IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS 1

Dynamic Authentication with SensoryInformation for the Access Control Systems

Yuanchao Shu, Student Member, IEEE, Yu Gu, Member, IEEE, and Jiming Chen, SeniorMember, IEEE

Abstract—Access card authentication is critical and essential for many modern access control systems, which have been widelydeployed in various government, commercial and residential environments. However, due to the static identification informationexchange among the access cards and access control clients, it is very challenging to fight against access control systembreaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometricauthentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization,they incur high system costs and access privileges can not be transferred among trusted users. In this work, we introduce adynamic authentication with sensory information for the access control systems. By combining sensory information obtainedfrom onboard sensors on the access cards as well as the original encoded identification information, we are able to effectivelytackle the problems such as access card loss, stolen and duplication. Our solution is backward-compatible with existing accesscontrol systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential keyspace increases with sensory information of different sensors and empirically demonstrate simple rotations can increase keyspace by more than 1, 000, 000 times with an authentication accuracy of 90%. We performed extensive simulations under variousenvironment settings and implemented our design on WISP to experimentally verify the system performance.

Index Terms—Authentication; Sensory data; Access control system; Wireless rechargeable sensor.

F

1 INTRODUCTION

Access control is a mechanism which enables an authorityto control access to restricted areas and resources at a givenphysical facility or computer-based information system. Ingeneral, authentication methods in access control systemscan be divided into two broad categories. The first cate-gory is based on mechanical matching, such as keys andcombination locks. Individuals are authenticated in theseaccess control systems if and only if the blade of the keymatches the keyway of the lock or the correct numericalsequence for combination lock has been dialed. Due tothe physical constraints of mechanical matching systems,they are insufficient to meet the demanding requirements ofaccess control authentication for critical infrastructures. Onthe other hand, it is also very hard to frequently change theinterior structure of such matching mechanisms for securityenhancement.

The other category of authentication for access con-trol systems is electronic authentication including barcode,

• This work was supported in part by the NSFC under Grants 61004060,61222305, the 863 High-Tech Project under Grant 2011AA040101-1,the SRFDP under Grants 20100101110066, 20120101110139, NCET-11-0445, the Fundamental Research Funds for the Central Univer-sities under Grants 2013QNA5013 and 2013FZA5007, the SUTD-ZJU/RES/03/2011 and iTrust. Jiming Chen is the correspondenceauthor.

• Yuanchao Shu and Jiming Chen are with the Department of Control Sci-ence and Engineering, Zhejiang University, Hangzhou, China, 310027.E-mail: ycshu@zju.edu.cn, jmchen@iipc.zju.edu.cn

• Yu Gu is with the Singapore University of Technology and Design.E-mail: jasongu@sutd.edu.sg

magnetic stripe, biometrics and etc. Compared with me-chanical matching authentications, the electronic authenti-cations such as RFID-based smart card offer much moreconvenience and flexibility for both administrators andusers of access control systems. However, it still suffersfrom similar problem of key loss since authentication isonly based on the encoded identification data on the card.Anyone who carries the card will be granted the access andthe security of the system still can be compromised.

In order to further enhance the security of access con-trol systems, various biometric authentication mechanismshave been introduced to identify the authorized personnel.Although these biometric authentication methods such asfingerprint, iris and voice recognitions are able to providepersonal identification, they have high infrastructure costand access privileges can not be transferred among trustedusers.

In this work, we aim at bridging the gap between insuf-ficiency of existing electronic authentication solutions andthe increasing demand of high security guarantee for accesscontrol systems. We design a novel electronic proximityauthentication framework that enhances the security level ofexisting RFID-based access control systems with backwardcompatibility. Specifically, we add dynamic data into thetraditional authentication information by using sensors suchas accelerometer, gyroscope and etc.. This authenticationframework is adaptive to the change of encryption com-plexity of the access control systems and could be adopt-ed with minor modification of existing infrastructure. Insummary, on top of the previous conference paper [1], ourcontributions in this work are as follows:

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS 2

• We design and implement a dynamic authenticationframework with sensory information for the accesscontrol systems. Our design is backward compatiblewith existing, deployed RFID or access card readers.

• We demonstrate the proposed framework with twocase studies and theoretically prove that our dynamicauthentication significantly increases the key space forproximity authentication systems with the integrationof low-cost sensors.

• We have fully implemented and built a running pro-totype of the proposed dynamic authentication frame-work on the Intel Wireless Identification and SensingPlatform (WISP) [9]. Based on the running prototype,we have extensively evaluated our design in terms ofsystem accuracy and usability in real-world settings.

The remainder of this paper is organized as follows.Firstly we propose the dynamic authentication frameworkwith sensory information in Section 2. We then provide au-thentication algorithms of our system in Section 3. Systemworking performance and simulations of the authenticationmethod are shown in Section 4 and Section 5. Comparisonbetween the proposed two reference designs is given inSection 6. We discuss related work in Section 7 andconclude in Section 8.

2 DESIGN OF THE DYNAMIC AUTHENTICA-TION WITH SENSORY INFORMATION

The existing electronic proximity authentication of accesscontrol systems is mainly based on the exchange of encodedidentification information stored on the access card. Thesecurity and integrity of such static and passive authen-tication mechanisms suffer from problems such as accesscard loss and unauthorized duplications. In this work, wepropose to use sensory information obtained from wirelessrechargeable sensors on access cards to further enhancethe security and robustness of existing electronic proximityauthentication systems. The main idea of our system designis shown in Figure 1. When an access card integrated withwireless rechargeable sensors enters the communicationrange of an access control client, the access card piggybacksits sensory data to conventional identification informationand transmits it (i.e. the electronic key) to the access controlclient. The information received by the access control clientis then forwarded to the network server for authentication.If both sensory data and identification match a valid recordin the authentication database, the network server theninstruments the actuator and grants the card holder theaccess to the system. In this way, even an authentic accesscard is in possession of an unauthorized personnel or hasbeen illegally duplicated, as long as the unauthorized cardholder does not know how to generate the correct sensorydata, he or she still can not access the system. Moreover, wesuccessfully remove the system vulnerable period betweenloss/stolen of access card and the deactivation of the cardafter users’ report. On the contrary, trusted users can sharethe cards and predefined actions with each other which isunavailable in biometric authentication systems.

Different from existing authentication methods such ascombining RFID and an additional keypad near the reader,we propose an orthogonal design in this paper and thenew authentication framework only revises authenticationalgorithm on the network server without any modificationof access clients. In fact, since we piggyback sensory datato ID information before transmitting them to the reader,most existing works on communication encryption forRFID system can be easily adopted into our authenticationmethod [2], [3], [4], and therefore deal with several securityvulnerabilities such as replay attack and eavesdropping.

Fig. 1. System Function Diagram

The identification information on access cards normallyare static. With the addition of dynamic sensory data fromonboard sensors, we are able to significantly increase thesecurity key space P and hence the security level forexisting electronic authentication systems. A wide varietyof sensors including accelerometer, gyroscope and etc. canbe used in our system. To illustrate the basic conceptand the resulting security enhancement of our sensorydata enhanced access control system design, we use boththree-axis accelerometer and gyroscope as examples in thefollowing sections. In particular, we utilize the sensory datagenerated from the rotation of accelerometer and gyroscopeto introduce reference designs for the proposed sensory dataenhanced authentication scheme. Through our prototypingsystem and real world experiments, we demonstrate such arotation-based design is a feasible and practical option forthe proposed generic dynamic authentication framework.

2.1 Accelerometer-based Reference Design2.1.1 Two-dimensional RotationFor an accelerometer, if it is being rotated, the static accel-eration of gravity on its three axes will change accordingly.For a two-dimensional rotation, we can calculate the tiltangle α of an accelerometer from static acceleration ofgravity on its X-Axis and Y-Axis to determine the positionof the accelerometer in a two-dimensional plane.

In Figure 2 we illustrate a simple example on how todetermine the position of an accelerometer. In Figure 2, Ax

and Ay are acceleration components of gravity on Axis-X and Axis-Y, respectively. The tilt angle α can then becalculated by equation Ax = Gcosα and Ay = Gsinα,where G is the static acceleration of gravity. We define

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS 3

Y

Ay

XAx

Fig. 2. Accelerometer Rotation Example

the most basic rules and parameters for two-dimensionalrotations, which can be used to express more complexrotation actions.

• Basic rotation rules:– For all rotations, they are two-dimensional;– The basic rotation is omnidirectional, either clock-

wise or counterclockwise;– The new rotation starts from the end position of

the previous one;– Any single basic rotation does not exceed 2π

degrees.• Basic rotation parameters:

– Granularity of the Rotation Recognition n:Every two different static positions with their tiltdegree gap bigger than (2π/n) can be identifiedand n refers to the maximal number of recogniz-able rotations within one round. The granularityof recognition indicates the sensing capability ofangle degree fluctuation.

– The Number of Basic Rotations k: The num-ber of basic actions performed in one rotationsequence. Basic rotation number reveals the com-plexity of encryption.

Figure 3 shows an example of rotation sequence withthree basic rotations (k = 3) and granularity of the recog-nition n = 8. CW and CCW in Figure 3 denotes clockwiseand counterclockwise, respectively. In Figure 3, initially theaccelerometer is tilted π

4 degree to the Y-Axis. Then theaccelerometer is rotated π

2 degree clockwise, 3π2 degrees

counterclockwise and 5π4 degrees clockwise, respectively.

All rotations are in line with basic rotation rules definedabove.

Based on definitions above, we can represent the mul-titude of the key space increase for a two-dimensionalrotation by the following equation:

P 2Dacc(n, k) = n[2(n− 1)]k (1)

In Equation 1, n denotes the number of different possiblestarting positions for the first basic rotation. Then forthe following k rotations, we just need to determine thedirection, we can either clockwise or counterclockwiserotate the accelerometer to all other n−1 possible positions.

2.1.2 Three-Dimensional RotationIn this part, we extend our design to rotations in three-dimensional space. Since determining the attitude of sensor

α

α

α

α

Fig. 3. Rotation Sequence Diagram (2D)

solely based upon static acceleration of gravity is im-possible (imagine standing and holding your cell phoneface to you, the values of accelerometer at cell phonewill not change if you turn from the west to the north).Based on the relative positions of the accelerometer andthe ground, we extend the basic two-dimensional rotationrules for three-dimensional rotations: (i) During the wholerotation process, either plane XY , Y Z or XZ under thecoordinate of accelerometer is perpendicular to the ground(ii) Accelerometer only rotates in one plane under its owncoordinate (XY , XZ or Y Z) during one basic rotation; (iii)Rotation in a different plane is allowed if one axis among±X , ±Y or ±Z of the accelerometer is perpendicular tothe ground at the end of the previous basic rotation;

(a) Valid 3D Rotation

(b) Invalid 3D Rotation

Fig. 4. Rotation Sequence Diagram (3D)

Figure 4(a) demonstrates an example of a 3D rotationsequence follows the rules above with k = 3 basic rota-tions. We co-plot the coordinate of the accelerometer toillustrate 3D rotations. In Figure 4(a), each action betweentwo consecutive positions is a plane rotation, and rotationplane could changes only when the direction of staticacceleration of gravity is consistent with the direction ofaxes in accelerometer’s coordinate. For example, Position2 rotates to Position 3 in Figure 4(b) is prohibited whilePosition 1 rotates to Position 2 in Figure 4(a) is likely tohappen if the granularity of the rotation recognition n = 4.Corresponding sample data of this three-dimensional rota-tion are shown in Figure 5(a). In Figure 5(a) it could befound that values at each axis of the accelerometer changein different ways during the rotation process therefore

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS 4

TABLE 1Key Space of the Accelerometer-based Reference Design

n = 4, k = 3 n = 4, k = 5 n = 4, k = 8 n = 8, k = 3 n = 8, k = 5 n = 8, k = 82D Key Space 864 31104 6718464 21952 4302592 1.18×1010

3D Key Space 10368 1492992 2.58×109 145824 6.25×107 5.55×1011

offer great opportunities for sensory information basedauthentication design.

0 0.5 1 1.5 2 2.5 3 3.5 4

−1

−0.5

0

0.5

1

1.5

Time (s)

Acc

eler

atio

n (G

)

Axis XAxis YAxis Z

(a) 3D Rotations of an Accelerom-eter

0 1 2 3 4 5

−10

−5

0

5

10

15

Time (s)

Ang

ular

Vel

ocity

(ra

dian

s/s)

Axis X Axis Y Axis Z

(b) Standard Rotations of a Gyro-scope

Fig. 5. Sample Data of Rotations of Accelerometer andGyroscope

On the basis of the rules above, the starting positionof each basic rotation can be divided into two types onwhether one of axis ±X , ±Y and ±Z is perpendicular tothe ground at the beginning of the basic rotation. Accordingto the third rule, if one of the axes is consistent with thedirection of gravity, the following action can occur in twodifferent planes. However in the other case, the followingbasic rotation can only generated within a fixed plane. Wedefine two different series ak and bk that equals to keyspaces of these two cases respectively after k basic rotationswith a given granularity of the rotation recognition n. Thetotal key space of rotation in three-dimensional space andthe recursive formula of ak and bk can be written as

P 3Dacc(n, k) = ak+1 + bk+1 (2)

where

ak+1 = 2 · 2 · 3 · ak + 2 · 4 · bkbk+1 = 2 · 2 · (n− 4) · ak + 2 · (n− 5) · bk

n = 4m,m ≥ 1 ∈ N(3)

with the initial value a0 = 6 and b0 = 3(n − 4), n =4m,m ≥ 1 ∈ N.

Recursive formulae of both ak and bk in Equation 3consist of two parts that calculate key spaces under differentinitial positions of the accelerometer. For example forak, 2 · 2 · 3 mean two feasible directions, two feasibleplanes and three feasible end positions of one basic rotationrespectively.

In Table 1, we summarize key spaces for both two-dimensional and three-dimensional rotations with differentnumbers of basic rotations k and the granularity of recog-nition n. From this table, we can see with just such simple

rotations, we can significantly increase the key space foraccess authentication systems and therefore increase thesecurity level of the systems. For example even for two-dimensional rotaion, with the number of basic rotationsincreases from k to k+1, the key space will be multipliedby P 2D

acc(n, k + 1)/P 2Dacc(n, k) = 2n − 2. If n = 4, which

is a relatively small value, by just adding one simple basicrotation, the key space will increase six-fold. In addition,since we piggyback sensory-data to the original under-lying identification information on the card, encryptioncomplexity improvement of the conventional identificationinformation will equally increase system security levelunder our dynamic authentication mechanism.

2.2 Gyroscope-based Reference DesignGyroscope is a device for measuring change of orientation.Therefore it is also possible to utilize the action of rotationof a gyroscope in a three-dimensional space since it re-turns the angular velocity on each axis simultaneous whenrotating. Imaging there is a ball with center of O, Figure6 depicts six standard rotations of the ball using vectors.Corresponding sensory data of the six basic rotations of atypical three-axis gyroscope is shown in Figure 5(b).

X-

X+

Y+Y

-

Z+

Z-

O

Fig. 6. Standard Rotations of a Gyroscope

Different from accelerometer-based design which relieson precise rotations, higher rotation speed of the gyroscopeleads to a higher output value which make it easier forauthentication. It can be seen in Figure 5(b) that differentstandard rotations of a gyroscope can be easily differenti-ated from when the gyroscope remains standstill throughthe amplitude of the angular velocity. In this gyroscope-based reference design, we only use such binary rotationinformation (whether rotated) at each axis to performsensory-data based authentication.

Similar to the accelerometer-based reference design, a w-hole rotation process in the gyroscope-based design consistsof k basic rotations as well. However, the granularity of therotation recognition n in Section 2.1 is no longer used as we

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS 5

do not calculate the accurate degree of each rotation. For thesake of simplicity in presentation, we assume that at mostvalues on two axes among axis X, Y and Z change duringeach basic rotation. Therefore, the key space increase canbe written as

Pgyro(k) = [3 · 2 + (23) · 2 · 2]k = 18k (4)

The base of Equation 4 consists of two parts that computethe composition of feasible rotation directions of one basicrotation. Since the gyroscope has three axes and it can rotateon each axis with two directions, there are 3 · 2 feasiblerotation directions if the gyroscope rotates on one axis. Ifvalues on two axes change during a basic rotation, the totalfeasible rotation directions can be written as (23) · 2 · 2.

TABLE 2Key Space of the Gyroscope-based Reference Design

k = 2 k = 4 k = 6 k = 8 k = 10Key Space 324 104976 3.4×107 1.1×1010 3.6×1012

Key space of the gyroscope-based reference design issummarized in Table 2. It can be seen in Table 2 thateven only using the six standard rotation directions, wecan significantly increase the key space with increasingnumbers of basic rotations. For example when the numberof basic rotations k = 8, key space of the gyroscope-based reference design is larger than 3D rotation of theaccelerometer (1.1×1010 vs. 2.58×109).

3 ROTATION RECOGNITION

In the previous section, we discuss the potential of large keyspace increase for our dynamic authentication with sensoryinformation design. In this section, we further elaborate onthe detailed sensor rotation recognition algorithms.

By comparing the sample data of accelerometer (Fig.5(a)) and gyroscope (Fig. 5(b)), we find that output ofthe accelerometer exhibits a more complex behavior. Thisis because gyroscope measures the angular velocity andtends to generate impulses during one single basic rotation,which could be treated as a special case of the outputof the accelerometer. Therefore in this section, we usethe sensory data of accelerometer to illustrate the wholerotation recognition algorithms and discuss how to dealwith the sensory data of gyroscope in Section 3.4.

In order to accurately identify each individual basicrotation from raw accelerometer data, we perform followingthree operations in the network server.

3.1 Data Pre-ProcessingThe first step of rotation recognition is data pre-processing.The main goals are to separate and filter each individualbasic rotation from a series of raw accelerometer data.

In order to separate the individual basic rotations, wefirst need to identify the pause between two consecutive

0 2 4 6 8 10 12 14 16 18 20−1.5

−1

−0.5

0

0.5

1

1.5

Time (s)

Acc

eler

atio

n (G

)

Acceleration of 3 Axes

tw

X AxisY AxisZ Axis

Fig. 7. Example Sensory Data of a 3D Rotation

rotations. During such pauses, the three-axis readings ofan accelerometer would remain relatively stable and un-changed for a short period of time. In order to accuratelyrecognize such pauses and separate different basic rotations,we adopt a sliding window approach. In this approach, theaccelerometer readings in the first tw second are bufferedinto the sliding window. All data in the sliding windoware then fitted by a first-order polynomial function. If thecoefficient of first-order polynomial is less than a threshold(1 in our implementation), we consider the accelerometerremain stationary within the time frame of this window.Followed by this pause detection in the current window,the window would slide for a step of ts seconds, with tsduration of new data appended to the end of the slidingwindow while the first ts duration of sensory data arediscarded. Empirically, we set tw = 1s and ts = 0.3s inour system implementation. In this way, we have achievedaccurate separation of basic rotations in one completeauthentication. To visualize above data pre-processing step,Figure 7 shows one authentication with 4 basic rotationsthat performed slowly on our prototype implementation.The shaded regions represent sliding windows at threepauses. Clearly from Figure 7, it can be found that theaccelerations on three axes of the accelerometer are ratherstable during pauses between different basic rotations.

After identifying pauses between basic rotations, we thenuse least square estimation to fit the raw readings for eachindividual basic rotation from the accelerometer.

Assuming the accelerometer readings for one basic rota-tion on one of the three axes is:pi = (xi, yi), i = 0, 1, 2, · · · ,mThen the least square estimation tries to build a polyno-

mial function below:

y = f(x) = a0xm + a1x

m−1 + · · ·+ am−1x+ b (5)

such that

min(F (ak, b)) = min(∑

(f(xi)− pi)2)

= min(m∑i=0

(f(xi)− pi)2)

k = 0, . . . ,m− 1

(6)

In Section 4, we discuss fitting effect in detail and makethe decision of m through prototype experiments.

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS 6

3.2 Feature Vector ExtractionAfter separating basic rotations for one single authenti-cation, we match them with standard feature vectors. Asfeature based classification of time-series data has a simplemodel and lower computation, we choose this method forrotation recognitions. First, feature vectors (F-vectors) foreach individual basic rotations are extracted based on theirfitting functions created in the previous section. Specifical-ly, we extract the start and end sensory data, the maximaland minimal sensor readings and the corresponding time ofthese events within one basic rotation. Then for a three-axisaccelerometer, we can represent their feature vectors usingthe following set of equations:

Tx = {vx} = {vx start, vx end, vx max, vx min}Ty = {vy} = {vy start, vy end, vy max, vy min}Tz = {vz} = {vz start, vz end, vz max, vz min}

v ∈ R2

where v = (value, time) is a vector consisting of fittedacceleration value and its relative time within one basicrotation.

3.3 F-Vectors MatchingAfter extracting feature vectors, we then try to match themwith standard feature vectors in the database to recognize aspecific basic rotation. Standard feature vectors with givenn could be mathematically calculated and automaticallygenerated since the acceleration components on three axesrepresent a trigonometric relationship with acceleration ofgravity. Taking the rotation in Figure 2 as an example,after the accelerometer clockwise rotates π degrees, theacceleration components Ax and Ay during such rotationcan be calculated as Ax = Gcosθ and Ay = Gsinθ(θ ∈ [α, α + π]). Therefore, it is easy for users to resettheir keys without any modification on access cards.

In order to match extracted F-vectors of a basic rotationto standard ones in database, we use Euclidean distance tomeasure the closeness of these two vectors. Specifically weuse following set of equations for three axes:

dx = | Tx − Sx |dy = | Ty − Sy |dz = | Tz − Sz |

where

Sx = {v̄x} = {v̄x start, v̄x end, v̄x max, v̄x min}Sy = {v̄y} = {v̄y start, v̄y end, v̄y max, v̄y min}Sz = {v̄z} = {v̄z start, v̄z end, v̄z max, v̄z min}

The closeness between the extracted feature vector anda standard feature vector then can be expressed as:

R = max (1

dx + dy + dz)

To identify a basic rotation from the extracted featurevector, we choose the one that has the maximal R valuefor a corresponding standard feature vector.

3.4 Discussion of Gyroscope-based DesignSince a rotation process in gyroscope-based design alsoconsists of several basic rotations, the first operation ofdata pre-processing presented in Section 3.1 can be usedwithout any modification. In feature vector extraction, weonly need to extract the maximal sensor readings on eachaxis since there is only one impulse during a basic rotation.After constructing the standard feature vectors of limitedrotations of the gyroscope (e.g. 6 standard rotations), F-vector matching can be accomplished identically to theaccelerometer-based design.

Note that methodology of rotation recognition is notlimited to the feature based classification. For example onecan calculate distance between sensory measurements andsensory data of standard rotations through dynamic timewarping to recognize basic rotations, and online learningof the timing parameters in the data pre-processing stepcould also used to improve the recognition performance.In addition,methodologies used in gesture recognition canalso be borrowed [5], [6], [7], [8]. Although they mayhave higher computation complexity, they will not affectthe essence of the dynamic authentication framework.

4 TESTBED EVALUATIONTo evaluate the proposed dynamic authentication method,a prototype system is built based on the Intel WirelessIdentification and Sensing Platform (WISPs) [9]. WISP is afully-passive ultra high frequency (UHF) RFID tag whichintegrates an ultra-low-power processor and several low-power sensors such as temperature sensor and accelerom-eter. Through WISP’s antenna, the signal from standardUHF RFID readers can be used for both communicationand powering the entire WISP [10].

Fig. 8. Antenna-reshaped WISP Tag and Reader

In the prototype system, an antenna-reshaped WISPtag equipped with an accelerometer is integrated onto astandard access card. WISP tags we use are backward-compatible with existing RFID standards and hardware.Therefore they can be powered and read by any unmodified,

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS 7

commercially available UHF RFID readers. We use ImpinjSpeedway Reader IPJ-R1000 as RFID access control client,which provides network connectivity between WISP tagsand backend authentication computer servers. Figure 8 isa picture of our prototype system. Further insights of thesystem are presented in Section 1 of the supplemental file.

Since the current WISP do not have an embeddedgyroscope, we test the accelerometer-based design exclu-sively on the prototype system. However by modifying thehardware, gyroscope can be integrated onto WISP as well.In this paper, we conduct experiments on an iPhone 4 toevaluate the gyroscope-based design and summarize theauthentication results in Section 2 of the supplemental file.

4.1 Evaluation of the Accelerometer-based De-signAuthentication accuracy and delay are two most essentialfactors for practical access control systems. In this section,we comprehensively study the accuracy of our rotationrecognition algorithm on identifying a series of basic rota-tions performed by users for system authentication with onesingle accelerometer. Specifically, we define accuracy rateof the system authentication as the percentage of complexrotations that have been correctly recognized for systemauthentication algorithm. During the experiment, we alsorecord rotation delay which refers to the duration of acomplete action and the accuracy rate of authentication withvarying number of basic rotations k under two differentgranularity of recognition n. In experiments, predefinedrotations are randomly generated by the computer andthen performed by users. Due to the space constraint, weonly present two-dimensional authentication evaluation andanalysis in the main file. Experimental results of three-dimensional rotations can be found in Section 3 of thesupplemental file.

4.1.1 Accuracy Rate of the System AuthenticationFirstly, a total of 600 basic rotations are performed by oneuser. The experiment results are summarized in Table 3.

TABLE 3Accuracy Rate vs. Different k and n

k = 1 k = 2 k = 3 k = 4 k = 5n = 4 100% 93.3% 91.7% 90.0% 86.7%n = 8 100% 91.7% 90.0% 90.0% 83.3%Delay 1.9s 4.7s 7.7s 10.5s 13.3s

It can be found in Table 3 that as the number of basicrotations k and the granularity of rotation recognition nincrease, the accuracy rate decreases. This is because whenthe granularity of recognition increases, the likelihood ofmismatching two different basic rotations also increases.In addition, as the number of basic rotations increases, thefalse negative rate will sum up and lead to a lower accuracyrate. From the last line of Table 3, it can be found that thedelay of rotation grows almost linearly but even when the

number of basic rotations k = 5, delay including breaksin between each basic rotations is no more than 15s. Byimproving hardware design and optimizing authenticationalgorithm, delay could be further reduced.

In order to evaluate the practicability of our design fordaily usage, we also conduct experiments among differentusers. The results can be found in Section 4.1.3.

4.1.2 System Performance with Dual AccelerometersDuring single-sensor experiments, we observed there existssevere sensory data loss between the WISP and reader. Thisis because quality of energy harvesting and communicationbetween WISP and reader cannot be always guaranteedduring rotation process. Particularly, we call continuousdata loss in a period of time as the data fracture. Toreduce the impact of data loss, we orthogonally placed2 WISPs onto one smart card. In this way, two differentorientated antennae ensure a more stable power supply anddata transmission within the entire space. Data from twodifferent accelerometers are complementary and consolidat-ed for authentication. Same set of experiments for singlesensor have been done with dual accelerometers. Resultsare shown in Table 4 (line of delay is omitted as there isno difference with single accelerometer’s).

TABLE 4Accuracy Rate vs. Different k and n with Dual

Accelerometers

k = 1 k = 2 k = 3 k = 4 k = 5n = 4 100% 100% 95% 95.0% 95.0%n = 8 100% 95.0% 90.0% 90.0% 90.0%

From Table 4, compared with single sensor experiments,it can be found that authentication accuracy rate increasedeffectively in dual-sensor situation where two accelerome-ters work at the same time. Specifically, compare Table 4with Table 3, when the granularity of recognition n = 4,accuracy rates are all higher than 95% with dual accelerom-eters while 80% under single accelerometer situation isbelow 95%.

4.1.3 System Performance among Different UsersIn the first experiment, 50 complex rotations under eachnumber of basic rotations k are designated to 5 users.Experiments with both single and dual accelerometers areconducted.

TABLE 5Accuracy Rate vs. Different Users (n = 4)

k=1 k=2 k=3 k=4 k=5User #1 100% 100% 90.0% 86.0% 78.0%User #2 94.0% 92.0% 84.0% 72.0% 74.0%User #3 98.0% 92.0% 82.0% 82.0% 70.0%User #4 100% 98.0% 92.0% 84.0% 80.0%User #5 98.0% 88.0% 76.0% 82.0% 72.0%

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS 8

Accuracy rates of authentication with single accelerome-ter for each users are reported in Table 5. From Table 5, wecan see individual accuracy rate varies. When k = 1 andk = 2, average accuracy rate are higher than 90% (98%and 94% respectively), while most of accuracy rates whenk > 4 are below 80%, which means an error exists in everyfive certification processes. Among different users, whenk = 3, the variance of accuracy rate σ = 32.96, whichis the highest among five columns. However, variances ofaccuracy rate are below 20 when k < 3. From results shownin Table 5, system achieves high security level on bothaverage accuracy rate and variance when k ≤ 2 if n = 4.

TABLE 6Accuracy Rate vs. Different Users with Dual

Accelerometers (n = 4)

k=1 k=2 k=3 k=4 k=5User #1 100% 100% 94.0% 94.0% 96.0%User #2 100% 94.0% 96.0% 100% 98.0%User #3 98.0% 96.0% 94.0% 96.0% 98.0%User #4 96.0% 100% 100% 96.0% 92.0%User #5 100% 100% 94.0% 94.0% 92.0%

Experimental results with dual accelerometers are shownin Table 6. In Table 6, average accuracy rates of all fivecolumns are higher than 95% while in single accelerometerexperiment, accuracy rates in 14 of 25 cases are below90% and the worst case of accuracy rate is as low as70% which is occurred when user 3 performs a 5 basic-rotation authentication. Experimental results shown in Table1 demonstrate our proposed method could increase thekey space by more than 30000 times with a high enoughaccuracy rate of authentication. Besides, accuracy ratesamong different users are much more stable in Table6. With dual accelerometers, all accuracy rate variancesamong five distinct k are below 7.5 and average variance ofdifferent k is 71.8% less than that of single sensor (5.312vs. 18.816).

To further verify the practicability of our system, weconduct experiments among 20 non-technical users. Firstlyin this experiment, each user-defined rotation (i.e. privatekey) is performed once and added into the database. Thenfor each user, he/she repeats rotating the card for morethan 20 times. Figure 9(a) shows the distribution of basicrotation numbers k among 20 users. It can be foundthat the majority of users pick actions with 3-4 basicrotations. Refer to Table 1, key space can be multipliedby thousands of times naturally. Figure 9(b) and Figure9(c) show the average delay of basic rotation of differentusers and distribution of delay of all basic rotations amongdifferent users, respectively. From Figure 9(b) and Figure9(c), we can see that rotation delay varies. This is due todifferent user habits and different rotation degrees amongdifferent basic rotations. However, accuracy rates of the 20users decrease little as shown in Figure 9(d). The majorityof accuracy rates remain above 90% and the variance ofaccuracy rates among 20 users, which equals to 4.8, is

1 2 3 4 50

0.1

0.2

0.3

0.4

Basic Rotation Numbers

Pro

babi

lity

(a) Distribution of k

0 5 10 15 200

0.5

1

1.5

2

2.5

User ID

Del

ay (

s)

(b) Accuracy Rate

1 1.5 2 2.50

0.05

0.1

0.15

0.2

Delay (s)

Pro

babi

lity

(c) Delay of Basic Rotations amongDifferent Users

0.85 0.88 0.91 0.94 0.97 10

0.1

0.2

0.3

0.4

0.5

Accuracy Rate

Pro

babi

lity

(d) Distribution of Delay of BasicRotations

Fig. 9. Experimental results with 20 users

quite small. Results shown in Figure 9 fully demonstratethe effectiveness of our system in real life.

5 SIMULATIONS

Simulation results of system performance of our authentica-tion methods are provided in this section. Firstly in Section5.1 and Section 5.2, we comprehensively analysis impactsof various environment conditions on the accelerometer-based design which has a more complex authenticationalgorithm. The simulation results of the gyroscope-baseddesign can be found in Section 4 of the supplemental file.

In the accelerometer-based design, while higher gran-ularities of recognition and basic rotation numbers leadto larger key spaces and security levels, they also causeheavier workload and lower authentication accuracy rates.Therefore, we are interested to investigate the impact ofthese two parameters on the overall system performance.In addition, during experiments, we notice that sensor datasample rate and communication quality between sensorsand access control clients are dominant factors to affectthe system performance. Therefore, simulations of varioussensory data sample sizes and sensory data fractures areperformed to evaluate our algorithm with respect to theaccuracy rate r.

In the simulation, we first randomly generate basic rota-tions based on a given n and k and then compute accelera-tion data of these rotations based on a specified sensor datasampling rate. After that, k basic rotations are performedsequentially with static intervals (pauses between basicrotations, e.g. 1.5 seconds). Except otherwise specified, weset n = 4 and k follows a uniform distribution from 0 to 5in simulations. To further emulate the actual rotations, wealso add measurement noise to the raw simulated rotationdata according to the observation in the experiments.

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS 9

5.1 Impact of Sensory Data Sample SizesSensors powered by harvested RF energy face a severeconstraint of energy budget. Higher data sample rate leadsto increasing sensor/processor activities and therefore high-er energy consumption. As RF signals can only supply alimited amount of energy, such excessive sensor/processoractivities then can lead to a lot of data loss. Here we usethe amount of sensory data sampled in one basic rotationaction to describe sample size. Specifically, we assumethat system users perform rotation actions with the samespeed. Therefore sample size S is denoted as the amountof samples per 90 degrees of an individual action. Due tothe constraints of energy and radio physical limitations onWISP nodes, in practical settings we can receive at most 50samples per second in our prototype system. If we performthe 90-degree rotation as slow as 1 second, the maximalpossible sensory data sample size is Smax = 50/1 = 50.

4 12 20 28 36

0.2

0.4

0.6

0.8

1

Different Sensory Data Sample Size

Acc

urac

y R

ate

n = 4n = 8n = 12

(a) Accuracy Rate vs. Granularityof Recognition (k=3)

4 12 20 28 36

0.2

0.4

0.6

0.8

1

Different Sensory Data Sample Size

Acc

urac

y R

ate

k = 1k = 3k = 5

(b) Accuracy Rate vs. Basic Rota-tion Numbers (n=4)

Fig. 10. Impact of Different Sample Sizes

In this part, we study the impact of sample size S onthe accuracy rate r. Figure 10(a) and Figure 10(b) showaccuracy rate with different granularities of recognition nand numbers of basic rotation k, respectively. From Figure10(b), we can see that when granularity of recognitionn = 4 and sample size S > 20, the accuracy rate isapproximately 100% and remains stable. This result val-idates our authentication effectiveness as maximal sensorydata sample size in actual systems is much higher than 20.However, in Figure 10(a), if granularity of recognition con-tinues increasing (e.g. n = 12), higher sensory data samplesize can not guarantee better system performance. This isbecause higher granularity of recognition has smaller toler-ance of measurement noise. Simulation observations shownin this section also matches our empirical experiences thataccuracy rate remains stable when sample size is above 25.

5.2 Impact of Sensory Data FracturesData loss is a common issue in wireless communication. Weempirically measured the probability of losing a continuousdata block (data fracture) in our prototype with single WISPand results are shown below in TABLE 7.

In TABLE 7 we count these fractures lasted more than10% of the duration of the whole action. From this table,we find the probability of data fracture is higher than non-fracture’s (70% vs. 30%). It could be inferred that theoccurrence of fracture will increase during complex actionsas more rotations are continuously performed.

TABLE 7Data Fracture Analysis

Num. of Fracture 0 1 2 3Existence Ratio 30.0% 50.0% 10.0% 10.0%

In this section, we evaluate accuracy rate r under differ-ent data fractures. Denote Ns as the maximal number offractures and Ts as maximal percentage of data fractures inan independent action. Ns ranges between 0 to 3 whereasTs ranges between 0 to 30. Both of these two parametersfollow the uniform distribution. For example, if Ns = 2and Ts = 20, it means that 2 data fractures with each oneoccupies at most 20% data would exist in one rotation.Figure 11 shows accuracy rates under various data fracturespercentage Ts. In all two figures, maximal numbers offracture Ns = 2.

0 10 20 30 40 50

0.2

0.4

0.6

0.8

1

Different Data Fracture (%)

Acc

urac

y R

ate

n = 4n = 8n = 12

(a) Accuracy Rate vs. Granularityof Recognition (k=3)

0 10 20 30 40 50

0.2

0.4

0.6

0.8

1

Different Data Fracture (%)

Acc

urac

y R

ate

k = 1k = 3k = 5

(b) Accuracy Rate vs. Basic Rota-tion Numbers (n=4)

Fig. 11. Impact of Different Sensory Data Fractures

Figure 11(a) is a comparison of accuracy rate withdifferent granularities of recognition n and Figure 11(b)shows accuracy rate of different basic rotation numbersk. By comparing Figure 11(a) and Figure 11(b), we cansee that although authentication performance in all figuresdecreases when data loss gets severe, accuracy rate withdifferent basic rotation numbers k observes relatively muchless impact than the change of granularity of recognition.This is because authentications with higher granularity ofrecognition are more sensitive to data loss. From Figure 11,we find that our recognition algorithm is fracture-tolerant.In most cases, up to 20% sensory data fracture could betolerated in systems with little performance degradation.

6 COMPARISON BETWEEN THE TWO REF-ERENCE DESIGNS

Different from accelerometer-based design which relieson precise rotations, gyroscope-based design adopts theimpulse of the amplitude of the angular velocity (seeSection 2.2). Compared with accelerometer-based design,gyroscope-based design owns a higher authentication ac-curacy and smaller authentication delay (see Section 4).However, the accelerometer-based design is more robustunder changing environmental conditions as the gyroscope-based design is more sensitive to data loss (see Section 5).Both of these two designs have large key space.

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS 10

7 RELATED WORK

Recently, researchers have introduced several RFID-basedsolutions to improve the security level of access controlsystems [11], [12], [13]. Sample et al. present a solutionfor adding capacitive touch sensing onto RFID tags forcapacitive user input [11]. To further improve the systemsecurity, Saxena et al. [12] introduce a method to generaterandom numbers to achieve motion detection based on theambient noise of onboard accelerometer of RFID tags. In[13], by utilizing on-board sensors, authors design multiplecontext-aware selective unlocking mechanisms to preventunauthorized reading and replay attacks.

The most similar paper to this work is the ”RFIDs andsecret handshakes” [14]. In this work, based on WISP,authors introduce an approach to tackle the ghost-and-leechattack between contactless cards and readers. Specifically,authors propose a context-aware authentication method byallowing contactless cards to communicate with readers on-ly if the card owner performs a secret handshake. However,different from this quasi-biometrical authentication methodwhich relies on the unique user patterns exhibited duringthe authentication process, we proposed an orthogonalsolution which has a large key space increase by combiningdynamic sensory information and static identifier duringauthentication process. By doing so, our method is alsocompatible with the context-aware solution in [14].

Although currently there exist several sensor-aided so-lutions to improve the security of access control systems,they have relatively small improved key space and operatein limited environment settings. Different from previousapproaches, in our proposed design, we ensure that the dy-namic authentication framework with sensory informationcombines the best of mechanical and electronic authen-tication methods which is backward compatible with theexisting deployed RFID authentication systems. Apart fromthe accelerometer and gyroscope, various low-power sen-sors including temperature, microphone, electronic compassand barometer [15], [16], [17] are also desirable candidatesof the proposed framework that would bring large keyspace increases with simple sensor readings. In addition,trusted users can share and reset access privilege amongthemselves. With such embedded sensor information andsignificantly increased key space, we can effectively coun-terattack the compromises of the access control system.

8 CONCLUSIONS

In this paper, we proposes a dynamic authentication withsensory information for the access control systems. Dif-ferent from existing schemes of authentication in accesscontrol systems, which mainly based on static informationon cards, our dynamic authentication method combinessensory information from onboard sensors and conventionalstatic ID information. Two case studies of the dynamicauthentication are proposed. We theoretically analyze theirhighly increased key space, which exponentially multipliedstatic key space in existing authentication methods. To eval-uate performance of our design, we built a prototype system

and validate authentication mechanism experimentally. Inexperiments, the proposed authentication algorithm showeda 95% high accuracy rate among different users. In thesimulation part, we comprehensively study the impact ofsensory data sample size and sensory data loss, which foundto be critical factors from experiments on authenticationalgorithm. Most simulation results validate our algorithmeffectively. Growing popularity of electronically based au-thentication in proximity access control systems calls for ahigher security level and greater ubiquity. We believe thatauthentication bound with dynamic sensory information caneffectively enhanced security level of access control sys-tems and will take an important step towards electronicallyaccess authentication in the future.

REFERENCES[1] Y. Shu, Y. Gu, and J. Chen, “Sensory-Data-Enhanced Authentication

for RFID-based Access Control Systems,” in IEEE MASS, 2012.[2] A. Juels, “RFID security and privacy: A research survey,” IEEE

Journal on Selected Areas in Communications, vol. 24, no. 2, pp.381–394, 2006.

[3] R. Mayrhofer and H. Gellersen, “Shake well before use: Authenti-cation based on accelerometer data,” Pervasive Computing, pp. 144–161, 2007.

[4] M. Burmester, T. Van Le, B. De Medeiros, and G. Tsudik, “Univer-sally composable RFID identification and authentication protocols,”ACM Transactions on Information and System Security, vol. 12,no. 4, p. 21, 2009.

[5] J. Kong, H. Wang, and G. Zhang, “Gesture recognition model basedon 3D accelerations,” in IEEE ICCSE, 2009.

[6] S. Mitra and T. Acharya, “Gesture Recognition: A survey,” IEEETransactions on Systems, Man and Cybernetics, vol. 37, no. 3, pp.311–324, 2007.

[7] S. Zhou, Q. Shan, F. Fei, W. J. Li, C. P. Kwong, P. C. K. Wu,B. Meng, C. K. H. Chan, and J. Y. J. Liou, “Gesture recognitionfor interactive controllers using MEMS motion sensors,” in IEEENEMS, 2009.

[8] T. Park, J. Lee, I. Hwang, C. Yoo, L. Nachman, and J. Song,“E-gesture: a collaborative architecture for energy-efficient gesturerecognition with hand-worn sensor and mobile devices,” in ACMSenSys, 2011.

[9] A. P. Sample, D. J. Yeager, P. S. Powledge, A. V. Mamishev, and J. R.Smith, “Design of an RFID-based battery-free programmable sensingplatform,” IEEE Transactions on Instrumentation and Measurement,vol. 57, no. 11, pp. 2608–2615, 2008.

[10] M. Buettner and D. Wetherall, “An empirical study of UHF RFIDperformance,” in ACM MobiCom, 2008.

[11] A. P. Sample, D. J. Yeager, and J. R. Smith, “A capacitive touchinterface for passive RFID tags,” in IEEE RFID, 2009.

[12] N. Saxena and J. Voris, “Still and silent: motion detection forenhanced RFID security and privacy without changing the usagemodel,” Radio Frequency Identification: Security and Privacy Issues,Lecture Notes in Computer Science, vol. 6370, pp. 2–21, 2010.

[13] D. Ma and N. Saxena, “A context-aware approach to defend againstunauthorized reading and relay attacks in RFID systems,” Securityand Communication Networks, December 2011.

[14] A. Czeskis, K. Koscher, J. R. Smith, and T. Kohno, “RFIDs andsecret handshakes: Defending against ghost-and-leech attacks andunauthorized reads with context-aware communications,” in ACMCCS, 2008.

[15] N. Lane, E. Miluzzo, H. Lu, D. Peebles, T. Choudhury, and A. Camp-bell, “A survey of mobile phone sensing,” IEEE CommunicationsMagazine, vol. 48, no. 9, pp. 140–150, Sept. 2010.

[16] P. Kannan, P. Seshadri, M.-C. Chan, A. L. Ananda, and L.-S. Peh,“Low cost crowd counting using audio tones,” in ACM SenSys, 2012.

[17] J. Chung, M. Donahoe, C. Schmandt, I.-J. Kim, P. Razavai, andM. Wiseman, “Indoor location sensing using geo-magnetism,” inACM MobiSys, 2011.

[18] Y. Shu, J. Chen, F. Jiang, Y. Gu, Z. Dai, and T. He, “Demo:WISP-based access control combining electronic and mechanicalauthentication,” in ACM SenSys, 2011.

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS 11

Yuanchao Shu is currently a Ph.D candidatein Control Science and Engineering at Zhe-jiang University, Hangzhou, China. He is amember of the Group of Networked Sensingand Control (IIPC-NeSC) in the State KeyLaboratory of Industrial Control Technology.His research interests include Mobile Com-puting and networked control, optimizationand systems design in Cyber-Physical Sys-tems and Wireless Sensor Networks.

Yu (Jason) Gu is currently an assistant pro-fessor in the Pillar of Information SystemTechnology and Design at the Singapore U-niversity of Technology and Design. He re-ceived the Ph.D. degree from the Universityof Minnesota, Twin Cities in 2010. Dr. Gu isthe author and co-author of over 60 papers inpremier journals and conferences. His publi-cations have been selected as graduate-levelcourse materials by over 20 universities inthe United States and other countries. His

research includes Networked Embedded Systems, Wireless SensorNetworks, Cyber-Physical Systems, Wireless Networking, Real-timeand Embedded Systems, Distributed Systems, Vehicular Ad-HocNetworks and Stream Computing Systems. Dr. Gu is a member ofACM and IEEE.

Jiming Chen (M’08 SM’11) received B.Scdegree and Ph.D degree both in ControlScience and Engineering from Zhejiang U-niversity in 2000 and 2005, respectively. Hewas a visiting researcher at INRIA in 2006,National University of Singapore in 2007, andUniversity of Waterloo from 2008 to 2010.Currently, he is a full professor with Depart-ment of control science and engineering, andthe coordinator of group of Networked Sens-ing and Control in the State Key laboratory of

Industrial Control Technology, Vice Director of Institute of IndustrialProcess Control at Zhejiang University, China. He currently servesassociate editors for several international Journals including IEEETransactions on Parallel and Distributed System, IEEE Transactionson Industrial Electronics, IEEE Network, IET Communications, etc.He was a guest editor of IEEE Transactions on Automatic Control,Computer Communication (Elsevier), Wireless Communication andMobile Computer (Wiley) and Journal of Network and ComputerApplications (Elsevier). He also served/serves as Ad hoc and Sen-sor Network Symposium Co-chair, IEEE Globecom 2011; generalsymposia Co-Chair of ACM IWCMC 2009 and ACM IWCMC 2010,WiCON 2010 MAC track Co-Chair, IEEE MASS 2011 Publicity Co-Chair, IEEE DCOSS 2011 Publicity Co-Chair, IEEE ICDCS 2012Publicity Co-Chair, IEEE ICCC 2012 Communications QoS and Reli-ability Symposium Co-Chair, IEEE SmartGridComm The Whole Pic-ture Symposium Co-Chair, IEEE MASS 2013 Local Chair, WirelessNetworking and Applications Symposium Co-chair, IEEE ICCC 2013and TPC member for IEEE ICDCS’10,’12,’13, IEEE MASS’10,11,’13,IEEE SECON’11,’12 IEEE INFOCOM’11,’12,’13, etc.