Hand-Key: Leveraging Multiple Hand Biometrics for Attack-Resilient User Authentication Using COTS RFID

Biometrics have been widely used in user authentications. However, existing outer-body biometrics (e.g., fingerprint), collecting from body surface, are vulnerable to spoofing attacks. Although inner-body biometrics, such as the electrocardiogram, are hard to be forged, their complex acquisition methods and instability lead to unsatisfactory user experience. Therefore, achieving good user-friendliness and high security simultaneously in biometric-based authentication is challenging. In this paper, we propose Hand-Key, an attack-resilient and user-friendly user authentication system to address the above challenge. Hand-Key utilizes a low-cost radio frequency identification (RFID) tag array to simultaneously collect the inner-body composition and outer-body geometric features of human hand to identify users. Users are merely required to hold their hands in a 'handshaking' pose between a reader's antenna and a tag array during authentication. To further enhance the security, we tactfully leverage the inherent randomness of the anti-collision scheme in RFID systems to make Hand-Key immune against replay attacks. We built a prototype of Hand-Key and conducted extensive experiments with 30 volunteers. The results show that Hand-Key achieves an authentication success rate of 99%+.

Automated summary

This paper introduces Hand-Key, a novel user authentication system that utilizes RFID technology to collect both inner and outer body features for user identification, addressing the challenge of balancing user-friendliness and security in biometric-based authentication. By leveraging the inherent randomness of RFID systems, Hand-Key is immune to replay attacks and achieves an authentication success rate of 99%+.