Provably Secure Mutual Authentication and Key Agreement Scheme Using PUF in Internet of Drones Deployments

Internet of Drones (IoD), designed to coordinate the access of unmanned aerial vehicles (UAVs), is a specific application of the Internet of Things (IoT). Drones are used to control airspace and offer services such as rescue, traffic surveillance, environmental monitoring, delivery and so on. However, IoD continues to suffer from privacy and security issues. Firstly, messages are transmitted over public channels in IoD environments, which compromises data security. Further, sensitive data can also be extracted from stolen mobile devices of remote users. Moreover, drones are susceptible to physical capture and manipulation by adversaries, which are called drone capture attacks. Thus, the development of a secure and lightweight authentication scheme is essential to overcoming these security vulnerabilities, even on resource-constrained drones. In 2021, Akram et al. proposed a secure and lightweight user–drone authentication scheme for drone networks. However, we discovered that Akram et al.’s scheme is susceptible to user and drone impersonation, verification table leakage, and denial of service (DoS) attacks. Furthermore, their scheme cannot provide perfect forward secrecy. To overcome the aforementioned security vulnerabilities, we propose a secure mutual authentication and key agreement scheme between user and drone pairs. The proposed scheme utilizes physical unclonable function (PUF) to give drones uniqueness and resistance against drone stolen attacks. Moreover, the proposed scheme uses a fuzzy extractor to utilize the biometrics of users as secret parameters. We analyze the security of the proposed scheme using informal security analysis, Burrows–Abadi–Needham (BAN) logic, a Real-or-Random (RoR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. We also compared the security features and performance of the proposed scheme and the existing related schemes. Therefore, we demonstrate that the proposed scheme is suitable for IoD environments that can provide users with secure and convenient wireless communications.

[1]  Yousaf Bin Zikria,et al.  A Secure and Lightweight Drones-Access Protocol for Smart City Surveillance , 2022, IEEE Transactions on Intelligent Transportation Systems.

[2]  A. Das,et al.  Design of Blockchain-Based Lightweight V2I Handover Authentication Protocol for VANET , 2022, IEEE Transactions on Network Science and Engineering.

[3]  Mohammad Mehedi Hassan,et al.  RAMP-IoD: A Robust Authenticated Key Management Protocol for the Internet of Drones , 2022, IEEE Internet of Things Journal.

[4]  Ashok Kumar Das,et al.  Designing Fine-Grained Access Control for Software-Defined Networks Using Private Blockchain , 2021, IEEE Internet of Things Journal.

[5]  Abdullah G. Alharbi,et al.  RUAM-IoD: A Robust User Authentication Mechanism for the Internet of Drones , 2022, IEEE Access.

[6]  Youngho Park,et al.  Design of Secure Handover Authentication Scheme for Urban Air Mobility Environments , 2022, IEEE Access.

[7]  Youngho Park,et al.  Secure ECC-based Three-Factor Mutual Authentication Protocol for Telecare Medical Information System , 2022, IEEE Access.

[8]  S. Kumari,et al.  Amassing the Security: An Enhanced Authentication Protocol for Drone Communications over 5G Networks , 2021, Drones.

[9]  A. Gandomi,et al.  Applications, Deployments, and Integration of Internet of Drones (IoD): A Review , 2021, IEEE Sensors Journal.

[10]  Khalid Mahmood,et al.  Provable Secure Identity-Based Anonymous and Privacy-Preserving Inter-Vehicular Authentication Protocol for VANETS Using PUF , 2021, IEEE Transactions on Vehicular Technology.

[11]  Jianfeng Ma,et al.  An efficient three-factor remote user authentication protocol based on BPV-FourQ for internet of drones , 2021, Peer-to-Peer Networking and Applications.

[12]  Ashok Kumar Das,et al.  On the Design of Mutual Authentication and Key Agreement Protocol in Internet of Vehicles-Enabled Intelligent Transportation System , 2021, IEEE Transactions on Vehicular Technology.

[13]  Youngho Park,et al.  WSN-SLAP: Secure and Lightweight Mutual Authentication Protocol for Wireless Sensor Networks , 2021, Sensors.

[14]  Youngho Park,et al.  Design of Secure Decentralized Car-Sharing System Using Blockchain , 2021, IEEE Access.

[15]  Ashok Kumar Das,et al.  On the Design of Lightweight and Secure Mutual Authentication System for Global Roaming in Resource-Limited Mobility Networks , 2021, IEEE Access.

[16]  Fadi Al-Turjman,et al.  A smart lightweight privacy preservation scheme for IoT-based UAV communication systems , 2020, Comput. Commun..

[17]  Cong Pu,et al.  Lightweight Authentication Protocol for Unmanned Aerial Vehicles Using Physical Unclonable Function and Chaotic System , 2020, 2020 IEEE International Symposium on Local and Metropolitan Area Networks (LANMAN.

[18]  Neeraj Kumar,et al.  PARTH: A two-stage lightweight mutual authentication protocol for UAV surveillance networks , 2020, Comput. Commun..

[19]  Yoney Kirsal Ever,et al.  A secure authentication scheme framework for mobile-sinks used in the Internet of Drones applications , 2020, Comput. Commun..

[20]  Saru Kumari,et al.  Comments on “AKM-IoV: Authenticated Key Management Protocol in Fog Computing-Based Internet of Vehicles Deployment” , 2020, IEEE Internet of Things Journal.

[21]  Zeeshan Ali,et al.  Securing Smart City Surveillance: A Lightweight Authentication Mechanism for Unmanned Vehicles , 2020, IEEE Access.

[22]  Jianfeng Ma,et al.  Lightweight Security Authentication Mechanism Towards UAV Networks , 2019, 2019 International Conference on Networking and Network Applications (NaNA).

[23]  Joel J. P. C. Rodrigues,et al.  AKM-IoV: Authenticated Key Management Protocol in Fog Computing-Based Internet of Vehicles Deployment , 2019, IEEE Internet of Things Journal.

[24]  Joel J. P. C. Rodrigues,et al.  TCALAS: Temporal Credential-Based Anonymous Lightweight Authentication Scheme for Internet of Drones Environment , 2019, IEEE Transactions on Vehicular Technology.

[25]  Athanasios V. Vasilakos,et al.  Design and Analysis of Secure Lightweight Remote User Authentication and Key Agreement Scheme in Internet of Drones Deployment , 2019, IEEE Internet of Things Journal.

[26]  Kim-Kwang Raymond Choo,et al.  Security and Privacy for the Internet of Drones: Challenges and Solutions , 2018, IEEE Communications Magazine.

[27]  Ping Wang,et al.  Zipf’s Law in Passwords , 2017, IEEE Transactions on Information Forensics and Security.

[28]  Raouf Boutaba,et al.  Internet of Drones , 2016, IEEE Access.

[29]  Srinivas Devadas,et al.  Physical Unclonable Functions and Applications: A Tutorial , 2014, Proceedings of the IEEE.

[30]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[31]  Olivier Heen,et al.  A Security Protocol Animator Tool for AVISPA , 2006 .

[32]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[33]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[34]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[35]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).