Next Article in Journal
Target Localization for Autonomous Landing Site Detection: A Review and Preliminary Result with Static Image Photogrammetry
Previous Article in Journal
Robust Multiple Unmanned Aerial Vehicle Network Design in a Dense Obstacle Environment
Previous Article in Special Issue
A Resource-Friendly Certificateless Proxy Signcryption Scheme for Drones in Networks beyond 5G
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Secure Blockchain-Enabled Authentication Key Management Framework with Big Data Analytics for Drones in Networks Beyond 5G Applications

by
Amit Kumar Mishra
1,2,
Mohammad Wazid
1,*,
Devesh Pratap Singh
1,
Ashok Kumar Das
3,
Jaskaran Singh
1 and
Athanasios V. Vasilakos
4,*
1
Department of Computer Science and Engineering, Graphic Era Deemed to be University, Dehradun 248 002, India
2
Department of Computer Science and Engineering, Graphic Era Hill University, Dehradun 248 002, India
3
Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India
4
Center for AI Research (CAIR), University of Agder (UiA), 4879 Grimstad, Norway
*
Authors to whom correspondence should be addressed.
Drones 2023, 7(8), 508; https://doi.org/10.3390/drones7080508
Submission received: 2 July 2023 / Revised: 28 July 2023 / Accepted: 31 July 2023 / Published: 2 August 2023

Abstract

:
One of the most significant recent advances in technology is the advent of unmanned aerial vehicles (UAVs), i.e., drones. They have widened the scope of possible applications and provided a platform for a wide range of creative responses to a variety of challenges. The Internet of Drones (IoD) is a relatively new concept that has arisen as a consequence of the combination of drones and the Internet. The fifth-generation (5G) and beyond cellular networks (i.e., drones in networks beyond 5G) are promising solutions for achieving safe drone operations and applications. They may have many applications, like surveillance or urban areas, security, surveillance, retaliation, delivering items, smart farming, film production, capturing nature videos, and many more. Due to the fact that it is susceptible to a wide variety of cyber-attacks, there are certain concerns regarding the privacy and security of IoD communications. In this paper, a secure blockchain-enabled authentication key management framework with the big data analytics feature for drones in networks beyond 5G applications is proposed (in short, SBBDA-IoD). The security of SBBDA-IoD against multiple attacks is demonstrated through a detailed security analysis. The Scyther tool is used to perform a formal security verification test on the SBBDA-IoD’s security, confirming the system’s resistance to various potential attacks. A detailed comparative analysis has identified that SBBDA-IoD outperforms the other schemes by a significant margin. Finally, a real-world implementation of SBBDA-IoD is shown to evaluate its effect on several measures of performance.

1. Introduction

The term Internet of Drones (IoD) refers to the infrastructure that has been set up to enable users, servers, and drones to communicate with one another and share resources via the Internet. In point of fact, drones are rapidly becoming more mainstream goods, allowing users to pilot many drones simultaneously for various purposes within confined spaces [1]. Drones, also known as unmanned aerial vehicles (UAVs), are valuable instruments that can be used to address the issues that occur in people’s day-to-day lives. An Internet of Drones (IoD) that connects drones is a trend that is widely desired to improve the safety and quality of flight in light of the growing number of drones that are operating in low-altitude airspace. This is because connecting drones will create an IoD [2,3]. Some of the important components of a drone are the RC transmitter, multirotor frame, motors/speed controller, propellers, flight controller, battery, and landing gear. Integration of unmanned aerial vehicles (UAVs, also known as drones) into “fifth-generation (5G) and beyond cellular networks” is a promising solution for achieving safe UAV operation in addition to permitting expanded uses with the mission-specific payload delivery of information. This is because of the developments in cellular technologies and the widespread deployment of cellular facilities [4,5]. They may have many applications, i.e., surveillance of a city, security, and surveillance of border areas, delivery of items (i.e., medicines, vaccines), smart farming, film productions, capturing nature’s activities (i.e., a volcano city, waterfall), etc., [1,6]. The navigation and control of the airspace around them are essential for all these applications.

1.1. Research Motivation

Entities in an IoD-based network, such as drones, servers, and users, communicate through an open channel, i.e., the Internet. As a result, there may be certain concerns regarding the confidentiality and safety of the information that is communicated over IoD. It is possible that it could be susceptible to attacks such as message replaying, impersonation, man-in-the-middle (MiTM), the physically compromising a drone, malware propagation, credential leakage, disclosure of sensitive data, and other similar attacks [7,8]. Thus, we require some security frameworks to protect the IoD networks from the various attacks that could be launched against them [9,10]. Data are stored within the blocks of a blockchain, which is a sort of distributed ledger technology. Blockchains are used in cryptocurrency transactions. These can safely process and store the data, and these guard the data against any attack that could involve data disclosure or data change [11,12]. The information kept in the blockchain can be accessed and used for various purposes, including the prediction of certain occurrences (for example, the traffic situation in a city or the weather forecast). Various approaches to data analysis based on machine learning can be utilized for undertakings of this nature [8]. Hence, a similar approach has been followed in the proposed scheme.
The following section will detail the research contributions made by this paper.

1.2. Research Contributions

The following is a list of the research contributions that this work makes:
  • A secure blockchain-enabled authentication key management framework with big data analytics for drones in networks beyond 5G applications is proposed. In short, we call it SBBDA-IoD.
  • The resilience of SBBDA-IoD against multiple attacks is demonstrated through a security analysis.
  • The Scyther tool is used to perform a formal test of SBBDA-IoD’s security, confirming the system’s resistance to a variety of cyber-attacks.
  • The comparative analysis found that SBBDA-IoD outperformed the other schemes by a significant margin.
  • A real-world implementation of SBBDA-IoD is shown to evaluate its effect on several measures of performance.

2. Related Work

In this section, we discuss some of the existing authentication and key agreement methods and provide specifics regarding these methods.
Ali et al. [13] introduced an improved method known as a temporal credential-based anonymous lightweight authentication scheme (iTCALAS). This made use of the lightweight symmetric key primitives in conjunction with temporal credentials. The suggested method, while retaining its lightweight nature, provides security against a wide variety of previously recognized risks, such as traceability and stolen verifiers, while at the same time maintaining its inherent simplicity. The extended scalability of the iTCALAS that has been presented also allows it to function in an IoD environment with many flying zones or clusters. The authentication mechanisms that are going to be used for the secure communication of unmanned aerial vehicles (UAVs) were discussed by Rodrigues et al. [14]. They investigated and compared two authentication algorithms designed for wireless sensor networks (WSNs) and adapted for use with UAVs. The tests were carried out by examining the amount of time spent executing security-related activities such as hash tables and elliptic curve operations. Ever [15] has shown a safe authentication framework for mobile sinks, which could be utilized in applications for the Internet of Drones. The UAVs that had the potential to operate as mobile sinks were taken into consideration. The work that had already been performed on the authentication of the WSN-UAV environment was expanded. It was stated that there was a secure authentication framework that makes use of elliptic-curve cryptosystems. The aforementioned structure was put through a series of tests to establish whether or not it was resistant to substantial and well-known conceivable attacks. These attacks included those that targeted data secrecy, mutual authentication, password guessing, and key impersonation, among other things. Bera et al. [16] came up with an idea for a technique of access control that may be used in the Internet of Drones (IoD) setting for the purpose of identifying and mitigating the effects of unauthorized UAVs. They have used blockchain technology in their scheme. The transactional data were recorded on a private blockchain that was legitimate and authentic in every way. These data included the standard secure data that were transferred from a drone to the ground station server and the anomalous (suspected) data utilized to detect unauthorized UAVs that were stored over the private blockchain. These data were collected and transmitted by the ground station server.
Yazdinejad et al. [11] proposed a secure authentication model intended to use blockchain technology. The approach was intended to be used by drones in smart cities. The strategy ensured the fewest possible delays in the process. In a network of drones, they created a zone-based architecture and used a tailored decentralized consensus mechanism for drones in a smart city called “drone-based delegated proof of stake (DDPOS)”. Both of these technologies are referred to as drone-based delegated proof of stake. When utilizing this strategy, drones did not need to go through the re-authentication process when moving between zones. Singh et al. [12] also addressed the development of the Internet of Drones as well as the industrial applications of this emerging technology. The development of this technology has brought about major worries, one of which has always been related to the unmanned robots’ level of security. As a result, they brought attention to the most important security concerns and then suggested using cutting-edge blockchain technology as the most important answer to these concerns. Feng et al. [17] suggested a solution for blockchain-based cross-domain authentication that was designed for the intelligent Internet of Drones with 5G. This approach was developed with the intention of overcoming the limitations that were discussed earlier. Their technique relied on a large number of signatures, each of which was established by means of threshold sharing; this allowed them to successfully build an identity federation for collaborative domains. Because of this, they were able to facilitate joining and leaving domains. Utilizing smart contracts as a means of authentication allowed for reliable communication between devices that operated in many domains. A blockchain-based drone delivery system (GaRuDa system) was proposed by Gupta et al. [7]. This system might be utilized for applications that are linked to Healthcare 5.0. Their plan combined the Internet of Things and blockchain technology by way of an Internet that was enabled with 5G capabilities to facilitate the low-latency and responsive distribution of medical supplies that could be chronologically monitored and tracked among many stakeholders. In addition, this distribution of medical supplies could be monitored and tracked in real-time. Bera et al. [8] offered a security architecture for safe communication in IoD that was supported by smart contracts based on blockchain technology and was envisioned using artificial intelligence (AI). The security analysis indicated that the framework being presented was safe against the several different sorts of attacks that may be carried out against it.
Lwin et al. [18] explored the creation of a city geographic dashboard, which had the ability to collect, exchange, and visualize geographic data that were gathered from satellites, Internet of Things devices (i.e., drones), and other types of big data. Abualigah et al. [19] provided a complete examination of the Internet of Things and its applications, deployments, and integrations. The Internet of Things applications, cloud and fog computing frameworks, unmanned aerial vehicles (UAVs), wireless sensor networks (WSNs), mobile computing, and business models were the key areas of focus for them. Gharibi et al. [1] offered a theoretical framework as an example for the construction of the IoD. They also determined the criteria that an IoD system must meet based on the architecture of the system in order for it to be regarded as successful.
Pu et al. [20] suggested a technique for user authentication and key agreement that was simple to implement and kept users’ personal information private. They developed a physical unclonable function (PUF) and chaotic system in order to allow mutual authentication and establish a secure session key between the various communication participants. This was accomplished through the use of cryptography. The goal of this study, which was conducted by Yahuza et al. [6], was to conduct an analysis of recent advancements in the privacy and security issues that were related to IoD. They looked into the different types of drones to determine how much risk they posed to privacy and safety. After that, they discussed the importance of a secure architecture for IoD and proposed one. In addition to this, they provided a full taxonomy of attacks, which was possible in IoD systems.
Krichen et al. [21] examined the current state-of-the-art formal methods that have been applied to the definition and verification of smart contracts. This was performed with the intention of reducing the likelihood that caused errors and bugs. It avoided any costs that might have been caused as a result. In addition, they have identified a number of difficulties as well as potential guidelines for future research in relation to this new research tonic. Abdellatif and Brousmiche et al. [22] developed a formal modeling approach to verify the behavior of a smart contract within the environment in which it could be executed. They tested their formalism by applying it to a real-world example of a smart contract and analyzing the breaches it contained using a statical model checking approach.
Most of the schemes discussed here lack important functionality features and are vulnerable to various attacks. The blockchain-enabled mechanism can also help improve the stored data’s security, which has been utilized for secure big data analytics. Hence, in this paper, we focus on the design of a secure blockchain-enabled authentication key management framework with big data analytics applicable for networks beyond 5G applications. The assessment of the closely related existing schemes is given in Table 1.

3. System Model

The system models, i.e., the network model (overall architecture) of the proposed SBBDA-IoD and its associated threat model, are discussed below.

3.1. Network Model

In Figure 1, we see the network representation of SBBDA-IoD. This network includes drones, ground-based servers, cloud-based servers, and control rooms. Drones collect data as they fly over designated areas (for city monitoring, smart farming, drug delivery, etc.) and transmit it to the ground station servers. The drone data are received by the ground station servers, where they are processed. The data are transmitted from the ground station servers to the connected cloud servers. The communications among the drones, ground station servers, and cloud servers happen through the open channel (i.e., the Internet), on which various attacks are possible. In order to estimate the traffic on a city street, determine the likelihood of a security attack, etc., the data are saved and analyzed on cloud servers. As discussed earlier, numerous cyber-attacks can target the numerous forms of communication that occur among the aforementioned entities. To protect against these attacks and the data being communicated, we need some sort of security mechanism (such as authentication, access control, or key management). In this paper, we present a method for both drone-to-drone and drone-to-ground station servers to successfully establish mutual authentication and session keys [16]. First, there will be secure mutual authentication among the drones, ground station servers, and cloud servers; then, they establish session keys for their secure data transmission. The control room also houses the network registration authority, which is responsible for registering the various nodes that make up the network (drones, ground station servers, and cloud nodes). Cloud servers are the resource-rich entities (having high communication, computation, and storage capabilities) of the network and are the building blocks of a peer-to-peer cloud server (P2PCS) network. Cloud servers handle the most crucial operations, such as implementing blockchain and analyzing massive amounts of data [11,12]. This means that cloud servers are the semi-trusted entities of the network. It is assumed that the network’s registration authority has not been compromised because it is the trusted entity of the network. In the SBBDA-IoD, we can have multiple control rooms along with multiple registration authorities, which can be organized as per the network’s size and requirements.

3.2. Threat Model

The Dolev–Yao (DY) threat model, which at the present time is thought of as the standard de facto, was used in the design of the SBBDA-IoD [23]. According to the DY model, two separate entities can begin communicating with one another across an unsecured network (for instance, over the Internet). Unreliability exists at the endpoint entities, which include things like drones, ground station servers, and cloud servers. An adversary A , whether active or passive, may read, change, or delete the communications that are sent across a network that is not protected from outside interference. Some of the potential attacks that the proposed SBBDA-IoD takes care of include replay attacks, man-in-the-middle (MiTM) attacks, impersonation attacks, privileged insider attacks, stolen verifier attacks, physical drone capture attacks, ephemeral secret leakage (ESL) attacks, secret data leakage attacks, etc. Another significant adversary model established by Canetti and Krawczyk (CK) is one we used in the SBBDA-IoD as well [24]. At this point, A can use all of the DY model’s capabilities. In addition, A has the ability to acquire the session states, which are the credentials and session keys associated with a particular session. A can manually grab some drones by utilizing a technique that involves complex power analysis and then access the information that is stored in the memory of those devices [25]. The information gathered can also be used to start further operations and launch malicious attacks, such as establishing secret session keys and credentials, conducting the privileged-insider attack, data replaying, conducting the drone physical capture attack, data replaying, conducting the privileged-insider attack, conducting the malware injecting and scripting attacks, conducting the DoS attack, impersonation attack, credentials leakage, and man-in-the-middle (MiTM) attacks. Attacks with malware injection can take many forms, including spyware attacks, rootkit attacks, ransomware attacks, the insertion of Trojan horses, and the launch of virus and worm attacks. The ground station servers are the entities within the network that are only partially trusted, and they are also deployed with some degree of physical security (such as a locking system or security guards) [26]. As a result, there is no way that its physical integrity may be compromised via physical stealing. The cloud servers are also assumed to be the trusted network entities, and they are responsible for the data analysis. The DY model does not account for all possible forms of attack, such as the unauthorized disclosure of session states and the unauthorized computation of session keys. The CK-adversary model takes into account attacks of this nature. As a result, in the design of the SBBDA-IoD, we considered both the CK-adversary model and the DY model.

4. The Proposed Scheme: SBBDA-IoD

In this section, we provide the details of the proposed SBBDA-IoD. Various notations used in this paper are listed in Table 2. The SBBDA-IoD is divided into several phases, i.e., “registration phase, authentication, and key establishment phase, dynamic device addition phase, key management phase, blockchain implementation phase, and big data analytics phase”. Here, it is important to mention that the secure mutual authentications and key establishment phases are executed between a drone and the other legitimate drone and between the drone and the ground station server. These phases are elaborated as follows.

4.1. Registration Phase

In this phase, the control room’s registration authority C R A performs the registration of other entities, i.e., drones, ground station servers, and cloud servers. The steps are given below.

4.1.1. Registration of Drones

The control room’s registration authority, C R A , registers a drone as per the following steps.
  • RGDR1: The C R A generates its identity as I D C R A and secret key as k C R A . It then computes its pseudo-identity as R I D C R A = h ( I D C R A | | k C R A ) . Then, C R A generates identity for drone D R i as I D D R i and secret key as k D R i . C R A then computes the pseudo-identity of D R i as R I D D R i = h ( I D D R i | | k D R i | | R I D C R A ) , temporary one-time identity as T O T D R i and an essential registration parameter as E R P D R i = h ( I D D R i | | R T S D R i | | k D R i | | R I D C R A ) , where R T S D R i is the registration timestamp value of D R i .
  • RGDR2:  C R A  again generates a pseudo-identification number for D R i as R I N D R i . After that, “ C R A selects a non-singular elliptic curve over a finite field” as given below. Suppose there are “2 constants u  Z q and v  Z q , where Z q = { 0 , 1 , , q 1 } and q > 3 should be a prime”. Again, R A chooses “a non-singular elliptic curve E q ( u , v ) : y 2 = x 3 + u x + v over the finite field G F ( q ) ”. For instance, “ 4 u 3 + 27 v 2 0 ( mod q ) with a point at infinity or zero point O ”. Let G be a base point in E q ( u , v ) with a similar big order like q. C R A then generates a secret key number of D R i as n D R i and the associated public parameter as N D R i = n D R i . G . Finally, C R A stores { R I N D R i ,   R I D D R i ,   T O T D R i ,   ( n D R i ,   N D R i ) ,   E R P D R i ,   h ( · ) ,   E q ( u , v ) ,   G } in the memory of D R i . The drone D R i can then be dispatched to the designated area for use.
  • RGDR3: In a similar way, the registration of D R j is performed. Then, D R j contains values like, { R I N D R j ,   R I D D R j ,   T O T D R j ,   ( n D R j ,   N D R j ) ,   E R P D R j ,   h ( · ) ,   E q ( u , v ) ,   G } in its memory.

4.1.2. Registration of Ground Station Servers

Using the following steps, the control room’s registration authority C R A registers a ground station server G S S k .
  • RGGS1: For the registration of G S S k , C R A first generates its identity as I D G S S k and secret key as k G S S k , it then computes the pseudo-identity of G S S k as R I D G S S k = h ( I D G S S k | | k G S S k | | R I D C R A ) . C R A also computes the public key of G S S k as Q G S S k = k G S S k . G . Furthermore, C R A computes its essential registration parameter as E R P G S S k = h ( I D G S S k | | R T S G S S k | | k G S S k | | R I D C R A ) , where R T S G S S k is the registration timestamp value of G S S k . C R A also securely shares the registration information of drones, i.e., T O T D R i and R I D D R i with G S S k by making use of shared master secret key M K C R A G S S .
  • RGGS2: Finally, C R A stores values like, { ( T O T D R i ,   R I D D R i ) |   i = 1 ,   2 , ,   n u m D R ,   R I D G S S k ,   E R P G S S k ,   ( k G S S k ,   Q G S S k ) ,   E q ( u , v ) ,   G ,   h ( · ) } in the database of G S S k .

4.1.3. Registration of Cloud Servers

The control room’s registration authority C R A registers a cloud server C S l using the following steps.
  • RGCS1: For the registration of C S l , C R A first generates its identity as I D C S l and secret key as k C S l . After that, C R A produces the pseudo-identity of C S l as R I D C S l = h ( I D C S l | | k C S l | | R I D C R A ) . C R A also computes the public key of C S l as Q C S l = k C S l . G .
  • RGCS2: Finally, C R A stores values such as { R I D C S l ,   ( k C S l ,   Q C S l ) ,   G ,   h ( · ) } in the database of C S l .

4.2. Authentication and Key Establishment Phase

Secure mutual authentications and key establishment between drones and between drones and the ground station servers necessitate this step. Detailed explanations of each stage are given as follows.

4.2.1. Authentication and Key Establishment between Drone D R i and Drone D R j

The following describes the authentication and key establishment between drones D R i and D R j .
  • AKADD1: Before starting the process of authentication and key establishment, the drones D R i and D R j share their pseudo-identification number with each other in a secure way. For example, for this task, D R i can send message M M 1 = E N D R j ( R I N D R i ) to D R j . D R j can decrypt and read the value R I N D R i as D n D R j ( M M 1 ) = R I N D R i . In a similar way, D R i can obtain the value of R I N D R j from D R j in a secure way. Furthermore, D R i produces a random secret value r v D R i and a fresh timestamp value T 1 . Then, D R i computes M 1 = h ( r v D R i | | R I D D R i ) h ( R I N D R i | | T 1 ) and M 2 = h ( h ( r v D R i | | R I D D R i ) | | N D R i | | N D R j | | T 1 ) . After calculating these values D R i sends the message m s g 1 = { M 1 , M 2 , T 1 } to D R j through an insecure channel.
  • AKADD2: When D R j receives m s g 1 from D R i , it first verifies the correctness of T 1 by solving the equation | T 1 T 1 * |   Δ T , where Δ T is the maximum transmission delay and T 1 * is the time at which m s g 1 was received.
    Then, D R j computes h ( r v D R i | | R I D D R i ) = M 1 h ( R I N D R i | | T 1 ) and M 2 = h ( h ( r v D R i | | R I D D R i ) | | N D R i | | N D R j | | T 1 ) . D R j then checks M 2 = M 2 ? If it matches, then D R i is authenticated with D r j . Furthermore, D R j generates a random secret value r v D R j and a fresh timestamp value T 2 . Again, D R j computes M 3 = h ( r v D R j | | R I D D R j ) h ( R I D D R j | | T 2 ) . After these calculations, D R j computes its session key as S K D R j , D R i = h ( h ( r v D R i | | R I D D R i ) | | h ( r v D R j | | R I D D R j ) | | R I N D R i | | R I N D R j | | N D R i | | N D R j | | T 1 | | T 2 ) and another important parameter as M 4 = h ( S K D R j , D R i | | R I N D R i | | R I N D R j | | T 1 | | T 2 ) . D R j then sends message m s g 2 = { M 3 , M 4 , T 2 } to D R i through an open insecure channel.
  • AKADD3: When D R i receives m s g 2 from D R j , it first verifies the correctness of T 2 by solving the equation | T 2 T 2 * |   Δ T , where Δ T is the maximum transmission delay and T 2 * is the time at which m s g 2 was received. D R i then computes h ( r v D R j | | R I D D R j ) = M 3 h ( R I D D R j | | T 2 ) and session key as S K D R i , D R j = h ( h ( r v D R i | | R I D D R i ) | | h ( r v D R j | | R I D D R j ) | | R I N D R i | | R I N D R j | | N D R i | | N D R j | | T 1 | | T 2 ) and M 4 = h ( S K D R j , D R i | | R I N D R i | | R I N D R j | | T 1 | | T 2 ) . D R i checks M 4 = M 4 ? If it matches, then D R j is authenticated with D R i , and the computed session key by D R i is correct. Again D R i generates another fresh timestamp value T 3 and computes M 5 = h ( S K D R i , D R j | | T 3 ) and sends message m s g 3 = { M 5 , T 3 } to D R i via open channel.
  • AKADD4: When D R j receives m s g 3 from D R i , it first verifies the correctness of T 3 by solving the equation | T 3 T 3 * |   Δ T , where Δ T is the maximum transmission delay and T 3 * is the time at which m s g 3 was received. Furthermore, D R j computes M 5 = h ( S K D R j , D R i | | T 3 ) and checks M 5 = M 5 ? If it matches, then D R j assumes that the session key computed by D R i is correct. Eventually, D R i and D R j establish session key S K D R i , D R j = ( S K D R j , D R i ) for their secure communication.

4.2.2. Authentication and Key Establishment between Drone D R i and Ground Station Server  G S S k

The authentication and key establishment details between the drone D R i and the ground station server G S S k are given below.
  • AKADG1:  D R i initiates the process with the generation of a random secret parameter (i.e., a variable) r s 1 and fresh timestamp value t 1 . It then computes m 1 = h ( r s 1 | | E R P D R i | | t 1 ) h ( R I D D R i | | t 1 ) and m 2 = h ( h ( r s 1 | | E R P D R i | | t 1 ) | | R I D D R i | | t 1 ) . After that, D R i sends the message M S G 1 = { T O T D R i ,   m 1 ,   m 2 ,   t 1 } to G S S k via open channel.
  • AKADG2: When G S S k receives M S G 1 from D R i , it first verifies the correctness of t 1 by solving the equation | t 1 t 1 * |   Δ T , where Δ T is the maximum transmission delay and t 1 * is the time at which M S G 1 was received. Then, G S S k fetches R I D D R i , corresponding to the received T O T D R i . It then computes h ( r s 1 | | E R P D R i | | t 1 ) = m 1 h ( R I D D R i | | t 1 ) and m 2 = h ( h ( r s 1 | | E R P D R i | | t 1 ) | | R I D D R i | | t 1 ) . G S S k then checks m 2 = m 2 ? If it matches, then D R i is authenticated with G S S k . Furthermore, G S S k generates a random secret parameter (i.e., a variable) r s 2 and the fresh timestamp value t 2 . It again computes m 3 = h ( r s 2 | | E R P G S S k | | t 2 ) h ( R I D D R i | | t 2 ) and session key as S K G S S k , D R i = h ( h ( r s 1 | | E R P D R i | | t 1 ) | | h ( r s 2 | | E R P G S S k | | t 2 ) | | R I D D R i | | t 1 | | t 2 ) . After that, G S S k computes m 4 = h ( S K D R i , G S S k | | h ( r s 2 | | E R P G S S k | | t 2 ) | | R I D D R i | | t 2 ) and a new temporary one time identity as T O T D R i n e w . It again computes m 5 = T O T D R i n e w h ( h ( r s 1 | | E R P D R i | | t 1 ) | | R I D D R i | | t 2 ) . After that G S S k sends the message M S G 2 = { m 3 ,   m 4 ,   m 5 ,   t 2 } to D R i through an open (insecure) medium.
  • AKADG3: When D R i receives M S G 2 from G S S k , it first verifies the correctness of t 2 by solving the equation | t 2 t 2 * |   Δ T , where Δ T is the maximum transmission delay and t 2 * is the time at which M S G 2 was received. It again computes h ( r s 2 | | E R P G S S k | | t 2 ) = m 3 h ( R I D D R i | | t 2 ) and session key as S K D R i , G S S k = h ( h ( r s 1 | | E R P D R i | | t 1 ) | | h ( r s 2 | | E R P G S S k | | t 2 ) | | R I D D R i | | t 1 | | t 2 ) . After that, D R i computes m 4 = h ( S K D R i , G S S k | | h ( r s 2 | | E R P G S S k | | t 2 ) | | R I D D R i | | t 2 ) and checks m 4 = m 4 ? If it matches, then G S S k is authenticated with D R i , and the session key computed by D R i is correct. Again, D R i computes its new temporary one-time identity as T O T D R i n e w = m 5 h ( h ( r s 1 | | E R P D R i | | t 1 ) | | R I D D R i | | t 2 ) . D R i generates another fresh timestamp value as t 3 and computes m S K V = h ( S K D R i , G S S k | | t 3 ) . After that, D R i sends message M S G 3 = { m S K V , t 3 } to G S S k through the open (insecure) medium.
  • AKADG4: When G S S k receives M S G 3 from D R i , it first verifies the correctness of t 3 by solving the equation | t 3 t 3 * |   Δ T , where Δ T is the maximum transmission delay and t 3 * is the time at which M S G 3 was received. It again computes m S K V = h ( S K G S S k , D R i | | t 3 ) and checks m S K V = m S K V ? If they match, G S S k assumes that the session key that D R i came up with is right. In this case, the session key verification works. Eventually, D R i and G S S k agree on session key S K D R i , G S S k = ( S K G S S k , D R i ) so that they can send data securely.

4.3. Dynamic Device Addition Phase

This step must be performed before new drones can be added to the network. As a drone can sometimes malfunction or have its work stopped. We need to take the following steps for a new drone to be added to the network.
  • DDDR1:  C R A generates an identity for drone D R i ν as I D D R i ν and secret key as k D R i ν . C R A then computes the pseudo-identity of D R i ν as R I D D R i ν = h ( I D D R i ν | | k D R i ν | | R I D C R A ) , a temporary one-time identity as T O T D R i ν and essential registration parameter as E R P D R i ν = h ( I D D R i ν | | R T S D R i ν | | k D R i ν | | R I D C R A ) , where R T S D R i ν is the registration timestamp value of D R i ν .
  • DDDR2:  C R A again generates a pseudo-identification number for D R i ν as R I N D R i ν . C R A then generates a secret key number of D R i ν as n D R i ν and its corresponding public parameter as N D R i ν = n D R i ν . G . Finally, C R A stores { R I N D R i ν ,   R I D D R i ν ,   T O T D R i ν ,   ( n D R i ν ,   N D R i ν ) ,   E R P D R i ν ,   h ( · ) ,   E q ( u , v ) ,   G } in the memory of D R i ν . Then, D R i ν is deployed in the assigned zone as per the requirement. C R A also shares the registration information of drones, i.e., T O T D R i ν and R I D D R i ν with the existing G S S k in a secure way through shared master secret key M K C R A G S S .

4.4. Key Management Phase between G S S k and C S l

For the secure transmission of their data, G S S k and C S l can use their secret and public key pairs, i.e., ( k G S S k , Q G S S k ) and ( k C S l , Q C S l ). For example, when G S S k has to send its data D T G S S k to C S l , then G S S k can perform encryption over it through Q C S l , i.e., M S G G C 1 = E C S l ( D T G S S k ) . Upon the arrival of M S G G C 1 , C S l can perform decryption as D k C S l ( M S G G C 1 ) and read out the value of D T G S S k in a secure way. Here, it is important to mention that, to perform the above-discussed encryption/decryption, the standard ECC algorithm can be used on both G S S k and C S l sides as these are resource-rich devices. Both G S S k and C S l have good computation and communication capabilities.

4.5. Blockchain Implementation Phase

This phase is used to implement the blockchain of the drone-related data. When a drone, say D R i , sends some information to the connected G S S k , that G S S k creates a partial block P B G S S k . The partial block includes information like an owner of the block (i.e., O W G S S k ), the public key of the owner (i.e., Q G S S k ), and encrypted transactions (i.e., T R X i | i = 1 ,   2 , ,   n u m t x ). Then, G S S k sends the information of the partial block to the connected C S l through the established session key S K G S S k , C S l . After receiving P B G S S k from G S S k , C S l creates the full block F B C S l from it. F B C S l contains information like the block’s identity B I D C S l , the hash of this block H A S H F B C S l , the hash of previous block H A S H F B C S l 1 , the timestamp value T S F B C S l , random nonce value R N F B C S l , O W G S S k , Q G S S k , T R X i , and the signature of this block (i.e., S G F B C S l using a standard algorithm like “Elliptic Curve Digital Signature Algorithm (ECDSA))”. Then, C S l broadcasts it to its peer-to-peer cloud server network (P2PCS). Then, the miners (i.e., authorized cloud servers of the P2PCS network) execute a consensus process using some standard algorithm (i.e., practical byzantine fault tolerance (pBFT) [27,28]). After the steps of the consensus process have successfully been completed, the new block F B C S l is added to the blockchain B C D R N . Using machine learning algorithms, the data saved in the blockchain can be used to make predictions and analyze things like traffic on a certain street in a city or the weather in a certain area.

4.6. Big Data Analytics Phase

This phase is used to perform big data analytics over the stored data in blockchain B C D R N . For this task, the authorized cloud server, i.e., C S l performs the standard steps of big data analytics [29]. The details of all steps are given below.
  • Secure data collection and processing: Data collection takes on various forms throughout organizations. For example, the data are collected at the C S l in a secure way through the established session key S K G S S k , C S l , which is further processed and stored in the blockchain B C D R N . Here, it is important to mention that the data stored in B C D R N are protected against various information security-related attacks due to the inherent mechanism of blockchain.
  • Cleaning of data: It is vital to clean the data to improve the findings and raise the bar for the data quality maintained in B C D R N . In order to accomplish this, all of the data need to be presented appropriately, and any redundant or irrelevant material must either be removed or accounted for. Incorrect data can distort the picture and give the wrong impression, which ultimately leads to incorrect insights [29].
  • Secure data analysis: This takes time to transform massive amounts of data into a form that is usable. When it is ready, advanced analytic techniques are able to turn massive amounts of data into insightful conclusions, i.e., the data maintained in B C D R N . The following strategies can be used for analyzing huge data, i.e., “data mining, predictive analysis, and deep learning [30]”. Here, data mining is the process of searching through huge datasets to find patterns and relationships. This is accomplished by locating outliers and forming data clusters. Furthermore, an organization’s historical data are used in predictive analytics to create forecasts about the organization’s future and detect emerging dangers and opportunities. Furthermore, deep learning is a type of earning method that imitates how humans learn by layering algorithms and combining artificial intelligence and machine learning to uncover patterns in the most complex and abstract data [29].
Remark 1 
(User authentication process in SBBDA-IoD). The SBBDA-IoD includes a provision stating that a legitimate user may access the data of the network by following the procedures of a standard user authentication protocol (also known as the “secure key management and user authentication scheme” given in [31]). This provision is included in the document. Following the effective completion of each step in this protocol, both the legitimate user (i.e., U m ) and the cloud server ( C S l ) will be able to generate a session key S K U m , C S l in order to gain access to the data in a safe manner. Therefore, U m is able to obtain the data of the network in a safe manner and can utilize it in accordance with their needs.
Remark 2 
(Secrecy of the data is maintained in SBBDA-IoD). In the proposed SBBDA-IoD, the messages like m s g 1 = { M 1 ,   M 2 ,   T 1 } , m s g 2 = { M 3 ,   M 4 ,   T 2 } and m s g 3 = { M 5 ,   T 3 } are transmitted between D R i and D R j . Similarly, messages like M S G 1 = { T O T D R i ,   m 1 ,   m 2 ,   t 1 } , M S G 2 = { m 3 , m 4 ,   m 5 ,   t 2 } , and M S G 3 = { m S K V , t 3 } are exchanged between D R i and G S S k . These messages are constructed through concatenation, bitwise XOR, and cryptographic one-way hash operations. Through these operations, we protect sensitive data during the transmission of these messages. Furthermore, the data which are stored over the cloud servers is maintained in the form of certain blocks of the blockchain. This blockchain is formed through a certain number of blocks, and each block contains sensitive data in the form of encrypted transactions (i.e., T R X i | i = 1 ,   2 , ,   n u m t x ). Therefore, the secrecy of the data are maintained both in transit as well as in storage.
To provide the readers with a better understanding of the paper, we have provided a block diagram of the proposed SBBDA-IoD in Figure 2. This provides an illustration of all phases of the proposed SBBDA-IoD.

5. Security Analysis of SBBDA-IoD

The security analysis of the SBBDA-IoD is covered here. The security analysis of the proposed framework has been conducted in an informal way through mathematical assumptions and equations and through formal security verification using the Scyther tool (Section 6). Through the conducted security analysis, it has been observed that the proposed framework is secured against various potential attacks, i.e., replay attack, man-in-the-middle (MiTM) attack, impersonation attacks, privileged insider attack, stolen verifier attack, physical drone capture attack, ephemeral secret leakage (ESL) attack, secret data leakage attack, etc. Herein, the specifics are laid down.

5.1. SBBDA-IoD Prevents the Replay Attack

Several distinct timestamp values, such as T 1 , T 2 , T 3 , t 1 , t 2 , and t 3 , are utilized and then validated on the opposite end of the communication. If the verification of the timestamp is successful, the recipient will accept the message; if it is not, the message will be denied. The SBBDA-IoD has the capability to prevent replay attacks thanks to the utilization of this condition checking. As a result, the SBBDA-IoD protocol is protected from replay attack.

5.2. SBBDA-IoD Prevents Man-in-the-Middle (MiTM) and Impersonation Attacks

We use a variety of proprietary factors, such as ( k D R i , k C R A , k G S S k , and k C S l ), in the process of computing the messages that are being broadcast. A does not know these confidential values. Under those circumstances, A cannot make any changes to the delivered or received communications. In addition, A is unable to generate completely novel messages in the forms in which they were initially sent. Because of this, the SBBDA-IoD that is being described provides protection against man-in-the-middle (MiTM) attacks as well as impersonation attacks.

5.3. SBBDA-IoD Has Resilience against the Privileged Insider Attack

After registration, C R A deletes the secret values of the entities ( k D R i , n D R i , k C R A , K G S S k , R T S D R i , R T S G S S k and k C S l ) from its database, making it inaccessible to the privileged insider user (i.e., A ) who plans to harm the entities (i.e., by some attacks). As a result, the SBBDA-IoD is protected from privileged attacks as well as other linked threats such as MiTM attacks, efforts to impersonate someone else, unauthorized session key computations, and so on. As a consequence, the SBBDA-IoD possesses the ability to reduce the impact of the privileged insider attack.

5.4. SBBDA-IoD Is Protected from Stolen Verifier Attack

In the secure section of the cloud server database, we maintain records of the parameters that various servers and devices register (i.e., their secret information). Multiple levels of security are used to secure that. Under these circumstances, A is unable to gain access to the entities’ secret values. As long as this mechanism is in place, the AKM-BDSF cannot be attacked using the stolen verifier attack or other related attacks. Thus, the AKM-BDSF is secured against the stolen verifier attack.

5.5. SBBDA-IoD Prevents Physical Drone Capture Attack

The SBBDA-IoD prevents sensitive information being saved in its unencrypted form in the memory of the drones. In addition, if A physically steals a drone and then attempts to use a sophisticated power analysis attack to retrieve critical data from the drone’s memory, this is a very dangerous scenario [25]. A would only be able to obtain the drone’s session key and registration data under those conditions, but not the secret data of any other drones. Each session key is unique in the SBBDA-IoD. Since each one is computed using a different set of parameters, both of these are kept a secret. It is impossible to figure out the session key for other drones utilizing the deduced session key. As a direct consequence of this, the remaining sections of the transmission are kept secure. Hence, SBBDA-IoD is resistant to an attack that involves the physical acquisition of drones.

5.6. SBBDA-IoD Supports Anonymity and Untraceability Properties of Communication

In the SBBDA-IoD, no identifying information is transmitted in plaintext. This ensures that everyone’s privacy is preserved. All of the information exchanged is derived from freshly generated timestamp values and randomly generated secret values. As a result of this mechanism’s implementation, we obtain different messages in separate sessions. Hence, SBBDA-IoD boasts characteristics like anonymity and untraceability.

5.7. SBBDA-IoD Is Secured against Ephemeral Secret Leakage (ESL) Attack under the CK-Adversary Model

The mechanism that makes up the SBBDA-IoD is responsible for computing the session key by making use of both short-term information, such as random nonce metrics, and long-term information, such as secret keys and identities. In SBBDA-IoD, session key between D R i and D R j and D R i and G S S k are calculated as S K D R i , D R j = h ( h ( r v D R i | | R I D D R i ) | | h ( r v D R j | | R I D D R j ) | | R I N D R i | | R I N D R j | | N D R i | | N D R j | | T 1 | | T 2 ) and S K D R i , G S S k = h ( h ( r s 1 | | E R P D R i | | t 1 ) | | h ( r s 2 | | E R P G S S k | | t 2 ) | | R I D D R i | | t 1 | | t 2 ) . The session keys accommodate both the random secrets ( r v D R i , r v D R j , r s 1 , and r s 2 ) as short-term secret values and secret keys ( k D R i , k D R j , k C R A , and k G S S k and several identities ( R I D D R i , R I D D R j , and R I D G S S k ) as long-term secret values. A fresh session key is generated at the beginning of each session. In this particular scenario, A does not possess the necessary skills to unearth the long-term and short-term secrets, both of which are vital components for precisely establishing the value of the session key. As a direct consequence of this, an adversary will be unable to correctly guess the session key. Therefore, according to the CK-adversary model, SBBDA-IoD is resilient enough to withstand an ESL attack.

6. Formal Security Verification of the SBBDA-IoD Using Scyther Tool

This section discusses the formal security verification performed for the SBBDA-IoD. It is possible to utilize the Scyther tool in order to validate the formal security of the SBBDA-IoD [32,33,34]. It is an upgraded and more effective tool for judging, verifying, and analyzing the specified security protocol than other verification tools that are currently accessible, such as ProVerif and AVISPA. The most advanced cryptographic assumptions were used to develop Scyther. This ensures that an adversary is unable to decrypt the information in the given scheme if they do not have access to the secret key. It does this by imitating user-defined security protocols through the use of a language called security protocol descriptive language (SPDL). Each communication party (entity) is shown as a separate role within the context of the SPDL standard. These roles are able to carry out a variety of tasks, including sending and receiving of messages, the providing the necessary security claims, and the management of events. For example, “send” refers to the act of transmitting a message from one entity to another, while “recv” refers to the act of “receiving” a message from one entity to another [35].
The Scyther tool adheres to the guidelines established by the Dolev–Yao (DY) model in addition to nine additional adversarial models, including the e Canetti–Krawczyk’s (eCK) model and the CK model. Scyther claims that the tests it offers can verify several aspects of security, including agreement, synchronization, poor agreement, and secrecy. In order to simulate the authentication and key agreement phase in the proposed system, we take into consideration the two fundamental responsibilities of DR (which refers to a drone) and GSS (which refers to a ground station server). After that, the SPDL code is utilized in order to put the suggested plan into action. Figure 3 and Figure 4 exhibit the SPDL code snippets necessary to play the roles of a ground station server ( G S S k ) and a drone ( D R i ), respectively. In conclusion, the analysis and implementation results performed with the help of the Scyther tool are displayed in Figure 5 (under the claim, status, and comments items). Further investigation of the claims indicated that the SBBDA-IoD has protection under the claims covered in the preceding section. As a result, according to the findings of the formal security verification, which has been carried out, it is determined that the suggested scheme is protected against the myriad of possible attacks.

7. Performance Comparison

In this section, we provide the details of conducted comparisons. We compare the SBBDA-IoD with relevant existing protocols, such as the schemes of Ali et al. [13], Rodrigues et al. [14], Ever [15], and Bera et al. [16]. The costs of communication, computation, and critical security and functionality characteristics were compared. The details are given below.

7.1. Comparison of Computation Costs

The computation costs of the SBBDA-IoD and the schemes of Ali et al. [13], Rodrigues et al. [14], Ever [15], and Bera et al. [16] are compared. For the comparison, we consider a few notations like T h , T e c m , T e c a , T e x p , T b p , T f e , T s e n c / s d e c , and T m t p which are “one-way hash function using SHA-256 [25]”, “elliptic curve multiplication”, “elliptic curve addition”, “modular exponentiation”, “bilinear pairing”, “fuzzy extractor operation” and “symmetric encryption/decryption using advanced encryption standard (AES)-128 [36]”, and “map-to-point”, respectively. To estimate the rough computation time (in milliseconds), we use the experimental results given in [37]: “ T e c m 13.405 ms, T e c a 0.081 ms, T h 0.056 ms, T b p 32.713 ms, T e x p 2.249 ms”. It is also considered that T f e T e c m , T s e n c / s d e c T h and T m t p T e x p . Table 3 provides the different computation cost values. As can be seen from the data presented in Table 3, the SBBDA-IoD has a significantly lower computation cost than the other schemes already in existence.

7.2. Comparison of Communication Costs

We use the following assumptions to calculate the communication costs of different schemes: “identity takes 160 bits”, a “random number needs 160 bits”, the “hash output when SHA-256 technique takes [38] is 256 bits”, and a “timestamp needs 32 bits”. For a point on an elliptic curve, there is an assumption P =   ( P x , P y ) , where P x and P y are the x and y coordinates, needing ( 160   +   160 )   = 320 bits. This is considered as per the fact that “the security fulfills by a 160-bit elliptic curve cryptography (ECC) is almost same as that for a 1024-bit RSA-based public key cryptographic technique [39]”. The various communication costs are broken down and compared in Table 4. The information shown in Table 4 makes it abundantly clear that the SBBDA-IoD has fewer costs associated with communication than any of the other approaches that are already in use.

7.3. Comparison of Security and Functionality Features

In Table 5, we examine the various systems’ levels of security as well as their functional capabilities. The information shown in Table 5 makes it abundantly clear that the SBBDA-IoD provides more functionality features in addition to higher levels of security than each of the existing schemes. Like most of the schemes, however, it does not have important features, i.e., formal security verification using the Scyther tool, ephemeral secret leakage (ESL) attack possibility, presence of dynamic drone/device addition, availability of blockchain-based solution, availability of anonymity and untraceability, and support for big data analytics.

8. Practical Implementation

In this section, we provide the details of the practical implementation of the proposed SBBDA-IoD. For the big data analytics procedure, we have taken the “SDOT Collisions All Years” dataset [40]. We then identified the chances of the collision of vehicles across various streets in a city. As we know, flying drones can also perform the same task and help us make predictions about the possibility of colliding with different vehicles. In this way, we can save people’s lives and protect vehicles from damage.

8.1. Implementation Settings and Environment

The details of the various simulation parameters are given in Table 6. We used a 2X Intel(R) Xeon(R) processor with 2.20 GHz. The Google Colab environment was considered as the platform over Ubuntu 18.04.5 LTS operating system. The graphics processing unit (GPU) was 12 GB NVIDIA Tesla K80 along with the 13.34 GB random access memory (RAM). The number of cloud servers deployed was 2. The libraries like Shap, Tensorflow, SKLEARN, and Pandas were utilized. Furthermore, the “SDOT Collisions All Years” dataset [40] used utilized.

8.2. Obtained Results

During the implementation, the following results were obtained.

8.2.1. Accuracy Values

Accuracy values for possibilities of different vehicles colliding were calculated for different machine learning algorithms, i.e., logistic regression, random forest, XGBoost, and extra trees. We obtained accuracy values of 98.86 , 99.25 , 99.68 , and 99.83 , with the logistic regression, random forest, XGBoost, and extra trees algorithms, respectively. Here, it is important to mention that extra trees provided the highest value of accuracy as it suits these data and the organization of the dataset. Therefore, we obtained the highest accuracy value in this case. Similar results are reported in Figure 6.

8.2.2. F1-Score Values

F1-Score values for possibilities of colliding of different vehicles were calculated for different machine learning algorithms, i.e., logistic regression, random forest, XGBoost, and extra trees. We obtained F1-Score values 0.9850 , 0.9914 , 0.9968 , and 0.9986 with the logistic regression, random forest, XGBoost, and extra trees algorithms, respectively. Here, it is important to mention that extra trees provided the highest value of F1-Score as the extra trees algorithm works well with the organization of the used dataset and makes predictions in a better way. Therefore, we obtained the highest F1-Score value in this case. Similar results are reported in Figure 7.

8.2.3. Severity Distribution

Figure 8 gives the severity distribution for different scenarios. We have different types of collision cases, i.e., injury collision, property damage only collision, fatality collision, and serious injury collision. In the given Figure 8, we can see that we have more than 100,000 cases of “property damage only collision” and more than 40,000 cases of “injury collision”. However, other cases of injuries are very few, as compared to these cases.

8.2.4. Scatter Plots

The different scatter plots for various cases are given in Figure 9 (person count versus pedestrian count), Figure 10 (injuries count versus vehicle count) and Figure 11 (person count versus vehicle count). From these scatter plots, it is clear that when we have vehicles between 0 and 10, then we have a high possibility of injuries. Furthermore, we have the highest person count when we have five vehicles. Hence, from this discussion, it is clear that we have more injuries when the number of vehicles lies between 0 and 10.

9. Conclusions

Security and privacy are the main concerns with communication in an IoD network. A secure blockchain-enabled authentication key management framework with big data analytics for drones in networks beyond 5G applications (SBBDA-IoD) was presented that relied on the authenticated key management paradigm. The detailed network model and the associated threat for SBBDA-IoD were provided. The detailed security analysis, i.e., informal security analysis through mathematical assumptions and equations and formal security verification using the Scyther tool, proved the security of SBBDA-IoD. The comparative analysis shows that SBBDA-IoD outperformed the other schemes regarding superior security and efficiency. The real-world implementation of SBBDA-IoD was also performed to evaluate its effect on several important measures for performance.
One of our goals in the future is to enhance the usefulness of SBBDA-IoD, which is currently being offered with additional capabilities. In addition, we wish to incorporate deep learning into SBBDA-IoD so that we can perform superior data analysis and make more accurate predictions.

Author Contributions

Conceptualization, A.K.M. and M.W.; methodology, A.K.M., M.W., J.S. and A.K.D.; software, A.K.M., M.W. and J.S.; validation, A.K.M., M.W., D.P.S., J.S., A.K.D. and A.V.V.; formal analysis, M.W. and A.K.D.; investigation, M.W., D.P.S., A.K.D. and A.V.V.; resources, M.W. and A.K.D.; data curation, A.K.M., M.W., J.S. and A.K.D.; writing—original draft preparation, A.K.M., M.W. and J.S.; writing—review and editing, A.K.M., M.W., D.P.S., J.S., A.K.D. and A.V.V.; supervision, M.W., D.P.S. and A.K.D.; project administration, M.W., A.K.D. and A.V.V.; funding acquisition, A.V.V. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

No new data were created or analyzed in this study. Data sharing is not applicable to this article.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Gharibi, M.; Boutaba, R.; Waslander, S.L. Internet of Drones. IEEE Access 2016, 4, 1148–1162. [Google Scholar]
  2. Abdelmaboud, A. The Internet of Drones: Requirements, Taxonomy, Recent Advances, and Challenges of Research Trends. Sensors 2021, 21, 5718. [Google Scholar] [CrossRef]
  3. Wazid, M.; Das, A.K.; Kumar, N.; Vasilakos, A.V.; Rodrigues, J.J.P.C. Design and Analysis of Secure Lightweight Remote User Authentication and Key Agreement Scheme in Internet of Drones Deployment. IEEE Internet Things J. 2019, 6, 3572–3584. [Google Scholar]
  4. Mozaffari, M.; Taleb Zadeh Kasgari, A.; Saad, W.; Bennis, M.; Debbah, M. Beyond 5G with UAVs: Foundations of a 3D Wireless Cellular Network. IEEE Trans. Wirel. Commun. 2019, 18, 357–372. [Google Scholar]
  5. Wu, Q.; Xu, J.; Zeng, Y.; Ng, D.W.K.; Al-Dhahir, N.; Schober, R.; Swindlehurst, A.L. A Comprehensive Overview on 5G-and-Beyond Networks With UAVs: From Communications to Sensing and Intelligence. IEEE J. Sel. Areas Commun. 2021, 39, 2912–2945. [Google Scholar] [CrossRef]
  6. Yahuza, M.; Idris, M.Y.I.; Ahmedy, I.B.; Wahab, A.W.A.; Nandy, T.; Noor, N.M.; Bala, A. Internet of Drones Security and Privacy Issues: Taxonomy and Open Challenges. IEEE Access 2021, 9, 57243–57270. [Google Scholar]
  7. Gupta, R.; Bhattacharya, P.; Tanwar, S.; Kumar, N.; Zeadally, S. GaRuDa: A Blockchain-Based Delivery Scheme Using Drones for Healthcare 5.0 Applications. IEEE Internet Things Mag. 2021, 4, 60–66. [Google Scholar] [CrossRef]
  8. Bera, B.; Wazid, M.; Das, A.K.; Rodrigues, J.J.P.C. Securing Internet of Drones Networks Using AI-Envisioned Smart-Contract-Based Blockchain. IEEE Internet Things Mag. 2021, 4, 68–73. [Google Scholar] [CrossRef]
  9. Jangirala, S.; Das, A.K.; Vasilakos, A.V. Designing Secure Lightweight Blockchain-Enabled RFID-Based Authentication Protocol for Supply Chains in 5G Mobile Edge Computing Environment. IEEE Trans. Ind. Inform. 2020, 16, 7081–7093. [Google Scholar]
  10. Dibaei, M.; Zheng, X.; Xia, Y.; Xu, X.; Jolfaei, A.; Bashir, A.K.; Tariq, U.; Yu, D.; Vasilakos, A.V. Investigating the Prospect of Leveraging Blockchain and Machine Learning to Secure Vehicular Networks: A Survey. IEEE Trans. Intell. Transp. Syst. 2022, 23, 683–700. [Google Scholar]
  11. Yazdinejad, A.; Parizi, R.M.; Dehghantanha, A.; Karimipour, H.; Srivastava, G.; Aledhari, M. Enabling Drones in the Internet of Things With Decentralized Blockchain-Based Security. IEEE Internet Things J. 2021, 8, 6406–6415. [Google Scholar] [CrossRef]
  12. Singh, M.P.; Aujla, G.S.; Bali, R.S. Blockchain for the Internet of Drones: Applications, Challenges, and Future Directions. IEEE Internet Things Mag. 2021, 4, 47–53. [Google Scholar] [CrossRef]
  13. Ali, Z.; Chaudhry, S.A.; Ramzan, M.S.; Al-Turjman, F. Securing Smart City Surveillance: A Lightweight Authentication Mechanism for Unmanned Vehicles. IEEE Access 2020, 8, 43711–43724. [Google Scholar] [CrossRef]
  14. Rodrigues, M.; Amaro, J.; Osório, F.S.; Branco Kalinka, R.L.J.C. Authentication Methods for UAV Communication. In Proceedings of the IEEE Symposium on Computers and Communications (ISCC), Barcelona, Spain, 29 June–3 July 2019; pp. 1210–1215. [Google Scholar]
  15. Kirsal Ever, Y. A Secure Authentication Scheme Framework for Mobile-Sinks used in the Internet of Drones Applications. Comput. Commun. 2020, 155, 143–149. [Google Scholar] [CrossRef]
  16. Bera, B.; Das, A.K.; Sutrala, A.K. Private Blockchain-Based Access Control Mechanism for Unauthorized UAV Detection and Mitigation in Internet of Drones Environment. Comput. Commun. 2021, 166, 91–109. [Google Scholar] [CrossRef]
  17. Feng, C.; Liu, B.; Guo, Z.; Yu, K.; Qin, Z.; Choo, K.K.R. Blockchain-Based Cross-Domain Authentication for Intelligent 5G-Enabled Internet of Drones. IEEE Internet Things J. 2022, 9, 6224–6238. [Google Scholar] [CrossRef]
  18. Lwin, K.K.; Sekimoto, Y.; Takeuchi, W.; Zettsu, K. City Geospatial Dashboard: IoT and Big Data Analytics for Geospatial Solutions Provider in Disaster Management. In Proceedings of the IEEE International Conference on Information and Communication Technologies for Disaster Management (ICT-DM), Paris, France, 18–20 December 2019; pp. 1–4. [Google Scholar] [CrossRef]
  19. Abualigah, L.; Diabat, A.; Sumari, P.; Gandomi, A.H. Applications, Deployments, and Integration of Internet of Drones (IoD): A Review. IEEE Sens. J. 2021, 21, 25532–25546. [Google Scholar] [CrossRef]
  20. Pu, C.; Wall, A.; Choo, K.K.R.; Ahmed, I.; Lim, S. A Lightweight and Privacy-Preserving Mutual Authentication and Key Agreement Protocol for Internet of Drones Environment. IEEE Internet Things J. 2022, 9, 9918–9933. [Google Scholar] [CrossRef]
  21. Krichen, M.; Lahami, M.; Al–Haija, Q.A. Formal Methods for the Verification of Smart Contracts: A Review. In Proceedings of the 2022 15th International Conference on Security of Information and Networks (SIN), Sousse, Tunisia, 11–13 November 2022; pp. 1–8. [Google Scholar] [CrossRef]
  22. Abdellatif, T.; Brousmiche, K.L. Formal Verification of Smart Contracts Based on Users and Blockchain Behaviors Models. In Proceedings of the 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Paris, France; 2018; pp. 1–5. [Google Scholar] [CrossRef] [Green Version]
  23. Dolev, D.; Yao, A. On the Security of Public Key Protocols. IEEE Trans. Inf. Theory 1983, 29, 198–208. [Google Scholar] [CrossRef]
  24. Canetti, R.; Krawczyk, H. Universally Composable Notions of Key Exchange and Secure Channels. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques– Advances in Cryptology (EUROCRYPT 2002), Amsterdam, The Netherlands, 28 April–2 May 2002; pp. 337–351. [Google Scholar]
  25. Messerges, T.S.; Dabbish, E.A.; Sloan, R.H. Examining Smart-Card Security under the Threat of Power Analysis Attacks. IEEE Trans. Comput. 2002, 51, 541–552. [Google Scholar] [CrossRef] [Green Version]
  26. Wazid, M.; Das, A.K.; Odelu, V.; Kumar, N.; Susilo, W. Secure Remote User Authenticated Key Establishment Protocol for Smart Home Environment. IEEE Trans. Depend. Secur. Comput. 2020, 17, 391–406. [Google Scholar] [CrossRef]
  27. Castro, M.; Liskov, B. Practical Byzantine Fault Tolerance and Proactive Recovery. ACM Trans. Comput. Syst. 2002, 20, 398–461. [Google Scholar] [CrossRef]
  28. Wazid, M.; Bera, B.; Das, A.K.; Mohanty, S.P.; Jo, M. Fortifying Smart Transportation Security Through Public Blockchain. IEEE Internet Things J. 2022, 9, 16532–16545. [Google Scholar] [CrossRef]
  29. Tableau. Big Data Analytics: What It Is, How It Works, Benefits, and Challenges. 2023. Available online: https://www.tableau.com/learn/articles/big-data-analytics (accessed on 5 June 2023).
  30. Tsai, C.W.; Lai, C.F.; Chao, H.C.; Vasilakos, A.V. Big Data Analytics: A Survey. J. Big Data 2015, 2, 21. [Google Scholar] [CrossRef] [Green Version]
  31. Wazid, M.; Das, A.K.; Kumar, N.; Vasilakos, A.V. Design of Secure Key Management and User Authentication Scheme for Fog Computing Services. Future Gener. Comput. Syst. 2019, 91, 475–492. [Google Scholar] [CrossRef]
  32. Khadem, B.; Suteh, A.M.; Ahmad, M.; Alkhayyat, A.; Farash, M.S.; Khalifa, H.S. An Improved WBSN Key-Agreement Protocol Based on Static Parameters and Hash Functions. IEEE Access 2021, 9, 78463–78473. [Google Scholar] [CrossRef]
  33. Cremers, C.J.F. Scyther: Semantics and Verification of Security Protocols. 2006. Available online: https://pure.tue.nl/ws/files/2425555/200612074.pdf (accessed on 16 November 2022).
  34. Tanveer, M.; Zahid, A.H.; Ahmad, M.; Baz, A.; Alhakami, H. LAKE-IoD: Lightweight Authenticated Key Exchange Protocol for the Internet of Drone Environment. IEEE Access 2020, 8, 155645–155659. [Google Scholar] [CrossRef]
  35. Adeli, M.; Bagheri, N.; Meimani, H.R. On the Designing a Secure Biometric-Based Remote Patient Authentication Scheme for Mobile Healthcare Environments. J. Ambient Intell. Humaniz. Comput. 2021, 12, 3075–3089. [Google Scholar] [CrossRef]
  36. NIST. Advanced Encryption Standard, 2001, FIPS PUB 197, National Institute of Standards and Technology (NIST), U.S. Department of Commerce. 2001. Available online: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf (accessed on 6 April 2023).
  37. Wu, L.; Wang, J.; Choo, K.K.R.; He, D. Secure Key Agreement and Key Protection for Mobile Device User Authentication. IEEE Trans. Inf. Forensics Secur. 2019, 14, 319–330. [Google Scholar] [CrossRef]
  38. Vangala, A.; Roy, S.; Das, A.K. Blockchain-Based Lightweight Authentication Protocol for IoT-Enabled Smart Agriculture. In Proceedings of the International Conference on Cyber-Physical Social Intelligence (ICCSI), Nanjing, China, 18–21 November 2022; pp. 110–115. [Google Scholar]
  39. Barker, E. Recommendation for Key Management, 2014. Special Publication 800-57 Part 1 Rev. 4, NIST, 01/2016. Available online: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf (accessed on 6 April 2023).
  40. Seattle. SDOT Collisions All Years. 2023. Available online: https://data.seattle.gov/dataset/SDOT-Collisions-All-Years/79xi-y524 (accessed on 9 June 2023).
Figure 1. Network model of the proposed SBBDA-IoD.
Figure 1. Network model of the proposed SBBDA-IoD.
Drones 07 00508 g001
Figure 2. Block diagram of the proposed SBBDA-IoD.
Figure 2. Block diagram of the proposed SBBDA-IoD.
Drones 07 00508 g002
Figure 3. SPDL snippet for the role of a drone D R i .
Figure 3. SPDL snippet for the role of a drone D R i .
Drones 07 00508 g003
Figure 4. SPDL snippet for the role of a ground station server G S S k .
Figure 4. SPDL snippet for the role of a ground station server G S S k .
Drones 07 00508 g004
Figure 5. Results of security verification using Scyther tool.
Figure 5. Results of security verification using Scyther tool.
Drones 07 00508 g005
Figure 6. Accuracy values for the possibilities of different vehicles colliding.
Figure 6. Accuracy values for the possibilities of different vehicles colliding.
Drones 07 00508 g006
Figure 7. F1-Score values for possibilities of different vehicles colliding.
Figure 7. F1-Score values for possibilities of different vehicles colliding.
Drones 07 00508 g007
Figure 8. Severity distribution for different scenarios.
Figure 8. Severity distribution for different scenarios.
Drones 07 00508 g008
Figure 9. Scatter plot-1.
Figure 9. Scatter plot-1.
Drones 07 00508 g009
Figure 10. Scatter plot-2.
Figure 10. Scatter plot-2.
Drones 07 00508 g010
Figure 11. Scatter plot-3.
Figure 11. Scatter plot-3.
Drones 07 00508 g011
Table 1. Assessment of the closely related existing schemes.
Table 1. Assessment of the closely related existing schemes.
SchemeTechnique UsedFeaturesDisadvantages and Security Flaws
Ali et al. [13]A temporal credential-based anonymous lightweight authentication scheme (iTCALAS)Introduced a temporal credential-based anonymous lightweight authentication scheme (iTCALAS) via lightweight symmetric key primitives. The extended scalability of the iTCALAS that has been presented also allows it to function in an IoD environment with many flying zones or clusters.It did not have important security and functionality features, i.e., the presence of formal security verification using Scyther tool, support for the blockchain-based solution, support for anonymity and untraceability, and support for big data analytics. Moreover, it was vulnerable to ephemeral secret leakage (ESL) attack under the CK-adversary model.
Rodrigues et al. [14]Authentication methods for UAVThey investigated and compared two authentication algorithms designed for WSNs and adapted for use with UAVs. The tests were carried out by examining the amount of time spent executing security-related activities such as hash tables and elliptic curve operationsIt did not have important security and functionality features, i.e., the presence of formal security verification using the Scyther tool, the presence of the dynamic drone/device addition phase, support for the blockchain-based solution, and support for big data analytics. Moreover, it was vulnerable to ESL attack under the CK-adversary model.
Ever [15]Secure authentication schemeA safe authentication framework for mobile sinks has been shown which could be utilized in applications for the Internet of Drones.It did not have important security and functionality features, i.e., the presence of formal security verification using Scyther tool, support dynamic drone/device addition phase, support for the blockchain-based solution, support for anonymity and untraceability, and support for big data analytics. Moreover, it was vulnerable to ESL attack under the CK-adversary model.
Bera et al. [16]Private blockchain-based access control mechanismThey presented a technique for access control that may be used in an Internet of Drones (IoD) setting for the purpose of identifying and mitigating the effects of unauthorized UAVs. The transactional data were recorded on a private blockchain that was legitimate and authentic in every way.It did not have support for the important big data analytics phase.
Table 2. Notations used in the SBBDA-IoD.
Table 2. Notations used in the SBBDA-IoD.
NotationMeaning
D R i and D R j ith and jth drones
G S S k kth ground station server
C S l lth cloud server
C R A Control room’s registration authority
I D C R A , R I D C R A , and k C R A Identity, pseudo-identity, and secret key of C R A
I D D R i , R I D D R i , and k D R i Identity, pseudo-identity, and secret key of D R i
T O T D R i Temporary one-time identity of D R i
R I N D R i A pseudo-identification number of D R i
E R P D R i Essential registration parameter of D R i
E q ( u , v ) A non-singular elliptic curve
GA base point in E q ( u , v )
n D R i A secret key number of D R i
N D R i = n D R i . G Corresponding public parameter of n D R i
I D G S S k and R I D G S S k Identity and pseudo-identity of G S S k
k G S S k Secret key of G S S k
Q G S S k = k G S S k . G Public key of G S S k
E R P G S S k Essential registration parameter of G S S k
I D C S l and R I D C S l Identity and pseudo-identity of C S l
k C S l Secret key of C S l
Q C S l = k C S l . G Public key of C S l
A An adversary
Table 3. Comparison of various computation cost values.
Table 3. Comparison of various computation cost values.
ProtocolSmart Device/ DroneGSS/ Server
Ali et al. [13] 18 T h + T f e + T s e n c 7 T h + 3 T s e n c / s d e c
14.469 ms 0.56 ms
Rodrigues et al. [14] 9 T h + 6 T e c m 9 T h + 2 T e c m
80.934 ms 27.314 ms
Ever [15] 9 T h + 2 T b p 6 T h + 3 T b p
+ 2 T m t p + 3 T e c m + 2 T m t p + 3 T e c m
110.643 ms 143.67 ms
Bera et al. [16] 9 T h + 2 T s e n c / s d e c 9 T h + 2 T s e n c / s d e c
+ 2 T e c m + T e c a + 2 T e c m + T e c a
27.507 ms 27.507 ms
SBBDA-IoD 9 T h 7 T h
0.504 ms 0.392 ms
Table 4. Comparison of communication costs.
Table 4. Comparison of communication costs.
ProtocolNo. of MessagesTotal Cost (in Bits)
Ali et al. [13]33424
Rodrigues et al. [14]43456
Ever [15]65344
Bera et al. [16]32368
SBBDA-IoD31792
Table 5. A juxtaposition of security and functionality components.
Table 5. A juxtaposition of security and functionality components.
FeatureAli et al. [13]Rodrigues et al. [14]Ever [15]Bera et al. [16]SBBDA-IoD
S n F 1
S n F 2
S n F 3
S n F 4
S n F 5
S n F 6
S n F 7
S n F 8
S n F 9 ××××
S n F 10 ×××
S n F 11 ××
S n F 12 ×××
S n F 13 ×
S n F 14 ××
S n F 15 ××××
S n F 1 : “replay attack”; S n F 2 : “man-in-the-middle attack”; S n F 3 : “mutual authentication”; S n F 4 : “key agreement“; S n F 5 : “device/drone impersonation attack”; S n F 6 : “GSS/server impersonation attack”; S n F 7 : “malicious device deployment attack”; S n F 8 : “resilience against drone/device physical capture attack”; S n F 9 : “formal security verification using Scyther tool”; S n F 10 : “ephemeral secret leakage (ESL) attack under the CK-adversary model”; S n F 11 : “support dynamic drone/device addition phase”; S n F 12 : “support blockchain-based solution”; S n F 13 : “free from design flaws”; S n F 14 : “anonymity and untraceability”; S n F 15 : “support big data analytics”; √: “a scheme is secure or it supports a functionality feature”; ×: “a scheme is insecure or it does not support a functionality feature”; N/A: “not applicable in a scheme”.
Table 6. Details of the simulation parameters.
Table 6. Details of the simulation parameters.
ParameterValue
Processor2X Intel(R) Xeon(R) CPU @2.20 GHz
Platform usedGoogle Colab environment
Operating systemUbuntu 18.04.5 LTS
GPU12 GB NVIDIA Tesla K80
Random access memory (RAM) size13.34 GB
Number of cloud servers deployed2 (not interlinked but elastic)
Libraries utilizedShap, Tensorflow, SKLEARN, Pandas
Used dataset“SDOT Collisions All Years” dataset [40]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Mishra, A.K.; Wazid, M.; Singh, D.P.; Das, A.K.; Singh, J.; Vasilakos, A.V. Secure Blockchain-Enabled Authentication Key Management Framework with Big Data Analytics for Drones in Networks Beyond 5G Applications. Drones 2023, 7, 508. https://doi.org/10.3390/drones7080508

AMA Style

Mishra AK, Wazid M, Singh DP, Das AK, Singh J, Vasilakos AV. Secure Blockchain-Enabled Authentication Key Management Framework with Big Data Analytics for Drones in Networks Beyond 5G Applications. Drones. 2023; 7(8):508. https://doi.org/10.3390/drones7080508

Chicago/Turabian Style

Mishra, Amit Kumar, Mohammad Wazid, Devesh Pratap Singh, Ashok Kumar Das, Jaskaran Singh, and Athanasios V. Vasilakos. 2023. "Secure Blockchain-Enabled Authentication Key Management Framework with Big Data Analytics for Drones in Networks Beyond 5G Applications" Drones 7, no. 8: 508. https://doi.org/10.3390/drones7080508

APA Style

Mishra, A. K., Wazid, M., Singh, D. P., Das, A. K., Singh, J., & Vasilakos, A. V. (2023). Secure Blockchain-Enabled Authentication Key Management Framework with Big Data Analytics for Drones in Networks Beyond 5G Applications. Drones, 7(8), 508. https://doi.org/10.3390/drones7080508

Article Metrics

Back to TopTop