A Traceable and Privacy-Preserving Authentication for UAV Communication Control System

Abstract

In recent years, the concept of the Internet of Things has been introduced. Information, communication, and network technology can be integrated, so that the unmanned aerial vehicle (UAV) from consumer leisure and entertainment toys can be utilized in high value commercial, agricultural, and defense field applications, and become a killer product. In this paper, a traceable and privacy-preserving authentication is proposed to integrate the elliptic curve cryptography (ECC), digital signature, hash function, and other cryptography mechanisms for UAV application. For sensitive areas, players must obtain flight approval from the ground control station before they can control the UAV in these areas. The traditional cryptography services such as integrity, confidentiality, anonymity, availability, privacy, non-repudiation, defense against DoS (Denial-of-Service) attack, and spoofing attack can be ensured. The feasibility of mutual authentication was proved by BAN logic. In addition, the computation cost and the communication cost of the proposed scheme were analyzed. The proposed scheme provides a novel application field.

1. Introduction

With the development of battery power, sensing systems, artificial intelligence and other technologies, small commercial unmanned aerial vehicles (UAVs) combining these technologies have, in recent years, become a very popular product. Small UAVs have tremendous potential in different fields and tasks, and have great flexibility in application. In addition to personal aerial photography, entertainment, and commercial markets, they can be used in various monitoring work such as disaster relief [1], in various environments involving animals and plants, coasts and borders [2,3], in freight transportation, military and police law enforcement tasks, and even agricultural and industrial applications [4,5,6,7,8]. Nader et al. [9] pointed out that UAVs could be employed in different ways to achieve smart city services. For example, using UAVs for traffic monitoring and management, merchandise delivery, health and emergency services, and air taxi services can enhance these services in terms of quality, productivity, timeliness, reliability, and performance and could help reduce the costs of offering these services. However, small UAVs also can pose a variety of security threats under improper use.

Although every case of an unmanned aerial vehicle being improperly used has complex security implications, it is difficult to sum this up as a single security threat; for example, in the protection of important persons, unmanned aerial vehicles may violate their privacy, launch attacks, threaten their lives, or destroy their facilities. Different threats in several different cases are examined below.

(1)

Personal safety of specific persons and military and police officers: The small UAVs used by the fighters of the Organization of Islamic States could, for example, be used to attack enemy soldiers on the battlefield in the Middle East. This situation can be described as the future personal safety protection work for important persons and law enforcement officers. It is necessary to take precautions against small UAVs.

(2)

Protection of key infrastructure: In July 2018, Greenpeace posted a video on the Internet showing the small UAVs operated by members of Greenpeace, painted superhuman, hitting a spent fuel facility near Lyon, France. This incident still reminds us of the importance of UAV protection for key infrastructure or the environment (for example, forest fire detection).

(3)

Flight safety: In late December 2018 and early January 2019, London’s Gatwick and Heathrow airports were disrupted by UAVs, causing chaos in takeoff, landing, and scheduling. The former even closed for 33 h and cancelled hundreds of flights, causing losses of more than 50 million pounds.

(4)

Privacy and confidentiality protection: UAVs can be used to steal important confidential information, such as in Northern Ireland in August 2016, when UAVs were used to take pictures of people entering passwords in ATMs. Small UAVs can even be used as hackers’ tools to further steal business secrets. According to the reports of The Times on 21 January 2019, in recent years, secrets have been stolen by eavesdropping, or even masquerading as wireless network connections to obtain employee passwords, etc. More and more companies are seeking anti-UAV technology to ensure against commercial benefits by stealing secrets by disguising wireless network connections to obtain employee passwords and other information.

(5)

Other criminal behaviors: In addition to the use of military and police personnel to monitor and assist in law enforcement, small UAVs may also operate in the hands of criminals. The surveillance functions provided by UAVs also enable criminal groups to detect and monitor their targets before committing crimes.

(6)

Security loopholes become a hidden concern: In addition to the improper use by the users themselves, UAVs may also be attacked by intentional hackers. By means of security loopholes including GPS and control signals, wireless networks and so on, “hijacking” may take control of a UAV. Vulnerabilities in the UAV manufacturer’s security may also become another type of drone-derived security problem. A well-known software technology website Check Point reported in November 2018 that the world’s largest manufacturer, China’s Dajiang, has a security vulnerability in its identity authentication process. If it is attacked by a hacker, it may leak the location of the operator and the captured image, etc. Even the possibility of intercepting the carried goods also highlights the security problems of drones.

To sum up, in spite of UAVs being widely used in civilian, commercial, and military applications in recent years, because they use wireless networks for information exchange, there are many security issues that are faced.

Firstly, “privacy” refers to the part of an individual that he does not want to be known by others, and that he has the right to protect. In English, “to be let alone” means to “not be disturbed by others”, which is the basic spirit of privacy. Privacy also means “secret”. In general, what we call privacy refers to information privacy. Privacy and freedom are related to individual behavior rather than inappropriate observation and interference by others. The interests of privacy include sexual activities, religious practices, and political activities. What is the importance of privacy? Privacy is about human dignity, personal subjectivity, and personality development. If some of a person’s own information is exposed, he will feel uncomfortable, embarrassed, or harassed by others, and it will be difficult to live comfortably. Compared with personal privacy, sensitive information of the state or government has a greater impact.

Secondly, the malicious attacker can perform passive eavesdropping, active interfering, leaking of secret information, data tampering, denial of service, message misuse, message replay, and impersonation attack between sender and receiver. This will cause the resource collapse attack, and even disturb the operations of routing protocol for UAVs [10]. UAVs are conducted in flying ad hoc networks (FANETs) which should provide defense against various known attacks under wireless environment.

Thirdly, because of the specific properties of FANET (wireless links, collaborative characteristics, uncontrollable environment, and lack of a fixed infrastructure) securing the network is difficult. The traditional security issues are availability, authentication, integrity, and confidentiality, which have become targets that the attacker wants to break. [11]. Legitimate UAVs suffer from malicious UAVs by implanting the incorrect information into their sensors. Therefore, it causes these compromised UAVs to transmit the wrong messages for the base station, and thereby endangering the data integrity [10].

In order to legalize and guarantee the privacy of the broadcasted messages, much literature is focused on this issues. For example, Strohmeier et al. [12] surveyed an automatic dependent surveillance-broadcast protocol (ADS-B), and that is an on-board component part of the UAV system, and discussed and listed the vulnerabilities in ADS-B protocol. Wesson et al. [13] further analyzed and evaluated the cryptographic strategies of ADS-B based on their effectiveness and practicality in the cost-averse, technologically-complex, and interoperability-focused aviation community. The purpose of these works was to find a suitable mechanism to ensure the security of the UAVs system for sensitive control areas.

In past literature, some articles [10,14,15,16] refer to malicious attacks on UAV applications, such as intrusion detection, enhancing security against the lethal cyber-attacks for UAV networks. Therefore, a Q-learning-based UAV power allocation strategy combining Q-learning and deep learning to accelerate the learning speed for attack modes was proposed by Xiao et al. [17]. García-Magariño et al. [16] used a secure asymmetric encryption with a pre-shared list of official UAVs and an agent-based approach to detect if an official UAV is physically hijacked. However, these articles only focus on the intrusion detection or the problem of UAVs being physical hijacked. It is a fact that to prevent all intrusions from being attacked by hackers, the fundamental solution is to propose an effective and comprehensive security protocol. Such a secure mechanism should comprehensively detect and provide information and identity authentication to achieve the purposes of availability, privacy, and non-repudiation and to defend against known attacks for the UAV’s environment.

Recently, some literature [18,19,20,21] has used specific cryptographic algorithms to implement security mechanisms in UAVs. In 2017, Yoon et al. [18] used the Raspberry Pi to present a design of a second channel security system that can regain control of a UAV when there is an attack on the UAV. In this scheme, the authors only used flow charts to describe the scenario. The authors claimed that they can provide authentication with the ground station and defense against the DoS attack. However, this scheme does not present the detail cryptography scenario and no performance analysis.

Later, Chen et al. [19] proposed a mutual authentication improvement in security. In order to achieve higher efficiency and reduce the computational cost, thus the proposed scheme conformed to the network-connected UAV communication systems, and that satisfied the requirements of the limited bandwidth and computation resources. However, the authors used the asymmetric bilinear pairings mechanism and the cost of this was high and it was not supported by formal proof. Wazid et al. [20] also presented a lightweight remote user authentication and key agreement scheme to solve security issues between the user and the accessed drone in Internet of Drones (IoD) applications.

Recently, Tian et al. [21] proposed an efficient privacy-preserving authentication framework for the edge-assisted Internet of Drones. They followed a predictive UAV authentication approach. The authors considered that location, identity, and flying routes of each legitimate UAV are sensitive information in the IoD network. Therefore, they proposed a secure authentication and privacy protection for an efficient MEC-assisted (mobile edge computing) framework. But this scheme did not consider mutual authentication for ensuring the communication entity.

In fact, due to the UAV’s characteristics, it is hard to prevent a privacy leak. Therefore, this study aims to focus on sensitive areas (for example: airports and military areas) to set up this management system and use ECC (elliptic curve cryptography) technology [22,23] to ensure data integrity and nonrepudiation. It is a fact that any intruders can break through the defense function of the system if the security mechanism of the system is not perfect and the user’s identity is not authenticated accurately. This study also intends to employ the proof mode of BAN logic mechanism for mutual authentication to eliminate the intrusive chances of malicious attackers.

The paper is organized as follows. The applied mechanisms and security mechanisms are reviewed and discussed in Section 2. The designs and flows of the proposed scheme are presented in Section 3. Security analyses and comparisons are discussed in Section 4. Finally, in Section 5, conclusions are offered.

2. Preliminary and Security Requirements

This section includes two subsections: (1) the elliptic curve cryptography and Diffie–Hellman key exchange are presented in Section 2.1 and (2) security requirements are defined in Section 2.2.

2.1. Elliptic Curve Cryptography and Diffie–Hellman Key Exchange

Elliptic curve cryptography [22,23] was proposed in 1995. Digital signature schemes can be used to provide the following basic cryptographic services: data integrity, data origin authentication, and non-repudiation.

The Diffie–Hellman key exchange [24] is a method for securely exchanging cryptographic keys over a public channel. It is one of the earliest practical examples of public key exchange implemented within the field of cryptography. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications by using a symmetric key cipher.

The following problems exist for the Elliptic Curve Diffie-Hellman method:

• Computational Diffie–Hellman (CDH) Problem: Given $aP$ and $bP$, where $a,b\in R$, $Z*q$, and $P$ are the generator of $G$, compute $abP$.
• Decisional Diffie–Hellman (DDH) Problem: Given $aP$, $bP$, and $cP$, where $a,b,c\in R$, $Z*q$, and $P$ are the generators of $G$, confirm whether or not $cP=abP$, which is equal to confirming whether or not $c=ab\mathrm{mod}q$.

2.2. Security Requirements

A UAV communication control system has the following main security requirements and known attacks [11,13,14,15,19,20,25]:

• Mutual authentication: this ensures that only legitimate parties are allowed to participate in the UAV network. There are two types of authentication services: node authentication and message authentication [11,19,20,25]. In order to ensure the communication security. The communication entity should perform mutual authentication before communication. As long as the mutual authentication is implemented, some known attacks can be excluded.
• Integrity: preventing the altering GPS coordinates or disseminating of false information [25], thus ensuring the consistent and uncompromising adherence of data message over their whole passage through the flying networks [11,19,20]
• Confidentiality: Only the authorized UAVs are allowed to access the data packets [11,13,19,20,25].
• Identity anonymity: The UAV communication control system should keep identity anonymity from the attacker to ensure the users real identity is not obtained from eavesdropped or captured messages [11].
• Availability: The UAV communication control system should be always available to provide all services in any time and in any conditions [11,25].
• Privacy: By tracking the messages sent out by the same UAV at different locations, adversaries can disclosure the UAVs’ identities and perform further analysis to get other information from the UAVs [11,18,20].
• Non-repudiation: Repudiation threat comes from the UAVs denying their behaviors in the IoD. For example, malicious UAVs abuse their valid identities to broadcast fake information in the IoD [18,20,25].
• DoS attack: DoS attack means that a malicious node attempts to exhaust energy resources of UAVs or disturb the network and routing protocol [15,20,25].
• Spoofing attack: The attacker could generate a spoofed message such that the receiver gets the incorrect message [15,25].

3. The Proposed Scheme

This section includes nine subsections: (1) system architecture is designed and described in Section 3.1, (2) the used notations in this study are defined in Section 3.2, (3) the manufacturer (UAV) registration phase of the proposed scheme is illustrated in Section 3.3, (4) the player (mobile device) registration phase of the proposed scheme is presented in Section 3.4, (5) the ground control station registration phase of the proposed scheme is described in Section 3.5, (6) the player and manufacturer authentication and communication phase of the proposed scheme is shown in Section 3.6, (7) the player and ground control station authentication and communication phase of the proposed scheme is designed in Section 3.7, (8) the player, UAV, and ground control station authentication and communication phase of the proposed scheme is discussed in Section 3.8, and (9) the ground control station and UAV authentication and communication phase of the proposed scheme is illustrated in Section 3.9.

3.1. System Architecture

Figure 1 is the system framework of the proposed scheme in this study.

There are four parties in the scheme:

(1)

Trusted authority center: a trusted third party agency which provides a public key and private key to the registrant.

(2)

Manufacturer (UAV): a UAV manufacturing company. The company has jurisdiction over all manufactured UAVs.

(3)

Player (mobile device): a person who intends to control a UAV. He/she must first buy or rent a UAV from the manufacturer, then obtain the flight permit before he/she can control the UAV.

(4)

Ground control station (GCS): a control center that provides the facilities for human control of the UAV. A GCS reviews the flight path proposed by the player, and decides whether to agree to the flight request.

• All UAVs manufactured, all mobile devices carried by players, and all ground control stations must be registered to the trusted authority center through a secure channel. The manufacturer (UAV), player (with mobile device), and ground control station sends their universally unique IDs to the trusted authority center. The trusted authority center returns parameters calculated by elliptic curve group technology.
• When a player wants to control UAVs, the player carries his/her mobile device to buy or rent a UAV from the manufacturer. After mutual authentication between the player and the manufacturer, the manufacturer will transfer the purchase or rental certificate of the UAV to the player, and store the certificate to the UAV.
• After the player has the right to use the UAV, then he/she must submit flight information and a purpose to the ground control station for review. After mutual authentication between the player and the ground control station, the ground control station will transfer the decision of the flight plan to the player, and keep the relevant flight information.
• The player transfers the purchase or rental certificate of the UAV, and the flight path agreed by the ground control station to the UAV. After mutual authentication between the player and the UAV and mutual authentication between the UAV and the ground control station, the ground control station will confirm the legality of the UAV flight path. Once the legality of the relevant identity and flight path have been confirmed, the player can control the UAV through his/her mobile device.

3.2. Notations

$q$	: A k-bit prime
$F_q$	: A prime finite field
$E/F_q$	: An elliptic curve $E$ over $F_q$
$G$	: A cyclic additive group of composite order $q$
$P$	: A generator for the group $G$
$s$	: A secret key of the trusted authority center
$P{K}_{TAC}$	: A public key of the trusted authority center, $P{K}_{TAC}=sP$
$H_i( )$	: ith one-way hash function
$I{D}_x$	: x’s identity, like a universal unique ID code
$r_x,a,b,c,d,e,f$	: A random numbers of elliptic curve group
$S_x$	: x’s elliptic curve group signature
$SE{K}_{xy}$	: A session key established by x and y
$E_{\mathrm{x}}(m)$	: Use a session key x to encrypt the message $m$
$D_{\mathrm{x}}(m)$	: Use a session key x to decrypt the message $m$
$Si{g}_{xy}$	: The signed message for parties x and y
$S{K}_x$/$P{K}_x$	: x’s private key $S{K}_x$/x’s public key $P{K}_x$
$S_{S{K}_x}(m)$	: Use x’s private key $S{K}_x$ to sign the message m
$V_{P{K}_x}(m)$	: Use x’s public key $P{K}_x$ to verify the message m
$CH{K}_x$	: x’s verified message
$A\stackrel{?}{=}B$	: Determines if A is equal to B
$M_{payment}$	: The payment message between the player and the manufacturer (UAV)
$M_{request}$	: The flight plan proposed by the player
$M_{confirm}$	: The flight permission issued by ground control station to UAV
$M_{GPS}$	: The GPS message reported by the UAV
$c_i$	: The session key encrypted sensitive information
$Cer{t}_{UAV}$	: The purchase or rental certificate of the UAV held by the player

3.3. Manufacturer (UAV) Registration Phase

The manufacturer must take the UAV to register with the trusted authority center. The manufacturer (UAV) registration phase of the proposed scheme is shown in Figure 2.

Step 1:

The manufacturer selects an identity $I{D}_{UAV}$, and transmits it to the trusted authority center.

Step 2:

The trusted authority center selects a random number $r_{UAV}$, calculates

$$\begin{array}{c}{R}_{UAV}=r_{UAV}P,\hfill \\ h_{UAV}=H_1(I{D}_{UAV},R_{UAV}),\hfill \\ S_{UAV}=r_{UAV}+h_{UAV}s,\hfill \end{array}$$

and then sends $(R_{UAV},S_{UAV},P{K}_{UAV},S{K}_{UAV})$ to the manufacturer.

Step 3:

The manufacturer verifies

$$S_{UAV}P\stackrel{?}{=}{R}_{UAV}+H_1(I{D}_{UAV},R_{UAV})P{K}_{TAC}.$$

If the verification is passed, the manufacturer stores $(R_{UAV},S_{UAV},P{K}_{UAV},S{K}_{UAV})$ to the UAV.

3.4. Player (Mobile Device) Registration Phase

The player must take the mobile device to register with the trusted authority center. The scenarios of player (mobile device) registration phase is shown in Figure 3.

Step 1:

The player selects an identity $I{D}_{PMD}$, and transmits it to the trusted authority center.

Step 2:

The trusted authority center selects a random number $r_{PMD}$, calculates

$$\begin{array}{c}{R}_{PMD}=r_{PMD}P,\hfill \\ h_{PMD}=H_1(I{D}_{PMD},R_{PMD}),\hfill \\ S_{PMD}=r_{PMD}+h_{PMD}s,\hfill \end{array}$$

and then sends $(R_{PMD},S_{PMD},P{K}_{PMD},S{K}_{PMD})$ to the player.

Step 3:

The player verifies

$$S_{PMD}P\stackrel{?}{=}{R}_{PMD}+H_1(I{D}_{PMD},R_{PMD})P{K}_{TAC}.$$

If the verification is passed, the player stores $(R_{PMD},S_{PMD},P{K}_{PMD},S{K}_{PMD})$ to the mobile device.

3.5. Ground Control Station Registration Phase

The ground control station must also register with the trusted authority center. The ground control station registration phase of the proposed scheme is shown in Figure 4.

Step 1:

The ground control station selects an identity $I{D}_{GCS}$, and transmits it to the trusted authority center.

Step 2:

The trusted authority center selects a random number $r_{GCS}$, calculates

$$\begin{array}{c}{R}_{GCS}=r_{GCS}P,\hfill \\ h_{GCS}=H_1(I{D}_{GCS},R_{GCS}),\hfill \\ S_{GCS}=r_{GCS}+h_{GCS}s,\hfill \end{array}$$

and then sends $(R_{GCS},S_{GCS},P{K}_{GCS},S{K}_{GCS})$ to the ground control station.

Step 3:

The ground control station verifies

$$S_{GCS}P\stackrel{?}{=}{R}_{GCS}+H_1(I{D}_{GCS},R_{GCS})P{K}_{TAC}.$$

If the verification is passed, the ground control station stores $(R_{GCS},S_{GCS},P{K}_{GCS},S{K}_{GCS})$.

3.6. Player and Manufacturer Authentication and Communication Phase

When a player wants to control UAVs, the player carries his/her mobile device to buy or rent a UAV from the manufacturer. After mutual authentication between the player and the manufacturer, the manufacturer will transfer the purchase or rental certificate of the UAV to the player, and store the certificate of the UAV. The player and manufacturer authentication and communication phase is shown in Figure 5.

Step 1:

The player selects a random number $a$, computes

$$T_{PMD}=aP,$$

and then transmits $(I{D}_{PMD},R_{PMD},T_{PMD})$ to the manufacturer.

Step 2:

Step 2: The manufacturer selects a random number $b$, calculates

$$\begin{array}{c}{T}_{UAV}=bP,\hfill \\ P{K}_{PMD}=R_{PMD}+H_1(I{D}_{PMD},R_{PMD})P{K}_{TAC},\hfill \\ K_{UP1}=S_{UAV}{T}_{PMD}+bP{K}_{PMD},\hfill \\ K_{UP2}=b{T}_{PMD},\hfill \end{array}$$

and the session key

$$SE{K}_{UP}=H_2(K_{UP1},K_{UP2}).$$

The manufacturer then calculates

$$CH{K}_{PU}=H_3(SE{K}_{UP},T_{PMD})$$

and transmits $(I{D}_{UAV},R_{UAV},T_{UAV},CH{K}_{PU})$ to the player.

Step 3:

The player calculates

$$\begin{array}{c}P{K}_{UAV}=R_{UAV}+H_1(I{D}_{UAV},R_{UAV})P{K}_{TAC},\hfill \\ K_{PU1}=S_{PMD}{T}_{UAV}+aP{K}_{UAV},\hfill \\ K_{PU2}=a{T}_{UAV},\hfill \end{array}$$

and the session key

$$SE{K}_{UP}=H_2(K_{PU1},K_{PU2}),$$

The player verifies

$$CH{K}_{PU}\stackrel{?}{=}{H}_3(SE{K}_{UP},T_{PMD})$$

to check the legality of the manufacturer. If the verification is passed, the player computes

$$\begin{array}{c}{c}_{PMD}=E_{SE{K}_{UP}}(M_{payment}),\hfill \\ CH{K}_{UP}=H_3(SE{K}_{UP},T_{UAV}),\hfill \end{array}$$

and transmits $(I{D}_{PMD},c_{PMD},CH{K}_{UP})$ to the manufacturer.

Step 4:

The manufacturer verifies

$$CH{K}_{UP}\stackrel{?}{=}{H}_3(SE{K}_{UP},T_{UAV})$$

to check the legality of the player. If the verification is passed, the session key $SE{K}_{UP}$ between the player and the manufacturer is established successfully. The manufacturer calculates

$$M_{payment}=D_{SE{K}_{UP}}(c_{PMD})$$

to get the payment information of the player. After the payment, the manufacturer generates the encrypted purchase or rental certificate of the UAV

$$\begin{array}{c}{c}_{UAV}=E_{SE{K}_{UP}}(M_{payment},Cer{t}_{UAV}),\hfill \\ Si{g}_{UAV}=S_{S{K}_{UAV}}(M_{payment},Cer{t}_{UAV}),\hfill \end{array}$$

and transmits $(I{D}_{UAV},c_{UAV},Si{g}_{UAV})$ to the player.

Step 5:

The player decrypts the received message

$$(M_{payment},Cer{t}_{UAV})=D_{SE{K}_{UP}}(c_{UAV}),$$

verifies the signature

$$(M_{payment},Cer{t}_{UAV})\stackrel{?}{=}{V}_{P{K}_{UAV}}(Si{g}_{UAV}),$$

and obtains the purchase or rental certificate of the UAV from the manufacturer.

3.7. Player and Ground Control Station Authentication and Communication Phase

After the player has the right to use the UAV, then he/she must submit a flight path and purpose to the ground control station for review. After mutual authentication between the player and the ground control station, the ground control station will transfer the decision of the flight plan to the player, and keeps the relevant flight information. The player and ground control station authentication and communication phase of the proposed scheme is shown in Figure 6.

Step 1:

The player selects a random number $c$, computes

$$T_{PMD2}=cP,$$

and then transmits $(I{D}_{PMD},R_{PMD},T_{PMD2})$ to the ground control station.

Step 2:

The ground control station selects a random number $d$, calculates

$$\begin{array}{c}{T}_{GCS}=dP,\hfill \\ P{K}_{PMD}=R_{PMD}+H_1(I{D}_{PMD},R_{PMD})P{K}_{TAC},\hfill \\ K_{GP1}=S_{GCS}{T}_{PMD2}+dP{K}_{PMD},\hfill \\ K_{GP2}=d{T}_{PMD2},\hfill \end{array}$$

and the session key

$$SE{K}_{GP}=H_2(K_{GP1},K_{GP2}).$$

The ground control station then calculates

$$CH{K}_{PG}=H_3(SE{K}_{GP},T_{PMD2})$$

and transmits $(I{D}_{GCS},R_{GCS},T_{GCS},CH{K}_{PG})$ to the player.

Step 3:

The player calculates

$$\begin{array}{c}P{K}_{GCS}=R_{GCS}+H_1(I{D}_{GCS},R_{GCS})P{K}_{TAC},\hfill \\ K_{PG1}=S_{PMD}{T}_{GCS}+cP{K}_{GCS},\hfill \\ K_{PG2}=c{T}_{GCS},\hfill \end{array}$$

and the session key

$$SE{K}_{GP}=H_2(K_{PG1},K_{PG2}).$$

The player verifies

$$CH{K}_{PG}\stackrel{?}{=}{H}_3(SE{K}_{GP},T_{PMD2})$$

to check the legality of the ground control station. If the verification is passed, the player calculates

$$\begin{array}{c}{c}_{PMD2}=E_{SE{K}_{GP}}(M_{request},Cer{t}_{UAV}),\hfill \\ CH{K}_{GP}=H_3(SE{K}_{GP},T_{GCS}),\hfill \end{array}$$

and transmits $(I{D}_{PMD},c_{PMD2},CH{K}_{GP})$ to the ground control station.

Step 4:

The ground control station verifies

$$CH{K}_{GP}\stackrel{?}{=}{H}_3(SE{K}_{GP},T_{GCS})$$

to check the legality of the player. If the verification is passed, the session key $SE{K}_{GP}$ between the player and the ground control station is established successfully. The ground control station calculates

$$(M_{request},Cer{t}_{UAV})=D_{SE{K}_{GP}}(c_{PMD2})$$

to get the flight path information of the player. After the review, the ground control station generates the encrypted decision of the flight plan

$$\begin{array}{c}{c}_{GCS}=E_{SE{K}_{GP}}(I{D}_{PMD},M_{request},Cer{t}_{UAV}),\hfill \\ Si{g}_{GCS}=S_{S{K}_{GCS}}(I{D}_{PMD},M_{request},Cer{t}_{UAV}),\hfill \end{array}$$

and transmits $(I{D}_{GCS},c_{GCS},Si{g}_{GCS})$ to the player.

Step 5:

The player decrypts the received message

$$(I{D}_{PMD},M_{request},Cer{t}_{UAV})=D_{SE{K}_{GP}}(c_{GCS}),$$

verifies the signature

$$(I{D}_{PMD},M_{request},Cer{t}_{UAV})\stackrel{?}{=}{V}_{P{K}_{GCS}}(Si{g}_{GCS}),$$

and obtains the decision of the flight plan from the ground control station.

3.8. Player, UAV and Ground Control Station Authentication and Communication Phase

The player transfers the purchase or rental certificate of the UAV, and the flight path agreed by the ground control station to the UAV. After mutual authentication between the player and the UAV, and mutual authentication between the UAV and the ground control station, the UAV will confirm the legality of the flight path again from the ground control station. After confirming the legality of the relevant identity and flight path, the player can control the UAV through his/her mobile device. The player, UAV and ground control station authentication and communication phase of the proposed scheme is shown in Figure 7.

Step 1:

The player calculates

$$\begin{array}{c}{c}_{PMD3}=E_{SE{K}_{UP}}(M_{request},Cer{t}_{UAV}),\hfill \\ Si{g}_{PMD3}=S_{S{K}_{PMD}}(M_{request},Cer{t}_{UAV}),\hfill \end{array}$$

and transmits $(I{D}_{PMD},c_{PMD3},Si{g}_{PMD3})$ to the UAV.

Step 2:

Step 2: The UAV decrypts the received message

$$(M_{request},Cer{t}_{UAV})=D_{SE{K}_{UP}}(c_{PMD3}),$$

verifies the signature

$$(M_{request},Cer{t}_{UAV})\stackrel{?}{=}{V}_{P{K}_{PMD}}(Si{g}_{PMD3}),$$

and obtains the purchase or rental certificate of the UAV, and the flight path agreed by the ground control station.

The UAV then chooses a random number $e$, calculates

$$T_{UAV2}=eP,$$

and then transmits $(I{D}_{UAV},R_{UAV},T_{UAV2})$ to the ground control station.

Step 3:

The ground control station chooses a random number $f$, computes

$$\begin{array}{c}{T}_{GCS2}=fP,\hfill \\ P{K}_{UAV}=R_{UAV}+H_1(I{D}_{UAV},R_{UAV})P{K}_{TAC},\hfill \\ K_{GU1}=S_{GCS}{T}_{UAV2}+fP{K}_{UAV},\hfill \\ K_{GU2}=f{T}_{UAV2},\hfill \end{array}$$

and the session key

$$SE{K}_{GU}=H_2(K_{GU1},K_{GU2}).$$

The ground control station then calculates

$$CH{K}_{UG}=H_3(SE{K}_{GU},T_{UAV2}),$$

and transmits $(I{D}_{GCS},R_{GCS},T_{GCS2},CH{K}_{UG})$ to the UAV.

Step 4:

The UAV calculates

$$\begin{array}{c}P{K}_{GCS}=R_{GCS}+H_1(I{D}_{GCS},R_{GCS})P{K}_{TAC},\hfill \\ K_{UG1}=S_{UAV}{T}_{GCS2}+eP{K}_{GCS},\hfill \\ K_{UG2}=e{T}_{GCS2},\hfill \end{array}$$

and the session key

$$SE{K}_{GU}=H_2(K_{UG1},K_{UG2}).$$

The UAV verifies

$$CH{K}_{UG}\stackrel{?}{=}{H}_3(SE{K}_{GU},T_{UAV2})$$

to check the legality of the ground control station. If the verification is passed, the UAV calculates

$$\begin{array}{c}{c}_{UAV2}=E_{SE{K}_{GU}}(I{D}_{PMD},M_{request},Cer{t}_{UAV}),\hfill \\ CH{K}_{GU}=H_3(SE{K}_{GU},T_{GCS2}),\hfill \end{array}$$

and transmits $(I{D}_{UAV},c_{UAV2},CH{K}_{GU})$ to the ground control station.

Step 5:

The ground control station verifies

$$CH{K}_{UG}\stackrel{?}{=}{H}_3(SE{K}_{GU},T_{GCS2})$$

to check the legality of the UAV. If the verification is passed, the session key $SE{K}_{GU}$ between the UAV and the ground control station is established successfully. The ground control station calculates

$$(I{D}_{PMD},M_{request},Cer{t}_{UAV})=D_{SE{K}_{GU}}(c_{UAV2})$$

to get the flight path information of the UAV. After the review, the ground control station generates the encrypted confirm message of the flight plan

$$\begin{array}{l}{c}_{GCS2}=E_{SE{K}_{GU}}(I{D}_{PMD},M_{confirm},Cer{t}_{UAV}),\\ Si{g}_{GCS2}=S_{S{K}_{GCS}}(I{D}_{PMD},M_{confirm},Cer{t}_{UAV}),\end{array}$$

and transmits $(I{D}_{GCS},c_{GCS2},Si{g}_{GCS2})$ to the UAV.

Step 6:

The UAV decrypts the received message

$$(I{D}_{PMD},M_{confirm},Cer{t}_{UAV})=D_{SE{K}_{GU}}(c_{GCS2}),$$

verifies the signature

$$(I{D}_{PMD},M_{confirm},Cer{t}_{UAV})\stackrel{?}{=}{V}_{P{K}_{GCS}}(Si{g}_{GCS2}),$$

and obtains the confirm message of the flight plan from the ground control station. Then, the UAV generates the encrypted confirm message of the flight plan and GPS information

$$\begin{array}{c}{c}_{UAV3}=E_{SE{K}_{UP}}(I{D}_{PMD},M_{confirm},M_{GPS},Cer{t}_{UAV}),\hfill \\ Si{g}_{UAV3}=S_{S{K}_{UAV}}(I{D}_{PMD},M_{confirm},M_{GPS},Cer{t}_{UAV}),\hfill \end{array}$$

and transmits $(I{D}_{UAV},c_{UAV3},Si{g}_{UAV3})$ to the player.

Step 7:

The player decrypts the received message

$$(I{D}_{PMD},M_{request},M_{GPS},Cer{t}_{UAV})=D_{SE{K}_{UP}}(c_{UAV3}),$$

verifies the signature

$$(I{D}_{PMD},M_{confirm},M_{GPS},Cer{t}_{UAV})\stackrel{?}{=}{V}_{P{K}_{UAV}}(Si{g}_{UAV3}),$$

then obtains the confirm message of the flight plan and GPS information.

3.9. Ground Control Station and UAV Authentication and Communication Phase

When the ground control station wants to know whether the scope of the regulation has been applied to the UAV, the ground control station can ask the UAV to provide relevant proof. After mutual authentication between the ground control station and the UAV, the UAV will respond and confirm the message of the flight plan from the ground control station and GPS information to the ground control station. The ground control station and UAV authentication and communication phase of the proposed scheme is shown in Figure 8.

Step 1:

The ground control station calculates

$$\begin{array}{c}{c}_{GCS3}=E_{SE{K}_{GU}}(I{D}_{UAV},M_{request}),\hfill \\ Si{g}_{GCS3}=S_{S{K}_{GCS}}(I{D}_{UAV},M_{request}),\hfill \end{array}$$

and transmits $(I{D}_{UAV},M_{request})=D_{SE{K}_{GU}}(c_{GCS3})$ to the UAV.

Step 2:

The UAV decrypts the received message

$$(I{D}_{UAV},M_{request})=D_{SE{K}_{GU}}(c_{GCS3}),$$

verifies the signature

$$(I{D}_{UAV},M_{request})\stackrel{?}{=}{V}_{P{K}_{GCS}}(Si{g}_{GCS3}),$$

and obtains the legality check request from the ground control station. Then, the UAV generates the encrypted confirmation message of the flight plan and GPS information

$$\begin{array}{c}{C}_{UAV4}=E_{SE{K}_{GU}}(I{D}_{PMD},M_{confirm},M_{GPS},Cer{t}_{UAV}),\hfill \\ Si{g}_{UAV4}=S_{S{K}_{UAV}}(I{D}_{PMD},M_{confirm},M_{GPS},Cer{t}_{UAV}),\hfill \end{array}$$

and transmits $(I{D}_{UAV},c_{UAV4},Si{g}_{UAV4})$ to the ground control station.

Step 3:

The ground control station decrypts the received message

$$(I{D}_{PMD},M_{confirm},M_{GPS},Cer{t}_{UAV})=D_{SE{K}_{GU}}(c_{UAV4}),$$

verifies the signature

$$(I{D}_{PMD},M_{confirm},M_{GPS},Cer{t}_{UAV})\stackrel{?}{=}{V}_{P{K}_{UAV}}(Si{g}_{UAV4}),$$

then obtains the response of the UAV and GPS information.

4. Security Analysis

This section includes nine subsections: (1) the mutual authentication of the proposed scheme is analyzed in Section 4.1, (2) the integrity and confidentiality of the proposed scheme are evaluated in Section 4.2, (3) the identity anonymity and privacy of the proposed scheme are proved in Section 4.3, (4) availability and prevention of DoS attack are discussed in Section 4.4, (5) prevention of spoofing attack is discussed in Section 4.5, (6) the non-repudiation of the proposed scheme is analyzed in Section 4.6, (7) security issues are compared in Section 4.7, (8) the computation cost of the proposed scheme is compared with other schemes in Section 4.8, and (9) the communication cost of the proposed scheme is compared with other schemes in Section 4.9.

4.1. Mutual Authentication

BAN logic [26] is used to prove that the proposed scheme achieves mutual authentication between different parties in each phase.

In the player and manufacturer authentication and communication phase, the main goal of the scheme is to make sure whether the legality is authenticated by the player P and the manufacturer M.

G1 :

$P|\equiv P\stackrel{SE{K}_{UP}}{\leftrightarrow }M$

G2 :

$P|\equiv M|\equiv P\stackrel{SE{K}_{UP}}{\leftrightarrow }M$

G3 :

$M|\equiv P\stackrel{SE{K}_{UP}}{\leftrightarrow }M$

G4 :

$M|\equiv P|\equiv P\stackrel{SE{K}_{UP}}{\leftrightarrow }M$

G5 :

$P|\equiv I{D}_{UAV}$

G6 :

$P|\equiv M|\equiv I{D}_{UAV}$

G7 :

$M|\equiv I{D}_{PMD}$

G8 :

$M|\equiv P|\equiv I{D}_{PMD}$

According to the player and manufacturer authentication and communication phase, BAN logic is used to produce an idealized form as follows.

M1 :

$(<I{D}_{PMD},R_{PMD},T_{PMD}{>}_{P{K}_{UAV}},<H(SE{K}_{UP},T_{UAV}){>}_{CH{K}_{UP}})$

M2 :

$(<I{D}_{UAV},R_{UAV},T_{UAV}{>}_{P{K}_{PMD}},<H(SE{K}_{UP},T_{PMD}){>}_{CH{K}_{PU}})$

To analyze the proposed scheme, the following assumptions are made.

A1 :

$P|\equiv \#(T_{PMD})$

A2 :

$M|\equiv \#(T_{PMD})$

A3 :

$P|\equiv \#(T_{UAV})$

A4 :

$M|\equiv \#(T_{UAV})$

A5 :

$P|\equiv M|\Rightarrow P\stackrel{SE{K}_{UP}}{\leftrightarrow }M$

A6 :

$M|\equiv P|\Rightarrow P\stackrel{SE{K}_{UP}}{\leftrightarrow }M$

A7 :

$P|\equiv M|\Rightarrow I{D}_{UAV}$

A8 :

$M|\equiv P|\Rightarrow I{D}_{PMD}$

According to these assumptions and goals of BAN logic, the main proof of the player and manufacturer authentication and communication phase is as follows.

• The manufacturer M authenticates the player P.

  By M1 and the seeing rule, Statement 1 can be derived.
  $M⊲(<I{D}_{PMD},R_{PMD},T_{PMD}{>}_{P{K}_{UAV}},<H(SE{K}_{UP},T_{UAV}){>}_{CH{K}_{UP}}).$	(Statement 1)
  By A2 and the freshness rule, Statement 2 can be derived.
  $M|\equiv \#(<I{D}_{PMD},R_{PMD},T_{PMD}{>}_{P{K}_{UAV}},<H(SE{K}_{UP},T_{UAV}){>}_{CH{K}_{UP}}).$	(Statement 2)
  By (Statement 1), A4, and the message meaning rule, Statement 3 can be derived.
  $M|\equiv P|~(<I{D}_{PMD},R_{PMD},T_{PMD}{>}_{P{K}_{UAV}},<H(SE{K}_{UP},T_{UAV}){>}_{CH{K}_{UP}}).$	(Statement 3)
  By (Statement 2), (Statement 3), and the nonce verification rule, Statement 4 can be derived.
  $M|\equiv \#(<I{D}_{PMD},R_{PMD},T_{PMD}{>}_{P{K}_{UAV}},<H(SE{K}_{UP},T_{UAV}){>}_{CH{K}_{UP}}).$	(Statement 4)
  By (Statement 4) and the belief rule, Statement 5 can be derived.
  $M|\equiv P|\equiv P\stackrel{SE{K}_{UP}}{\leftrightarrow }M.$	(Statement 5)
  By (Statement 5), A6, and the jurisdiction rule, Statement 6 can be derived.
  $M|\equiv P\stackrel{SE{K}_{UP}}{\leftrightarrow }M.$	(Statement 6)
  By (Statement 6) and the belief rule, Statement 7 can be derived.
  $M|\equiv P|\equiv I{D}_{PMD}.$	(Statement 7)
  By (Statement 7), A8, and the jurisdiction rule, Statement 8 can be derived.
  $M|\equiv I{D}_{PMD}.$	(Statement 8)

• The player P authenticates the manufacturer M.

  By M2 and the seeing rule, Statement 9 can be derived.
  $P⊲(<I{D}_{UAV},R_{UAV},T_{UAV}{>}_{P{K}_{PMD}},<H(SE{K}_{UP},T_{PMD}){>}_{CH{K}_{PU}}).$	(Statement 9)
  By A1 and the freshness rule, Statement 10 can be derived.
  $P|\equiv \#(<I{D}_{UAV},R_{UAV},T_{UAV}{>}_{P{K}_{PMD}},<H(SE{K}_{UP},T_{PMD}){>}_{CH{K}_{PU}}).$	(Statement 10)
  By (Statement 9), A3, and the message meaning rule, Statement 11 can be derived.
  $P|\equiv M|~(<I{D}_{UAV},R_{UAV},T_{UAV}{>}_{P{K}_{PMD}},<H(SE{K}_{UP},T_{PMD}){>}_{CH{K}_{PU}}).$	(Statement 11)
  By (Statement 10), (Statement 11), and the nonce verification rule, Statement 12 can be derived.
  $P|\equiv M|\equiv (<I{D}_{UAV},R_{UAV},T_{UAV}{>}_{P{K}_{PMD}},<H(SE{K}_{UP},T_{PMD}){>}_{CH{K}_{PU}}).$	(Statement 12)
  By (Statement 12) and the belief rule, Statement 13 can be derived.
  $P|\equiv M|\equiv P\stackrel{SE{K}_{UP}}{\leftrightarrow }M.$	(Statement 13)
  By (Statement 13), A5, and the jurisdiction rule, Statement 14 can be derived.
  $P|\equiv P\stackrel{SE{K}_{UP}}{\leftrightarrow }M.$	(Statement 14)
  By (Statement 14) and the belief rule, Statement 15 can be derived.
  $P|\equiv M|\equiv I{D}_{UAV}.$	(Statement 15)
  By (Statement 15), A7, and the jurisdiction rule, Statement 16 can be derived.
  $P|\equiv I{D}_{UAV}.$	(Statement 16)

By (Statement 6), (Statement 8), (Statement 14), and (Statement 16), it can be proved that the player P and the manufacturer M authenticate each other in the proposed scheme. Moreover, it can also be proved that the proposed scheme can establish a session key between the player P and the manufacturer M.

In the proposed scheme, the manufacturer authenticates the player by

$$CH{K}_{UP}\stackrel{?}{=}{H}_3(SE{K}_{UP},T_{UAV}).$$

If it passes the verification, the manufacturer authenticates the legality of the player. The player authenticates the manufacturer by

$$CH{K}_{PU}\stackrel{?}{=}{H}_3(SE{K}_{UP},T_{PMD}).$$

If it passes the verification, the player authenticates the legality of the manufacturer. The player and manufacturer authentication and communication phase of the proposed scheme thus guarantees mutual authentication between the player and the manufacturer.

In the player and ground control station authentication and communication phase, the main goal of the scheme is to make sure whether the legality is authenticated by the player P and the ground control station G.

G9 :

$P|\equiv P\stackrel{SE{K}_{GP}}{\leftrightarrow }G$

G10 :

$P|\equiv G|\equiv P\stackrel{SE{K}_{GP}}{\leftrightarrow }G$

G11 :

$G|\equiv P\stackrel{SE{K}_{GP}}{\leftrightarrow }G$

G12 :

$G|\equiv P|\equiv P\stackrel{SE{K}_{GP}}{\leftrightarrow }G$

G13 :

$P|\equiv I{D}_{GCS}$

G14 :

$P|\equiv G|\equiv I{D}_{GCS}$

G15 :

$G|\equiv I{D}_{PMD}$

G16 :

$G|\equiv P|\equiv I{D}_{PMD}$

According to the player and ground control station authentication and communication phase, BAN logic is used to produce an idealized form as follows.

M3 :

$(<I{D}_{PMD},R_{PMD},T_{PMD2}{>}_{P{K}_{GCS}},<H(SE{K}_{GP},T_{GCS}){>}_{CH{K}_{GP}})$

M4 :

$(<I{D}_{GCS},R_{GCS},T_{GCS}{>}_{P{K}_{PMD}},<H(SE{K}_{GP},T_{PMD2}){>}_{CH{K}_{PG}})$

To analyze the proposed scheme, the following assumptions are made.

A9 :

$P|\equiv \#(T_{PMD2})$

A10 :

$G|\equiv \#(T_{PMD2})$

A11 :

$P|\equiv \#(T_{GCS})$

A12 :

$G|\equiv \#(T_{GCS})$

A13 :

$P|\equiv G|\Rightarrow P\stackrel{SE{K}_{GP}}{\leftrightarrow }G$

A14 :

$G|\equiv P|\Rightarrow P\stackrel{SE{K}_{GP}}{\leftrightarrow }G$

A15 :

$P|\equiv G|\Rightarrow I{D}_{GCS}$

A16 :

$G|\equiv P|\Rightarrow I{D}_{PMD}$

According to these assumptions and goals of BAN logic, the main proof of the player and ground control station authentication and communication phase is as follows.

c.

The ground control station G authenticates the player P.

By M3 and the seeing rule, Statement 17 can be derived.
$G⊲(<I{D}_{PMD},R_{PMD},T_{PMD2}{>}_{P{K}_{GCS}},<H(SE{K}_{GP},T_{GCS}){>}_{CH{K}_{GP}}).$	(Statement 17)
By A10 and the freshness rule, Statement 18 can be derived.
$G|\equiv \#(<I{D}_{PMD},R_{PMD},T_{PMD2}{>}_{P{K}_{GCS}},<H(SE{K}_{GP},T_{GCS}){>}_{CH{K}_{GP}}).$	(Statement 18)
By (Statement 17), A12, and the message meaning rule, Statement 19 can be derived.
$G|\equiv P|~(<I{D}_{PMD},R_{PMD},T_{PMD2}{>}_{P{K}_{GCS}},<H(SE{K}_{GP},T_{GCS}){>}_{CH{K}_{GP}}).$	(Statement 19)
By (Statement 18), (Statement 19), and the nonce verification rule, Statement 20 can be derived.
$G|\equiv P|\equiv (<I{D}_{PMD},R_{PMD},T_{PMD2}{>}_{P{K}_{GCS}},<H(SE{K}_{GP},T_{GCS}){>}_{CH{K}_{GP}}).$	(Statement 20)
By (Statement 20) and the belief rule, Statement 21 can be derived.
$G|\equiv P|\equiv P\stackrel{SE{K}_{GP}}{\leftrightarrow }G.$	(Statement 21)
By (Statement 21), A14, and the jurisdiction rule, Statement 22 can be derived.
$G|\equiv P\stackrel{SE{K}_{GP}}{\leftrightarrow }G.$	(Statement 22)
By (Statement 22) and the belief rule, Statement 23 can be derived.
$G|\equiv P|\equiv I{D}_{PMD}.$	(Statement 23)
By (Statement 23), A16, and the jurisdiction rule, Statement 24 can be derived.
$G|\equiv I{D}_{PMD}.$	(Statement 24)

d.

The player P authenticates the ground control station G.

By M4 and the seeing rule, Statement 25 can be derived.
$P⊲(<I{D}_{GCS},R_{GCS},T_{GCS}{>}_{P{K}_{PMD}},<H(SE{K}_{GP},T_{PMD2}){>}_{CH{K}_{PG}}).$	(Statement 25)
By A9 and the freshness rule, Statement 26 can be derived.
$P|\equiv \#(<I{D}_{GCS},R_{GCS},T_{GCS}{>}_{P{K}_{PMD}},<H(SE{K}_{GP},T_{PMD2}){>}_{CH{K}_{PG}}).$	(Statement 26)
By (Statement 25), A11, and the message meaning rule, Statement 27 can be derived.
$P|\equiv G|~(<I{D}_{GCS},R_{GCS},T_{GCS}{>}_{P{K}_{PMD}},<H(SE{K}_{GP},T_{PMD2}){>}_{CH{K}_{PG}}).$	(Statement 27)
By (Statement 26), (Statement 27), and the nonce verification rule, Statement 28 can be derived.
$P|\equiv G|\equiv (<I{D}_{GCS},R_{GCS},T_{GCS}{>}_{P{K}_{PMD}},<H(SE{K}_{GP},T_{PMD2}){>}_{CH{K}_{PG}}).$	(Statement 28)
By (Statement 28) and the belief rule, Statement 29 can be derived.
$P|\equiv G|\equiv P\stackrel{SE{K}_{GP}}{\leftrightarrow }G.$	(Statement 29)
By (Statement 29), A13, and the jurisdiction rule, Statement 30 can be derived.
$P|\equiv P\stackrel{SE{K}_{GP}}{\leftrightarrow }G.$	(Statement 30)
By (Statement 30) and the belief rule, Statement 31 can be derived.
$P|\equiv G|\equiv I{D}_{GCS}.$	(Statement 31)
By (Statement 31), A15, and the jurisdiction rule, Statement 32 can be derived.
$P|\equiv I{D}_{GCS}.$	(Statement 32)

By (Statement 22), (Statement 24), (Statement 30), and (Statement 32), it can be proved that the player P and the ground control station G authenticate each other in the proposed scheme. Moreover, it can also be proved that the proposed scheme can establish a session key between the player P and the ground control station G.

In the proposed scheme, the ground control station authenticates the player by

$$CH{K}_{GP}\stackrel{?}{=}{H}_3(SE{K}_{GP},T_{GCS}).$$

If it passes the verification, the manufacturer authenticates the legality of the player. The player authenticates the ground control station by

$$CH{K}_{PG}\stackrel{?}{=}{H}_3(SE{K}_{GP},T_{PMD2}).$$

If it passes the verification, the player authenticates the legality of the ground control station. The player and ground control station authentication and communication phase of the proposed scheme thus guarantees mutual authentication between the player and the ground control station.

In the player, UAV, and ground control station authentication and communication phase, the main goal of the scheme is to make sure whether the legality is authenticated by the UAV U and the ground control station G.

G17 :

$U|\equiv U\stackrel{SE{K}_{GU}}{\leftrightarrow }G$

G18 :

$U|\equiv G|\equiv U\stackrel{SE{K}_{GU}}{\leftrightarrow }G$

G19 :

$G|\equiv U\stackrel{SE{K}_{GU}}{\leftrightarrow }G$

G20 :

$G|\equiv U|\equiv U\stackrel{SE{K}_{GU}}{\leftrightarrow }G$

G21 :

$U|\equiv I{D}_{GCS}$

G22 :

$U|\equiv G|\equiv I{D}_{GCS}$

G23 :

$G|\equiv I{D}_{UAV}$

G24 :

$G|\equiv U|\equiv I{D}_{UAV}$

According to the player, UAV, and ground control station authentication and communication phase, BAN logic is used to produce an idealized form as follows:

M5 :

$(<I{D}_{UAV},R_{UAV},T_{UAV2}{>}_{P{K}_{GCS}},<H(SE{K}_{GU},T_{GCS2}){>}_{CH{K}_{GU}})$

M6 :

$(<I{D}_{GCS},R_{GCS},T_{GCS2}{>}_{P{K}_{UAV}},<H(SE{K}_{GU},T_{UAV2}){>}_{CH{K}_{UG}})$

To analyze the proposed scheme, the following assumptions are made.

A17 :

$U|\equiv \#(T_{UAV2})$

A18 :

$G|\equiv \#(T_{UAV2})$

A19 :

$U|\equiv \#(T_{GCS2})$

A20 :

$G|\equiv \#(T_{GCS2})$

A21 :

$U|\equiv G|\Rightarrow U\stackrel{SE{K}_{GU}}{\leftrightarrow }G$

A22 :

$G|\equiv U|\Rightarrow U\stackrel{SE{K}_{GU}}{\leftrightarrow }G$

A23 :

$U|\equiv G|\Rightarrow I{D}_{GCS}$

A24 :

$G|\equiv U|\Rightarrow I{D}_{UAV}$

According to these assumptions and goals of BAN logic, the main proof of the player, UAV, and ground control station authentication and communication phase is as follows.

e

The ground control station G authenticates the UAV U.

By M5 and the seeing rule, Statement 33 can be derived.
$G⊲(<I{D}_{UAV},R_{UAV},T_{UAV2}{>}_{P{K}_{GCS}},<H(SE{K}_{GU},T_{GCS2}){>}_{CH{K}_{GU}}).$	(Statement 33)
By A18 and the freshness rule, Statement 34 can be derived.
$G|\equiv \#(<I{D}_{UAV},R_{UAV},T_{UAV2}{>}_{P{K}_{GCS}},<H(SE{K}_{GU},T_{GCS2}){>}_{CH{K}_{GU}}).$	(Statement 34)
By (Statement 33), A20, and the message meaning rule, Statement 35 can be derived.
$G|\equiv U|~(<I{D}_{UAV},R_{UAV},T_{UAV2}{>}_{P{K}_{GCS}},<H(SE{K}_{GU},T_{GCS2}){>}_{CH{K}_{GU}}).$	(Statement 35)
By (Statement 34), (Statement 35), and the nonce verification rule, Statement 36 can be derived.
$G|\equiv U|\equiv (<I{D}_{UAV},R_{UAV},T_{UAV2}{>}_{P{K}_{GCS}},<H(SE{K}_{GU},T_{GCS2}){>}_{CH{K}_{GU}}).$	(Statement 36)
By (Statement 36) and the belief rule, Statement 37 can be derived.
$G|\equiv U|\equiv U\stackrel{SE{K}_{GU}}{\leftrightarrow }G.$	(Statement 37)
By (Statement 37), A22, and the jurisdiction rule, Statement 38 can be derived.
$G|\equiv U\stackrel{SE{K}_{GU}}{\leftrightarrow }G.$	(Statement 38)
By (Statement 38) and the belief rule, Statement 39 can be derived.
$G|\equiv U|\equiv I{D}_{UAV}.$	(Statement 39)
By (Statement 39), A24, and the jurisdiction rule, Statement 40 can be derived.
$G|\equiv I{D}_{UAV}.$	(Statement 40)

f

The UAV U authenticates the ground control station G.

By M6 and the seeing rule, Statement 41 can be derived.
$U⊲(<I{D}_{GCS},R_{GCS},T_{GCS2}{>}_{P{K}_{UAV}},<H(SE{K}_{GU},T_{UAV2}){>}_{CH{K}_{UG}}).$	(Statement 41)
By A17 and the freshness rule, Statement 42 can be derived.
$U|\equiv \#(<I{D}_{GCS},R_{GCS},T_{GCS2}{>}_{P{K}_{UAV}},<H(SE{K}_{GU},T_{UAV2}){>}_{CH{K}_{UG}}).$	(Statement 42)
By (Statement 41), A19, and the message meaning rule, Statement 43 can be derived.
$U|\equiv G|~(<I{D}_{GCS},R_{GCS},T_{GCS2}{>}_{P{K}_{UAV}},<H(SE{K}_{GU},T_{UAV2}){>}_{CH{K}_{UG}}).$	(Statement 43)
By (Statement 42), (Statement 43), and the nonce verification rule, Statement 44 can be derived.
$U|\equiv G|\equiv (<I{D}_{GCS},R_{GCS},T_{GCS2}{>}_{P{K}_{UAV}},<H(SE{K}_{GU},T_{UAV2}){>}_{CH{K}_{UG}}).$	(Statement 44)
By (Statement 44) and the belief rule, Statement 45 can be derived.
$U|\equiv G|\equiv U\stackrel{SE{K}_{GU}}{\leftrightarrow }G.$	(Statement 45)
By (Statement 45), A21, and the jurisdiction rule, Statement 46 can be derived.
$U|\equiv U\stackrel{SE{K}_{GU}}{\leftrightarrow }G.$	(Statement 46)
By (Statement 46) and the belief rule, Statement 47 can be derived.
$U|\equiv G|\equiv I{D}_{GCS}.$	(Statement 47)
By (Statement 47), A23, and the jurisdiction rule, Statement 48 can be derived.
$U|\equiv I{D}_{GCS}.$	(Statement 48)

By (Statement 38), (Statement 40), (Statement 46), and (Statement 48), it can be proved that the UAV U and the ground control station G authenticate each other in the proposed scheme. Moreover, it can also be proved that the proposed scheme can establish a session key between the UAV U and the ground control station G.

In the proposed scheme, the ground control station authenticates the UAV by

$$CH{K}_{GU}\stackrel{?}{=}{H}_3(SE{K}_{GU},T_{GCS2}).$$

If it passes the verification, the ground control station authenticates the legality of the UAV. The UAV authenticates the ground control station by

$$CH{K}_{UG}\stackrel{?}{=}{H}_3(SE{K}_{GU},T_{UAV2}).$$

If it passes the verification, the UAV authenticates the legality of the ground control station. The player, UAV, and ground control station authentication and communication phase of the proposed scheme thus guarantees mutual authentication between the UAV and the ground control station.

Scenario:

A malicious attacker uses an illegal mobile reader to control an UAV.

Analysis:

The attacker will not succeed because the illegal mobile reader has not been registered to the trusted authority center and thus cannot calculate the correct session key $SE{K}_{UP}$. Thus, the attack will fail when the legal UAV attempts to authenticate the illegal mobile device. In the proposed scheme, the attacker cannot achieve their purpose using an illegal mobile device. In the same scenario, the proposed scheme can also defend against a malicious attack using an illegal ground control station to send a fake message to a legal UAV, because the illegal ground control station has not been registered to the trusted authority center and thus cannot calculate the correct session key $SE{K}_{GU}$. Thus, the attack will fail when the legal UAV attempts to authenticate the illegal ground control station.

4.2. Integrity and Confidentiality

To ensure the integrity and confidentiality of the transaction data, this study uses elliptic curve cryptography and Diffie–Hellman key exchange algorithm to calculate the session key $SE{K}_{UP}$, $SE{K}_{GP}$ and $SE{K}_{GU}$, and also to protect the integrity and confidentiality. The malicious attacker cannot use the signatures $(K_{UP1},K_{UP2})$, $(K_{PU1},K_{PU2})$, $(K_{GP1},K_{GP2})$, $(K_{PG1},K_{PG2})$, $(K_{GU1},K_{GU2})$, and $(K_{UG1},K_{UG2})$ to calculate the correct session key $SE{K}_{UP}$, $SE{K}_{GP}$, and $SE{K}_{GU}$.

Only a legal mobile device or UAV can calculate the correct session key $SE{K}_{UP}$. The legal UAV calculates the session key

$$SE{K}_{UP}=H_2(K_{UP1},K_{UP2})$$

and the legal mobile device calculates the session key

$$\begin{array}{c}SE{K}_{UP}=H_2(K_{PU1},K_{PU2}).\hfill \\ \begin{array}{ll}{K}_{PU1}& =S_{PMD}{T}_{UAV}+aP{K}_{UAV}\\ & =S_{PMD}bP+a{S}_{UAV}P\\ & =b{S}_{PMD}P+S_{UAV}aP\\ & =bP{K}_{PMD}+S_{UAV}{T}_{PMD}=K_{UP1}\end{array}\hfill \\ K_{PU2}=a{T}_{UAV}=abP=baP=b{T}_{PMD}=K_{UP2}\end{array}$$

Only a legal mobile device or ground control station can calculate the correct session key $SE{K}_{GP}$. The legal ground control station calculates the session key

$$SE{K}_{GP}=H_2(K_{GP1},K_{GP2})$$

and the legal mobile device calculates the session key

$$\begin{array}{c}SE{K}_{UP}=H_2(K_{PU1},K_{PU2}).\hfill \\ \begin{array}{ll}{K}_{PG1}& =S_{PMD}{T}_{GCS}+cP{K}_{GCS}\\ & =S_{PMD}dP+c{S}_{GCS}P\\ & =d{S}_{PMD}P+S_{GCS}cP\\ & =dP{K}_{PMD}+S_{GCS}{T}_{PMD2}=K_{GP1}\end{array}\hfill \\ K_{PG2}=c{T}_{GCS}=cdP=dcP=d{T}_{PMD2}=K_{GP2}\end{array}$$

Only a legal UAV or ground control station can compute the correct session key $SE{K}_{GU}$. The legal ground control station computes the session key

$$SE{K}_{GU}=H_2(K_{GU1},K_{GU2})$$

and the legal UAV calculates the session key

$$\begin{array}{c}SE{K}_{GU}=H_2(K_{UG1},K_{UG2}).\hfill \\ \begin{array}{ll}{K}_{UG1}& =S_{UAV}{T}_{GCS2}+eP{K}_{GCS}\\ & =S_{UAV}fP+e{S}_{GCS}P\\ & =f{S}_{UAV}P+S_{GCS}eP\\ & =fP{K}_{UAV}+S_{GCS}{T}_{UAV2}=K_{GU1}\end{array}\hfill \\ K_{UG2}=e{T}_{GCS2}=efP=feP=f{T}_{UAV2}=K_{GU2}\end{array}$$

Only the correct session key will allow successful communication. Thus, attackers cannot decrypt or modify the transmitted message. Therefore, the proposed scheme achieves the integrity and confidentiality.

Scenario:

A malicious attacker intercepts the transmitted message from the ground control station to the player and decrypts the message or sends a modified message to the player.

Analysis:

The attacker will not succeed because the legal player will use

$$CH{K}_{PG}\stackrel{?}{=}{H}_3(SE{K}_{GP}\Vert T_{PMD2})$$

to check the integrity. The attacker cannot calculate the correct session key $SE{K}_{GP}$. Thus, the attack will fail when the legal player authenticates the received message. In the proposed scheme, the attacker cannot achieve his/her purpose by sending a modified message to the player, and he/she also cannot decrypt the intercepted message. For the same reason, the attack will fail when the legal ground control station uses

$$CH{K}_{GP}\stackrel{?}{=}{H}_3(SE{K}_{GP}\Vert T_{GCS})$$

to check the integrity. Therefore, attackers cannot achieve their purpose by sending a modified message to the ground control station or decrypt the intercepted message.

4.3. Identity Anonymity and Privacy

Another form of privacy attack involves attempting to obtain a player’s real name or physical location by tracing his/her mobile device. If the mobile device sends the same message continuously, an attacker can trace its location. In the proposed scheme, the session key $SE{K}_{UP}$ and $SE{K}_{GP}$ is changed for every communication round in order to avoid location tracing. Besides, the pseudonym identity is used instead of real name in the proposed scheme. Thus, location privacy is protected and identity anonymity is achieved.

4.4. Availability and Prevention of DoS Attack

An attacker may impersonate a legal sender and then send the same message again to the intended receiver, trying to make the system unable to provide services properly. However, this attack will fail in the proposed scheme, as all messages between the sender and the receiver are protected with the session key $SE{K}_{UP}$, $SE{K}_{GP}$, and $SE{K}_{GU}$, and the attacker cannot calculate the correct session key. Because the transmitted messages are changed every round, the same message cannot be sent twice. Thus, the DoS attack is prevented and system availability is achieved.

4.5. Prevention of Spoofing Attack

In the proposed scheme, the GPS message is obtained by the UAV then transmitted to the ground control station or the player. The GPS message $M_{GPS}$ is protected by the session key $SE{K}_{UP}$ and $SE{K}_{GU}$. The attacker cannot compute the correct session key $SE{K}_{UP}$ or $SE{K}_{GU}$ and he/she cannot impersonate a legal UAV and send a fake message. Therefore, the spoofing attack is prevented.

Scenario:

A malicious attacker pretends a legal UAV and sends a fake message to the legal ground control station.

Analysis:

The attacker will not succeed because the illegal UAV has not been registered to the trusted authority center and thus cannot calculate the correct session key $SE{K}_{GU}$. Thus, the attack will fail when the legal ground control station attempts to authenticate the illegal UAV. In the proposed scheme, the attacker cannot achieve the purpose of pretending to be a legal UAV and sending a fake message. In the same scenario, the proposed scheme can also defend against a malicious attacker pretending to be a legal UAV and sending a fake message to the legal player, because the illegal UAV has not been registered to the trusted authority center and thus cannot calculate the correct session key $SE{K}_{UP}$. Thus, the attack will fail when the legal player attempts to authenticate the illegal UAV.

4.6. Non-Repudiation

In the proposed scheme, the digital signature is used to achieve non-repudiation between the parties in each phase. The sender uses his/her private key to sign the transmitted message, and the receiver uses the public key of the sender to verify the received message. Thus, the non-repudiation is achieved.

Table 1. Non-repudiation of the proposed scheme.

	Phase	Proof	Issuer	Holder	Verification
Item
Player and manufacturer authentication and communication phase		$(C_{UAV},Si{g}_{UAV})$	M	P	$Si{g}_{UAV}=S_{S{K}_{UAV}}(M_{payment},Cer{t}_{UAV})$ $(M_{payment},Cer{t}_{UAV})\stackrel{?}{=}{V}_{P{K}_{UAV}}(Si{g}_{UAV})$
Player and ground control station authentication and communication phase		$(C_{GCS},Si{g}_{GCS})$	G	P	$Si{g}_{GCS}=S_{S{K}_{GCS}}(I{D}_{PMD},M_{payment},Cer{t}_{UAV})$ $(I{D}_{PMD},M_{payment},Cer{t}_{UAV})\stackrel{?}{=}{V}_{P{K}_{GCS}}(Si{g}_{GCS})$
Player, UAV, and ground control station authentication and communication phase		$(C_{PMD3},Si{g}_{PMD3})$	P	U	$Si{g}_{PMD3}=S_{S{K}_{PMD}}(M_{request},Cer{t}_{UAV})$ $(M_{request},Cer{t}_{UAV})\stackrel{?}{=}{V}_{P{K}_{PMD}}(Si{g}_{PMD3})$
		$(C_{GCS2},Si{g}_{GCS2})$	G	U	$Si{g}_{GCS2}=S_{S{K}_{GCS}}(I{D}_{PMD},M_{confirm},Cer{t}_{UAV})$ $(I{D}_{PMD},M_{confirm},Cer{t}_{UAV})\stackrel{?}{=}{V}_{P{K}_{GCS}}(Si{g}_{GCS2})$
		$(C_{UAV3},Si{g}_{UAV3})$	U	P	$Si{g}_{UAV3}=S_{S{K}_{UAV}}(I{D}_{PMD},M_{confirm},M_{GPS},Cer{t}_{UAV})$ $(I{D}_{PMD},M_{confirm},M_{GPS},Cer{t}_{UAV})\stackrel{?}{=}{V}_{P{K}_{UAV}}(Si{g}_{UAV3})$
Ground control station and UAV authentication and communication phase		$(C_{GCS3},Si{g}_{GCS3})$	G	U	$Si{g}_{GCS3}=S_{S{K}_{GCS}}(I{D}_{UAV},M_{request})$ $(I{D}_{UAV},M_{request})\stackrel{?}{=}{V}_{P{K}_{GCS}}(Si{g}_{GCS3})$
		$(C_{UAV4},Si{g}_{UAV4})$	U	G	$Si{g}_{UAV4}=S_{S{K}_{UAV}}(I{D}_{PMD},M_{confirm},M_{GPS},Cer{t}_{UAV})$ $(I{D}_{PMD},M_{confirm},M_{GPS},Cer{t}_{UAV})\stackrel{?}{=}{V}_{P{K}_{UAV}}(Si{g}_{UAV4})$

shows the non-repudiation of the proposed scheme.

4.7. Comparison of Security Issues

Table 2. Comparison of security issues.

	Yoon et al. [18]	Chen et al. [19]	Wazid et al. [20]	Tian et al. [21]	The Proposed Scheme
Mutual authentication	Unidirectional authentication	Yes	Yes	Unidirectional authentication	Yes
Integrity	N/A	Yes	No	Yes	Yes
Confidentiality	Yes	Yes	Yes	Yes	Yes
Identity anonymity	N/A	N/A	Yes	Yes	Yes
Availability	No	N/A	N/A	N/A	Yes
Privacy	N/A	N/A	Yes	Yes	Yes
Non-repudiation	No	Yes	No	Yes	Yes
DoS attack	Yes	N/A	Yes	N/A	Yes
Spoofing attack	N/A	N/A	Yes	N/A	Yes

shows a comparison of security issues of related works.

4.8. Computation Cost

Table 3. Computation cost of the proposed scheme and Wazid et al.’s scheme [21].

		Wazid et al. [20]	The Proposed Scheme
Manufacturer (UAV) registration phase	Manufacturer (UAV)	N/A	$2T_{Mul}+1T_H+1T_{Cmp}$
	Trusted authority center	$1T_P+2T_H$	$2T_{Mul}+1T_H$
Player (mobile device) registration phase	Player (mobile device)	$1T_P+8T_H+6T_{Xor}$	$2T_{Mul}+1T_H+1T_{Cmp}$
	Trusted authority center	$4T_H$	$2T_{Mul}+1T_H$
Ground control station registration phase	Ground control station	N/A	$2T_{Mul}+1T_H+1T_{Cmp}$
	Trusted authority center	N/A	$2T_{Mul}+1T_H$
Player and manufacturer authentication and communication phase	Player (mobile device)	N/A	$\begin{array}{l}5T_{Mul}+4T_H+2T_{Cmp}\\ +2T_{Enc}+1T_{Sig}\end{array}$
	Manufacturer (UAV)	N/A	$\begin{array}{l}5T_{Mul}+4T_H+1T_{Cmp}\\ +2T_{Enc}+1T_{Sig}\end{array}$
Player and ground control station authentication and communication phase	Player (mobile device)	N/A	$\begin{array}{l}5T_{Mul}+4T_H+2T_{Cmp}\\ +2T_{Enc}+1T_{Sig}\end{array}$
	Ground control station	N/A	$\begin{array}{l}5T_{Mul}+4T_H+1T_{Cmp}\\ +2T_{Enc}+1T_{Sig}\end{array}$
Player, UAV, and ground control station authentication and communication phase	Player (mobile device)	$\begin{array}{l}1T_P+16T_H+3T_{Cmp}\\ +11T_{Xor}\end{array}$	$1T_{Cmp}+2T_{Enc}+2T_{Sig}$
	Manufacturer (UAV)	$7T_H+2T_{Cmp}+4T_{Xor}$	$\begin{array}{l}5T_{Mul}+4T_H+3T_{Cmp}\\ +4T_{Enc}+3T_{Sig}\end{array}$
	Ground control station	N/A	$\begin{array}{l}5T_{Mul}+4T_H+1T_{Cmp}\\ +2T_{Enc}+1T_{Sig}\end{array}$
	Trusted authority center	$8T_H+2T_{Cmp}+5T_{Xor}$	N/A
Ground control station and UAV authentication and communication phase	Ground control station	N/A	$1T_{Cmp}+2T_{Enc}+2T_{Sig}$
	Manufacturer (UAV)	N/A	$1T_{Cmp}+2T_{Enc}+2T_{Sig}$

shows the computation cost of the proposed scheme and Wazid et al.’s scheme [20].

$T_P$	: Polynomial function operation
$T_{Mul}$	: Multiplication operation
$T_H$	: Hash function operation
$T_{Cmp}$	: Comparison operation
$T_{Enc}$	: Symmetric encryption operation
$T_{Sig}$	: Signature operation
$T_{Xor}$	: Exclusive-or operation

In Table 3, computation costs of the proposed scheme and Wazid et al.’s for the trusted authority center, manufacturer (UAV), player (mobile device), and ground control station in each phase are analyzed. For the highest computation cost in the player, UAV, and ground control station authentication and communication phase, a UAV needs five multiplication operations, four hash function operations, three comparison operations, four symmetric encryption operations, and three signature operations. A player needs one comparison operation, two symmetric encryption operations, and two signature operations. A ground control station needs five multiplication operations, four hash function operations, one comparison operation, two symmetric encryption operations, and one signature operation. The computation cost is acceptable in the proposed scheme.

4.9. Communication Cost

The communication cost of the proposed scheme and Wazid et al.’s scheme [20] is shown in

Table 4. Communication cost of the proposed scheme and Wazid et al.’s scheme [21].

		Wazid et al. [20]	The Proposed Scheme
Manufacturer (UAV) registration phase	Message length	560 bits	2528 bits
	Round	1	2
	3.5G (14 Mbps)	0.040 ms	0.181 ms
	4G (100 Mbps)	0.006 ms	0.025 ms
Player (mobile device) registration phase	Message length	880 bits	2528 bits
	Round	2	2
	3.5G (14 Mbps)	0.063 ms	0.181 ms
	4G (100 Mbps)	0.009 ms	0.025 ms
Ground control station registration phase	Message length	N/A	2528 bits
	Round	N/A	2
	3.5G (14 Mbps)	N/A	0.181 ms
	4G (100 Mbps)	N/A	0.025 ms
Player and manufacturer authentication and communication phase	Message length	N/A	2816 bits
	Round	N/A	4
	3.5G (14 Mbps)	N/A	0.201 ms
	4G (100 Mbps)	N/A	0.028 ms
Player and ground control station authentication and communication phase	Message length	N/A	2816 bits
	Round	N/A	4
	3.5G (14 Mbps)	N/A	0.201 ms
	4G (100 Mbps)	N/A	0.028 ms
Player, UAV, and ground control station authentication and communication phase	Message length	1840 bits	5536 bits
	Round	3	6
	3.5G (14 Mbps)	0.131 ms	0.395 ms
	4G (100 Mbps)	0.018 ms	0.055 ms
Ground control station and UAV authentication and communication phase	Message length	N/A	2720 bits
	Round	N/A	2
	3.5G (14 Mbps)	N/A	0.194 ms
	4G (100 Mbps)	N/A	0.027 ms

.

The communication efficiency of the proposed scheme and Wazid et al.’s scheme during the transaction process of each phase was also analyzed. It was assumed that an elliptic curve modular operation required 160 bits, a hash operation required 160 bits, an AES operation required 256 bits, a signature operation required 1024 bits, and other messages, such as id, pid, and random number, required 80 bits. For example, the player, UAV and ground control station authentication and communication phase of the proposed scheme requires four elliptic curve modular messages, two hash messages, four AES messages, three signature operation messages, and six other messages. It thus requires 160 × 4 + 160 × 2 + 256 × 4 + 1024 × 3 + 80 × 6 = 5536 bits. In a 3.5G environment, the maximum transmission speed is 14 Mbps. This study also considered the player, UAV, and ground control station authentication and communication phase of the proposed scheme, which only takes 0.395 ms to transfer all messages. In a 4G environment, the maximum transmission speed is 100 Mbps and the transmission time is reduced to 0.055 ms.

Basically, Wazid et al.’s scheme provides a lightweight user authentication scheme in which a user in the IoD environment needs to access data. This appeals as it aims at providing a fast authorization mechanism. However, the integrity, non-reputation, and availability issues are excluded. However, compared to Wazid et al.’s scheme, the proposed scheme used the public key cryptography to design a UAV application field which was applied in a sensitive field such that the integrity, non-reputation and availability issues needed to be considered and should be ensured [20]. The proposed scheme is a different application field to Wazid et al.’s scheme. The players must pass necessary procedures to obtain the flight authority in a sensitive area. It needs more scenarios and overloads. As shown in Table 4, the communication cost sounds good. The proposed scheme provides a novel solution in the UAV application field.

Compared to the Wazid et al.’s scheme, the proposed scheme achieves the following advantages: firstly, the proposed scheme uses a signature mechanism, thus it can ensure data integrity and achieve non-repudiation and secondly, the proposed architecture involves the role of the ground control station to effectively grasp the UAVs’ flying status in a sensitive area. The ground control station can also confirm whether the flying UAV is authorized. Although the proposed architecture has higher computing and communication costs than the Wazid et al.’s scheme, it also achieves higher security and availability.

5. Conclusions

At present, UAVs are mainly used for small package delivery and leisure entertainment. In the future, they will have thousands of uses that could even be widely extended to agricultural, land protection surveillance, emergency relief, military reconnaissance, space exploration, and other applications. UAVs will also create new jobs, while also addressing population ageing and manpower shortages. Advanced technology can bring a better and convenient living environment for mankind, but UAVs can also be maliciously used, and even endanger national security.

In this paper, a traceable and privacy protection protocol was designed to conduct the UAVs’ application in sensitive control area. The proposed scheme creates a feasible and secure management platform in a sensitive area surveillance for UAVs’ application. For sensitive military areas, players must obtain flight approval from a ground control station before they can control the UAV in these sensitive areas. The proposed scheme achieves mutual authentication, integrity and confidentiality, anonymity and privacy, non-repudiation, availability and protection against DoS attack, while also preventing spoofing attack. This study also analyzed the computation cost and the communication cost in the proposed scheme to prove the proposed scheme is practical in the real world.