An Efficient Authenticated Key Agreement Scheme Supporting Privacy-Preservation for Internet of Drones Communications
Abstract
:1. Introduction
- For civilian purposes [9]:
- i.
- For photography purposes: Allowing TV/film producers to take aerial photography in a new manner by using drones, thus enhancing the aerial view to a higher extent.
- ii.
- For natural disaster assessment and control purposes: After Hurricane Katrina hit the United States in 2005, drones were used for disaster control and assessment to observe which roads were blocked by fallen trees, cars, and road barriers, or to search for missing, injured, and trapped people.
- iii.
- For emergency response purposes: Like ambulances, drones can be used as portable medical kits which can send medical supplies to emergency units on site, particularly when the emergency site is inaccessible for vehicles. Furthermore, affected by the recent COVID-19 pandemic, drones have been deployed on the streets of Spain and China (mainly Wuhan), to raise people’s awareness of the crisis via cameras and broadcasters, or aerial spraying for disinfection. Furthermore, drones can be used as a means of delivering food and medication to infected patients, aiming to transport tested samples at a higher speed, and reduce human contact.
- iv.
- For environmental monitoring purposes: Drones can be used to perform tasks of measuring environmental pollution, such as those for air quality measurement and analysis; perform agricultural tasks, such as soil analysis, crop/livestock management/disease, and pest control; perform animal protection tasks, such as nature/wildlife protection/anti-poaching/endangered species protection.
- For police purposes [10]:
- i.
- For traffic monitoring purposes: Drones can be used to monitor traffic and accident scenes. For example, the Spanish government has adopted drones to monitor traffic bottlenecks since 2015.
- ii.
- For criminal-tracking purposes: Drones can be used to monitor crime scenes and prison fugitives. For example, the Ohio State Police Station used a drone to track an escaped prisoner and track him down in 2016.
- iii.
- For forensic search-and-rescue purposes: Drones can be used to tackle crimes, such as the missing person and murder case of Ms. Tara Grinstead in 2015, for whom Georgia police used a fixed-wing drone called Spectra to search.
- For military purposes [11]:
- i.
- For aerial surveillance/reconnaissance purposes: Drones can be deployed in the air to collect intelligence and information and further identify and track the locations of terrorist camps, vehicles, weapons, plants, and improvised explosive devices. For example, Russia collected new drone footage that unveiled how Turkey used artillery operations to attack the Syrian army in 2020.
- ii.
- For airstrike purposes: As early as 2002, the U.S. military used drones for airstrike missions and then developed them for application with British allies in the global anti-terrorism war. In addition, Israel also made use of drones to conduct airstrikes against military installations/key targets/people in Iraq and Syria on the west coast.
- iii.
- For drone hijacking purposes: Drone hijacking is mainly achieved via GPS intervention/spoofing, which was used to resolve the conflict in Ukraine and stood up to the threat from the Islamic State until the city of Mosul was finally liberated from the Islamic State in 2017.
- For criminal attack purposes [12]:
- i.
- Physical attacks: Drones can easily be used to destroy people’s privacy and threaten their private property by crashing into people or their property intentionally or unintentionally to cause them serious damage. Moreover, some drones can fly as high as 500 m in the air, just like bird strikes, which can cause serious damages to aircrafts in flight.
- ii.
- Logical attacks: They include spoofing a hotspot of a mobile Wi-Fi network, allowing the victim users to connect and monitor their sensitive messages, such as account passwords and credit card data, or implanting malware into smartphones and mobile devices that are connected to the malicious hotspot. Furthermore, a Raspberry Pi device connected to a drone can also be maliciously coded to intercept or hijack other drones nearby.
2. System Architecture in IoD Communications
2.1. System Model
2.2. Threat Model
3. The Proposed Scheme
- : The ith mobile user.
- : The jth drone.
- : The control server.
- : The identity and password of .
- : The identity of .
- : 160 bits secret value and master key of .
- n: 160 bits public parameter selected by .
- : The current timestamp of , and , respectively.
- : 160 bits random numbers of and , respectively.
- : An active drone list.
- : A collision free one-way hash function.
- : The maximum time threshold of accepting messages.
- : The current time received message.
- : The common session key shared between and .
- ⊕: The bitwise exclusive OR operation.
- : The string concatenation operation.
3.1. System Setup Phase
3.2. User Registration Phase
- Step 1.
- chooses his/her identity , password and a random number and computes . Then sends the registration request {} to via a secure channel.
- Step 2.
- After receiving the registration request from , checks the uniqueness of ’s identity. If the uniqueness of is satisfied, computes and sends it to securely.
- Step 3.
- After receiving from , computes and stores {} in the tamper-proof memory, which means that the parameters and can be used during the computation, but it is unable to extract them from the mobile device of .
3.3. Drone Registration Phase
- Step 1.
- selects an unique identity for and computes . Then saves () in list and sends {} to securely.
- Step 2.
- After receiving the registration parameters from , stores and in its memory securely.
3.4. Authentication and Key Agreement Phase
- Step 1.
- opens the login portal and inputs his/her identity and password into the mobile device. Then the mobile device retrieves () and computes and . Then it randomly generates two 160 bits random numbers and computes , , , , where is the current timestamp of . Then sends authentication request message {} to via a public channel.
- Step 2.
- After receiving the authentication request from , checks whether holds or not. If not, rejects the authentication request immediately. Otherwise, computes , , , and .
- Step 3.
- checks whether holds or not. If yes, authenticates the legality of . Otherwise, rejects ’s authentication request. Now, randomly assigns an active drone in IoD for and computes , , , , , and , where is retrieved from list and is the current timestamp of . Finally sends the message {} to through a public channel.
- Step 4.
- After receiving the message from , checks whether holds or not. If not, rejects this session. Otherwise, retrieves and computes , , and .
- Step 5.
- checks whether holds or not. If not, rejects the request. Otherwise, authenticates the legality of and . Then, randomly chooses a 160 bits random number and computes the common session key , , and , where is the current timestamp of . Finally sends the message {} to through a public channel.
- Step 6.
- After receiving the message from , checks whether holds or not. If not, rejects this session. Otherwise, computes and . Then further checks if holds or not. If it is true, it implies that is authenticated to . In order to verify the legality of , computes , the common session key , and and checks whether holds or not. If not, rejects the communication request. Otherwise, it implies that is also authenticated to and the common session key will be used for securing IoD communications between and . Finally, computes and replaces {} with {} for the next login.
4. Security Analysis of the Proposed Scheme
4.1. Simulation Verification with ProVerif
4.2. BAN Logic Analysis
- -:
- P believes X or P would be entitled to believe X.
- -:
- P sees X. Someone has sent a message containing X to P, who can read and repeat X.
- -:
- P has jurisdiction over X. P is an authority on X and should be trusted on this matter.
- -:
- P once said X. P at some time sent a message including X.
- -:
- This represents X combined with Y.
- -:
- The formula X is fresh, that is, X has not been sent in a message at any time before the current run of the protocol.
- -:
- P and Q may use the shared key K to communicate.
- -:
- The formula S is a secret known only to P and Q and possibly to principals trusted by them.
- G1:
- G2:
- G3:
- G4:
- G5:
- G6:
- M1:
- M2:
- A1:
- A2:
- A3:
- A4:
- A5:
- A6:
- A7:
- S1:
- S2:
- S3:
- S4:
- S5:
- S6:
- S7:
- S8:
- S9:
- S10:
- S11:
- S12:
- S13:
- Scenario:
- A malicious attacker uses an illegal flying drone to authenticate a legal mobile device .
- Analysis:
- The attacker will not succeed because the illegal flying drone has not been registered to the legal control server , and the illegal flying drone cannot calculate the correct session key . Thus, it will fail when the legal mobile device attempts to authenticate the illegal flying drone . In the proposed scheme, the attacker cannot achieve their purpose using an illegal flying drone . In the same scenario, the proposed scheme can also defend against a malicious attack using an illegal mobile device to connect to a legal flying drone . This is because the illegal mobile device has not been registered to the legal control server , and thus the illegal mobile device cannot calculate the correct session key SK. Therefore, the attack will fail when the legal flying drone attempts to authenticate the illegal mobile device .
4.3. Informal Security Analysis
- (a)
- User impersonation attack: Let an adversary try to behave himeself/herself as a legitimate user and he/she wants to generate an authorized login request, say . can intercept the login request of and forge messages by extracting the important credential of to prove ’s authenticity. In order to perform this operation, needs to choose two random numbers and and a timestamp and computes , and . However, due to the lack of knowledge about , will fail to compute as valid login parameter. Therefore, the proposed scheme is secure against user impersonation attack.
- (b)
- impersonation attack: To perform this attack, we assume intercepts the message {} and generates a bogus message {} to the drone , to make and convince the message is from a legitimate , where is a timestamp generated by . However, does not have the knowledge of and , thus, and can distinguish the impersonated from real control server and the proposed scheme is secure against impersonation attack.
- (b)
- Drone impersonation attack: In this attack, will try to make believe by seizing the message {} and attempt to construct another legitimate message, which is authenticated to . First, randomly chooses a random number and a timestamp and tries to forge and . However, in the design process of the proposed AKA scheme, without having the knowledge of , and , cannot generate the valid convinced response to impersonate as an accurate drone.
5. Performance Evaluation
5.1. Comparison of Security Features
5.2. Comparison of Computational Overhead
5.3. Comparison of Communication Overhead
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Chen, C.L.; Deng, Y.Y.; Li, C.T.; Zhu, S.; Chiu, Y.J.; Chen, P.Z. An IoT-based traceable drug anti-counterfeiting management system. IEEE Access 2017, 8, 224532–224548. [Google Scholar] [CrossRef]
- Altawy, R.; Youssef, A.M. Security, Privacy, and Safety Aspects of Civilian Drones: A Survey. ACM Trans. Cyber-Phys. Syst. 2016, 1, 1–25. [Google Scholar] [CrossRef]
- Khan, M.A.; Ullah, I.; Alsharif, M.H.; Alghtani, A.H.; Aly, A.A.; Chen, C.M. An Efficient Certificate-Based Aggregate Signature Scheme for Internet of Drones. Secur. Commun. Netw. 2022, 2022, 9718580. [Google Scholar] [CrossRef]
- Lilhore, U.K.; Imoize, A.L.; Li, C.T.; Simaiya, S.; Pani, S.K.; Goyal, N.; Kumar, A.; Lee, C.C. Design and Implementation of an ML and IoT Based Adaptive Traffic-Management System for Smart Cities. Sensors 2022, 22, 2908. [Google Scholar] [CrossRef] [PubMed]
- Sedjelmaci, H.; Senouci, S.M. Cyber security methods for aerial vehicle networks: Taxonomy, challenges and solution. J. Supercomput. 2018, 74, 4928–4944. [Google Scholar] [CrossRef]
- Shi, X.; Yang, C.; Xie, W.; Liang, C.; Shi, Z.; Chen, J. Anti-Drone System with Multiple Surveillance Technologies: Architecture, Implementation, and Challenges. IEEE Commun. Mag. 2018, 56, 68–74. [Google Scholar] [CrossRef]
- Wu, T.; Guo, X.; Chen, Y.; Kumari, S.; Chen, C. Amassing the Security: An Enhanced Authentication Protocol for Drone Communications over 5G Networks. Drones 2022, 6, 10. [Google Scholar] [CrossRef]
- Yaacoub, J.P.; Noura, H.; Salman, O.; Chehab, A. Security analysis of drones systems: Attacks, limitations, and recommendations. Internet Things 2020, 11, 100218. [Google Scholar] [CrossRef]
- Shakhatreh, H.; Sawalmeh, A.H.; Al-Fuqaha, A.; Dou, Z.; Almaita, E.; Khalil, I.; Othman, N.S.; Khreishah, A.; Guizani, M. Unmanned Aerial Vehicles (UAVs): A Survey on Civil Applications and Key Research Challenges. IEEE Access 2019, 7, 48572–48634. [Google Scholar] [CrossRef]
- Straub, J. Unmanned aerial systems: Consideration of the use of force for law enforcement applications. Technol. Soc. 2014, 39, 100–109. [Google Scholar] [CrossRef]
- Cook, K.L.B. The Silent Force Multiplier: The History and Role of UAVs in Warfare. In Proceedings of the 2007 IEEE Aerospace Conference, Big Sky, MT, USA, 3–10 March 2007; pp. 1–7. [Google Scholar]
- Horsman, G. Unmanned aerial vehicles: A preliminary analysis of forensic challenges. Digit. Investig. 2016, 16, 1–11. [Google Scholar] [CrossRef]
- Lee, C.C.; Lai, Y.M.; Li, C.T. Two attacks on a two-factor user authentication in wireless sensor networks. Parallel Process. Lett. 2011, 21, 21–26. [Google Scholar] [CrossRef]
- Li, C.T.; Yang, C.C.; Hwang, M.S. A secure routing protocol with node selfishness resistance in MANETs. Int. J. Mob. Commun. 2012, 10, 103–118. [Google Scholar] [CrossRef] [Green Version]
- Chen, C.M.; Li, C.T.; Liu, S.; Wu, T.Y.; Pan, J.S. A Provable Secure Private Data Delegation Scheme for Mountaineering Events in Emergency System. IEEE Access 2017, 5, 3410–3422. [Google Scholar] [CrossRef]
- Gaikwad, V.P.; Tembhurne, J.V.; Meshram, C.; Lee, C.C.; Li, C.T. An Efficient Provably Secure Verifier-Based Three-Factor Authentication Technique Using PDL for Data Exchange in TMIS. IEEE Access 2021, 9, 108586–108600. [Google Scholar] [CrossRef]
- Hong, S. Authentication techniques in the Internet of Things environment: A survey. Int. J. Netw. Secur. 2019, 21, 462–470. [Google Scholar]
- Jiang, Q.; Kumar, N.; Ma, J.; Shen, J.; He, D.; Chilamkurti, N. A privacy-aware two-factor authentication protocol based on elliptic curve cryptography for wireless sensor networks. Int. J. Netw. Manag. 2017, 27, e1937. [Google Scholar] [CrossRef]
- Lee, C.C.; Lai, Y.M.; Li, C.T. An improved secure dynamic ID based remote user authentication scheme for multi-server environment. Int. J. Secur. Its Appl. 2012, 6, 203–209. [Google Scholar]
- Li, C.T.; Hwang, M.S.; Chu, Y.P. Further improvement on a novel privacy preserving authentication and access control scheme for pervasive computing environments. Comput. Commun. 2008, 3, 4255–4258. [Google Scholar] [CrossRef]
- Li, C.T.; Lee, C.C.; Liu, C.J.; Lee, C.W. A robust remote user authentication scheme against smart card security breach. In IFIP Annual Conference on Data and Applications Security and Privacy; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2011; Volume 6818, pp. 231–238. [Google Scholar]
- Weng, C.Y.; Li, C.T.; Chen, C.L.; Lee, C.C.; Deng, Y.Y. A Lightweight Anonymous Authentication and Secure Communication Scheme for Fog Computing Services. IEEE Access 2021, 9, 145522–145537. [Google Scholar] [CrossRef]
- Yang, C.; Li, C. Design of key management protocols for Internet of Things. Int. J. Netw. Secur. 2020, 22, 476–485. [Google Scholar]
- Turkanović, M.; Brumen, B.; Hölbl, M. A novel user authentication and key agreeement scheme for heterogeneous ad hoc wireless sensor netwroks, based on the Internet of Things notion. Ad Hoc Netw. 2014, 20, 96–112. [Google Scholar] [CrossRef]
- Farash, M.S.; Turkanović, M.; Kumari, S.; Hölbl, M. An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. Ad Hoc Netw. 2016, 36, 152–176. [Google Scholar] [CrossRef]
- Wazid, M.; Das, A.K.; Kumar, N.; Vasilakos, A.V.; Rodrigues, J.P.C. Design and analysis of secure lightweight remote user authentication and key agreement scheme in Internet of Drones deployment. IEEE Internet Things J. 2019, 6, 3572–3584. [Google Scholar] [CrossRef]
- Lei, Y.; Zeng, L.; Li, Y.X.; Wang, M.X.; Qin, H. A Lightweight Authentication Protocol for UAV Networks Based on Security and Computational Resource Optimization. IEEE Access 2021, 9, 53769–53785. [Google Scholar] [CrossRef]
- Rodrigues, M.; Amaro, J.; Osrio, F.S.; Kalinka, R.L.J.C. Authentication Methods for UAV Communication. In Proceedings of the 2019 IEEE Symposium on Computers and Communications, Barcelona, Spain, 29 June–3 July 2019; pp. 1210–1215. [Google Scholar]
- Zhang, Y.; He, D.; Li, L.; Chen, B. A lightweight authentication and key agreement scheme for Internet of Drones. Comput. Commun. 2020, 154, 455–464. [Google Scholar] [CrossRef]
- Singh, J.; Gimekar, A.; Venkatesan, S. An efficient lightweight authentication scheme for human-centered industrial Internet of Things. Int. J. Commun. Syst. 2019, e4189. [Google Scholar] [CrossRef]
- He, D.; Zeadally, S.; Kumar, N.; Wu, W. Efficient and Anonymous Mobile User Authentication Protocol Using Self-Certified Public Key Cryptography for Multi-Server Architectures. IEEE Trans. Inf. Forensics Secur. 2016, 11, 2052–2064. [Google Scholar] [CrossRef]
Security Features | Singh et al. [30] | Zhang et al. [29] | Proposed |
---|---|---|---|
(2019) | (2020) | Scheme | |
Provision of mutual authentication | No | Yes | Yes |
Provision of user anonymity | No | No | Yes |
Provision of untraceability | No | No | Yes |
Prevention of session key exposure attack | No | No | Yes |
Prevention of known session key attack | Yes | Yes | Yes |
Prevention of replay attack | Yes | Yes | Yes |
Prevention of impersonation attack | No | No | Yes |
Prevention of drone capture attack | No | Yes | Yes |
Prevention of stolen device attack | No | Yes | Yes |
Symbol | Description | User (Drone) Side | Server Side |
---|---|---|---|
Modular exponentiation | 2.249 ms | 0.339 ms | |
Modular multiplication | 0.008 ms | 0.001 ms | |
Secure hash function | 0.056 ms | 0.007 ms |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Li, C.-T.; Weng, C.-Y.; Chen, C.-L.; Lee, C.-C.; Deng, Y.-Y.; Imoize, A.L. An Efficient Authenticated Key Agreement Scheme Supporting Privacy-Preservation for Internet of Drones Communications. Sensors 2022, 22, 9534. https://doi.org/10.3390/s22239534
Li C-T, Weng C-Y, Chen C-L, Lee C-C, Deng Y-Y, Imoize AL. An Efficient Authenticated Key Agreement Scheme Supporting Privacy-Preservation for Internet of Drones Communications. Sensors. 2022; 22(23):9534. https://doi.org/10.3390/s22239534
Chicago/Turabian StyleLi, Chun-Ta, Chi-Yao Weng, Chin-Ling Chen, Cheng-Chi Lee, Yong-Yuan Deng, and Agbotiname Lucky Imoize. 2022. "An Efficient Authenticated Key Agreement Scheme Supporting Privacy-Preservation for Internet of Drones Communications" Sensors 22, no. 23: 9534. https://doi.org/10.3390/s22239534
APA StyleLi, C. -T., Weng, C. -Y., Chen, C. -L., Lee, C. -C., Deng, Y. -Y., & Imoize, A. L. (2022). An Efficient Authenticated Key Agreement Scheme Supporting Privacy-Preservation for Internet of Drones Communications. Sensors, 22(23), 9534. https://doi.org/10.3390/s22239534