Authentication of keys distributed by the Diffie–Hellman method for mobile devices based on authentication codes and magnetometric data

The wide distribution of mobile wireless devices (smartphones, tablets, etc.) warrants cryptographic protection of information transmitted by these devices, which requires supplying these devices with keys and providing their authentication. Recently, research on key authentication methods within scenarios of pairing mobile devices, has been increasingly relevant. In these conditions, mobile devices are located close to each other, up to the physical contact, and an additional key sharing authenticated channel protected from interception is established for purposes of key authentication.
The analysis of additional channel versions: visual, acoustic, vibration, tactile, and magnetometric shows advantages of the latter one in terms of speed and reliability of authentication, as well as easer se of this channel compared to other methods. A magnetometer channel forms if there are magnetometers in mobile devices that measure the Earth’s magnetic field. Random fluctuations of the magnetic field at the measurement point allow to generate in a pair of mobile devices random sequences that coincide with a high probability and which can be used to authenticate session keys.
The “Magparing” protocol of mobile devices keys authentication, which are distributed by Diffie-Hellman method is studied. his protocol is based on the magnetometer data measuring. We demonstrate that the protocol is succeptible to “man-in-the-middle” attack. This fact is confirmed also by software AVISPA simulation.
A new key authentication method based on the use of authenticating code (A-code) is proposed. Authenticators for Diffie-Hellman values are generated based on A-code blocks and random sequences obtained by the reading of magnetometer’s values. An approach for A-code parameters optimization, that conforms to the requirements for authentication key length and both to the probabilities of false key removal and false key deception, is investigated. We present an example  of code parameters for key authentication with the length of 256 bits, providing the probability of a false key agreement of not greater than 10$^{-9}$ and a probability of false rejection of a true key equal to -10$^{-6}$, which shows viability of the proposed authentication method.