A Conditional Privacy Preserving Generalized Ring Signcryption Scheme for Micro Aerial Vehicles

Micro Aerial Vehicles (MAVs) are a type of UAV that are both small and fully autonomous, making them ideal for both civilian and military applications. Modern MAVs can hover and navigate while carrying several sensors, operate over long distances, and send data to a portable base station. Despite their many benefits, MAVs often encounter obstacles due to limitations in the embedded system (such as memory, processing power, energy, etc.). Due to these obstacles and the use of open wireless communication channels, MAVs are vulnerable to a variety of cyber-physical attacks. Consequently, MAVs cannot execute complex cryptographic algorithms due to their limited computing power. In light of these considerations, this article proposes a conditional privacy-preserving generalized ring signcryption scheme for MAVs using an identity-based cryptosystem. Elliptic Curve Cryptography (ECC), with a key size of 160 bits, is used in the proposed scheme. The proposed scheme’s security robustness has been analyzed using the Random Oracle Model (ROM), a formal security evaluation method. The proposed scheme is also compared in terms of computation cost, communication cost and memory overhead against relevant existing schemes. The total computation cost of the proposed scheme is 7.76 ms, which is 8.14%, 5.20%, and 11.40% schemes. The results show that the proposed scheme is both efficient and secure, proving its viability.


Introduction
Micro Aerial Vehicles (MAVs) are getting a lot of attention from research organizations and businesses around the world [1]. These flying machines have proven their worth in situations where humans cannot reach or work efficiently, such as last-minute package delivery during rush hours or base searches in inaccessible areas of the battlefield. Compared to conventional methods, MAVs can significantly lower the risk to human life, increase the system's efficiency, and shorten the time of operations. The broad capabilities of MAVs range from surveillance MAVs with fixed wings to advanced MAVs capable of hovering, navigation, carrying several sensors, and carrying out their missions up to several kilometers in range [2]. MAVs can transmit data to a portable base station and can exchange data with one another. A general architecture of MAVs network is depicted in Figure 1. Despite these benefits, MAVs are not suitable for real-time or processor-intensive applications because to their limited memory and processing power [3]. Apart from the aforementioned constraints, the security measures to fight against cyber-attacks are rarely considered during the design of MAVs [4]. The security and privacy of the network could be severely compromised due to this vulnerability, which would have a devastating effect on data transmission and storage. There are a variety of ways a malicious attacker can compromise the MAVs system. The malicious attacker can, for instance, send several reservation requests, eavesdrop on control messages, or fake data. Wi-Fi-connected MAVs are more vulnerable to cyber-attacks than cellular-connected ones because of their less-reliable connections and weaker security measures [5]. Tracking MAV locations, tampering with onboard hardware, illegal data access, message modification, and fabrication are examples of common privacy and security concerns across the MAV system [6,7]. A major security concern that compromises the privacy of MAVs is a Global Positioning System (GPS) spoofing attack [8][9][10], in which an attacker exploits GPS signals. In this method, an adversary sends an MAV slightly stronger GPS signals in order to deviate it from its original mission. Therefore, given their extensive usage in current military and commercial applications, there is an urgent need for enhanced security measures for MAVs.
Authentication and confidentiality are two of the most important aspects of any security protocol design for ensuring secure communication, and the same is applicable for MAVs security. Encryption and digital signatures provide solutions for confidentiality and authenticity respectively. When both attributes are required simultaneously and in a single logical step for devices with limited resources, such as MAVs, signcryption [11] is preferred. In addition, generalized signcryption is an extension of the signcryption scheme that not only offers encryption and digital signature simultaneously, but also has the option to offer both independently, if desired. Such a characteristic is useful if one of the two essential characteristics, confidentiality or authenticity, is desired [12]. Generalized signcryption can be used in ring configurations, known as ring signcryption, which offers advantageous characteristics such as anonymity, spontaneity, flexibility, and equal membership [13]. A conditional privacy preserving property can be implemented in addition to generalized ring signcryption to guarantee recipient and sender identify anonymity. In this approach, each entity encrypts their real identity using a common secret key between entity and PKG in the key generation process rather than using the real identities of sender and receiver. PKG must first locate the secret key and real identity after obtaining the encrypted identity. The encrypted identities of each user for signcryption and unsigncryption are then published by PKG.
Zhou et al. [14] proposed a concrete scheme for generalized ring signcryption in an identity-based framework. The proposed technique is based on bilinear pairing, and a random oracle model (ROM) is used for the security analysis. Due to the fact that the scheme [14] is based on bilinear pairing, which involves computationally expensive cryptographic operations, it is not suited for resource-constrained devices with low processing capabilities, such as MAVs, to conduct such operations. In addition, the proposed scheme lacks conditional privacy-preserving characteristics. Caixue Zhou [15] proposed a certificate-based generalized ring signcryption method and a concrete methodology employing bilinear pairings for certificate-based cryptosystems. Using the ROM, the security hardness of the proposed system is evaluated. Again, this scheme [15] is not suitable for MAVs due to the high computation cost of bilinear pairing and the absence of conditional privacy-preserving attribute.
M. Luo and Y. Zhou [16] introduced an efficient conditional privacy-preserving authentication protocol based on generalized ring signcryption scheme. Generalized ring signcryption is proposed in this protocol to provide ring signature mode and ring signcryption mode inside a single algorithm in order to meet the diverse security needs of complicated application scenarios. A practical public verification technique is meant to make tracking results verifiable and more trustworthy. In addition, the protocol accomplishes secrecy, immutability, and Known Session-Specific Temporary Information Security (KSSTIS). However, the proposed protocol involves bilinear pairing-based multiplication, modular exponentials, and bilinear pairing in the combined ring signature and signcryption method, which is incompatible for MAVs. Khan et al. [17] presented an identity-based generalized signcryption with multi-access edge computing option to protect Flying Ad hoc Networks (FANETs). However, neither conditional privacy preservation nor ring signcryption are supported by the proposed scheme. Consequently, this scheme [17] does not ensure anonymity. Din et al. [18] presented an improved identity-based generalized signcryption scheme for secure multi-access edge computing-enabled FANETs. The proposed scheme supports neither conditional privacy preservation nor ring signcryption. Therefore, this approach [18] does not guarantee anonymity.
With the aforementioned facts and favorable features in mind, we provide a conditional privacy-preserving generalized ring signcryption scheme for MAVs in this work. Moreover, the proposed scheme is based on an Identity-based public key cryptosystem, which uses the user's name, IP address, etc. as his/her public key, hence eliminating the requirement for a public key certificate. Then, a trusted third party known as the PKG produces all users' private keys, which introduces a new issue known as the private key escrow problem. However, it is still quite beneficial in situations when the PKG is completely trusted. The following are the main contributions of the proposed scheme that distinguish it from existing schemes.

•
We propose a conditional privacy-preserving generalized ring signcryption scheme for MAVs using the ECC operation.

•
The proposed scheme is conditional privacy-preserving, meaning each entity encrypts its real identity using a common secret key between entity and PKG in the key generation process.

•
The proposed scheme enables encryption and digital signature simultaneously as well as independently using generalized signcryption. In ring configurations mode, this scheme guarantees anonymity, spontaneity, flexibility, and equal membership.

•
We conducted a formal security study using the Random Oracle Model (ROM) and found that the proposed scheme is secure against a wide range of cyber-attacks. • Finally, the proposed scheme's efficiency is compared to its counterparts, validating its low computation cost, communication cost and memory overhead.
The structure of the article is as follows: Section 2 provides preliminary information, the network model, and the syntax of the proposed scheme. In contrast, Section 3 includes a security analysis of the proposed scheme. In Section 4, performance analysis is discussed. The conclusion is contained in Section 5.

Preliminaries, Network Model and Syntax of the Proposed Scheme
This section includes preliminaries (elliptic curve cryptography, the elliptic curve decisional Diffie-Hellman problem, the elliptic curve discrete logarithm problem), syntax of the proposed scheme, network model and notations for the proposed scheme as shown in Table 1. Suppose G ECC is a finite cyclic group on the elliptic curve (E ECC ), f q is the finite field of E ECC with prime order q, let q > 3, and ξ is the generator of group G ECC ; the elliptic can be defined as follows: which is called infinity point on elliptic curve Ô and congruence where the values (s, t) ∈ f q satisfying 4s 3 + 27t 2 mod q.

Elliptic Curve Discrete Logarithm Problem (ECDLP)
Assume ξ is the generator of group G ECC with prime order q, and given (θ.ξ,ξ, K ∈ G ECC ), extracting θ from K = θ. ξ is called ECDLP.

Syntax
The syntax of the proposed scheme consists of the five sub-algorithms listed below.

1.
Initialization: The ground core network (GCN) can play the role private key generator (PKG), in which he/she can sets ß GCN as his/her secret key, δ GCN as his/her public key, and generates a public parameter set Ж.

2.
Key Generation: The device that participates in a network as a legal user will send (EId i , Ω i ) to GCN by using open channel. Based on (EId i , Ω i ), GCN first compute γ i and recover the real identity Id i . Then, GCN computes λ i , Φ i and send (Φ i , λ i ) to the legitimate user by using secure channel. 3.
Generalized Ring Signcryption: This algorithm will run by Micro Aerial Vehicle (MAV), in which the MAV take input that are (EId MAV , m, λ X , £ X , δ GCN ) and produce the tuple (κ, Л, Γ).

Proposed Scheme Construction
The construction of the proposed scheme includes the following steps. Initialization: In this sub algorithm, a ground core network (GCN) can play the role private key generator (PKG) that can first choose his own secret key ß GCN ∈ f q and compute a master public key as δ GCN = ß GCN ·ξ. then, GCN chooses three hash functions (Ц 1 , Ц 2 , Ц 3 ) that are irreversible and collision resistant. At the end, GCN produces a public param Ж = ( f q , δ GCN , ξ, 1 , 2 , 3 ).
Key Generation: In this sub algorithm, a device which participated in a network as a legal user will send his encrypted real identity EId i = γ i ⊕ Id i , and Ω i = α i ·ξ, to GCN by using open channel, where γ i = α i ·δ GCN and α i ∈ f q . Based on (EId i , Ω i ), GCN firs compute γ i = ß GCN ·Ω i and recover the real identity Id i as Id i = EId i ⊕ γ i . Then, GCN choose η i ∈ f q , compute λ i = η i ·ξ, £ i = Ц 1 (Id i , λ i ), calculate Φ i = η i + £ i ·ß GCN , and send (Φ i , λ i ) to the legitimate user by using secure channel.
Generalized Ring Signcryption Verifications: With the encrypted identity (EId X ), a user upon reception of (ω, Л, Γ) can perform the following steps.

Correctness Analysis
The device at receiving end (X) can verify the signature as follows.
hence proved. Furthermore, a device at receiving end (X) can made the decryption key as follows.

Security Analysis
In this section, we first show that the proposed scheme is secure against breaches of confidentiality and forgeability under the Random Oracle Model (ROM). Then, using an informal security analysis, we show that the proposed scheme is secure against an adversary attempting to violate sender and recipient anonymity. The subsequent theorems demonstrate that the proposed scheme provides security properties such as confidentiality, unforgeability, sender anonymity, and recipient anonymity, respectively.

Theorem 1. Confidentiality: The proposed generalized ring signcryption is indistinguishable against intruder INT under the ROM, if ECDDHP is hard.
Proof. Suppose the instances of elliptic curve (Ω·ξ, θ· ξ, ξ, K ∈ G ECC ) is given to C ECDDHP . To find θ and Ω from K = Ω·θ·ξ, C ECDDHP will play the following Game with I NT.
Initialization: C ECDDHP can first choose the secret key ß GCN ∈ f q , public key δ GCN , public parameter set Ж. Then, C ECDDHP sends Ж to I NT.
Phase 1: Here, I NT can made the following queries with C ECDDHP . Ц 1 Query: I NT send a request for Ц 1 Query with identity (Id i ) C ECDDHP check for a tuple ( Otherwise, C ECDDHP choose the value for £ i randomly and returns it to I NT. Ц 2 Query: I NT send a request for Ц 2 Query with identity (Id i ) C ECDDHP check for a tuple (Ψ i , £ 1i ) in the list L Ц 2 , if (Ψ i , £ 1i ) is found, C ECDDHP returns £ 1i to I NT. Otherwise, C ECDDHP choose the value for £ 1i randomly and returns it to I NT. Ц 3 Query: I NT send a request for Ц 3 Query with identity (Id i ) C ECDDHP check for a tuple (EId i , returns ω i to I NT. Otherwise, C ECDDHP choose the value for ω i randomly and returns it to I NT. User Public Key Query: I NT send a request for User Public Key Query with (Id i , λ i ), C ECDDHP check for a tuple (Id i , λ i ) in the list L UPK , if (Id i , λ i ) is found, C ECDDHP returns λ i to I NT. Otherwise, C ECDDHP perform the following two steps.
At the end, C ECDDHP returns λ i to I NT.
User Private Key Query: I NT send a request for User Private Key Query with (Id i , λ i , Φ i ), C ECDDHP check for a tuple (Id i , λ i , Φ i ) in the list L UPRK , if Id i = Id, C ECDDHP stop further processing, otherwise he found the tuple (Id i , λ i , Φ i ) and returns Φ i to I NT.
Challenge: I NT send the tuple (m 101 , m 102 , EId MAV , EId X ) to C ECDDHP , where m 101 , m 102 are the two plaintexts with same size but contains different contents. If EId X = Id, C ECDDHP pick ι ∈ {0, 1} and perform the following computations.
After denoting the above events, we can easily receive the following outcomes. Proof. Suppose the instance of elliptic curve (Ω·ξ, ξ, K ∈ G ECC ) is given to C ECDLP so, to find Ω from K = Ω·ξ, C ECDLP will play the following Game with I NT.
Initialization: C ECDLP can first choose the secret key ß GCN ∈ f q , public key δ GCN , public parameter set Ж. Then, C ECDDHP send Ж to I NT.
Queries: All the queries are processed is same as executed in Theorem 1-Confidentiality. Forgery: I NT wants to generate and verify combined ring signature and signcryption, in which he needs the private key of MAV and X (Φ MAV , Φ X ). I NT can generate the forge signature as follows.
• I NT choose χ I NT ∈ f q and compute Л = χ I NT ·ξ.
In the above process for forging a signature, INT can solve two-time ECDLP such as finding the values (χ MAV , Φ MAV ).
Θ 2 : C ECDDHP succeeded in in challenge phase.
After denoting the above events, we can easily receive the following outcomes.
where € represents the advantage of INT.

Theorem 3. Sender Anonymity.
In the key generation phase, the sender device called MAV will send his encrypted real identity EId MAV = γ MAV ⊕ Id MAV , and Ω MAV = α MAV ·ξ, to GCN by using open channel, where γ MAV = α MAV ·δ GCN and α MAV ∈ f q . Based on (EId MAV , Ω MAV ), GCN firs compute γ MAV = ß GCN ·Ω MAV and recover the real identity Id MAV as Id MAV = EId i ⊕ γ MAV . Here, if INT wants the real identity Id MAV of MAV, he will pass the following two cases.
In both the above cases, INT can solve ECDLP which will be infeasible for him/her.

Theorem 4. Receiver Anonymity.
In the key generation phase, the receiver device called X will send his encrypted real identity EId X = γ X ⊕ Id X , and Ω X = α X ·ξ, to GCN by using open channel, where γ X = α X ·δ GCN and α X ∈ f q . Based on (EId X , Ω X ), GCN firs compute γ X = ß GCN ·Ω X and recover the real identity Id X as Id X = EId X ⊕ γ X . Here, if INT wants the real identity Id X of X, he will pass the following two cases.
In both the above cases, INT can solve ECDLP, which will be infeasible for him/her.

Performance Comparison
This section compares the performance of the proposed scheme with the relevant existing counterparts proposed by Zhou et al. [14], Zhou et al. [15], and Luo and Zhou [16].

Computation Cost
The computation cost represents the operational expenses spent by each user during the proposed generalized ring signcryption process and existing comparable schemes proposed by Zhou et al. [14], Zhou et al. [15], and Luo and Zhou [16]. In Table 2, we list the key operations of the proposed scheme, including Elliptic Curve Point Multiplication (ECC PM ), Bilinear Pairing Based Multiplication (BP BM ), Modular Exponentials (MD EXP ), and Bilinear Pairing (BP OP ). Table 3 contains the operating expenses, measured in milliseconds (ms), for the proposed scheme, as well as those of Zhou et al. [14], Zhou et al. [15], and Luo and Zhou [16]. The time requires for a single ECC PM takes 0.97 ms, BP BM , 4.31 ms, MD EXP , 1.25 ms and BP OP takes 14.90 [19]. The Multi-Precision Integer and Rational Arithmetic C Library (MIRACL) [20] is used to assess the performance of the proposed scheme by testing the runtime of the core cryptographic operations up to 1000 times. Observations are made on a workstation with the following specifications: 8 GB RAM and the Windows 7 Home Basic 64-bit operating system [21]. As seen in Figure 3, the proposed scheme has a lower computation cost than the schemes proposed by Zhou et al. [14], Zhou et al. [15], and Luo and Zhou [16]. Table 2. Comparison of computation cost with major operations.

Communication Cost
In this subsection, the proposed scheme is compared to existing schemes, namely those proposed by Zhou et al. [14], Zhou et al. [15], and Luo and Zhou [16], in terms of communication cost. We list the communication cost incurred based on the Elliptic Curve Parameter Size (|ECC q|), Bilinear Pairing Parameter Size (|BP G|), and a message size (|m|) for the proposed and those of Zhou et al. [14], Zhou et al. [15], and Luo and Zhou [16]. We have selected the bit values 160, 1024, and 1024 bits for (|ECC q|), (|m|), and (|BP G|) from [19]. In addition, the communication cost analysis between Zhou et al. [14], Zhou et al. [15], and Luo and Zhou [16] and the proposed scheme are provided in Table 4. As seen in Figure 4, the proposed scheme has a lower communication cost than the schemes proposed by Zhou et al. [14], Zhou et al. [15], and Luo and Zhou [16].

Memory Overhead
The proposed scheme is compared in terms of memory overhead to existing schemes proposed by by Zhou et al. [14], Zhou et al. [15], and Luo and Zhou [16]. Table 5 describes the primary operations, and Table 6 compares the memory overhead in bits of the proposed scheme to that of relevant existing schemes. A significant reduction in memory space is achieved, as shown in Figure 5.

Conclusions
In this article, we proposed a conditional privacy-preserving generalized ring signcryption scheme for MAVs using an identity-based cryptosystem. The proposed scheme is developed using the Elliptic Curve Cryptography concept (ECC). A comprehensive security analysis of ROM indicates that the proposed method is robust to a number of attacks. Comparing the proposed scheme to similar schemes presented by Zhou et al. [14], Zhou et al. [15], and Luo and Zhou [16] with regard to commutation and communication costs. The results reveal that the proposed scheme is more cost-effective in terms of computation and communication costs than its current alternatives. In addition, the results demonstrate that the proposed method is suitable for MAV systems due to the algorithm's functionality and reduced computation cost, communication cost and memory overhead.