Unmanned aerial vehicles (UAVs) have seen widespread adoption across diverse sectors, including agriculture, logistics, surveillance, and disaster management, due to their capabilities for real-time data acquisition and autonomous operations. The integration of UAVs with Internet of Things (IoT) systems further amplifies their functionality, enabling sophisticated applications such as smart city management and environmental monitoring. In this context, blockchain technology plays a pivotal role by providing a decentralized, tamper-resistant ledger that facilitates secure data exchange between UAVs and connected devices. Its transparent and immutable characteristics mitigate the risk of a single point of failure, thereby enhancing data integrity and bolstering trust within UAV–IoT communication networks. However, the interconnected nature of these systems introduces significant security challenges, including unauthorized access, data breaches, and a variety of network-based attacks. These issues are further compounded by the limited computational capabilities of IoT devices and the inherent vulnerabilities of wireless communication channels. Recently, a lightweight mutual authentication scheme using blockchain was presented; however, our analysis identified several critical security flaws in these existing protocols, such as drone impersonation and session key disclosure. To address these vulnerabilities, we propose a secure and lightweight authentication scheme for multi-server UAV–IoT environments. The proposed protocol effectively mitigates emerging security threats while maintaining low computational and communication overhead. We validate the security of our scheme using formal methods, including the Real-Or-Random (RoR) model and BAN logic. Comparative performance evaluations demonstrate that our protocol enhances security while also achieving efficiency, making it well-suited for resource-constrained IoT applications.
Read full abstract