A Traceable and Privacy-Preserving Authentication for UAV Communication Control System

: In recent years, the concept of the Internet of Things has been introduced. Information, communication


Introduction
With the development of battery power, sensing systems, artificial intelligence and other technologies, small commercial unmanned aerial vehicles (UAVs) combining these technologies have, in recent years, become a very popular product.Small UAVs have tremendous potential in different fields and tasks, and have great flexibility in application.In addition to personal aerial photography, entertainment, and commercial markets, they can be used in various monitoring work such as disaster relief [1], in various environments involving animals and plants, coasts and borders [2,3], in freight transportation, military and police law enforcement tasks, and even agricultural and industrial applications [4][5][6][7][8].Nader et al. [9] pointed out that UAVs could be employed in different ways to achieve smart city services.For example, using UAVs for traffic monitoring and management, merchandise delivery, health and emergency services, and air taxi services can enhance these services in terms of quality, productivity, timeliness, reliability, and performance and could help reduce the dignity, personal subjectivity, and personality development.If some of a person's own information is exposed, he will feel uncomfortable, embarrassed, or harassed by others, and it will be difficult to live comfortably.Compared with personal privacy, sensitive information of the state or government has a greater impact.
Secondly, the malicious attacker can perform passive eavesdropping, active interfering, leaking of secret information, data tampering, denial of service, message misuse, message replay, and impersonation attack between sender and receiver.This will cause the resource collapse attack, and even disturb the operations of routing protocol for UAVs [10].UAVs are conducted in flying ad hoc networks (FANETs) which should provide defense against various known attacks under wireless environment.
Thirdly, because of the specific properties of FANET (wireless links, collaborative characteristics, uncontrollable environment, and lack of a fixed infrastructure) securing the network is difficult.The traditional security issues are availability, authentication, integrity, and confidentiality, which have become targets that the attacker wants to break.[11].Legitimate UAVs suffer from malicious UAVs by implanting the incorrect information into their sensors.Therefore, it causes these compromised UAVs to transmit the wrong messages for the base station, and thereby endangering the data integrity [10].
In order to legalize and guarantee the privacy of the broadcasted messages, much literature is focused on this issues.For example, Strohmeier et al. [12] surveyed an automatic dependent surveillance-broadcast protocol (ADS-B), and that is an on-board component part of the UAV system, and discussed and listed the vulnerabilities in ADS-B protocol.Wesson et al. [13] further analyzed and evaluated the cryptographic strategies of ADS-B based on their effectiveness and practicality in the cost-averse, technologically-complex, and interoperability-focused aviation community.The purpose of these works was to find a suitable mechanism to ensure the security of the UAVs system for sensitive control areas.
In past literature, some articles [10,[14][15][16] refer to malicious attacks on UAV applications, such as intrusion detection, enhancing security against the lethal cyber-attacks for UAV networks.Therefore, a Q-learning-based UAV power allocation strategy combining Q-learning and deep learning to accelerate the learning speed for attack modes was proposed by Xiao et al. [17].García-Magariño et al. [16] used a secure asymmetric encryption with a pre-shared list of official UAVs and an agent-based approach to detect if an official UAV is physically hijacked.However, these articles only focus on the intrusion detection or the problem of UAVs being physical hijacked.It is a fact that to prevent all intrusions from being attacked by hackers, the fundamental solution is to propose an effective and comprehensive security protocol.Such a secure mechanism should comprehensively detect and provide information and identity authentication to achieve the purposes of availability, privacy, and non-repudiation and to defend against known attacks for the UAV's environment.
Recently, some literature [18][19][20][21] has used specific cryptographic algorithms to implement security mechanisms in UAVs.In 2017, Yoon et al. [18] used the Raspberry Pi to present a design of a second channel security system that can regain control of a UAV when there is an attack on the UAV.In this scheme, the authors only used flow charts to describe the scenario.The authors claimed that they can provide authentication with the ground station and defense against the DoS attack.However, this scheme does not present the detail cryptography scenario and no performance analysis.
Later, Chen et al. [19] proposed a mutual authentication improvement in security.In order to achieve higher efficiency and reduce the computational cost, thus the proposed scheme conformed to the network-connected UAV communication systems, and that satisfied the requirements of the limited bandwidth and computation resources.However, the authors used the asymmetric bilinear pairings mechanism and the cost of this was high and it was not supported by formal proof.Wazid et al. [20] also presented a lightweight remote user authentication and key agreement scheme to solve security issues between the user and the accessed drone in Internet of Drones (IoD) applications.
Recently, Tian et al. [21] proposed an efficient privacy-preserving authentication framework for the edge-assisted Internet of Drones.They followed a predictive UAV authentication approach.The authors considered that location, identity, and flying routes of each legitimate UAV are sensitive information in the IoD network.Therefore, they proposed a secure authentication and privacy protection for an efficient MEC-assisted (mobile edge computing) framework.But this scheme did not consider mutual authentication for ensuring the communication entity.
In fact, due to the UAV's characteristics, it is hard to prevent a privacy leak.Therefore, this study aims to focus on sensitive areas (for example: airports and military areas) to set up this management system and use ECC (elliptic curve cryptography) technology [22,23] to ensure data integrity and nonrepudiation.It is a fact that any intruders can break through the defense function of the system if the security mechanism of the system is not perfect and the user's identity is not authenticated accurately.This study also intends to employ the proof mode of BAN logic mechanism for mutual authentication to eliminate the intrusive chances of malicious attackers.
The paper is organized as follows.The applied mechanisms and security mechanisms are reviewed and discussed in Section 2. The designs and flows of the proposed scheme are presented in Section 3. Security analyses and comparisons are discussed in Section 4. Finally, in Section 5, conclusions are offered.

Preliminary and Security Requirements
This section includes two subsections: (1) the elliptic curve cryptography and Diffie-Hellman key exchange are presented in Section 2.1 and (2) security requirements are defined in Section 2.2.

Elliptic Curve Cryptography and Diffie-Hellman Key Exchange
Elliptic curve cryptography [22,23] was proposed in 1995.Digital signature schemes can be used to provide the following basic cryptographic services: data integrity, data origin authentication, and non-repudiation.
The Diffie-Hellman key exchange [24] is a method for securely exchanging cryptographic keys over a public channel.It is one of the earliest practical examples of public key exchange implemented within the field of cryptography.The Diffie-Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel.This key can then be used to encrypt subsequent communications by using a symmetric key cipher.
The following problems exist for the Elliptic Curve Diffie-Hellman method: Computational Diffie-Hellman (CDH) Problem: Given aP and bP, where a, b ∈ R, Z * q, and P are the generator of G, compute abP.Decisional Diffie-Hellman (DDH) Problem: Given aP, bP, and cP, where a, b, c ∈ R, Z * q, and P are the generators of G, confirm whether or not cP = abP, which is equal to confirming whether or not c = abmodq.

•
Mutual authentication: this ensures that only legitimate parties are allowed to participate in the UAV network.There are two types of authentication services: node authentication and message authentication [11,19,20,25].In order to ensure the communication security.The communication entity should perform mutual authentication before communication.As long as the mutual authentication is implemented, some known attacks can be excluded.

•
Integrity: preventing the altering GPS coordinates or disseminating of false information [25], thus ensuring the consistent and uncompromising adherence of data message over their whole passage through the flying networks [11,19,20] • Confidentiality: Only the authorized UAVs are allowed to access the data packets [11,13,19,20,25].
• Identity anonymity: The UAV communication control system should keep identity anonymity from the attacker to ensure the users real identity is not obtained from eavesdropped or captured messages [11].

•
Availability: The UAV communication control system should be always available to provide all services in any time and in any conditions [11,25].

•
Privacy: By tracking the messages sent out by the same UAV at different locations, adversaries can disclosure the UAVs' identities and perform further analysis to get other information from the UAVs [11,18,20].

•
Non-repudiation: Repudiation threat comes from the UAVs denying their behaviors in the IoD.For example, malicious UAVs abuse their valid identities to broadcast fake information in the IoD [18,20,25].

•
DoS attack: DoS attack means that a malicious node attempts to exhaust energy resources of UAVs or disturb the network and routing protocol [15,20,25].

•
Spoofing attack: The attacker could generate a spoofed message such that the receiver gets the incorrect message [15,25].

The Proposed Scheme
This section includes nine subsections: (1) system architecture is designed and described in Section 3.1, (2) the used notations in this study are defined in Section 3.2, (3) the manufacturer (UAV) registration phase of the proposed scheme is illustrated in Section 3.3, (4) the player (mobile device) registration phase of the proposed scheme is presented in Section 3.4, (5) the ground control station registration phase of the proposed scheme is described in Section 3.5, (6) the player and manufacturer authentication and communication phase of the proposed scheme is shown in Section 3.6, (7) the player and ground control station authentication and communication phase of the proposed scheme is designed in Section 3.7, (8) the player, UAV, and ground control station authentication and communication phase of the proposed scheme is discussed in Section 3.8, and (9) the ground control station and UAV authentication and communication phase of the proposed scheme is illustrated in Section 3.9.There are four parties in the scheme:

System Architecture
(1) Trusted authority center: a trusted third party agency which provides a public key and private key to the registrant.(2) Manufacturer (UAV): a UAV manufacturing company.The company has jurisdiction over all manufactured UAVs.(3) Player (mobile device): a person who intends to control a UAV.He/she must first buy or rent a UAV from the manufacturer, then obtain the flight permit before he/she can control the UAV.(4) Ground control station (GCS): a control center that provides the facilities for human control of the UAV.A GCS reviews the flight path proposed by the player, and decides whether to agree to the flight request.

1.
All UAVs manufactured, all mobile devices carried by players, and all ground control stations must be registered to the trusted authority center through a secure channel.The manufacturer (UAV), player (with mobile device), and ground control station sends their universally unique IDs to the trusted authority center.The trusted authority center returns parameters calculated by elliptic curve group technology.

2.
When a player wants to control UAVs, the player carries his/her mobile device to buy or rent a UAV from the manufacturer.After mutual authentication between the player and the manufacturer, the manufacturer will transfer the purchase or rental certificate of the UAV to the player, and store the certificate to the UAV.

3.
After the player has the right to use the UAV, then he/she must submit flight information and a purpose to the ground control station for review.After mutual authentication between the player and the ground control station, the ground control station will transfer the decision of the flight plan to the player, and keep the relevant flight information.

4.
The player transfers the purchase or rental certificate of the UAV, and the flight path agreed by the ground control station to the UAV.After mutual authentication between the player and the UAV and mutual authentication between the UAV and the ground control station, the ground control station will confirm the legality of the UAV flight path.Once the legality of the relevant identity and flight path have been confirmed, the player can control the UAV through his/her mobile device.

Notations q:
A k-bit prime F q : A prime finite field E/F q : An elliptic curve E over F q G: A cyclic additive group of composite order q P: A generator for the group G s: A secret key of the trusted authority center PK TAC : A public key of the trusted authority center, PK TAC = sP H i ( ): ith one-way hash function ID x : x's identity, like a universal unique ID code r x , a, b, c, d, e, f : A random numbers of elliptic curve group S x : x's elliptic curve group signature SEK xy : A session key established by x and y E x (m): Use a session key x to encrypt the message m D x (m): Use a session key x to decrypt the message m Sig xy : The signed message for parties x and y SK x /PK x : x's private key SK x /x's public key PK x S SK x (m): Use x's private key SK x to sign the message m V PK x (m): Use x's public key PK x to verify the message m CHK x : x's verified message The payment message between the player and the manufacturer (UAV) M request : The flight plan proposed by the player M con f irm : The flight permission issued by ground control station to UAV M GPS : The GPS message reported by the UAV c i : The session key encrypted sensitive information Cert UAV : The purchase or rental certificate of the UAV held by the player

Manufacturer (UAV) Registration Phase
The manufacturer must take the UAV to register with the trusted authority center.The manufacturer (UAV) registration phase of the proposed scheme is shown in Figure 2.
Step 1: The manufacturer selects an identity ID UAV , and transmits it to the trusted authority center.
Step 2: The trusted authority center selects a random number r UAV , calculates and then sends (R UAV , S UAV , PK UAV , SK UAV ) to the manufacturer.
Step 3: The manufacturer verifies If the verification is passed, the manufacturer stores (R UAV , S UAV , PK UAV , SK UAV ) to the UAV.

Manufacturer (UAV) Registration Phase
The manufacturer must take the UAV to register with the trusted authority center.The manufacturer (UAV) registration phase of the proposed scheme is shown in Figure 2. Step 1: The manufacturer selects an identity UAV ID , and transmits it to the trusted authority center.
Step 2: The trusted authority center selects a random number U AV r , calculates

Player (Mobile Device) Registration Phase
The player must take the mobile device to register with the trusted authority center.The scenarios of player (mobile device) registration phase is shown in Figure 3.
Step 1: The player selects an identity ID PMD , and transmits it to the trusted authority center.
Step 2: The trusted authority center selects a random number r PMD , calculates and then sends (R PMD , S PMD , PK PMD , SK PMD ) to the player.
Step 3: The player verifies If the verification is passed, the player stores (R PMD , S PMD , PK PMD , SK PMD ) to the mobile device.

R S PK SK
to the manufacturer.

UAV UAV UAV UAV R S PK SK
to the UAV.

Player (Mobile Device) Registration Phase
The player must take the mobile device to register with the trusted authority center.The scenarios of player (mobile device) registration phase is shown in Figure 3. Step 1: The player selects an identity PMD ID , and transmits it to the trusted authority center.
Step 2: The trusted authority center selects a random number PMD r , calculates , and then sends ( , , , )

R S PK SK
to the player.

R S PK SK
to the mobile device.

Ground Control Station Registration Phase
The ground control station must also register with the trusted authority center.The ground control station registration phase of the proposed scheme is shown in Figure 4.

Ground Control Station Registration Phase
The ground control station must also register with the trusted authority center.The ground control station registration phase of the proposed scheme is shown in Figure 4.
Step 1: The ground control station selects an identity ID GCS , and transmits it to the trusted authority center.
Step 2: The trusted authority center selects a random number r GCS , calculates and then sends (R GCS , S GCS , PK GCS , SK GCS ) to the ground control station.
Step 3: The ground control station verifies If the verification is passed, the ground control station stores (R GCS , S GCS , PK GCS , SK GCS ).Step 1: The ground control station selects an identity GCS ID , and transmits it to the trusted authority center.
Step 2: The trusted authority center selects a random number GCS r , calculates , and then sends ( , , , )

R S PK SK
to the ground control station.
Step 3: The ground control station verifies ? 1 ( , ) If the verification is passed, the ground control station stores ( , , , )

GCS GCS GCS GCS
R S PK SK .

Player and Manufacturer Authentication and Communication Phase
When a player wants to control UAVs, the player carries his/her mobile device to buy or rent a UAV from the manufacturer.After mutual authentication between the player and the manufacturer, the manufacturer will transfer the purchase or rental certificate of the UAV to the player, and store the certificate of the UAV.The player and manufacturer authentication and communication phase is shown in Figure 5.

Trusted authority center Ground control station
Ground control station registration phase of the proposed scheme.

Player and Manufacturer Authentication and Communication Phase
When a player wants to control UAVs, the player carries his/her mobile device to buy or rent a UAV from the manufacturer.After mutual authentication between the player and the manufacturer, the manufacturer will transfer the purchase or rental certificate of the UAV to the player, and store the certificate of the UAV.The player and manufacturer authentication and communication phase is shown in Figure 5.
Step 1: The player selects a random number a, computes and then transmits (ID PMD , R PMD , T PMD ) to the manufacturer.
Step 2: The manufacturer selects a random number b, calculates and the session key The manufacturer then calculates and transmits (ID UAV , R UAV , T UAV , CHK PU ) to the player.
Step 3: The player calculates and the session key The player verifies to check the legality of the manufacturer.If the verification is passed, the player computes and transmits (ID PMD , c PMD , CHK UP ) to the manufacturer.
Step 4: The manufacturer verifies to check the legality of the player.If the verification is passed, the session key SEK UP between the player and the manufacturer is established successfully.The manufacturer calculates to get the payment information of the player.After the payment, the manufacturer generates the encrypted purchase or rental certificate of the UAV and transmits (ID UAV , c UAV , Sig UAV ) to the player.
Step 5: The player decrypts the received message verifies the signature and obtains the purchase or rental certificate of the UAV from the manufacturer.Step 1: The player selects a random number a , computes  , ) ,  , )

Player and Ground Control Station Authentication and Communication Phase
After the player has the right to use the UAV, then he/she must submit a flight path and purpose to the ground control station for review.After mutual authentication between the player and the ground control station, the ground control station will transfer the decision of the flight plan to the player, and keeps the relevant flight information.The player and ground control station authentication and communication phase of the proposed scheme is shown in Figure 6.
Step 1: The player selects a random number c, computes and then transmits (ID PMD , R PMD , T PMD2 ) to the ground control station.
Step 2: The ground control station selects a random number d, calculates and the session key The ground control station then calculates and transmits (ID GCS , R GCS , T GCS , CHK PG ) to the player.
Step 3: The player calculates and the session key The player verifies to check the legality of the ground control station.If the verification is passed, the player calculates and transmits (ID PMD , c PMD2 , CHK GP ) to the ground control station.
Step 4: The ground control station verifies to check the legality of the player.If the verification is passed, the session key SEK GP between the player and the ground control station is established successfully.The ground control station calculates to get the flight path information of the player.After the review, the ground control station generates the encrypted decision of the flight plan and transmits (ID GCS , c GCS , Sig GCS ) to the player.
Step 5: The player decrypts the received message verifies the signature and obtains the decision of the flight plan from the ground control station.
Electronics 2020, 9, 62 12 of 30 Figure 6.Player and ground control station authentication and communication phase of the proposed scheme.
Step 1: The player selects a random number c , computes to the ground control station.
Step 2: The ground control station selects a random number d , calculates Ground control station Player (mobile device) 2 ( , , ) Choose a random number

Player, UAV and Ground Control Station Authentication and Communication Phase
The player transfers the purchase or rental certificate of the UAV, and the flight path agreed by the ground control station to the UAV.After mutual authentication between the player and the UAV, and mutual authentication between the UAV and the ground control station, the UAV will confirm the legality of the flight path again from the ground control station.After confirming the legality of the relevant identity and flight path, the player can control the UAV through his/her mobile device.The player, UAV and ground control station authentication and communication phase of the proposed scheme is shown in Figure 7.
Step 1: The player calculates and transmits (ID PMD , c PMD3 , Sig PMD3 ) to the UAV.
Step 2: The UAV decrypts the received message and obtains the purchase or rental certificate of the UAV, and the flight path agreed by the ground control station.
The UAV then chooses a random number e, calculates T UAV2 = eP, and then transmits (ID UAV , R UAV , T UAV2 ) to the ground control station.
Step 3: The ground control station chooses a random number f , computes and the session key The ground control station then calculates and transmits (ID GCS , R GCS , T GCS2 , CHK UG ) to the UAV.
Step 4: The UAV calculates and the session key The UAV verifies to check the legality of the ground control station.If the verification is passed, the UAV calculates and transmits (ID UAV , c UAV2 , CHK GU ) to the ground control station.
Step 5: The ground control station verifies to check the legality of the UAV.If the verification is passed, the session key SEK GU between the UAV and the ground control station is established successfully.The ground control station calculates to get the flight path information of the UAV.After the review, the ground control station generates the encrypted confirm message of the flight plan and transmits (ID GCS , c GCS2 , Sig GCS2 ) to the UAV.
Step 6: The UAV decrypts the received message and obtains the confirm message of the flight plan from the ground control station.Then, the UAV generates the encrypted confirm message of the flight plan and GPS information and transmits (ID UAV , c UAV3 , Sig UAV3 ) to the player.
Step 7: The player decrypts the received message then obtains the confirm message of the flight plan and GPS information.Step 1: The player calculates   ,  , ) , ) Choose a random number ,  , )

Ground Control Station and UAV Authentication and Communication Phase
When the ground control station wants to know whether the scope of the regulation has been applied to the UAV, the ground control station can ask the UAV to provide relevant proof.After mutual authentication between the ground control station and the UAV, the UAV will respond and confirm the message of the flight plan from the ground control station and GPS information to the ground control station.The ground control station and UAV authentication and communication phase of the proposed scheme is shown in Figure 8.
Step 1: The ground control station calculates and transmits (ID UAV , M request ) = D SEK GU (c GCS3 ) to the UAV.
Step 2: The UAV decrypts the received message and obtains the legality check request from the ground control station.Then, the UAV generates the encrypted confirmation message of the flight plan and GPS information and transmits (ID UAV , c UAV4 , Sig UAV4 ) to the ground control station.
Step 3: The ground control station decrypts the received message then obtains the response of the UAV and GPS information.

Ground Control Station and UAV Authentication and Communication Phase
When the ground control station wants to know whether the scope of the regulation has been applied to the UAV, the ground control station can ask the UAV to provide relevant proof.After mutual authentication between the ground control station and the UAV, the UAV will respond and confirm the message of the flight plan from the ground control station and GPS information to the ground control station.The ground contro Step 1: The ground control station calculates Step 2: The UAV decrypts the received message GCS GCS GCS ID c Sig ) UAV UAV UAV ID c Sig

Security Analysis
This section includes nine subsections: (1) the mutual authentication of the proposed scheme is analyzed in Section 4.1, (2) the integrity and confidentiality of the proposed scheme are evaluated in Section 4.2, (3) the identity anonymity and privacy of the proposed scheme are proved in Section 4.3, (4) availability and prevention of DoS attack are discussed in Section 4.4, (5) prevention of spoofing attack is discussed in Section 4.5, (6) the non-repudiation of the proposed scheme is analyzed in Section 4.6, (7) security issues are compared in Section 4.7, (8) the computation cost of the proposed scheme is compared with other schemes in Section 4.8, and (9) the communication cost of the proposed scheme is compared with other schemes in Section 4.9.

Mutual Authentication
BAN logic [26] is used to prove that the proposed scheme achieves mutual authentication between different parties in each phase.
In the player and manufacturer authentication and communication phase, the main goal of the scheme is to make sure whether the legality is authenticated by the player P and the manufacturer M.
According to the player and manufacturer authentication and communication phase, BAN logic is used to produce an idealized form as follows.
By (Statement 12) and the belief rule, Statement 13 can be derived.
By (Statement 13), A5, and the jurisdiction rule, Statement 14 can be derived.), it can be proved that the player P and the manufacturer M authenticate each other in the proposed scheme.Moreover, it can also be proved that the proposed scheme can establish a session key between the player P and the manufacturer M.
In the proposed scheme, the manufacturer authenticates the player by If it passes the verification, the manufacturer authenticates the legality of the player.The player authenticates the manufacturer by If it passes the verification, the player authenticates the legality of the manufacturer.The player and manufacturer authentication and communication phase of the proposed scheme thus guarantees mutual authentication between the player and the manufacturer.
In the player and ground control station authentication and communication phase, the main goal of the scheme is to make sure whether the legality is authenticated by the player P and the ground control station G.
According to the player and ground control station authentication and communication phase, BAN logic is used to produce an idealized form as follows.
To analyze the proposed scheme, the following assumptions are made.
also be proved that the proposed scheme can establish a session key between the player P and the ground control station G.
In the proposed scheme, the ground control station authenticates the player by If it passes the verification, the manufacturer authenticates the legality of the player.The player authenticates the ground control station by If it passes the verification, the player authenticates the legality of the ground control station.The player and ground control station authentication and communication phase of the proposed scheme thus guarantees mutual authentication between the player and the ground control station.
In the player, UAV, and ground control station authentication and communication phase, the main goal of the scheme is to make sure whether the legality is authenticated by the UAV U and the ground control station G.
According to the player, UAV, and ground control station authentication and communication phase, BAN logic is used to produce an idealized form as follows: To analyze the proposed scheme, the following assumptions are made.
According to these assumptions and goals of BAN logic, the main proof of the player, UAV, and ground control station authentication and communication phase is as follows. e The ground control station G authenticates the UAV U.
If it passes the verification, the ground control station authenticates the legality of the UAV.The UAV authenticates the ground control station by If it passes the verification, the UAV authenticates the legality of the ground control station.The player, UAV, and ground control station authentication and communication phase of the proposed scheme thus guarantees mutual authentication between the UAV and the ground control station.Scenario: A malicious attacker uses an illegal mobile reader to control an UAV.Analysis: The attacker will not succeed because the illegal mobile reader has not been registered to the trusted authority center and thus cannot calculate the correct session key SEK UP .Thus, the attack will fail when the legal UAV attempts to authenticate the illegal mobile device.In the proposed scheme, the attacker cannot achieve their purpose using an illegal mobile device.In the same scenario, the proposed scheme can also defend against a malicious attack using an illegal ground control station to send a fake message to a legal UAV, because the illegal ground control station has not been registered to the trusted authority center and thus cannot calculate the correct session key SEK GU .Thus, the attack will fail when the legal UAV attempts to authenticate the illegal ground control station.

Integrity and Confidentiality
To ensure the integrity and confidentiality of the transaction data, this study uses elliptic curve cryptography and Diffie-Hellman key exchange algorithm to calculate the session key SEK UP , SEK GP and SEK GU , and also to protect the integrity and confidentiality.The malicious attacker cannot use the signatures (K UP1 , K UP2 ), (K PU1 , K PU2 ), (K GP1 , K GP2 ), (K PG1 , K PG2 ), (K GU1 , K GU2 ), and (K UG1 , K UG2 ) to calculate the correct session key SEK UP , SEK GP , and SEK GU .
Only a legal mobile device or UAV can calculate the correct session key SEK UP .The legal UAV calculates the session key and the legal mobile device calculates the session key Only a legal mobile device or ground control station can calculate the correct session key SEK GP .The legal ground control station calculates the session key and the legal mobile device calculates the session key Only a legal UAV or ground control station can compute the correct session key SEK GU .The legal ground control station computes the session key and the legal UAV calculates the session key Only the correct session key will allow successful communication.Thus, attackers cannot decrypt or modify the transmitted message.Therefore, the proposed scheme achieves the integrity and confidentiality.
Scenario: A malicious attacker intercepts the transmitted message from the ground control station to the player and decrypts the message or sends a modified message to the player.Analysis: The attacker will not succeed because the legal player will use to check the integrity.The attacker cannot calculate the correct session key SEK GP .Thus, the attack will fail when the legal player authenticates the received message.In the proposed scheme, the attacker cannot achieve his/her purpose by sending a modified message to the player, and he/she also cannot decrypt the intercepted message.For the same reason, the attack will fail when the legal ground control station uses CHK GP ?= H 3 (SEK GP T GCS ) to check the integrity.Therefore, attackers cannot achieve their purpose by sending a modified message to the ground control station or decrypt the intercepted message.

Identity Anonymity and Privacy
Another form of privacy attack involves attempting to obtain a player's real name or physical location by tracing his/her mobile device.If the mobile device sends the same message continuously, an attacker can trace its location.In the proposed scheme, the session key SEK UP and SEK GP is changed for every communication round in order to avoid location tracing.Besides, the pseudonym identity is used instead of real name in the proposed scheme.Thus, location privacy is protected and identity anonymity is achieved.

Availability and Prevention of DoS Attack
An attacker may impersonate a legal sender and then send the same message again to the intended receiver, trying to make the system unable to provide services properly.However, this attack will fail in the proposed scheme, as all messages between the sender and the receiver are protected with the session key SEK UP , SEK GP , and SEK GU , and the attacker cannot calculate the correct session key.Because the transmitted messages are changed every round, the same message cannot be sent twice.Thus, the DoS attack is prevented and system availability is achieved.In Table 3, computation costs of the proposed scheme and Wazid et al.'s for the trusted authority center, manufacturer (UAV), player (mobile device), and ground control station in each phase are analyzed.For the highest computation cost in the player, UAV, and ground control station authentication and communication phase, a UAV needs five multiplication operations, four hash function operations, three comparison operations, four symmetric encryption operations, and three signature operations.A player needs one comparison operation, two symmetric encryption operations, and two signature operations.A ground control station needs five multiplication operations, four hash function operations, one comparison operation, two symmetric encryption operations, and one signature operation.The computation cost is acceptable in the proposed scheme.

Communication Cost
The communication cost of the proposed scheme and Wazid et al.'s scheme [20] is shown in Table 4.The communication efficiency of the proposed scheme and Wazid et al.'s scheme during the transaction process of each phase was also analyzed.It was assumed that an elliptic curve modular operation required 160 bits, a hash operation required 160 bits, an AES operation required 256 bits, a signature operation required 1024 bits, and other messages, such as id, pid, and random number, required 80 bits.For example, the player, UAV and ground control station authentication and communication phase of the proposed scheme requires four elliptic curve modular messages, two hash messages, four AES messages, three signature operation messages, and six other messages.It thus requires 160 × 4 + 160 × 2 + 256 × 4 + 1024 × 3 + 80 × 6 = 5536 bits.In a 3.5G environment, the maximum transmission speed is 14 Mbps.This study also considered the player, UAV, and ground control station authentication and communication phase of the proposed scheme, which only takes 0.395 ms to transfer all messages.In a 4G environment, the maximum transmission speed is 100 Mbps and the transmission time is reduced to 0.055 ms.
Basically, Wazid et al.'s scheme provides a lightweight user authentication scheme in which a user in the IoD environment needs to access data.This appeals as it aims at providing a fast authorization mechanism.However, the integrity, non-reputation, and availability issues are excluded.However, compared to Wazid et al.'s scheme, the proposed scheme used the public key cryptography to design a UAV application field which was applied in a sensitive field such that the integrity, non-reputation and availability issues needed to be considered and should be ensured [20].The proposed scheme is a different application field to Wazid et al.'s scheme.The players must pass necessary procedures to obtain the flight authority in a sensitive area.It needs more scenarios and overloads.As shown in Table 4, the communication cost sounds good.The proposed scheme provides a novel solution in the UAV application field.
Compared to the Wazid et al.'s scheme, the proposed scheme achieves the following advantages: firstly, the proposed scheme uses a signature mechanism, thus it can ensure data integrity and achieve non-repudiation and secondly, the proposed architecture involves the role of the ground control station to effectively grasp the UAVs' flying status in a sensitive area.The ground control station can also confirm whether the flying UAV is authorized.Although the proposed architecture has higher computing and communication costs than the Wazid et al.'s scheme, it also achieves higher security and availability.

Conclusions
At present, UAVs are mainly used for small package delivery and leisure entertainment.In the future, they will have thousands of uses that could even be widely extended to agricultural, land protection surveillance, emergency relief, military reconnaissance, space exploration, and other applications.UAVs will also create new jobs, while also addressing population ageing and manpower shortages.Advanced technology can bring a better and convenient living environment for mankind, but UAVs can also be maliciously used, and even endanger national security.
In this paper, a traceable and privacy protection protocol was designed to conduct the UAVs' application in sensitive control area.The proposed scheme creates a feasible and secure management platform in a sensitive area surveillance for UAVs' application.For sensitive military areas, players must obtain flight approval from a ground control station before they can control the UAV in these sensitive areas.The proposed scheme achieves mutual authentication, integrity and confidentiality, anonymity and privacy, non-repudiation, availability and protection against DoS attack, while also preventing spoofing attack.This study also analyzed the computation cost and the communication cost in the proposed scheme to prove the proposed scheme is practical in the real world.

:::::::::
Use a session key x to encrypt the message m x ( ) D m : Use a session key x to decrypt the message m xy S ig : The signed message for parties x and y x SK / x PK : x's private key x SK / x's public key x PK Use x's private key x SK to sign the message m Use x's public key x PK to verify the message m Determines if A is equal to B payment M The payment message between the player and the manufacturer (UAV) request M The flight plan proposed by the player confirm M The flight permission issued by ground control station to UAV GPS M : The GPS message reported by the UAV i c The session key encrypted sensitive information UAV Cert The purchase or rental certificate of the UAV held by the player

Figure 2 .
Figure 2. Manufacturer (UAV) registration phase of the proposed scheme.

Figure 2 .
Figure 2. Manufacturer (UAV) registration phase of the proposed scheme.

Figure 3 .
Figure 3. Player (mobile device) registration phase of the proposed scheme.

Figure 3 .
Figure 3. Player (mobile device) registration phase of the proposed scheme.

Figure 4 .
Figure 4. Ground control station registration phase of the proposed scheme.

Figure 5 .
Figure 5. Player and manufacturer authentication and communication phase of the proposed scheme.

Step 2 :
The manufacturer selects a random number b, calculates

Figure 5 .
Figure 5. Player and manufacturer authentication and communication phase of the proposed scheme.

Figure 6 .
Figure 6.Player and ground control station authentication and communication phase of the proposed scheme.

Figure 7 .
Figure 7. Player, UAV, and ground control station authentication and communication phase of the proposed scheme.

Figure 7 .
Figure 7. Player, UAV, and ground control station authentication and communication phase of the proposed scheme.

Figure 8 .
Figure 8. Ground control station and UAV authentication and communication phase of the proposed scheme.

Figure 8 .
Figure 8. Ground control station and UAV authentication and communication phase of the proposed scheme.

Table 2 .
Comparison of security issues.

Table 3
[20]s the computation cost of the proposed scheme and Wazid et al.'s scheme[20].