Unmanned aerial vehicles offer services such as military reconnaissance in potentially adversarial controlled regions. In addition, they have been deployed in civilian critical infrastructure monitoring. In this environment, real-time and massive data is exchanged between the aerial vehicles and the ground control stations. Depending on the mission of these aerial vehicles, some of the collected and transmitted data is sensitive and private. Therefore, many security protocols have been presented to offer privacy and security protection. However, majority of these schemes fail to consider attack vectors such as side-channeling, de-synchronization and known secret session temporary information leakages. This last attack can be launched upon adversarial physical capture of these drones. In addition, some of these protocols deploy computationally intensive asymmetric cryptographic primitives that result in high overheads. In this paper, an authentication protocol based on lightweight quadratic residues and hash functions is developed. Its formal security analysis is executed using the widely deployed random oracle model. In addition, informal security analysis is carried out to show its robustness under the Dolev–Yao (DY) and Canetti–Krawczyk (CK) threat models. In terms of operational efficiency, it is shown to have relatively lower execution time, communication costs, and incurs the least storage costs among other related protocols. Specifically, the proposed protocol provides a 25% improvement in supported security and privacy features and a 6.52% reduction in storage costs. In overall, the proposed methodology offers strong security and privacy protection at lower execution time, storage and communication overheads.