Next Article in Journal
Processing and Interpretation of UAV Magnetic Data: A Workflow Based on Improved Variational Mode Decomposition and Levenberg–Marquardt Algorithm
Next Article in Special Issue
Anonymous Mutual and Batch Authentication with Location Privacy of UAV in FANET
Previous Article in Journal / Special Issue
Topology-Based Routing Protocols and Mobility Models for Flying Ad Hoc Networks: A Contemporary Review and Future Research Directions
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Amassing the Security: An Enhanced Authentication Protocol for Drone Communications over 5G Networks

1
College of Computer Science and Engineering, Shandong University of Science and Technology, Qingdao 266590, China
2
Department of Computer Science, University of California, Davis, CA 001313, USA
3
Department of Mathematics, Chaudhary Charan Singh University, Meerut 250004, Uttar Pradesh, India
*
Author to whom correspondence should be addressed.
Drones 2022, 6(1), 10; https://doi.org/10.3390/drones6010010
Submission received: 10 December 2021 / Revised: 27 December 2021 / Accepted: 27 December 2021 / Published: 31 December 2021

Abstract

:
At present, the great progress made by the Internet of Things ( I o T ) has led to the emergence of the Internet of Drones ( I o D ). I o D is an extension of the I o T , which is used to control and manipulate drones entering the flight area. Now, the fifth-generation mobile communication technology ( 5 G ) has been introduced into the I o D ; it can transmit ultra-high-definition data, make the drones respond to ground commands faster and provide more secure data transmission in the I o D . However, because the drones communicate on the public channel, they are vulnerable to security attacks; furthermore, drones can be easily captured by attackers. Therefore, to solve the security problem of the I o D , Hussain et al. recently proposed a three-party authentication protocol in an I o D environment. The protocol is applied to the supervision of smart cities and collects real-time data about the smart city through drones. However, we find that the protocol is vulnerable to drone capture attacks, privileged insider attacks and session key disclosure attacks. Based on the security of the above protocol, we designed an improved protocol. Through informal analysis, we proved that the protocol could resist known security attacks. In addition, we used the real-oracle random model and ProVerif tool to prove the security and effectiveness of the protocol. Finally, through comparison, we conclude that the protocol is secure compared with recent protocols.

1. Introduction

In the past decade, the development of artificial intelligence [1,2,3] and network has witnessed significant advances. A network called the Internet of Things ( I o T ) has emerged, which connects physical objects to the network and realizes a comprehensive information interaction between objects and between people and objects [4,5,6,7,8]. The I o T deploys sensors in a specific network area to collect real-time information to meet various user needs. In the I o T , the data transmission mode is WiFi or Bluetooth, but the communication distance of these two transmission modes is limited. Therefore, researchers have proposed using the base station for data transmission. The fourth-generation mobile communication technology ( 4 G ) is suitable for scenarios involving a large amount of data, strong mobility and remote use areas. However, in some cases, data transmission is unstable and the speed is not too fast, which makes meeting user needs difficult. Now, a new mobile communication network, the fifth-generation mobile communication technology ( 5 G ) has appeared [9]. The application of 5 G technology to the I o T environment increases the capacity of access equipment, expands the coverage area of the signal and improves the stability of signal [10,11].
Recently, drones, which are aircraft managed by a control station, have been introduced [12,13]. The physical structure of drones includes the sensor, receiver, recorder, communication module and actuator. These devices have always been used in the military field and are now widely used in civil fields, including aerial photography, express transportation, disaster relief and power patrol inspection. These applications have been used to make people’s daily life more efficient. Due to their mobile characteristics, drones have been introduced into the I o T and form a special network called the Internet of Drones ( I o D ) [14,15,16,17]. The development of communication technology in the I o D is similar to that in the I o T . Due to the limited communication distance of WiFi or Bluetooth, the flight range of drones is significantly limited. Consequently, researchers have proposed a new communication mode, namely, network-connected drones, which uses base stations to connect and control drones. However, when 4 G is used in some specific scenarios (face recognition, high-altitude requirements, etc.), its resolution is not very clear and positioning may be inaccurate, which hinders meeting user needs. Now, some studies in recent times have combined 5 G with I o D [18,19]. The high-broadband characteristics of 5 G can transmit ultra-high-definition data and its low delay can make responding to ground commands faster, operate more accurately and provide more secure data transmission. The universal I o D architecture is shown in Figure 1. This architecture has been mentioned in many works of literature [20,21]. The I o D architecture consists of four entities: user, server, drone and control room. The user obtains real-time information captured by the drones in the flight area and the control room formulates the flight mission of the drones and controls the flight area and flight altitude. Each drone is deployed in different flight areas, using built-in sensors to detect the physical phenomena of the target, or built-in cameras to capture the target video. When users want to obtain the information captured by drones in a certain area, they send a data request to the servers. The servers find the drones in the corresponding area and ask to upload the captured information, then transmit the data through 5 G technology to meet user needs.
However, in the I o D environment, because drones communicate on the public channel, they may be attacked by attackers, such as replay attacks [22], impersonation attacks [20,21], or man-in-the-middle attacks [21,23]. Moreover, the real-time sensitive data in transmission need to be kept confidential [24,25]. Drones flying in a certain area are also susceptible to being captured by attackers and the secret values stored in the memory would also be exposed [23,26]. Therefore, these problems make it necessary to design security protocols to ensure normal communication. Due to the relatively weak computing and storage capabilities of drones, the designed protocol should also meet the lightweight requirements. Recently, Hussain et al. [21] proposed a three-party authentication protocol in an I o D environment. Because the computing power of drones is relatively weak, the protocol is lightweight and conforms to the scenario of using the drone. The protocol is applied to the supervision of the smart city, users who want to obtain real-time data about smart cities collected by drones can only transmit data after both parties have been authenticated. However, we find that Hussain et al.’s protocol is vulnerable to drone capture attacks and privileged insider attacks. The attacker can also impersonate the user by obtaining the information in the server memory to complete a session. Based on the security problems of Hussain et al.’s protocol, it is necessary to design an enhanced protocol to ensure communication security. To solve these security problems, we improved Hussain et al.’s protocol by proposing an enhanced authentication protocol. Based on the relatively weak computing power of drones, the protocol uses only lightweight primitives. Through informal analysis, we proved that the protocol can resist known security attacks. In addition, we used the real-oracle random (ROR) model and ProVerif tool to prove the security and effectiveness of the protocol. Finally, by comparing the proposed protocol with other available protocols, we show that the effectiveness of the proposed protocol.
The rest of this paper is structured as follows: In Section 2, we review the recent research results on the drone communication authentication protocol. In Section 3, we briefly describe the protocol of Hussain et al. [21] and we point out their security problems. We show the specifics of the proposed protocol in Section 4. In Section 5, we use the ROR model, ProVerif tool and informal security analysis to prove the security and effectiveness of the proposed protocol. In Section 6, we compare the proposed protocol with recent protocols and conclude that our protocol is better in terms of security. Finally, we present our conclusions in Section 7.

2. Related Work

A variety of studies have focused on designing authentication and key agreement (AKA) protocols for I o T . In 2014, Turkanovic et al. [27] designed an authentication protocol to ensure secure communication in the I o T environment. The protocol has a low computational cost and only uses lightweight primitives. However, in 2016, Farash et al. [28] pointed out that Turkanovic et al.’s protocol [27] could not provide anonymity of users and sensors and could not resist session key disclosure attacks, stolen smart card attacks and sensor node impersonation attacks. This showed that Turkanovic et al.’s protocol [27] was unsafe, which was contrary to their statement of security at that time. At the same time, Farash et al. [28] proposed an enhanced protocol based on Turkanovic et al.’s [27] and claimed that the protocol was secure. However, Amin et al. [29] showed that the protocol of Farash et al. [28] was vulnerable to off-line password guessing attacks, user impersonation attacks and temporary information disclosure attacks. Amin et al. [29] proposed a three-factor authentication protocol, which could realize anonymous protection. Later, research on the combination of I o T and 5 G was mentioned in the literature [30,31,32]. In 2019, Lee et al. [30] designed a cross-layer protocol based on the physical layer and cryptography authentication. In the same year, Jangirala et al. [31] proposed an authentication protocol based on blockchain. The protocol uses radio frequency identification (RFID) technology and bit rotation operation to realize the security authentication of the I o T environment. In 2020, Minahil et al. [32] designed an authentication protocol for I o T applications. The protocol uses the hash function and elliptic curve encryption (ECC) point addition operation to realize mutual authentication between users and servers.
Recently, research on the I o D has been widely conducted [33,34,35]. All the architectures proposed in the above literature are for users to communicate with drones, but other architectures of drones may need to be discussed in real life, such as the combination and communication between drones and external smart devices in the I o T environment [36,37]. Then, researchers designed an AKA protocol for I o D . Bera et al. [38] designed a blockchain-based control protocol that not only uses the hash function but also uses expensive operation primitives, such as ECC and digital signature. Tian et al. [39] designed an AKA based on privacy protection that uses expensive digital signature and modular multiplication. In addition, Li et al. [40] proposed a secure authentication mechanism based on ECC and claimed to be lightweight, but the mechanism encrypts messages through a public key infrastructure (PKI) mechanism, which is cost-intensive. Ever et al. [20] designed a security protocol, which realizes the mutual authentication between users and drones. The protocol [20] uses bilinear pairing and ECC, which has a large computational cost. Moreover, the protocol [20] cannot provide user anonymity and untraceability and cannot resist drone capture attacks. Hussain et al. [21] designed a protocol for smart cities using drones. The protocol [21] uses symmetric encryption operation and cannot resist privileged insider attacks, impersonation attacks and drone capture attacks. The protocols mentioned above have high costs and make it difficult to meet the needs of lightweight computing primitives for drones due to their weak computing power.
Subsequently, researchers began to design AKA protocols for the I o D from a lightweight perspective. In 2019, Srinivas et al. [23] designed an AKA based on temporal credentials and claimed that the protocol [23] could resist known attacks. However, Ali et al. [41] found that Srinivas et al.’s protocol [23] could not provide user anonymity and could not resist mutual authentication, stolen verification attacks. In the same year, Wizard et al. [20] designed a protocol based on anonymity, but the protocol [20] could not achieve mutual authentication and was vulnerable to privileged insider attacks and impersonation attacks. In 2020, Chen et al. [22] proposed a privacy protection authentication protocol for drone communication, but the protocol [22] could not resist temporary information disclosure and replay attacks. In 2020, Zhang et al. [42] proposed a key agreement protocol, which is lightweight and suitable for the I o D environment. However, the protocol [42] could not resist the stolen smart card attacks nor provide untraceability.
In recent years, 5 G technology has been introduced into the I o D to improve the clarity and security of data transmission. In 2020, Abdel et al. [43] proposed an authentication inspired by the second factor, which triggers the second factor for authentication. In 2021, Abdel et al. [18] designed a signature-based authentication in a 5 G network. In the same year, Alladi et al. [19] designed an AKA protocol, also known as Drone-MAP. The authentication protocol [19] was based on a 5 G network and uses a physical unclonable function (PUF) to realize mutual authentication between the drone and 5 G base station. Some important related works are summarized in Table 1.

3. Security Analysis of Hussain et al.’s Protocol

3.1. Review of Hussain et al.’s Protocol

In this section, we briefly review the protocol of Hussain et al. [21]. The protocol consists of three entities: user ( U i ), drone ( D j ) and server (S). The protocol has three phases: predeployment phase, user registration phase and login authentication phase. The symbols used in this protocol are shown in Table 2.

3.1.1. Predeployment Phase

S selects an identity I D j for all drones D j before deployment, computes the value N j = h ( I D j K s ) , then saves { I D j , N j } to the memory of drones D j and, finally, saves the I D j to its own memory.

3.1.2. User Registration Phase

(1)
First, user U i selects its identity I D i and then sends the identity I D i to S through the secure channel.
(2)
After receiving I D i , S selects the random number n, computes R I D i = E K s ( I D i n ) and N i = h ( I D i n K s ) and then saves the identity I D i to its database. Finally, S generates the random number M and sends message { R I D i , N i , I D j , M } to U i .
(3)
After receiving the message { R I D i , N i , I D j , M } sent by S, U i selects the password P S W i , biometric B I O i and the random number r i , then computes G e n ( B I O i ) = ( σ i , τ i ) , R I D i = R I D i ( P S W i σ i ) , I D j = I D j ( I D i P S W i σ i ) , N i = N i ( I D i σ i ) , R P W i = ( P S W i r i ) , M = M ( I D i P S W i σ i ) , R i = r i ( P S W i I D i σ i ) and P i = ( M R I D i R P W i σ i ) . Finally, U i stores { R I D i , I D j , N i , M , R i , P i , τ i , G e n ( ) , R e p ( ) , h ( ) } in mobile device M D i .

3.1.3. Login and Authentication Phase

(1)
First, U i enters the identity I D i , password P S W i and biometric B I O i into M D i and M D i computes σ i = R e p ( B I O i , τ i ) , R I D i = R I D i ( P S W i σ i ) , I D j = I D j ( I D i P S W i σ i ) , N i = N i ( I D i σ i ) , r i = R i ( P S W i I D i σ i ) , R P W i = ( P S W i r i ) , M = M ( I D i P S W i σ i ) , P i = ( M R I D i R P W i σ i ) . Then, M D i compares P i = ? P i . If equal, it means that U i successfully logs in to M D i . Otherwise, the login fails. After a successful login, M D i selects a random number r 1 and timestamp T 1 , then computes A 1 = R I D i , A 2 = I D j h ( N i I D i T 1 ) , A 3 = h ( I D s N i T 1 ) r 1 and A 4 = h ( I D i I D s I D j N i r 1 T 1 ) . Finally, U i sends the authentication request M 1 = { A 1 , A 2 , A 3 , A 4 , T 1 } to S.
(2)
After receiving the authentication request M 1 from U i , S first verifies the freshness of the timestamp T 1 . If the time has been exceeded, the authentication is terminated. Otherwise, S computes ( I D i n ) = D K s ( A 1 ) to verify whether I D i is registered. If it is registered, S computes N i = h ( I D i n K s ) , I D j = A 2 h ( N i I D i T 1 ) , r 1 = h ( I D s N i T 1 ) A 3 and A 4 = h ( I D i I D s I D j N i r 1 T 1 ) . Then, S compares A 4 = ? A 4 . If not equal, it means that U i is illegal. Otherwise, S selects the random numbers r 2 , r i n e w and timestamp T 2 and computes N j = h ( I D j K s ) , A 5 = h ( N j I D j ) h ( I D j r 1 r 2 ) , A 6 = h ( N j T 2 ) I D i , A 7 = h ( N j I D j h ( I D s r 1 r 2 ) T 2 ) and A 8 = E K s ( I D i r i n e w ) h ( N i I D i R I D i ) . Finally, S sends the message M 2 = { A 5 , A 6 , A 7 , A 8 , T 2 } to drone D j .
(3)
After receiving the message M 2 , D j first verifies the freshness of T 2 . If the time has not been exceeded, it computes I D i = h ( N j T 2 ) A 6 , A 9 = h ( I D j N j ) A 5 , A 10 = h ( N j I D j A 9 T 2 ) . Then, D j compares A 10 = ? A 7 . If not equal, it means that S is illegal. Otherwise, D j selects the random number r 3 and timestamp T 3 and computes A 11 = h ( I D j I D i T 3 ) r 3 , S K = h ( A 9 r 3 I D i I D j ) , A 12 = h ( I D i I D j r 3 ) A 9 and A 13 = h ( S K T 3 ) . Finally, D j sends the message M 3 = { A 11 , A 12 , A 13 , A 8 , T 3 } to U i .
(4)
After receiving the message M 3 , U i first verifies the freshness of T 3 . If the time has not been exceeded, it computes r 3 = h ( I D j I D i T 3 ) A 11 , A 9 = h ( I D i I D j r 3 ) A 12 , S K = h ( A 9 r 3 I D i I D j ) and A 14 = h ( S K T 3 ) . Then, U i compares A 14 = ? A 13 . If not equal, it means that D j is illegal and the authentication is terminated. Otherwise, the authentication is successful. Finally, U i updates R I D i ¯ = A 8 h ( N i I D i R I D i ) and R I D i = R I D i ¯ .

3.2. Cryptanalysis of Hussain et al.’s Protocol

In this part, we point out that the protocol of Hussain et al. [21] is vulnerable to drone capture attacks, session key disclosure attacks and drone impersonation attacks.

3.2.1. Adversary Model

We briefly describe the capabilities of the adversary (A) and use the DY model according to the literature [44,45,46]. The capabilities are described in detail as follows:
(1)
A can intercept, modify and eavesdrop messages transmitted on public channels.
(2)
A can obtain information stored in the server.
(3)
A can extract the private value in the memory of the captured drones.

3.2.2. Drone Capture Attacks

We assume that A can capture drones D j and obtain the value { I D j , N j } stored in the memory of D j . A can compute the session key S K through the following steps:
(1)
A first intercepts { A 5 , A 6 , T 2 } in M 2 and { A 11 , T 3 } in M 3 transmitted by the common channel.
(2)
A can compute I D i , A 9 and r 3 through I D i = h ( N j T 2 ) A 6 , A 9 = h ( I D j N j ) A 5 and r 3 = h ( I D j I D i T 3 ) A 11 .
(3)
A can successfully compute S K = h ( A 9 r 3 I D i I D j ) .
Therefore, the protocol of Hussain et al. [21] cannot resist drone capture attacks.

3.2.3. Privileged Insider Attacks

We assume that A obtains K s stored in the server. Based on this attack, there are two security vulnerabilities.
A. Session Key Disclosure Attacks
(1)
A first intercepts { A 2 , A 5 , A 11 , T 1 , T 2 } transmitted by the common channel.
(2)
A can obtain I D i and n by computing ( I D i n ) = D K s ( A 1 ) with the value of K s . Then, A can compute N j = h ( I D j K s ) , I D j = A 2 h ( N i I D i T 1 ) , A 9 = h ( I D j N j ) A 5 and r 3 = h ( I D j I D i T 3 ) A 11 .
(3)
A can successfully compute S K = h ( A 9 r 3 I D i I D j ) .
Therefore, the protocol of Hussain et al. [21] cannot resist session key disclosure attacks.
B. Drone Impersonation Attacks
Similar to the session key disclosure attacks mentioned above, this attack is also based on privileged insider attacks. A can obtain { I D i , I D j , N j , A 9 , A 8 } .
(1)
After receiving the message M 2 sent by S, A selects the random number r 3 * and timestamp T 3 * and computes A 11 * = h ( I D j I D i T 3 * ) r 3 * , S K = h ( A 9 r 3 * I D i I D j ) , A 12 * = h ( I D i I D j r 3 * ) A 9 and A 13 * = h ( S K T 3 * ) . Finally, D j sends the message M 3 * = { A 11 * , A 12 * , A 13 * , A 8 , T 3 * } to U i .
(2)
After receiving the message M 3 * , U i first verifies the freshness of T 3 * and computes r 3 * = h ( I D j I D i T 3 * ) A 11 * , A 12 * = h ( I D i I D j r 3 * ) A 12 * , S K = h ( A 9 r 3 * I D i I D j ) and A 14 * = h ( S K T 3 * ) . U i compares A 14 * = ? A 13 * . Then, U i successfully authenticates A and establishes session key S K . Finally, U i updates R I D i ¯ = A 8 h ( N i I D i R I D i ) and R I D i = R I D i ¯ .
Therefore, A can impersonate a legitimate D j to complete authentication with U i ; the protocol of Hussain et al. [21] cannot resist drone impersonation attacks.

4. The Proposed Protocol

To improve the security of Hussain et al.’s protocol [21], we propose an improved protocol based on the architecture shown in Figure 1. The protocol consists of three entities: U i , D j and S. The protocol has three phases: drone registration phase, user registration phase and login authentication phase.

4.1. Drone Registration Phase

D j registers with S. The registration phase is shown in Figure 2. The registration steps are as follows.
(1)
First, drone D j selects its identity I D j and then sends the identity I D j to S through the secure channel.
(2)
After receiving I D j , S selects the random number k j , computes N j = h ( I D j k j K s ) and then saves { I D j , k j } to its database. Finally, S sends message { N j } to D j .
(3)
After receiving the message { N j } sent by S, D j stores { N j } in its database.

4.2. User Registration Phase

U i registers with S. The registration phase is shown in Figure 3. The registration steps are as follows.
(1)
First, user U i selects I D i , P S W i , B I O i , r and computes G e n ( B I O i ) = ( σ i , τ i ) . Then, U i sends identity I D i to S through the secure channel.
(2)
After receiving I D i , S selects the random number k i and T I D i , computes R P W i = ( P S W i r ) , R I D i = h ( I D i k i ) , N i = h ( R I D i k i K s ) and R I D i * = R I D i h ( k i K s ) and then saves the identity { T I D i , R I D i * , k j } to its database. Finally, S sends message { R I D i , N j , I D j , T I D i } to U i .
(3)
After receiving the message { R I D i , N i , I D j , T I D i } sent by S, U i computes R I D i = R I D i ( I D i σ i ) , N i = N i ( P S W i σ i ) , I D j = I D j ( I D i P S W i r ) and P i = ( I D i R P W i σ i ) . Finally, U i stores { R I D i , I D j , N i , r , P i , T I D i , τ i , G e n ( ) , R e p ( ) , h ( ) } in mobile device M D i .

4.3. Login and Authentication Phase

In the login and authentication phase, U i and D j achieve mutual authentication and establish session key S K with the help of S. The login and authentication phase is shown in Figure 4 and the steps are as follows:
(1)
First, U i enters identity I D i , password P S W i and biometric B I O i into M D i and M D i computes σ i = R e p ( B I O i , τ i ) , R P W i = ( P S W i r ) and P i * = ( I D i R P W i σ i ) . Then, M D i compares P i = ? P i . If they are equal, it means that U i successfully logs in to M D i . Otherwise, the login fails. After a successful login, M D i computes R I D i = R I D i ( P S W i σ i ) , I D j = I D j ( I D i P S W i r ) and N i = N i ( P S W i σ i ) . Then, M D i selects the random number r 1 and timestamp T 1 and computes A 1 = h ( R I D i T 1 ) r 1 , A 2 = I D j h ( N i R I D i T 1 ) and V 1 = h ( R I D i I D j r 1 T 1 ) . Finally, U i sends the authentication request M 1 = { A 1 , A 2 , V 1 , T I D i , T 1 } to S.
(2)
After receiving the authentication request M 1 from U i , S first verifies the freshness of the timestamp T 1 . If the time has been exceeded, the authentication is terminated. Otherwise, S searches { R I D i * , k j } according to T I D i and computes R I D i = R I D i * h ( k i K s ) , N i = h ( R I D i k i K s ) , r 1 = h ( R I D i T 1 ) A 1 , I D j = A 2 h ( N i R I D i T 1 ) and V 1 = h ( R I D i I D j r i T 1 ) . Subsequently, S compares V 1 = ? V 1 . If they are not equal, it means that U i is illegal. Otherwise, S selects the random number r 2 and timestamp T 2 and computes N j = h ( I D j k j K s ) , A 3 = r 2 h ( I D j N j ) , A 4 = R I D i h ( I D j N j T 2 ) and V 2 = h ( I D j N j r 2 T 2 ) . Finally, S sends the message M 2 = { A 1 , A 3 , A 4 , V 2 , T 1 , T 2 } to drone D j .
(3)
After receiving the message M 2 , D j first verifies the freshness of T 2 . If the time has not been exceeded, it computes R I D i = h ( I D j N j T 2 ) A 4 , r 2 = h ( I D j N j ) A 3 and V 2 = h ( I D j N j r 2 T 2 ) . Then, D j compares V 2 = ? V 2 . If they are not equal, it means that S is illegal. Otherwise, D j selects the random number r 3 and timestamp T 3 and computes r 1 = h ( R I D i T 1 ) A 1 , S K = h ( R I D i I D j r 1 r 2 r 3 ) , A 5 = h ( R I D i T 3 ) r 3 , A 6 = h ( I D j T 3 ) r 2 and V 3 = h ( S K I D j R I D i r 1 r 3 ) . Finally, D j sends the message M 3 = { A 5 , A 6 , V 3 , T 3 } to U i .
(4)
After receiving the message M 3 , U i first verifies the freshness of T 3 . If the time has not been exceeded, it computes r 3 = h ( R I D i T 3 ) A 5 , r 2 = h ( I D j T 3 ) A 6 , S K = h ( R I D i I D j r 1 r 2 r 3 ) and V 3 = h ( S K I D j R I D i r 1 r 3 ) . Then, U i compares V 3 = ? V 3 . If they are not equal, it means that D j is illegal and the authentication is terminated. Otherwise, the authentication is successful.

5. Security Analysis

5.1. Formal Security Analysis

In this part, we show how we used the ROR model to analyze the security of the proposed protocol. The ROR model was proposed by Canetti et al. [47,48]. The ROR model was used to judge the security of the protocol by obtaining the probability of successfully cracking the session key S K through different game rounds.

5.1.1. ROR Model

The protocol consists of three entities: U i , D j and S. In the ROR model, Π U i x , Π D j y and Π S z represent the x-th instance of U i , the y-th instance of D j and the z-th instance of S, respectively. Let us suppose that A has the following query capabilities: Q = { Π U i x , Π D j y , Π S z } .
(1)
E x e c u t e ( Q ) : By executing this query, A can intercept messages transmitted among U i , D j and S on the common channel.
(2)
S e n d ( Q , M ) : By executing this query, A can send message M to Q and receive a response from Q.
(3)
H a s h ( s t r i n g ) : Through executing this query, A can enter a string and return its hash value.
(4)
C o r r u p t ( Q ) : By executing this query, A can obtain a party’s private value, such as long-term key, parameters stored in a smart card, or temporary information.
(5)
T e s t ( Q ) : By executing this query, A flips a coin C. If C = 1, A can obtain the correct S K . If C = 0, A can obtain any string of the same length as S K .

5.1.2. ROR Proof

Theorem 1.
In the ROR model, assuming that A can execute the above five queries, the probability that A can break the proposed protocol P in polynomial time is a d v A P ( ξ ) q s e n d / 2 l 2 + 3 q h a s h 2 / 2 l 1 + 2 m a x { C · q s e n d s , q s e n d / 2 l } , where q s e n d refers to the number of queries executed; q h a s h refers to the number of times hash queries executed; l refers to the bit length of biological information; and C and s refer to two constants.
Proof. 
Our proof consists of seven game rounds, from G M 0 to G M 6 . S u c c A G M i ( ξ ) represents the probability that A can win in seven rounds of the game.
G M 0 : G M 0 is the first round of the game and does not start any query operation. This round of the game begins by flipping a coin C. Therefore, we can obtain the probability that A can successfully break P as
A d v A P = | 2 P r [ S u c c A G M 0 ] 1 | .
G M 1 : G M 1 has one more E x e c u t e ( Q ) operation than G M 0 and A intercepts only the message { M 1 , M 2 , M 3 } transmitted on the common channel in G M 1 . Since the values of I D j , r 1 , r 2 , r 3 and R I D i are unknown, A cannot compute the S K through the t e s t ( Q ) query. Therefore, the probability of G M 1 is equal to that of G M 0 .
P r [ S u c c A G M 1 ] = P r [ S u c c A G M 0 ] .
G M 2 : G M 2 has one more S e n d ( Q ) operation than G M 1 . According to Zipf’s law [49], we can obtain the probability of G M 2 as
| P r [ S u c c A G M 2 ( ξ ) ] P r [ S u c c A G M 1 ( ξ ) ] | q s e n d / 2 l .
G M 3 : G M 3 has one more H a s h ( Q ) operation than G M 2 . According to the birthday paradox, we can obtain the probability of G M 3 as
| P r [ S u c c A G M 3 ( ξ ) ] P r [ S u c c A G M 2 ( ξ ) ] | q h a s h 2 / 2 l + 1 .
G M 4 : In this round, the ROR model analyzes two events to prove the security of the protocol. One is to obtain the long-term key K S of S to prove that the protocol can provide perfect forward security and the other is to obtain the temporary information of an entity to prove that the protocol can resist the known session-specific temporary information disclose attacks.
(1)
Perfect forward security: A uses Π S Z to obtain the long-term key K S of S or uses Π U i x and Π D j y to obtain the private value used in the registration phase.
(2)
Known session-specific temporary information disclose attacks: A uses Π U i x , Π D j y and Π S z to obtain random numbers of three parties.
For the previous event, even if A obtains the long-term key K S of S or the private value used by both in the registration phase, the values of { r 1 , r 2 , r 3 , R I D i , I D j } cannot be computed and A cannot compute the value of S K , where S K = h ( R I D i I D j r 1 r 2 r 3 ) . For the latter event, even if A can obtain r 1 , the values of { r 2 , r 3 , R I D i , I D j } are confidential; thus, S K cannot be computed. Similarly, even if A can obtain r 2 or r 3 , the value of S K cannot be computed. We can obtain the probability of G M 4 as follows:
| P r [ S u c c A G M 4 ( ξ ) ] P r [ S u c c A G M 3 ( ξ ) ] | q s e n d / 2 l + q h a s h 2 / 2 l + 1 .
G M 5 : In G M 5 , A uses C o r r u p t ( Q ) to query the parameters { R I D i , I D j , N i , M , R i , P i , τ i } , which proves that the protocol can resist offline password guessing attacks. U i registers with S using password P S W i and biometric B I O i . A wants to guess P i = ( M R I D i R P W i σ i ) , but I D i and R P W i are confidential. The probability of A guessing l bits of biological information is 1 / 2 l . According to Zipf’s law [49], when q s e n d 10 6 , the probability that A can guess the password is greater than 0.5. Therefore, we can obtain the probability of G M 5 as
| P r [ S u c c A G M 5 ( ξ ) ] P r [ S u c c A G M 4 ( ξ ) ] | m a x { C · q s e n d s , q s e n d / 2 l }
G M 6 : G M 6 is to verify whether protocol P can resist impersonation attacks. A uses h ( R I D i I D j r 1 r 2 r 3 ) to query and the game is terminated. Therefore, we can obtain the probability of G M 6 as
| P r [ S u c c A G M 6 ( ξ ) ] P r [ S u c c A G M 5 ( ξ ) ] | q h a s h 2 / 2 l + 1 .
Because, in G M 6 , the probability of success and failure is 1 / 2 , the probability that A can guess S K is
P r [ S u c c A G M 6 ( ξ ) ] = 1 / 2 .
According to the above formula, we can obtain
1 / 2 A d v A P ( ξ ) = | P r [ S u c c A G M 0 ( ξ ) ] 1 / 2 | = | P r [ S u c c A G M 0 ( ξ ) ] P r [ S u c c A G M 6 ( ξ ) ] | = | P r [ S u c c A G M 1 ( ξ ) ] P r [ S u c c A G M 6 ( ξ ) ] | i = 0 5 | P r [ S u c c A G M i + 1 ( ξ ) ] P r [ S u c c A G M i ( ξ ) ] | = q s e n d / 2 l 1 + 3 q h a s h 2 / 2 l + m a x { C · q s e n d s , q s e n d / 2 l }
Therefore, we can obtain
A d v A P ( ξ ) q s e n d / 2 l 2 + 3 q h a s h 2 / 2 l 1 + 2 m a x { C · q s e n d s , q s e n d / 2 l } .

5.2. ProVerif

We used the formal tool ProVerif to verify the validity of the proposed protocol by modeling, writing code and performing calculations [50,51].
The definition of ProVerif is shown in Figure 5. Here, sch and ch are used to represent the secure channel and common channel, respectively. The parameters and functions of the protocol can be seen from the figure. The functions include h(), mult(), con(), xor(), Gen() and Rep(), which represent hash operations, scalar multiplication, concatenation, XOR, generator and reduction operations, respectively. Figure 6 shows the query operations and events. Here, S K i and S K j represent the session keys of U i and D j , respectively. “Query attacker” was used to verify whether A could compute S K by intercepting the information on the common channel through query operations. ProVerif contains five events: UserStarted(), UserAuthed(), ServerAcUser(), DroneAcServer() and UserAcDrone().
Figure 7 shows the process of U i , D j and S. D j ’s process is similar to U i ’s process, so we take the U i ’s process as an example. Here, “out(sch,(IDi))” is a registration process initiated by U i to S in the registration phase and “in(sch,(xRIDi:bitstring,xNi:bitstring,xIDj:bitstring,xTIDi:bitstring))” is to simulate U i to receive the message sent by S in the registration phase. At this time, the registration phase ends. “!()” is U i ’s authentication process in the login authentication phase, which means that this phase can occur multiple times, while the registration phase can only occur once. “out(ch,(A1,A2,xTIDi,T1))” means that U i sends a login request to S. “in(ch,(xA5:bitstring,xA6:bitstring,xV3:bitstring,xT3:bitstring))” refers to the U i who receives the authentication message returned by S. As for S’s process, it is mainly composed of the “UserReg” U i registration process, “DroneReg” D j registration process and “ServerAuth” S authentication process. “UserReg” is the registration process of S in the U i registration phase, “DroneReg” is the registration process of S in the D j registration phase, “ServerAuth” is the authentication process adopted by S in the login and authentication phase.
The results of ProVerif are presented in Figure 8. We can see that “Query not attacker (SKi[]) is true”, “Query not attacker (SKj[]) is true”, “Query inj-event (UserStarted) = = > inj-event (UserAuthed) is true”, “Query inj-event(SeverAcUser) = = > inj-event(DroneAcServer) is true” and “Query inj-event(DroneAcServer) = = > inj-event (UserAcDrone) is true”. Therefore, it can be concluded that A cannot compute the S K of U i and drone D j .

5.3. Informal Security Analysis

5.3.1. Mutual Authentication

In this protocol, U i and D j realize mutual authentication with the help of S. V 1 in message M 1 is the authentication value for S authenticating U i , V 2 in message M 2 is the authentication value for D j authenticating S and V 3 in message M 3 is the authentication value for D j authenticating U i . Therefore, the proposed protocol realizes the mutual authentication between U i and D j .

5.3.2. Replay Attacks

Our proposed protocol uses timestamps T 1 , T 2 , T 3 . When U i , D j , or S receive the message, it first verifies the freshness of the timestamp. If the timestamp is valid, the session process continues. When A replays to a message transmitted from the common channel, the timestamp becomes invalid and the session process is terminated when an entity is verifying the timestamp. Thus, the proposed protocol can resist replay attacks.

5.3.3. Privileged Insider Attacks

If A can obtain the long-term key K s of S, because { T I D i , R I D i * , k j } and { I D j , k j } stored in S are unknown, { R I D i , I D i , r 1 , r 2 , r 3 } cannot be computed and A cannot compute S K , where S K = h ( R I D i I D j r 1 r 2 r 3 ) . If A can obtain the parameter { T I D i , R I D i * , k j } and { I D j , k j } stored in S, A can intercept message M 1 from the public channel, obtain T I D i and then index it to R I D i * , but the long-term key K s of S is unknown, so { R I D i , I D i , r 1 , r 2 , r 3 } cannot be computed. Thus, the proposed protocol can resist privileged insider attacks.

5.3.4. Drone Capture attacks

If A can obtain the parameter { N j } stored in the drone’s memory, the R I D i cannot be computed because A does not know the identity I D j of the D j , where R I D i = h ( I D j N j T 2 ) A 4 . Furthermore, A cannot compute { r 1 , r 2 , r 3 } and S K . Thus, the proposed protocol can resist drone capture attacks.

5.3.5. Man-in-the-Middle Attacks

Let us suppose that A can intercept message M 1 = { A 1 , A 2 , V 1 , T I D i , T 1 } transmitted on the public channel between U i and S. As A cannot obtain the information { R I D i , I D j , r } in the smart card and { I D i , P S W i , B I O i } of U i , A cannot calculate the values { R I D i , I D j , r 1 } required for V 1 , where V 1 = h ( R I D i I D j r 1 T 1 ) . Therefore, after A tampers with M 1 , it cannot pass the authentication of S. Similarly, because the privacy value is unknown, A cannot compute the value V 2 , V 3 or V 4 and cannot complete the verification after intercepting the information M 2 , M 3 or M 4 . Therefore, the proposed protocol can resist man-in-the-middle attacks.

5.3.6. User Anonymity and Untraceability

The identities of U i and D j are not directly transmitted on the public channel and their identities cannot be computed. If A wants to track U i or D j , A intercepts the message { M 1 , M 2 , M 3 , M 4 } transmitted on the common channel, but the messages are variable during each session because random numbers { r 1 , r 2 , r 3 } are used. A cannot track the U i or D j . Therefore, the proposed protocol can provide user anonymity and untraceability.

6. Security and Performance Comparisons

In this section, we compare our protocol with those of Hussain et al. [21], Ever et al. [26], Wazid et al. [20] and Srinivas et al. [23] in terms of security, computational costs and communication costs.

6.1. Security Comparisons

In security comparison, ✓ indicates that the protocol can resist known attacks and × indicates that the protocol cannot resist attacks. The results of the security comparison are shown in Table 3. Here, in 2020, Ali et al. [41] found that the protocol of Srinivas et al. [23] could not provide anonymity and untraceability and was vulnerable to drone capture attacks. In the same year, Hussain et al. [21] pointed out that the protocol of Wazid et al. [20] could not realize mutual authentication and was vulnerable to privileged insider attacks and impersonation attacks. Deebak et al. [52] found that the protocol of Ever et al. [26] could not provide anonymity and untraceability and was vulnerable to drone capture attacks. We point out that the protocol of Hussain et al. [21] is vulnerable to drone capture attacks, privileged insider attacks and drone impersonation attacks in Section 3. So, we can see that proposed protocol can resist known attacks and has better security.

6.2. Performance Comparison

We compare the protocol with other related papers in terms of computational costs and communication costs. The computational costs includes the costs required to perform various operations during the login authentication process, because the computational costs of XOR and join operations are small enough to be ignored. Here, we performed a simulation experiment to evaluate the approximate computational time of the protocols. In the simulation experiment, we used Redmi note 9 Pro equipped with Android system, Qualcomm Snapdragon 750 processor and 8 G running memory to simulate users, using a Lenovo Desktop computer with Windows 10, Intel(R) Core(TM) i5-9500 CPU @ 3.00 GHz Processor and 8 G RAM to simulate servers. Since we had no suitable equipment to simulate drones, we used the results of Hussain et al. [21] in the simulation experiment as the computational time of drones. The experimental results are shown in Table 4. According to the experimental results, the fuzzy extraction function took the same time as the hash function, so we used the fuzzy extraction function as the hash function. The comparison of computational costs is shown in Table 5. We can see that the protocol of Srinivas et al. [23] and Wizard et al. [20] only use fuzzy extraction and hash operations. The computational costs of the proposed protocol is slightly higher than those of the above two protocols. The protocol of Ever et al. [26] uses elliptic curve scalar multiplication operation, bilinear pairing operation and hash operation. The protocol of Hussain et al. [21] uses symmetric encryption operation, fuzzy extraction operation and hash operation. Therefore, the computational costs of the protocol of Ever et al. [26] and Hussain et al. [21] are higher than those of other protocols.
In terms of communication costs, we compared the cost used to transmit messages on the common channel in the login authentication phase. Here, we assumed that the cost of transmitting the timestamp was 32 bits, the cost of transmitting identity and the random number was 160 bits, the cost of transmitting hash function was 256 bits and the cost of transmitting ECC points was 32 bits. Therefore, based on the above assumptions, we computed the communication cost of our protocol as an example. The computational methods of other protocols were similar. Our protocol transmitted three rounds of messages on the common channel, namely, M 1 = { A 1 , A 2 , V 1 , T I D i , T 1 } , M 2 = { A 1 , A 3 , A 4 , V 2 , T 1 , T 2 } and M 3 = { A 5 , A 6 , V 3 , T 3 } . Among them, { V 1 , V 2 , V 3 } belonged to a hash value, { T 1 , T 2 , T 3 } belonged to the timestamp and { A 1 , A 2 , T I D i , A 3 , A 4 , A 5 , A 6 } belonged to a random number. Therefore, the communication cost of our protocol was 2176 bits. Similarly, the communication costs of Srinivas et al. [23], Ever et al. [26], Wazid et al. [20] and Hussain et al. [21] were 1536 bits, 1696 bits, 5344 bits and 2061 bits, respectively. The comparison results of communication costs are shown in Table 6 and Figure 9 can more clearly describe the comparison results. It can be seen that the communication cost of the proposed protocol was much lower than that of the protocol of Ever et al. [26].
According to the above comparison, it is clear that, in terms of security, our protocol can resist known attacks, whereas other protocols cannot resist known attacks. So, our protocol has better security than other protocols. In terms of computational costs, the proposed protocol is more expensive than the protocols of Srinivas et al. [23] and Wazid et al. [20] and has a lower computation cost than the protocols of Ever et al. [26] and Hussain et al. [21]. In terms of communication costs, although the proposed protocol is more expensive than the protocols of Srinivas et al. [23], Wazid et al. [20] and Hussain et al. [21], it has a much lower cost than the protocol of Ever et al. [26].

7. Conclusions

This paper first summarizes the importance and combination of I o D and 5 G , reviews the recent AKA protocol in I o D and briefly reviews the protocol of Hussain et al. [21], pointing out that Hussain et al.’s protocol [21] is vulnerable to drone capture attacks, privileged insider attacks and session key disclosure attacks. To solve the security problems faced by the protocol of Hussain et al. [21], we propose an improved protocol. Through an informal analysis, we show that the proposed that protocol could resist known security attacks. In addition, the security and effectiveness of the protocol are demonstrated through a formal security analysis. Finally, through a comparison, we conclude that the protocol is secure compared with recent protocols. The rapid development of 5 G makes the emergence of 6th generation mobile communication technology ( 6 G ) an inevitable trend and the subject of introducing 6 G into I o D has a great research value in the future. In addition, researchers may combine drones with external smart devices to meet some specific needs. In future research work, it would also be necessary to design a secure authentication protocol for other architectures of drones. Therefore, the secure communication of I o D under different architectures is worthy of in-depth study by scholars.

Author Contributions

Conceptualization, S.K. and C.C.; methodology, T.W. and X.G.; software, Y.C.; formal analysis, X.G. and S.K.; investigation, Y.C. and C.C.; writing—original draft preparation, T.W. and X.G. All authors have read and agreed to the published version of the manuscript.

Funding

This research study received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

Data are contained within the article.

Conflicts of Interest

The authors declare no conflict of interest.

Abbreviations

IoT–Internet of Things; IoD–Internet of Drones; 5G–fifth-generation mobile communication technology; 4G–fourth-generation mobile communication technology; ROR–real-oracle random; AKA–authentication and key agreement; RFID–radio frequency identification; ECC–elliptic curve encryption; PKI–public key infrastructure; PUF–physical unclonable function; 6G–6th generation mobile communication technology.

References

  1. Meng, Z.; Pan, J.S.; Tseng, K.K. PaDE: An enhanced Differential Evolution algorithm with novel control parameter adaptation schemes for numerical optimization. Knowl.-Based Syst. 2019, 168, 80–99. [Google Scholar] [CrossRef]
  2. Pan, J.S.; Liu, N.; Chu, S.C.; Lai, T. An efficient surrogate-assisted hybrid optimization algorithm for expensive optimization problems. Inf. Sci. 2021, 561, 304–325. [Google Scholar] [CrossRef]
  3. Xue, X.; Zhang, J. Matching large-scale biomedical ontologies with central concept based partitioning algorithm and adaptive compact evolutionary algorithm. Appl. Soft Comput. 2021, 106, 107343. [Google Scholar] [CrossRef]
  4. Wu, F.; Li, X.; Xu, L.; Vijayakumar, P.; Kumar, N. A novel three-factor authentication protocol for wireless sensor networks with IoT notion. IEEE Syst. J. 2020, 15, 1120–1129. [Google Scholar] [CrossRef]
  5. Nguyen, K.T.; Laurent, M.; Oualha, N. Survey on secure communication protocols for the Internet of Things. Ad Hoc Netw. 2015, 32, 17–31. [Google Scholar] [CrossRef]
  6. Bayat, M.; Beheshti-Atashgah, M.; Barari, M.; Aref, M.R. Cryptanalysis and Improvement of a User Authentication Scheme for Internet of Things Using Elliptic Curve Cryptography. Int. J. Netw. Secur. 2019, 21, 897–911. [Google Scholar]
  7. Xiong, H.; Zhao, Y.; Hou, Y.; Huang, X.; Jin, C.; Wang, L.; Kumari, S. Heterogeneous signcryption with equality test for IIoT environment. IEEE Internet Things J. 2020, 8, 16142–16152. [Google Scholar] [CrossRef]
  8. Wu, J.M.T.; Srivastava, G.; Lin, J.C.W.; Djenouri, Y.; Wei, M.; Parizi, R.M.; Khan, M.S. Mining of High-Utility Patterns in Big IoT-based Databases. Mob. Netw. Appl. 2021, 26, 216–233. [Google Scholar] [CrossRef]
  9. Ying, B.; Nayak, A. Lightweight remote user authentication protocol for multi-server 5G networks using self-certified public key cryptography. J. Netw. Comput. Appl. 2019, 131, 66–74. [Google Scholar] [CrossRef]
  10. Li, S.; Da Xu, L.; Zhao, S. 5G Internet of Things: A survey. J. Ind. Inf. Integr. 2018, 10, 1–9. [Google Scholar] [CrossRef]
  11. Khurpade, J.M.; Rao, D.; Sanghavi, P.D. A Survey on IOT and 5G Network. In Proceedings of the 2018 International conference on smart city and emerging technology (ICSCET), Mumbai, India, 5 January 2018; pp. 1–3. [Google Scholar]
  12. Abualigah, L.; Diabat, A.; Sumari, P.; Gandomi, A.H. Applications, Deployments, and Integration of Internet of Drones (IoD): A Review. IEEE Sens. J. 2021, 21, 25532–25546. [Google Scholar] [CrossRef]
  13. Benjamin, G. Drone culture: Perspectives on autonomy and anonymity. AI Soc. 2020, 1–11. [Google Scholar] [CrossRef]
  14. Hussain, S.; Chaudhry, S.A.; Alomari, O.A.; Alsharif, M.H.; Khan, M.K.; Kumar, N. Amassing the security: An ECC-based authentication scheme for Internet of drones. IEEE Syst. J. 2021, 15, 4431–4438. [Google Scholar] [CrossRef]
  15. Chaudhry, S.A.; Yahya, K.; Karuppiah, M.; Kharel, R.; Bashir, A.K.; Zikria, Y.B. GCACS-IoD: A certificate based generic access control scheme for Internet of drones. Comput. Netw. 2021, 191, 107999. [Google Scholar] [CrossRef]
  16. Zhang, N.; Jiang, Q.; Li, L.; Ma, X.; Ma, J. An efficient three-factor remote user authentication protocol based on BPV-FourQ for internet of drones. Peer-Netw. Appl. 2021, 14, 3319–3332. [Google Scholar] [CrossRef]
  17. Wang, E.K.; Chen, C.M.; Wang, F.; Khan, M.K.; Kumari, S. Joint-learning segmentation in Internet of drones (IoD)-based monitor systems. Comput. Commun. 2020, 152, 54–62. [Google Scholar] [CrossRef]
  18. Abdel-Malek, M.A.; Akkaya, K.; Bhuyan, A.; Ibrahim, A.S. A Proxy Signature-Based Drone Authentication in 5G D2D Networks. In Proceedings of the 2021 IEEE 93rd Vehicular Technology Conference (VTC2021-Spring), Helsinki, Finland, 25–28 April 2021; pp. 1–7. [Google Scholar]
  19. Alladi, T.; Venkatesh, V.; Chamola, V.; Chaturvedi, N. Drone-MAP: A Novel Authentication Scheme for Drone-Assisted 5G Networks. In Proceedings of the IEEE INFOCOM 2021-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Vancouver, BC, Canada, 10–13 May 2021; pp. 1–6. [Google Scholar]
  20. Wazid, M.; Das, A.K.; Kumar, N.; Vasilakos, A.V.; Rodrigues, J.J. Design and analysis of secure lightweight remote user authentication and key agreement scheme in Internet of drones deployment. IEEE Internet Things J. 2018, 6, 3572–3584. [Google Scholar] [CrossRef]
  21. Hussain, S.; Mahmood, K.; Khan, M.K.; Chen, C.M.; Alzahrani, B.A.; Chaudhry, S.A. Designing secure and lightweight user access to drone for smart city surveillance. Comput. Stand. Interfaces 2022, 80, 103566. [Google Scholar] [CrossRef]
  22. Chen, C.L.; Deng, Y.Y.; Weng, W.; Chen, C.H.; Chiu, Y.J.; Wu, C.M. A traceable and privacy-preserving authentication for UAV communication control system. Electronics 2020, 9, 62. [Google Scholar] [CrossRef] [Green Version]
  23. Srinivas, J.; Das, A.K.; Kumar, N.; Rodrigues, J.J. TCALAS: Temporal credential-based anonymous lightweight authentication scheme for Internet of drones environment. IEEE Trans. Veh. Technol. 2019, 68, 6903–6916. [Google Scholar] [CrossRef]
  24. Jian, M.S.; Wu, J.M.T. Hybrid Internet of Things (IoT) data transmission security corresponding to device verification. J. Ambient Intell. Human. Comput. 2021, 1–10. [Google Scholar] [CrossRef]
  25. Xiong, H.; Chen, J.; Mei, Q.; Zhao, Y. Conditional Privacy-Preserving Authentication Protocol with Dynamic Membership Updating for VANETs. IEEE Trans. Depend. Secure Comput. 2020. early access. [Google Scholar] [CrossRef]
  26. Ever, Y.K. A secure authentication scheme framework for mobile-sinks used in the internet of drones applications. Comput. Commun. 2020, 155, 143–149. [Google Scholar] [CrossRef]
  27. Turkanović, M.; Brumen, B.; Hölbl, M. A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion. Ad Hoc Netw. 2014, 20, 96–112. [Google Scholar] [CrossRef]
  28. Farash, M.S.; Turkanović, M.; Kumari, S.; Hölbl, M. An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. Ad Hoc Netw. 2016, 36, 152–176. [Google Scholar] [CrossRef]
  29. Amin, R.; Islam, S.H.; Biswas, G.; Khan, M.K.; Leng, L.; Kumar, N. Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks. Comput. Netw. 2016, 101, 42–62. [Google Scholar] [CrossRef]
  30. Lee, Y.; Yoon, J.; Choi, J.; Hwang, E. A Novel Cross-Layer Authentication Protocol for the Internet of Things. IEEE Access 2020, 8, 196135–196150. [Google Scholar] [CrossRef]
  31. Jangirala, S.; Das, A.K.; Vasilakos, A.V. Designing secure lightweight blockchain-enabled RFID-based authentication protocol for supply chains in 5G mobile edge computing environment. IEEE Trans. Ind. Inform. 2019, 16, 7081–7093. [Google Scholar] [CrossRef]
  32. Ayub, M.F.; Mahmood, K.; Kumari, S.; Sangaiah, A.K. Lightweight authentication protocol for e-health clouds in IoT-based applications through 5G technology. Digit. Commun. Netw. 2021, 7, 235–244. [Google Scholar]
  33. Lin, C.; He, D.; Kumar, N.; Choo, K.K.R.; Vinel, A.; Huang, X. Security and privacy for the internet of drones: Challenges and solutions. IEEE Commun. Mag. 2018, 56, 64–69. [Google Scholar] [CrossRef]
  34. Grieco, G.; Artuso, R.; Boccadoro, P.; Piro, G.; Grieco, L.A. An open source and system-level simulator for the internet of drones. In Proceedings of the 2019 IEEE 30th International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC Workshops), Istanbul, Turkey, 8 September 2019; pp. 1–6. [Google Scholar]
  35. Yahuza, M.; Idris, M.Y.I.; Ahmedy, I.B.; Wahab, A.W.A.; Nandy, T.; Noor, N.M.; Bala, A. Internet of Drones Security and Privacy Issues: Taxonomy and Open Challenges. IEEE Access 2021, 9, 57243–57270. [Google Scholar] [CrossRef]
  36. Alsamhi, S.H.; Almalki, F.A.; AL-Dois, H.; Shvetsov, A.V.; Ansari, M.S.; Hawbani, A.; Gupta, S.K.; Lee, B. Multi-Drone Edge Intelligence and SAR Smart Wearable Devices for Emergency Communication. Wirel. Commun. Mob. Comput. 2021, 2021, 6710074. [Google Scholar] [CrossRef]
  37. Alsamhi, S.H.; Ma, O.; Ansari, M.S.; Almalki, F.A. Survey on collaborative smart drones and internet of things for improving smartness of smart cities. IEEE Access 2019, 7, 128125–128152. [Google Scholar] [CrossRef]
  38. Bera, B.; Chattaraj, D.; Das, A.K. Designing secure blockchain-based access control scheme in IoT-enabled Internet of Drones deployment. Comput. Commun. 2020, 153, 229–249. [Google Scholar] [CrossRef]
  39. Tian, Y.; Yuan, J.; Song, H. Efficient privacy-preserving authentication framework for edge-assisted Internet of Drones. J. Inf. Secur. Appl. 2019, 48, 102354. [Google Scholar] [CrossRef]
  40. Teng, L.; Jianfeng, M.; Pengbin, F.; Yue, M.; Xindi, M.; Jiawei, Z.; Gao, C.; Di, L. Lightweight security authentication mechanism towards uav networks. In Proceedings of the 2019 International Conference on Networking and Network Applications (NaNA), Daegu, Korea, 10–13 October 2019; pp. 379–384. [Google Scholar]
  41. Ali, Z.; Chaudhry, S.A.; Ramzan, M.S.; Al-Turjman, F. Securing smart city surveillance: A lightweight authentication mechanism for unmanned vehicles. IEEE Access 2020, 8, 43711–43724. [Google Scholar] [CrossRef]
  42. Zhang, Y.; He, D.; Li, L.; Chen, B. A lightweight authentication and key agreement scheme for internet of drones. Comput. Commun. 2020, 154, 455–464. [Google Scholar] [CrossRef]
  43. Abdel-Malek, M.A.; Akkaya, K.; Bhuyan, A.; Cebe, M.; Ibrahim, A.S. Enabling Second Factor Authentication for Drones in 5G using Network Slicing. In Proceedings of the 2020 IEEE Globecom Workshops (GC Wkshps), Taipei, Taiwan, 7–11 December 2020; pp. 1–6. [Google Scholar]
  44. Dolev, D.; Yao, A. On the security of public key protocols. IEEE Trans. Inf. Theory 1983, 29, 198–208. [Google Scholar] [CrossRef]
  45. Wang, D.; He, D.; Wang, P.; Chu, C.H. Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Trans. Depend. Secur. Comput. 2014, 12, 428–442. [Google Scholar] [CrossRef]
  46. Wang, D.; Wang, P. Two birds with one stone: Two-factor authentication with security beyond conventional bound. IEEE Trans. Depend. Secur. Comput. 2016, 15, 708–722. [Google Scholar] [CrossRef]
  47. Canetti, R.; Goldreich, O.; Halevi, S. The random oracle methodology, revisited. J. ACM (JACM) 2004, 51, 557–594. [Google Scholar] [CrossRef] [Green Version]
  48. Wu, T.Y.; Lee, Y.Q.; Chen, C.M.; Tian, Y.; Al-Nabhan, N.A. An enhanced pairing-based authentication scheme for smart grid communications. J. Ambient Intell. Human. Comput. 2021, 1–13. [Google Scholar] [CrossRef]
  49. Wang, D.; Cheng, H.; Wang, P.; Huang, X.; Jian, G. Zipf’s law in passwords. IEEE Trans. Inf. Forensics Secur. 2017, 12, 2776–2791. [Google Scholar] [CrossRef]
  50. Wu, T.Y.; Wang, T.; Lee, Y.Q.; Zheng, W.; Kumari, S.; Kumar, S. Improved authenticated key agreement scheme for fog-driven IoT healthcare system. Secur. Commun. Netw. 2021, 2021, 6658041. [Google Scholar] [CrossRef]
  51. Blanchet, B.; Cheval, V.; Allamigeon, X.; Smyth, B. ProVerif: Cryptographic Protocol Verifier in the Formal Model. 2019. Available online: https://prosecco.gforge.inria.fr/personal/bblanche/proverif/ (accessed on 10 December 2021).
  52. Deebak, B.D.; Al-Turjman, F. A smart lightweight privacy preservation scheme for IoT-based UAV communication systems. Comput. Commun. 2020, 162, 102–117. [Google Scholar] [CrossRef]
Figure 1. I o D architecture.
Figure 1. I o D architecture.
Drones 06 00010 g001
Figure 2. D j registration phase.
Figure 2. D j registration phase.
Drones 06 00010 g002
Figure 3. U i registration phase.
Figure 3. U i registration phase.
Drones 06 00010 g003
Figure 4. Login and authentication phase.
Figure 4. Login and authentication phase.
Drones 06 00010 g004
Figure 5. The definition in the ProVerif tool.
Figure 5. The definition in the ProVerif tool.
Drones 06 00010 g005
Figure 6. The queries and events in the ProVerif tool.
Figure 6. The queries and events in the ProVerif tool.
Drones 06 00010 g006
Figure 7. The process in the ProVerif tool.
Figure 7. The process in the ProVerif tool.
Drones 06 00010 g007
Figure 8. The results in the ProVerif tool.
Figure 8. The results in the ProVerif tool.
Drones 06 00010 g008
Figure 9. Communication cost comparison.
Figure 9. Communication cost comparison.
Drones 06 00010 g009
Table 1. The summary of authentication protocols.
Table 1. The summary of authentication protocols.
ProtocolsCryptographic TechniquesLimitations
Turkanovic et al. [27](1) Utilizes one-way hash function
(2) Based on smart card
(1) Does not resist session key disclosure attacks
(2) Does not provide user anonymity
(3) Does not resist sensor node impersonation attacks
Farash et al. [28](1) Utilizes one-way hash function
(2) Based on smart card
(3) Two-factor
(1) Does not resist off-line password guessing attacks
(2) Does not resist user impersonation attacks
(3) Does not resist temporary information disclosure attacks
Zhang et al. [42](1) Utilizes one-way hash function
(2) Based on smart card
(3) Two-factor
(1) Does not resist stolen smart card attacks
(2) Does not provide untraceability
Chen et al. [22](1) Utilizes one-way hash function
(2) Utilizes ECC
(3) Utilizes asymmetric encryption
(1) Does not resist temporary information disclosure attacks
(2) Does not resist replay attacks
Srinivas et al. [23](1) Utilizes one-way hash function
(2) Three-factor
(1) Does not resist privileged insider attacks
(2) Does not resist drone capture attacks
(3) Does not provide user anonymity and untraceability
Wazid et al. [20](1) Utilizes one-way hash function
(2) Three-factor
(1) Does not resist privileged insider attacks
(2) Does not resist impersonation attacks
(3) Does not provide mutual authentication
Ever et al. [26](1) Utilizes one-way hash function
(2) Utilizes bilinear pairing
(3) Utilizes ECC
(1) Does not resist privileged insider attacks
(2) Does not resist drone capture attacks
(3) Does not provide user anonymity and untraceability
Hussain et al. [21](1) Utilizes one-way hash function
(2) Based on symmetric encryption
(3) Three-factor
(1) Does not resist privileged insider attacks
(2) Does not resist impersonation attacks
(3) Does not resist drone capture attacks
Table 2. Notations used in the protocol.
Table 2. Notations used in the protocol.
SymbolDescription
U i The i-th user
D j The j-th drone
SServer
I D i , I D j , I D S Identities of U i , D j and S
T I D i Temporary identities of U i
P S W i Password of U i
K S Secret key of S
S K Session key
Table 3. Comparisons of security.
Table 3. Comparisons of security.
Security Properties[23][20][26][21]Ours
Privileged insider attacks× [21]×
Impersonation attacks× [21]×
drone capture attacks× [41]× [52]×
Mutual authentication× [21]
User anonymity× [41]× [52]
Perfect forword secrecy
Man-in-the-middle attacks
Temporary information disclose attacks
Untraceability× [41]× [52]
Table 4. Experimental results.
Table 4. Experimental results.
OperationsSymbolic U i S D j
Bilinear pairing T b p 38.9 ms9 ms12.52 ms
Symmetric encryption T s e 0.0392 ms0.202 ms0.013 ms
Hash function T h 0.00251 ms0.0027 ms0.006 ms
Scalar multiplication T s m 20 ms9 ms4.107 ms
Table 5. Computational cost comparison.
Table 5. Computational cost comparison.
Protocols U i S D j TocalTocal (ms)
Srinivas et al. [23] T f + 14 T h 9 T h 9 T h T f + 30 T h 0.116
Wazid et al. [20] T f + 16 T h 8 T h 7 T h T f + 31 T h 0.106
Ever et al. [26] 2 T b p + 5 T h 2 T b p + 3 T h 4 T s m + 2 T b p + 9 T h 4 T s m + 6 T b p + 17 T h 137.34
Hussain et al. [21] T f + 15 T h 2 T s e + 9 T h 7 T h 2 T s e + T f + 31 T h 0.510
Ours T f + 12 T h 9 T h 8 T h T f + 29 T h 0.135
Here, T s e represents the time to perform the symmetric encryption operation, T b p represents the time to perform the the bilinear pairing operation, T s m represents the time to perform the elliptic curve scalar multiplication operation, T f represents the time to perform the fuzzy extraction function and T h represents the time to perform the hash operation.
Table 6. Communication cost comparison.
Table 6. Communication cost comparison.
ProtocolsRoundsCommunication Cost
Srinivas et al. [23]31536 bits
Wazid et al. [20]31696 bits
Ever et al. [26]65344 bits
Hussain et al. [21]32061 bits
Ours32176 bits
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Wu, T.; Guo, X.; Chen, Y.; Kumari, S.; Chen, C. Amassing the Security: An Enhanced Authentication Protocol for Drone Communications over 5G Networks. Drones 2022, 6, 10. https://doi.org/10.3390/drones6010010

AMA Style

Wu T, Guo X, Chen Y, Kumari S, Chen C. Amassing the Security: An Enhanced Authentication Protocol for Drone Communications over 5G Networks. Drones. 2022; 6(1):10. https://doi.org/10.3390/drones6010010

Chicago/Turabian Style

Wu, Tsuyang, Xinglan Guo, Yehcheng Chen, Saru Kumari, and Chienming Chen. 2022. "Amassing the Security: An Enhanced Authentication Protocol for Drone Communications over 5G Networks" Drones 6, no. 1: 10. https://doi.org/10.3390/drones6010010

APA Style

Wu, T., Guo, X., Chen, Y., Kumari, S., & Chen, C. (2022). Amassing the Security: An Enhanced Authentication Protocol for Drone Communications over 5G Networks. Drones, 6(1), 10. https://doi.org/10.3390/drones6010010

Article Metrics

Back to TopTop