SENSORY KEYS: SECURE COMMUNICATION & MUTUAL AUTHENTICATION USING MODIFIED DIFFIE HELLMAN KEY AGREEMENT SCHEME
Abstract
Smartphones and Tabloids are becoming the digital entity of identification for every individual. Their portability and programmability have made them a juncture of endless applications. Apart from the numerous gaming apps that are available, applications especially in the fields of health and fitness, and finance often require the data to be transferred to a remote server. Manipulation of that data by a hacker, such as by man in the middle (MITM) attacks can lead to many undesired outcomes. Therefore, secure data transfer is critical in many applications. This research work presents a new variant of the Diffie-Hellman key agreement scheme that uses dynamically changing sensor data to facilitate continuous key updates. Our scheme ensures mutual authentication and mitigates MITM attacks with minimal need for public key infrastructure (PKI). We also propose an access control mechanism that protects data recorded by our application on the phone in case of physical attacks. We have tested the randomness of the keys generated using various real time use-cases. There were no noticeable patterns of key generation or key sequences. We have also evaluated our scheme using a security protocol analyzer tool, ‘Scyther’. Our test results have shown that the proposed key agreement scheme is efficient in mitigating MITM attacks.