Surveillance drones, called as unmanned aerial vehicles (UAV), are aircrafts that are utilized to collect video recordings, still images, or live video of the targets, such as vehicles, people or specific areas. Particularly in battlefield surveillance, there is high possibility of eavesdropping, inserting, modifying or deleting the messages during communications among the deployed drones and ground station server (GSS). This leads to launch several potential attacks by an adversary, such as main-in-middle, impersonation, drones hijacking, replay attacks, etc. Moreover, anonymity and untarcebility are two crucial security properties that need to be maintained in battlefield surveillance communication environment. To deal with such a crucial security problem, we propose a new access control protocol for battlefield surveillance in drone-assisted Internet of Things (IoT) environment, called ACPBS-IoT. Through the detailed security analysis using formal and informal (non-mathematical), and also the formal security verification under automated software simulation tool, we show the proposed ACPBS-IoT can resist several potential attacks needed in battlefield surveillance scenario. Furthermore, the testbed experiments for various cryptographic primitives have been performed for measuring the execution time. Finally, a detailed comparative study on communication and computational overheads, and security as well as functionality features reveals that the proposed ACPBS-IoT provides superior security and more functionality features, and better or comparable overheads than other existing competing access control schemes.