Comparative study of authentication protocols for the Internet of Drones (IoD)

Recently, Internet of Drones (IoD) applications have grown in various fields, including the military, healthcare, smart agriculture, and traffic monitoring. Drones are equipped with computation resources, communication units, and embedded systems that allow them to sense, collect, and deliver data in real-time through public communication channels. However, this fact introduces the risk of attack on data transmitted over unsecured public channels. Addressing several security threats is crucial to ensuring the secure operation of IoD networks. Robust authentication protocols play a vital role in establishing secure processes in the IoD environment. However, designing efficient and lightweight authentication solutions is a complex task due to the unique characteristics of the IoD and the limitations of drones in terms of their communication and computational capabilities. There is a need to review the role of authentication processes in controlling security threats in the IoD due to the increasing complexity and frequency of security breaches. This review will present the primary issues and future path directions for authentication schemes in the IoD and provide a framework for relevant existing schemes to facilitate future research into the IoD. Consequently, in this paper, we review the literature to highlight the research conducted in this area of the IoD. This study reviews several existing methods for authenticating entities in the IoD environment. Moreover, this study discusses security requirements and highlights several challenges encountered with the authentication schemes used in the IoD. The findings of this paper suggest future directions for research to consider in order for this domain to continue to evolve.

A biometric and physically unclonable function–Based authentication protocol for payload exchanges in internet of drones

The Internet of Drones (IoD) provides the coordinated access to controlled airspace for the Unmanned Aerial Vehicles (called drones). The on-going cheaper costs of sensors and processors, and also wireless connectivity make it feasible to use the drones for several applications ranging from military to civilian. Since most of the applications using the drones involved in the IoD are real-time based applications, the users (external parties) usually have their interest in getting the real-time services from the deployed drones belonging to a particular fly zone. To address this important issue in the IoD, there is a great need of an efficient and secure user authentication approach in which an authorized user (for example, a driver of an ambulance) in the IoD environment can be given access to the data directly from an accessed drone. In this article, we first discuss an authentication model used in the IoD communication. We then discuss some security challenges and requirements for the IoD environment. A taxonomy of various security protocols in the IoD environment is also discussed. We then emphasis on the study of some recently proposed user authentication schemes for the IoD communication. A detailed comparative study is done based on functionality features, security attacks, and also communication and computation costs. Through the rigorous comparative study of the existing schemes, we identify the strengths and weaknesses of the user authentication schemes for the IoD communication. Finally, we identify some of the challenges for the IoD that need to be addressed in the coming future.

As mobile internet and Internet of Things technologies continue to advance, the application scenarios of peer-to-peer Internet of Drones (IoD) are becoming increasingly diverse. However, the development of IoD also faces significant challenges, such as security, privacy protection, and limited computing power, which require technological innovation to overcome. For group secure communication, it is necessary to provide two basic services, user authentication and group key agreement. Due to the limited storage of IoD devices, group key negotiation requires lightweight calculations, and conventional schemes cannot satisfy the requirements of group communication in the IoD. To this end, a new lightweight communication scheme based on ring neighbors is presented in this paper for IoD, which not only realizes the identity verification of user and group key negotiation, but also improves computational efficiency on each group member side. A detailed security analysis substantiates that the designed scheme is capable of withstanding attacks from both internal and external adversaries while satisfying all defined security requirements. More importantly, in our proposal, the computational cost on the user side remains unaffected by the variability of the number of members participating in group communication, as members communicate in a non-interactive manner through broadcasting. As a result, the protocol proposed in this article demonstrates lower computational and communication costs in comparison to other cryptographic schemes. Hence, this proposal presents a more appealing approach to lightweight group key agreement protocol with user authentication for application in the IoD.

IoDMix: A novel routing protocol for Delay-Tolerant Internet of Drones integration in Intelligent Transportation System

The Internet of Drones (IoD) is a distributed architecture that connects drones to regulated airspace while also providing inter-location navigation services. Because of the rise of the drone-based general public and army applications, the Internet of Drones is becoming increasingly important. It transforms the existing Internet atmosphere into one that is more widespread and pervasive in nature. IoT connects drones with the IoD network (IoT). Due to this reason, the IoD network is vulnerable to most of the privacy and security issues associated with IoT ecosystems. To achieve the most performance from IoD apps, it's critical to maintain a safe environment free of privacy and security risks. Privacy and security issues have impeded the overall impact of the IoD framework. Existing survey research has contributed to a better knowledge of the IoD security and privacy challenges. We look into the various drone categories' levels of security and privacy issues. The necessity for secure IoD architecture is then highlighted, and a solution is proposed. We also provide a thorough taxonomy of IoD network attacks.

HighlightsWhat are the main findings?We propose a novel and practical certificateless cryptographic scheme utilizing Chebyshev polynomials.The proposed scheme significantly reduces computational overhead compared to existing solutions. Performance evaluations and comparative analysis reveal a substantial decrease in computational costs, with our scheme requiring approximately 65% less computational effort.What is the implication of the main finding?This work fills a critical research gap by establishing a practical certificateless cryptographic scheme based on Chebyshev polynomials. Beyond this novelty, it also promotes the broader application and exploration of Chebyshev polynomials within the domain of public key cryptography.The considerable reduction in computational overhead, particularly when compared to certificateless schemes based on elliptic curve cryptography, positions our proposed solution as a highly attractive option for resource-constrained environments (e.g., the IoD).The Internet of Drones (IoD) overcomes the physical limitations of traditional ground networks with its dynamic topology and 3D spatial flexibility, playing a crucial role in various fields. However, eavesdropping and spoofing attacks in open channel environments threaten data confidentiality and integrity, posing significant challenges to IoD communication. Existing foundational schemes in IoD primarily rely on symmetric cryptography and digital certificates. Symmetric cryptography suffers from key management challenges and static characteristics, making it unsuitable for IoD’s dynamic scenarios. Meanwhile, elliptic curve-based public key cryptography is constrained by high computational complexity and certificate management costs, rendering it impractical for resource-limited IoD nodes. This paper leverages the low computational overhead of Chebyshev polynomials to address the limited computational capability of nodes, proposing a certificateless public key cryptography scheme. Through the semigroup property, it constructs a lightweight authentication and key agreement protocol with identity privacy protection, resolving the security and performance trade-off in dynamic IoD environments. Security analysis and performance tests demonstrate that the proposed scheme resists various attacks while reducing computational overhead by 65% compared to other schemes. This work not only offers a lightweight certificateless cryptographic solution for IoD systems but also advances the engineering application of Chebyshev polynomials in asymmetric cryptography.

SummaryThe primary concern for securing the Internet of Drones (IoD) is authentication. Drone location is a vital information that must be verified before a secure communication link with the ground station can be established. In this paper, a location aware mutual authentication technique for secure inter‐drone and drone to ground communication using physical unclonable functions and Chebyshev chaotic maps is proposed. This is the first work that addresses the location validation of drones along with server‐less inter‐drone communication with a fail‐safe mechanism designed using a fuzzy inference system to tackle drone failures. The security of the system is analyzed using Burrows–Abadi–Needham logic, real‐or‐random oracle model and ProVerif. The processing, communication, and storage costs of the proposed scheme are determined and compared to other drone mutual authentication protocols. The proposed mechanism outperforms the existing mutual authentication protocols with superior security features and performance attributes and is well suited for surveillance drone networks.

A lightweight authentication and key agreement scheme for Internet of Drones

The Internet of Drones (IoD) is one of the world's most recent and innovative technology. Drones are most prominent IoT (Internet of Things) gadgets and their applications span from commercial to domestic. The sensitive data stored in drones has increased the demand for the security of communication in the IoD. As a result, numerous authentication and key agreement techniques have been developed to proffers secure communication among the entities of the IoD network. However, after scrutinizing the security of these protocols, many IoD protocols were observed to be susceptible to different cryptographic attacks. This has enhanced the necessity for an improved and efficient authentication scheme in IoD. In this article, we first investigate Zhang et al.'s approach and demonstrate that although it offers security verification, it has certain design problems. It is, furthermore, shown to be vulnerable to privileged insider, offline password guessing, and stolen smart device attacks. Second, we propose a novel biometric‐based scheme that includes countermeasures to protect against these flaws. The security of the mechanism is examined under real or random oracle model, informal security analysis and scyther simulation for numerous cryptographic assaults. Also, the performance analysis substantiates the competency of the proposed scheme corresponding to computation and communication cost with existing schemes.

As the popularity growth of drones is witnessed in various fields, people start attaching importance to the Internet of Drones (IoD) paradigm. In the IoD, the regional aviation administration (i.e., Zone Service Providers (ZSPs)) regulates the usage of vast yet limited airspace and provides necessary services (i.e., supplemental data services) for various drone applications. In order to create a secure environment for communications, authentication and key agreement protocols have an important role to play in the IoD. A few conventional security protocols specifically designed for traditional communication networks cannot be directly exercised in the IoD environment because of their non-negligible computational overhead and the distinctive characteristics of IoD (i.e., insufficient resources of drones). In this paper, we propose a bilinear pairing and physical unclonable function based lightweight authentication protocol (hereafter referred to as liteCrypto) for the IoD environment. In liteCrypto, a drone and the ZSP mutually authenticate each other and establish a secure session key based on bilinear pairing and physical unclonable function before sharing any critical information over an insecure wireless channel. In terms of performance evaluation, we first implement liteCrypto in High-Level Protocol Specification Language (HLPSL) and verify its security performance in the Automated Validation of Internet Security Protocols and Applications (AVISPA) environment, and then present a security analysis of liteCrypto. In addition, we develop a real-world testbed, implement liteCrypto and its two counterparts (i.e., ECCAuth and RAMP-IoD), conduct extensive experiments, and provide an in-depth performance analysis. Our performance evaluation shows that not only is liteCrypto a secure communication protocol, but also outperforms its counterparts in terms of computational overhead, energy consumption, as well as communication cost.

The Internet of Drones (IoD) is a network layer control system that manages the communication of Unmanned Aerial Vehicles (UAVs). Drones have emerged as a novel approach to addressing everyday human challenges and are now used in a variety of domains, such as personal activities (e.g., photography and videography), urban applications (e.g., traffic monitoring and structural inspection), commercial operations (e.g., power line and tower inspection), agriculture, and military operations. Given the rapid growth of UAVs and their expanding applications, interconnecting drones to form an IoD is a desirable trend for enhancing flight safety and quality. However, challenges related to security, privacy, and inter-drone communication remain significant obstacles. Numerous authentication protocols have been developed to address these concerns. Recently, Zhang et al. proposed a PUF-based authentication scheme that uses unique identifiers and hash functions to secure authentication in the IoD environment. However, in this paper, we demonstrate that Zhang et al.'s scheme is vulnerable to several attacks, including secret value disclosure, integrity violation, key extraction, traceability, and anonymity violation. The presented attacks are shown to have a success probability of one. We also introduce two enhanced protocols that, through both informal and formal security proofs using the Scyther tool, demonstrate that they do not suffer from the vulnerabilities found in the earlier protocol. The communication costs of the proposed protocols (a) and (b) have increased by [Formula: see text] and [Formula: see text], respectively, compared to the previous protocol. The computational costs for the proposed protocols (a) and (b) have also increased by [Formula: see text] and [Formula: see text], respectively, while the storage costs in both proposed protocols remain unchanged compared to the previous protocol. It is true that the costs in the proposed protocols have risen; however, the previous design was vulnerable to various attacks, whereas the proposed protocols have demonstrated better security and have successfully achieved all their security objectives.

The Internet of Drones (IoD) is increasingly utilized in sensitive applications, demanding robust authentication mechanisms. Traditional authentication methods face challenges from various attacks, and the unique operational context of IoD, including potential drone capture, necessitates advanced security measures. This paper proposes a Biometric-Enhanced Two-Factor Authentication Protocol for IoD (Bio-2FA-IoD), drawing inspiration from established principles in two-factor authentication and leveraging recent advancements in biometric security. The protocol aims to provide strong mutual authentication between a drone operator (via an operator device), the drone (acting as a relay), and a Ground Control Station (GCS), facilitated by a Trusted Authority (TA). We detail the registration and authentication phases, integrating fuzzy extractors for reliable biometric key generation, a technique proven effective in various secure systems. The security of Bio-2FA-IoD is then analyzed using BAN (Burrows-Abadi-Needham) logic to demonstrate the establishment of shared beliefs and authenticated key agreement, and through the Bellare-Pointcheval-Rogaway (BPR) model to formally prove its security against active adversaries in the Authenticated Key Exchange (AKE) context. A comparative performance evaluation highlights the protocol's efficiency in terms of computational and communication costs, positioning it as a viable solution for resource-constrained IoD environments.

Security and privacy are among the most critical challenges on the internet of drones (IoD) network. The communication entities of the IoD network can communicate securely with the use of authenticated key agreement (AKA) based techniques. However, the design of such techniques must balance the tradeoff between security and lightweight features. Recently, Chen et al. proposed an authentication and key sharing scheme for IoD deployment. It is, however, realized after scrutiny that the proposed technique is vulnerable to security attacks under the well-accepted Canetti-Krawczyk (CK) adversary model. Moreover, the scheme applies to the IoD network with only one drones' flying zone. To solve these challenges, this paper proposed a secure lightweight proven authenticated key agreement (SLPAKA) technique for IoD deployment. The technique is free from all the problems identified in the scheme of Chen et al. To ensure the reliability of the SLPAKA, the security of the technique has been assessed from a theoretical method and formal way using the ProVerif cryptographic protocol verification tool. Apart from comparing the performance of SLPAKA with the benchmarking schemes in terms of security, computational cost, and communication cost, the SLPAKA and the technique proposed by Chen et al. are implemented using a python programming language to evaluate and compare their performance in terms of energy consumption and computational time metrics. The results show that the SLPAKA outperforms the technique of Chen et al. and all the other benchmarking techniques in terms of security and lightweight features.

The Internet of Drones (IoD) is an emerging industry that offers convenient services for humans due to the high mobility and flexibility of drones. The IoD substantially enhances human life by enabling diverse drone applications across various domains. However, a malicious adversary can attempt security attacks because communication within an IoD environment is conducted through public channels and because drones are vulnerable to physical attacks. In 2023, Sharma et al. proposed a physical unclonable function (PUF)-based authentication and key agreement (AKA) scheme for the IoD. Regrettably, we discover that their scheme cannot prevent impersonation, stolen verifier, and ephemeral secret leakage (ESL) attacks. Moreover, Sharma et al.’s scheme cannot preserve user untraceability and anonymity. In this paper, we propose a secure and lightweight AKA scheme which addresses the shortcomings of Sharma et al.’s scheme. The proposed scheme has resistance against diverse security attacks, including physical capture attacks on drones, by leveraging a PUF. Furthermore, we utilize lightweight operations such as hash function and XOR operation to accommodate the computational constraints of drones. The security of the proposed scheme is rigorously verified, utilizing “Burrows–Abadi–Needham (BAN) logic”, “Real-or-Random (ROR) model”, “Automated Validation of Internet Security Protocols and Application (AVISPA)”, and informal analysis. Additionally, we compare the security properties, computational cost, communication cost, and energy consumption of the proposed scheme with other related works to evaluate performance. As a result, we determine that our scheme is efficient and well suited for the IoD.