Secure RFID Handwriting Recognition–Attacker Can Hear but Cannot Understand

Abstract

Radio Frequency Identification (RFID) has been adopted in various applications owning to its many attractive properties such as low cost, no requirement on line-of-sight, and battery-free. This paper studies the problem of RFID-based Handwriting recognition, which is practically important in Human-Computer Interaction (HCI) scenarios. To the best of our knowledge, the state-of-the-art works beget leaking user privacy, because the malicious attacker can eavesdrop on the RFID signals (e.g., tag phase) broadcast in the air and further analyze the user’s handwriting activity. To address the privacy leakage issue, we propose a secure RFID handwriting recognition system named SecRFPen to enable privacy-preserving handwriting recognition. In SecRFPen, the legal reader switches the probing frequency and power, the phase angles of RF signals reflected by the tagged pen will change accordingly. Thus, the phase profile of the tagged pen is actually determined by both reader-tag hardware characteristics and handwriting movements. We propose an authentication matrix to quantify RFID device hardware characteristics, which can be measured by legal users in advance. Thus, the legal RFID reader can recognize the handwriting activity via analytics on the authentication matrix and tag phase profile. On the contrary, since the malicious attacker knows nothing about the hardware characteristics of legal RFID devices, it cannot understand handwriting even if it can hear the tag signals. We implement the SecRFPen system based on the Commercial-Off-The-Shelf (COTS) RFID devices. Extensive experimental results demonstrate that the recognition accuracy of legal users can reach 94.2%, while the recognition accuracy of the malicious attacker is as low as 35.1%.