can detect to recover the user's tapping rhythm. In addition to verifying the RFID card's identification information as usual, the backend server compares the extracted tapping rhythm with what it acquires in the user enrollment phase. The user passes authentication checks if and only if both verifications succeed. We also propose a novel phase-hopping protocol in which the RFID reader emits Continuous Wave (CW) with random phases for extracting the user's secret tapping rhythm. Our protocol can prevent a capable adversary from extracting and then replaying a legitimate tapping rhythm from sniffed RFID signals. Comprehensive user experiments confirm the high security and usability of RF-Rhythm with false-positive and false-negative rates close to zero.

Shucheng Yu,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/milcom.2007.4454918

2007-01-01

Abstract:Radio frequency identification (RFID) is an emerging technology for automatic object identification. For successful deployment of tags, a RFID system should provide effective protection over security and privacy. In particular, traceability is the main concern for user privacy. To address these issues, mutual authentication between the reader and tags is required when deploying a RFID system. Unfortunately, because low-cost RFID tags are highly resource constrained, they are not able to carry out expensive cryptographic primitives to achieve strong authentication. This paper introduces a lightweight authentication protocol for low-cost RFID tags. Compared with previous work, our solution provides better traceability protection while keeping the system efficient in terms of computation and communication. Our scheme also maintains comparable strength regarding other security aspects.