Vibrate-to-Unlock: Mobile Phone Assisted User Authentication to Multiple Personal RFID Tags Nitesh Saxena Polytechnic Institute of NYU nsaxena@poly.edu Md. Borhan Uddin Stony Brook University mduddin@cs.sunysb.edu Jonathan Voris Polytechnic Institute of NYU jvoris@cis.poly.edu N. Asokan Nokia Research Center n.asokan@nokia.com Abstract—Personal RFID tags store valuable information private to their users that can easily be subject to eavesdrop- ping, unauthorized reading, owner tracking, and cloning. RFID tags are also susceptible to relay attacks and likely to get lost and stolen. In this paper, we introduce the problem of user authentication to RFID tags. This allows users to control when and where their RFID tags can be accessed. We present a novel approach for user authentication to multiple RFID tags called “Vibrate-to-Unlock” (VtU). This technique uses a mobile phone as an authentication token, forming an unidirectional tactile communication channel between users and their RFID tags. Authenticating to an RFID tag involves touching a vibrating phone to the tag or an object carrying the tag, such as a wallet. We discuss the design and implementation of this new method on Intel’s WISP tags. We also report on a preliminary usability evaluation of our VtU prototype. I. I NTRODUCTION User authentication is one of the most important prob- lems in security. It occurs whenever users have to provide credentials to prove their identity in order to access a computing resource. The goal of this process is to ascertain that only legitimate users are granted access. The increasing popularity of personal devices and the sensitivity of infor- mation they store prompts the need for usable authentication mechanisms. A. RFID Devices and Underlying Threats Passive RFID (Radio Frequency IDentification) tags are personal devices that are found in access cards, badges, contactless credit cards, e-passports, and driver’s licenses. They often store sensitive information. For example, a US passport stores the name, nationality, date of birth, and digital photograph of its user [1]. Unlike other devices, such information can easily be subject to clandestine eaves- dropping when stored on RFID tags, which can lead to owner tracking [2]. This information may also be used to impersonate the tag owner via cloning [2]. Moreover, RFID devices can be lost or stolen, which endangers the services they provide. For example, a stolen wallet containing a worker’s access card allows unauthorized entry into his or her office building. Furthermore, RFID tags are susceptible to “ghost-and- leech” attacks [3]. Here an adversary, called a “ghost,” relays the information surreptitiously read from a legitimate RFID device to another colluding adversary, called a “leech.” The leech transmits this information to a legitimate reader and vice versa, and can thus impersonate the RFID tag. All tag- to-reader authentication protocols are vulnerable to this form of attack [5]. B. Research Problem: User Authentication to RFID Devices In this paper, we introduce the problem of user authenti- cation to personal RFID tags. Authentication would provide control over when and where RFID tags can be accessed, thus preventing some of the aforementioned attacks. As an example, imagine Alice goes shopping carrying a contactless credit card. The card is in a default locked state and does not respond to read requests. When ready for checkout, Alice unlocks the credit card by authenticating to it. Once the transaction completes, the card again gets locked. A research challenge confronting RFID user authentica- tion is that RFID devices were meant to be transparent to users. They therefore lack output and input interfaces. Moreover, the RFID usage scenario is atypical since tags may be stored in other objects, such as wallets, while in use [6]. The fact that a user might carry multiple tags exacerbates this issue. Another challenge is that RFID devices are constrained in terms of computation, memory, and power. RFID user authentication is thus quite challenging. C. Mobile Phones as Authentication Tokens Mobile phones have become an integral part of users’ lives. Unlike other tokens, phones are almost constantly available to users due to their desire to remain socially connected. Mobile phones also provide people with a sense of security [7]. Recent surveys demonstrate an emerging “always on, always with me” phone usage trend [8], [9], [10], [11]. We therefore believe that such devices can be exploited to achieve RFID user authentication. Using mobile phones to authenticate to remote servers has been proposed in prior research [12], [14]. D. Our Contributions and Paper Outline We make the following contributions. We propose a novel approach to RFID user authentication called “Vibrate-to- Unlock” (VtU). It works by using a mobile phone as an 2011 IEEE International Conference on Pervasive Computing and Communications (PerCom), Seattle (March 21-25, 2011) 978-1-4244-9528-3/11/$26.00 ©2011 IEEE 181