be indirectly extracted from noisy backscattered signals.We Data-0 FMO Preamble explore various signal processing techniques to process noisy raw phase data for extracting a reliable tapping rhythm.We also use machine learning techniques to train a classifier the backend server uses to validate an extracted tapping rhythm. Fig.1.FMO baseband symbols and preamble The second challenge is anti-eavesdropping,i.e.,how to Reader prevent the adversary from acquiring the user's tapping M黑Query黑ACKQueryRep rhythm from sniffed RFID signals.In particular,the ad- T4 人 RN16 versary can easily eavesdrop on the open RFID channel and Harvest power then behave in the same way as the RFID reader to decode the user's tapping rhythm from intercepted RFID signals.It Fig.2.The basic EPC Gen-2 query protocol with a single RFID card. can then repeat the rhythmic taps on lost/stolen/cloned RFID card to successfully impersonate the legitimate user.We tackle 2)The reader sends a Query command followed by CW this challenge by a novel phase-hopping protocol in which of length T1+T2+TRN16.During this CW period,the the RFID reader emits Continuous Wave(CW)with random card backscatters an RN16 message comprising a 6-bit phases for extracting the user's tapping rhythm.Since the preamble,a 16-bit random number,and one dummy bit. adversary does not know the phase-hopping sequence,it can 3)The reader sends an ACK followed by CW of length no longer extract the correct tapping rhythm from sniffed RFID T+T2+TEpC.During this CW period,the card signals. backscatters its EPC (Electronic Product Code). We thoroughly evaluate the security and usability of RF 4)The reader sends QueryRep to finish this query session. Rhythm by comprehensive experiments on Impinj RFID read- EPC Gen-2 [5]gives recommendations for the above timing ers,COTS passive tags,and USRP devices.Our experiments parameters.Let RTcal represent the duration of Interrogator- involve 19 volunteers from two countries and explore three to-Tag calibration symbol,which is specified in the reader representative machine learning techniques,including Support configuration and set to RTcal 72us in our implementation. Vector Machine (SVM).Neural Networks (NN),and Convo- Also let FrT be the frequency tolerance of FMO baseband lutional Neural Networks(CNN).We show that RF-Rhythm signals,which equals 4%for BLF=40 KHz.We have T= is highly secure with false-positive and false-negative rates 2 RTcal=144μsand75us≤T2≤500us.n addition,the close to zero.In addition,we demonstrate the high resilience maximum,minimum,and nominal values of T are 262us, of RF-Rhythm to brute force,visual eavesdropping,and RF 238us,and 250us,respectively. eavesdropping attacks.We also confirm the high usability of RF-Rhythm by a user survey. III.ADVERSARY MODEL II.BASICS OF PASSIVE UHF RFID SYSTEMS We assume an adversary A who attempts to use a lost/stolen/cloned RFID card to pass authentication checks and In this section,we introduce some necessary background about passive Ultra-High-Frequency(UHF)RFID systems.An thus impersonate the legitimate card user.A knows how RF- RFID system consists of a backend server,readers,and RFID Rhythm works and can perform rhythmic taps on the RFID card with fingers or even a fully programmable robotic arm. cards.The RFID reader sends both modulated commands and continuous wave (CW).The RFID card sends back its data We assume that A does not know the legitimate user's secret by exploring the energy harvested from the reader's signals song segment and can try the following attack strategies. to switch its input impedance between two states and thus Brute force:A performs totally random rhythmic taps. modulate the backscattered signal.EPC Gen 2 [5]is the Visual eavesdropping:A observes the legitimate user's most popular UHF RFID standard and assumed throughout tapping behavior,e.g.,by shoulder surfing or a spy the remainder of this paper. camera,and then tries to emulate it. RFID cards encode the backscattered data using either RF eavesdropping:A sniffs all the PHY communication FMO baseband or miller modulation.We only consider FMO traces between the RFID reader and card to recover and encoding in this paper,but our work can easily extend to then perform the legitimate user's rhythmic taps. miller modulation.Fig.I shows the basic FMO symbols.FMO inverts the baseband phase at every symbol boundary with an IV.SYSTEM OVERVIEW additional mid-symbol phase inversion for each data-0.The RF-Rhythm consists of an enrollment phase and a verifica- duration of an FMO symbol is denoted by Tpri 1/BLF, tion phase,and its major modules are depicted in Fig.3, where BLF represents the backscatter link frequency ranging During the enrollment phase,the legitimate user first selects from 40 kHz to 640 kHz [5].To ease our presentation,we an arbitrary song segment familiar to him/herself.Then the assume BLF equal to 40 kHz,corresponding to Tpri 25us. user performs rhythmic taps on his/her RFID card in ac- Fig.2 shows the basic query protocol in EPC Gen-2 [5]. cordance with his/her own interpretation of the chosen song 1)The reader emits CW of length Ta for the RFID card to segment,e.g.,by singing it silently.The user's tapping rhythm harvest and store energy. is referred to as his/her secret rhythm hereafter.be indirectly extracted from noisy backscattered signals. We explore various signal processing techniques to process noisy raw phase data for extracting a reliable tapping rhythm. We also use machine learning techniques to train a classifier the backend server uses to validate an extracted tapping rhythm. The second challenge is anti-eavesdropping, i.e., how to prevent the adversary from acquiring the user’s tapping rhythm from sniffed RFID signals. In particular, the ad￾versary can easily eavesdrop on the open RFID channel and then behave in the same way as the RFID reader to decode the user’s tapping rhythm from intercepted RFID signals. It can then repeat the rhythmic taps on lost/stolen/cloned RFID card to successfully impersonate the legitimate user. We tackle this challenge by a novel phase-hopping protocol in which the RFID reader emits Continuous Wave (CW) with random phases for extracting the user’s tapping rhythm. Since the adversary does not know the phase-hopping sequence, it can no longer extract the correct tapping rhythm from sniffed RFID signals. We thoroughly evaluate the security and usability of RF￾Rhythm by comprehensive experiments on Impinj RFID read￾ers, COTS passive tags, and USRP devices. Our experiments involve 19 volunteers from two countries and explore three representative machine learning techniques, including Support Vector Machine (SVM), Neural Networks (NN), and Convo￾lutional Neural Networks (CNN). We show that RF-Rhythm is highly secure with false-positive and false-negative rates close to zero. In addition, we demonstrate the high resilience of RF-Rhythm to brute force, visual eavesdropping, and RF eavesdropping attacks. We also confirm the high usability of RF-Rhythm by a user survey. II. BASICS OF PASSIVE UHF RFID SYSTEMS In this section, we introduce some necessary background about passive Ultra-High-Frequency (UHF) RFID systems. An RFID system consists of a backend server, readers, and RFID cards. The RFID reader sends both modulated commands and continuous wave (CW). The RFID card sends back its data by exploring the energy harvested from the reader’s signals to switch its input impedance between two states and thus modulate the backscattered signal. EPC Gen 2 [5] is the most popular UHF RFID standard and assumed throughout the remainder of this paper. RFID cards encode the backscattered data using either FM0 baseband or miller modulation. We only consider FM0 encoding in this paper, but our work can easily extend to miller modulation. Fig. 1 shows the basic FM0 symbols. FM0 inverts the baseband phase at every symbol boundary with an additional mid-symbol phase inversion for each data-0. The duration of an FM0 symbol is denoted by Tpri = 1/BLF, where BLF represents the backscatter link frequency ranging from 40 kHz to 640 kHz [5]. To ease our presentation, we assume BLF equal to 40 kHz, corresponding to Tpri = 25µs. Fig. 2 shows the basic query protocol in EPC Gen-2 [5]. 1) The reader emits CW of length T4 for the RFID card to harvest and store energy. Data-0 Data-1 Tpri 1 0 1 0 v 1 FM0 Preamble Fig. 1. FM0 baseband symbols and preamble. Query RN16 ACK QueryRep EPC Reader Tag T1 T2 T1 T2 CW T4 Harvest power CW CW Fig. 2. The basic EPC Gen-2 query protocol with a single RFID card. 2) The reader sends a Query command followed by CW of length T1 + T2 + TRN16. During this CW period, the card backscatters an RN16 message comprising a 6-bit preamble, a 16-bit random number, and one dummy bit. 3) The reader sends an ACK followed by CW of length T1 + T2 + TEPC. During this CW period, the card backscatters its EPC (Electronic Product Code). 4) The reader sends QueryRep to finish this query session. EPC Gen-2 [5] gives recommendations for the above timing parameters. Let RTcal represent the duration of Interrogator￾to-Tag calibration symbol, which is specified in the reader configuration and set to RTcal = 72µs in our implementation. Also let FrT be the frequency tolerance of FM0 baseband signals, which equals 4% for BLF = 40 KHz. We have T4 = 2RTcal = 144µs and 75µs ≤ T2 ≤ 500µs. In addition, the maximum, minimum, and nominal values of T1 are 262µs, 238µs, and 250µs, respectively. III. ADVERSARY MODEL We assume an adversary A who attempts to use a lost/stolen/cloned RFID card to pass authentication checks and thus impersonate the legitimate card user. A knows how RF￾Rhythm works and can perform rhythmic taps on the RFID card with fingers or even a fully programmable robotic arm. We assume that A does not know the legitimate user’s secret song segment and can try the following attack strategies. • Brute force: A performs totally random rhythmic taps. • Visual eavesdropping: A observes the legitimate user’s tapping behavior, e.g., by shoulder surfing or a spy camera, and then tries to emulate it. • RF eavesdropping: A sniffs all the PHY communication traces between the RFID reader and card to recover and then perform the legitimate user’s rhythmic taps. IV. SYSTEM OVERVIEW RF-Rhythm consists of an enrollment phase and a verifica￾tion phase, and its major modules are depicted in Fig. 3, During the enrollment phase, the legitimate user first selects an arbitrary song segment familiar to him/herself. Then the user performs rhythmic taps on his/her RFID card in ac￾cordance with his/her own interpretation of the chosen song segment, e.g., by singing it silently. The user’s tapping rhythm is referred to as his/her secret rhythm hereafter