1. Introduction
The rapid evolution of unmanned aerial vehicles (UAVs), commonly referred to as drones, has positioned them as indispensable tools across a variety of industrial fields, including agriculture [
1], logistics [
2], environmental surveillance, and emergency response [
3]. The integration of UAVs with the Internet of Things (IoT), often referred to as the Internet of Drones (IoD), has further augmented their utility, enabling more sophisticated and interconnected applications. This facilitates advanced use cases like smart city infrastructure management, environmental monitoring, and disaster response. By harnessing the capabilities of IoT devices, UAVs can perform real-time data analysis and autonomous operations, contributing to a smarter and more responsive network ecosystem. Their growing deployment in both civilian and industrial contexts reflects their versatility and potential for streamlining operations and enhancing decision-making capabilities.
However, the interconnected nature of IoD systems introduces new and complex security challenges [
4]. The integration of UAVs with IoT devices creates a broader attack surface, making these systems vulnerable to various cybersecurity threats, including unauthorized access, data breaches, and sophisticated network attacks such as Man-in-the-Middle (MitM) and Denial of Service (DoS) [
5,
6]. According to the 2023 ThreatLabz report, IoT-targeted cyber attacks have grown by 400% compared to 2022 [
7]. The situation is exacerbated by the inherent constraints of IoT devices, such as limited computational power and memory, which restrict the application of conventional security mechanisms. Moreover, the wireless communication channels utilized by UAVs are particularly susceptible to eavesdropping and signal interference, further increasing the risk of data breaches and malicious attacks.
To address these vulnerabilities, lightweight authentication schemes have been proposed [
8], focusing on reducing computational and communication overhead while ensuring the scalability and responsiveness of the IoD systems. The challenge lies in developing robust security protocols that can provide efficient authentication and data integrity without imposing significant performance burdens, especially given the resource-constrained nature of many IoT devices and UAVs. Traditional centralized authentication approaches, which rely on a single trust authority (TA), present additional limitations, including a single point of failure and challenges in maintaining data privacy and control. These centralized systems are particularly vulnerable to attacks that can compromise the entire network if the central server is breached. In contrast, the adoption of decentralized technologies such as blockchain can help mitigate these risks [
9,
10]. Blockchain’s decentralized ledger provides a tamper-resistant mechanism for secure data exchange, eliminating the need for a central authority and enhancing data privacy. By distributing control across multiple nodes, blockchain technology increases the flexibility and resilience of the IoD network, making it better suited to handle dynamic and evolving threats.
Figure 1 illustrates the structure of blockchain-assisted multi-server IoD environments. However, there are several constraints and challenges that need to be addressed when utilizing blockchain. One persistent issue is the scalability problem, as an increase in the number of blockchain nodes inherently leads to greater computational overhead and latency. The issues of latency and energy consumption are particularly critical when deploying blockchain networks with resource-constrained IoT devices and drones [
11], as an increase in the number of blockchain nodes inherently results in higher computational overhead and increased latency. Furthermore, requiring the additional nodes to transmit and process the necessary information can result in low energy efficiency.
In 2023, Wang et al. [
12] proposed a blockchain-based lightweight authentication protocol in IoD. However, we found that their scheme was vulnerable to drone impersonation and session key disclosure attacks. Furthermore, the scheme failed to provide validity of login and key agreement. In this paper, we propose a lightweight authentication scheme for blockchain-assisted multi-server IoD environments. Our protocol addresses the identified security gaps in existing schemes by using physical unclonable functions (
PUFs) and blockchain technology. The proposed scheme minimizes the growth of data volume and computational load as the number of users increases. As a result, our protocol maintains a minimal impact on overall system performance, ensuring its suitability for resource-constrained IoT and drone networks, even in large-scale deployments. The proposed scheme provides strong mutual authentication, data integrity, and confidentiality while minimizing computational and communication costs. To validate the security of our protocol, we employ formal methods such as the Real-Or-Random (RoR) model and BAN logic. Comparative performance evaluations also demonstrate the efficiency and suitability of our protocol for resource-constrained IoT applications, making it a viable solution for secure and scalable IoD networks.
1.1. Our Contributions
The primary goal of our research is to design a lightweight and secure authentication scheme for blockchain-assisted multi-server IoD environments. It is crucial to develop protocols that enhance security while also optimizing performance to meet the resource constraints of IoT devices. In response to this need, we present an Authenticated Key Agreement (AKA) protocol that addresses the limitations of existing schemes while introducing improvements in both security and efficiency. The key contributions of our proposed scheme are detailed as follows:
- (1)
We provide a thorough review of Wang et al.’s protocol, discussing the attacks it has been found vulnerable to and the security weaknesses it exhibits.
- (2)
We propose a lightweight and secure protocol that addresses the vulnerabilities identified in Wang et al.’s scheme while being more suitable for blockchain-assisted multi-server IoD environments.
- (3)
We validate our proposed protocol through formal analysis using widely accepted methods such as RoR and Ban logic, as well as informal analysis, to ensure it meets essential security requirements within the threat model. Furthermore, we evaluate its efficiency by comparing computation and communication costs with other relevant studies, demonstrating its suitability for IoD environments.
1.2. Organization of This Article
In
Section 2, we discuss existing research on security protocols in UAV communication environments.
Section 3 introduces preliminaries to aid in the understanding of this paper. Next, in
Section 4, we provide a comprehensive review and cryptanalysis of Wang et al.’s protocol, highlighting its security issues. In
Section 5, we propose a new protocol that addresses the security weaknesses of Wang et al.’s protocol.
Section 6 presents a security analysis of the proposed protocol, and performance analyses, i.e., communication and computation costs, are shown in
Section 7. Finally,
Section 8 concludes the paper and discusses future research directions.
2. Related Works
Despite the numerous benefits of IoD environments, securing the communication remains a significant challenge due to the inherent vulnerabilities of wireless communication channels and the resource constraints of IoT devices. In response, extensive research has focused on developing efficient and secure authentication protocols.
2.1. Lightweight Authentication Protocols for IoD
The concept of lightweight cryptographic protocols has gained traction in the IoD domain due to the limited computational resources of UAVs and IoT devices. In 2019, Wazid et al. [
13] introduced a lightweight mutual authentication scheme utilizing XOR operations and one-way hash functions. Their protocol incorporated a three-factor login system with fuzzy extractors, leveraging biometric information to enhance security. However, cryptanalysis revealed vulnerabilities such as user impersonation and privileged insider attacks, which compromised the scheme’s effectiveness in real-world scenarios. Similarly, Srinivas et al. [
14] presented an IoD authentication protocol that utilized fuzzy extractors and aimed to provide three-factor security. While the protocol reduced computation costs, it suffered from scalability issues and was later found to be vulnerable to impersonation attacks and session key leakage by Ali et al. [
15]. They also proposed a similar scheme with a focus on biometric-based authentication, but it failed to address issues of server spoofing and session key disclosure. In 2020, Zhang et al. [
16] proposed a lightweight protocol characterized by low computation and communication costs, asserting its safety against various attacks. However, Hussain et al. [
17] discovered that Zhang et al.’s protocol was vulnerable to privileged insider attacks, impersonation attacks on servers, drones, and users, and it failed to guarantee mutual authentication. Additionally, it was found to be susceptible to replay and DoS attacks.
2.2. ECC-Based Authentication Protocols for IoD
Hussain et al. [
18] proposed a protocol for ECC-based IoD environments using a three-factor approach. They claimed that the protocol achieved a reasonable balance between security and efficiency. However, Wu et al. [
19] reported that the protocol by Hussain et al. was vulnerable to drone capture attacks, privileged insider attacks, and session key disclosure attacks. Additionally, Zhang et al. [
20] identified further issues related to impersonation attacks and session key exposure. In the same year, Chaudhry et al. [
21] introduced a protocol using ECC and hash functions. However, Das et al. [
22] revealed that this protocol was vulnerable to impersonation attacks on drones and servers and to ephemeral secret leakage (ESL) attacks. In 2022, Tanveer et al. [
23] incorporated advanced cryptographic primitives like Authenticated Encryption with Associated Data (AEAD) and Elliptic Curve Digital Signature Algorithm (ECDSA). Despite the enhanced security features, these protocols often suffer from high computational costs and limited scalability, making them less suitable for large-scale IoD deployments. Furthermore, these schemes do not fully address the anonymity and untraceability requirements.
2.3. Blockchain-Based Authentication Protocols for IoD
In 2020, Beral et al. [
24] introduced a protocol utilizing blockchain technology in IoD environments. They claimed the protocol’s efficiency and stability by employing ECC encryption techniques. However, in 2021, Chaudhry et al. [
21] criticized Beral et al.’s protocol for having high computation and communication costs unsuitable for IoD, and for being vulnerable to drone impersonation, man-in-the-middle attacks, replay attacks, and failing to ensure anonymity. In the same year, Irshad et al. [
25] proposed an ECC-based data delivery and collection scheme using blockchain. However, their scheme has weaknesses such as key escrow, lack of unlinkability, and cross-domain authentication. In 2022, Feng et al. [
26] proposed a blockchain-based cross-domain authentication scheme. They employed multiple signatures based on threshold sharing to provide reliable communication between cross-domain devices. Unfortunately, they failed to achieve perfect forward secrecy (PFS) and anonymity properties, including vulnerability to ESL attacks.
These studies and their findings are summarized in
Table 1. The review of the existing research indicates a persistent trade-off between security, efficiency, and scalability in current authentication protocols for IoD environments. Many of the proposed schemes either achieve high security at the expense of increased computational overhead or focus on lightweight designs that fail to provide comprehensive protection against emerging threats. Notably, the challenges of ensuring mutual key agreement, protecting against drone capture attacks, and maintaining anonymity remain inadequately addressed. Additionally, the reliance on centralized trust authorities (TAs) in several protocols introduces a single point of failure, undermining the overall resilience of the network.
Our proposed scheme seeks to bridge these gaps by introducing a decentralized, lightweight authentication protocol for blockchain-assisted IoD environments that leverages a combination of PUFs and robust cryptographic techniques. By addressing the identified weaknesses and incorporating advanced security features, our protocol aims to provide a balanced solution that ensures both high security and efficient performance.
3. Preliminary
In this preliminary section, we will introduce and explain the foundational concepts necessary for a comprehensive understanding of the subsequent material.
3.1. Physical Unclonable Function
A
PUF is a security mechanism that leverages unique, random variations in physical devices to generate a “fingerprint” or trust anchor. These variations are typically found in manufacturing processes and are impossible to replicate, making
PUFs ideal for creating a unique identifier for each device.
PUFs follow a straightforward structure, producing a deterministic response (
R) to a given input challenge (
C), expressed mathematically as follows:
While the manufacturing process for integrated circuits (ICs) is uniform, each IC exhibits slight, random variations due to inherent physical factors, making it impossible to create identical ICs [
27,
28]. This uncontrollable randomness ensures that each
PUF generates a unique response to the same challenge. However, because
PUFs are deterministic one-way functions, the same
PUF will always return the same response for a given challenge. Consequently, the Hamming distance (
) between the responses of
to different challenges,
and
, can be used to measure their difference and is typically greater than a defined error tolerance (
e):
Likewise, the response comparison between two different
PUFs,
and
, to the same challenge
, follows
In this paper, PUFs are leveraged to strengthen Wang et al.’s scheme by addressing physical attacks on drones. To safeguard stored information on compromised drones, each drone receives a series of challenge values from the connected server during the registration process. This approach enhances security while also mitigating the risk of key compromise in scenarios involving physical tampering or device capture.
3.2. Blockchain
Blockchain records transactions through a decentralized and distributed ledger made up of multiple nodes, ensuring the integrity and transparency of the data without the need for a central authority [
29]. Blockchain can be categorized into public blockchain, private blockchain, and consortium blockchain based on their governance system. In a public blockchain, anyone can participate in the consensus process in a public environment without the need for an administrator, and no permission is required. Additionally, anyone can validate transactions, and no special authorization is needed to read transaction data. In contrast, a private blockchain is managed by a single owner who oversees the consensus process. Only authorized nodes can act as validators to verify transactions. Moreover, the reading rights of transactions can either be unrestricted for anyone or limited to predefined nodes with permission. Lastly, a consortium blockchain is similar to a private blockchain in that only preselected nodes function as validators and data reading rights can be selectively granted. However, it differs in its management structure; a consortium blockchain is governed by multiple owners with decentralized control across different hardware, rather than being managed by a single owner. In IoD environments, a public blockchain can gurantee decentralization. However, it can impose a high storage burden on users and drones, which can reduce network efficiency in practical environments. Although a private blockchain can guarantee network efficiency compared to the public blockchain, it is centralized and can have single-point-of-failure problems. Therefore, in this paper, we utilize consortium blockchain to ensure both data integrity and decentralization and it can be suitable for practical IoD environments.
3.3. Threat Model
We employed the Dolev–Yao (DY) attack model, which is widely utilized in numerous studies, such as those by [
23,
30], to assess the security of schemes. Using the assumptions of the DY model, we defined the capabilities of the adversary A and conducted attacks on both Wang et al.’s scheme and our proposed scheme.
- (1)
According to the DY model, none of the entities participating in the communication can be trusted, and the communication channels are considered insecure. Therefore, adversary A is assumed to have the capability to compromise drones, users, and even connected servers.
- (2)
The adversary can eavesdrop on, modify, delay, or delete messages transmitted over the communication channels.
- (3)
Adversary A can hijack a legitimately registered drone and perform physical analysis attacks to extract credentials stored in its internal memory. Similarly, A can seize IoT devices such as user’s mobile devices to obtain information stored during the registration process.
- (4)
Adversary A can access information stored in the blockchain network. However, A does not have the authority to modify or delete this information.
3.4. System Model
In this paper, the blockchain layer of the proposed protocol’s system model is composed of a consortium blockchain. In a realistic industry setting, using blockchain in an untrusted environment presents certain limitations for public blockchains [
31]. To protect sensitive information about users or drones in a blockchain-assisted UAV environment, an elevated degree of trust in the management system is required. A consortium blockchain, wherein preselected servers that render services to users participate as validators, significantly enhances the system’s trustworthiness. Furthermore, it offers higher transaction throughput compared to public blockchains, while providing a decentralized infrastructure, ensuring a more pleasant user experience. The detailed system model is outlined below and is illustrated in
Figure 2.
- (1)
Connected Server : The connected servers exist in the form of a consortium blockchain. Pre-selected servers possess shared secret parameters and manage the registration information of users and drones. It is assumed that the servers are semi-trusted, and external entities can access the information stored on the blockchain.
- (2)
User’s IoT devices : The user first undergoes the registration process through the nearest connected server, . Through this process, the user’s registration information is stored on the blockchain and later used during the session key agreement process with the drone the user intends to operate. It is assumed that the user is untrusted, with the possibility of malicious users or exposure of stored information.
- (3)
Drone : The drone registers its information through the connected server responsible for its service area via the registration process. It is assumed that the drone is untrusted, with the possibility of malicious drones or exposure of stored information.
- (4)
Blockchain: The consortium blockchain is maintained by connected servers. The blockchain is initialized by system administrator in the setup phase. Users can read and access the blockchain, yet do not have the ability to upload transactions or participate in consensus.The blockchain stores registration information of drones and users, and all transactions are uploaded after practical byzantine fault tolerance (PBFT) consensus of the connected servers that keep the blockchain.
3.5. Notation
Notations used throughout this paper are shown in
Table 2.
4. Overview and Cryptanalysis of Wang et al.’s Scheme
This section provides an overall review of Wang et al.’s scheme. We then explain the vulnerabilities we identified through cryptanalysis. A total of five security weaknesses were discovered, including drone impersonation, session key disclosure, key agreement failure, an invalid login phase, and concerns regarding session key security.
4.1. Overview
In this section, we briefly review the process of Wang et al.’s lightweight blockchain-enhanced mutual authentication protocol. Before executing the following processes, the system setup phase initializes the blockchain and adjusts parameters such as the hash function and the range of the random nonce . Although Wang et al.’s system model does not clearly specify which blockchain is used, it states that established platforms like Ethereum and EOS are used for system stability.
4.1.1. Drone Registration Phase
All drones undergo the following registration process on the blockchain network through a connected server:
- (1)
: Select a random nonce and identity for . Compute pseudo-identities for and as and . Then, use the registration timestamp to generate an ephemeral credential as . Upload to the SC.
- (2)
: Receive from through security channel, and store them to its memory.
4.1.2. User Registration Phase
All users undergo the following registration process on the blockchain network through a connected server:
- (1)
: Select its own identity and password , and choose a random nonce . Then, compute and send to through a secure channel.
- (2)
: After receiving the registration data, chooses a random nonce for . Subsequently, it computes pseudo-identities for the user and server as and . Finally, it uses the registration timestamp to create an ephemeral credential as and uploads to the SC.
- (3)
: The server gathers the following computed information and sends it to the user: . Here, is a list of pseudo identities of currently available registered drones.
- (4)
: The user’s device stores the information in its memory.
4.1.3. AKA Phase with User Login
All users undergo the following registration process on the blockchain network through a connected server.
- (1)
: The user inputs their login information, and . To authenticate the user for login, the user’s device computes and compares it with the stored to verify the user’s identity.
- (2)
: The user computes the following messages using the stored information and sends them through a public channel along with the timestamp : , , .
- (3)
: Upon receiving , executes the following steps in the function of the . First, it verifies the validity of . Then, it calculates and . Using these calculated values, it generates and compares it with the received to authenticate the user.
- (4)
: If the user is authenticated, the function selects a random nonce and computes the user’s new ephemeral credential as . It then generates the following messages: , , , . These messages, along with the current timestamp , are sent to via an open channel.
- (5)
: Upon receiving the message, the drone verifies the validity of the timestamp and then performs the following calculations: , , and .
- (6)
: After completing these calculations, it compares the received with the generated for verification. If the verification is successful, it generates the session key between and as follows: . Finally, it generates the following messages along with the current timestamp and sends them to : , .
- (7)
: Upon receiving the message from the drone, the user verifies the validity of the timestamp and obtains using the following calculation:. Finally, the user generates the session key by computing . The user then verifies the session key by checking .
4.2. Cryptanalysis
4.2.1. Drone Impersonation Attack
Wang et al. [
12] claimed that their scheme is resilient to drone impersonation attacks and session key disclosure. However, our analysis reveals that an adversary can successfully impersonate a legitimate drone and derive the session key by leveraging information obtained from a compromised drone through the following method.
By analyzing the internal structure and characteristics of the UAV’s hard chip,
A can extract crucial parameters related to the stored system or attempt additional security attacks [
32]. Therefore, in this case, the attacker can obtain the following values stored within the drone:
. Subsequently,
A can eavesdrop on
from the open channel and calculate
,
,
from the messages by the following computations:
Since the values stored in the drone are not encrypted or otherwise protected, an attacker who seizes the drone can easily compute the above values. With these computed values, adversary
A can then derive the session key
, and subsequently generate message
,
by the following computations:
Therefore, the attacker can use the information obtained from the compromised drone to create and send valid messages and to the user. This enables the attacker to deceive the user into believing they are communicating with a legitimate drone. Additionally, the attacker can calculate the session key and disclose it externally, posing security threat.
4.2.2. Session Key Disclosure
As demonstrated in the above attack, it was confirmed that hijacking a drone can lead to session key disclosure. However, adversary
A can also compute the session key between user
and drone
using information posted on the blockchain network. Adversary A can obtain the values of User
and Drone
stored on the blockchain and intercept messages
,
, and
communicated over the open channel. Using these values,
A can compute
,
, and
through the following equations:
Ultimately, adversary A can compute session key SK, thereby deriving the session key between User U and the target Drone DR as follows:
Due to this potential security threat, [
33] recommended that all information uploaded to the blockchain network should be encrypted as ciphertext. Studies such as [
9,
34,
35] also advocate for limiting the information posted on the blockchain or using cryptographic techniques like ECC to safeguard the data. Wang et al.’s scheme did not consider the potential for such risks, resulting in the exposure of the session key.
4.2.3. Key Agreement Failure
Upon scrutinizing the registration procedures for both the drone and the user, distinct
are generated in each process. In the drone registration phase, a random nonce
created by the connected server is utilized to produce
. Conversely, in the user registration sequence, a different random nonce
is employed to formulate
. These uniquely generated
are subsequently employed in the authentication process and are directly utilized to generate the session key
.
However, since the disparate values for the drone and the user are used directly to generate the session key without being shared, the two entities ultimately derive different session keys. Consequently, Wang et al.’s scheme fails in achieving key agreement.This implies that secure communication between the two entities is not possible, thus compromising the reliability of the security system.
4.2.4. Invalid Login Phase
When the user initially registers their information, they store the following details on their IoT device for future login processes: . During the subsequent login process, the user calculates and checks if to verify the validity of the login attempt. However, since the used in generating is not stored on the user’s device and there is no method to regenerate the randomly created value from the registration process, it is impossible to produce the valid for comparison. Therefore, in Wang et al.’s scheme, the user cannot successfully log in.
4.2.5. Session Key Security Concerns
Based on the hash function length, the SK used in Wang et al.’s scheme is 160 bits. At the end of the scheme, Drone DR sends as a validation message to user U over an open channel. consists of the first 64 bits of the XOR result of the completed and the public value. Consequently, eavesdropping adversary A can calculate the first 64 bits of . While this reduces communication costs due to shorter messages, it simultaneously lowers the security of the session key by reducing its undisclosed length.
This approach poses a significant security risk. By disclosing the first 64 bits of the session key, the adversary’s task of guessing or brute-forcing the remaining 96 bits becomes considerably easier. This reduction in the effective key length drastically decreases the overall strength of the encryption, making it more susceptible to attacks.
5. Proposed Scheme
This section provides a detailed explanation of the proposed protocol. The protocol consists of five phases, starting with the setup phase. Following this, the user and drone registration processes take place, after which the authentication and key agreement phase is executed between the user and the drone that the user wishes to access. Finally, a drone revocation phase is included, if required. The smart contract used in the proposed scheme is shown in Algorithm 1.
Algorithm 1. Update Smart Contract |
Input: |
Output: bool |
struct |
32 bit |
32 bit |
160 bit |
DateTime |
|
if then |
return false; |
else |
for do |
if then |
Function ; |
return true; |
end if |
else for |
if then |
Function |
return true; |
end if |
end if |
5.1. Setup Phase
In the system setup phase, the system administrator generates some parameters for the proposed scheme and initial blockchain. These parameters include public and private parameters like long-term secret key , one-way collision-resistant hash function , and range for random number r, where is shared by all connected servers (CSs).
5.2. Drone Registration
- (1)
: Choose the identity of . Next, select a random nonce and a challenge . We recommend the use of a strong PUF for enhanced security and have therefore assumed the length of to be at least 32 bits. Calculate the pseudonym ID of as using the registration timestamp . Then, compute and . Use the calculated values to invoke Algorithm 1 and register the information of on the blockchain. Finally, transmit to through a secure channel.
- (2)
: Using the received challenge , obtain the value of . Then, calculate . Finally, store , in memory.
5.3. User Registration
- (1)
: Choose identity and password . Then, use these values to compute and send the registration message .
- (2)
: Verify whether the received is a new identity, and if so, proceed with the following steps. First, select a random nonce . Calculate the pseudonym identity as . Next, compute and . Use the calculated values to invoke Algorithm 1 and store ’s registration information on the blockchain. Send through a secure channel.
- (3)
: Select a new random nonce . Calculate and store in memory.
5.4. Login and AKA Phase
For users and drones to securely share a session key for communication, they first mutually authenticate through a connected server to verify the legitimacy of their identities. The detailed process is outlined below and is illustrated in
Figure 3.
- (1)
: The user inputs their login information, and . To authenticate the user for login, the user’s device computes and compares it with the stored to verify the user’s identity.
- (2)
: Calculate ; then, select a random nonce . Generate the temporary ID for this communication. Next, compute the messages in the following order: , , , . Generate the timestamp and send to via an open channel.
- (3)
: Verify whether the timestamp is valid by checking . Calculate and fetch the registration information of from the blockchain using . Perform the operations , , and in sequence. Verify the message by checking . If is valid, proceed to the next step.
- (4)
: Calculate the temporary ID for . Use to fetch the registration information of from the blockchain, with whom wishes to communicate. Compute . Finally, generate the message , = , and timestamp , and send to via an open channel.
- (5)
: Verify whether the timestamp is valid by checking . Use the PUF attached to the device and the stored challenge value to generate the response . Perform the operations and in sequence, then verify the message by checking . If is valid, proceed to the next step.
- (6)
: Select a random nonce and generate the temporary ID for this communication. Next, calculate the session key and generate the message , , and timestamp , then send to via an open channel.
- (7)
: Verify whether the timestamp is valid by checking . Calculate and the session key . Compute and verify the message by checking .
5.5. Drone Revocation Phase
- (1)
: Choose the ’s new challenge and new . Then, calculate , , and . Use Algorithm 1 with the information , to update the information on the blockchain. Next, send to the drone.
- (2)
: Using the newly issued challenge , perform the following operations: , . Finally, update the memory with the new values .
6. Security Analysis
6.1. Security Analysis Using AVISPA Tool
AVISPA is a simulation tool for conducting security analysis of communication protocols [
36]. This tool is particularly useful in detecting man-in-the-middle attacks, replay attacks, and eavesdropping attacks when verifying the stability of communication processes. AVISPA allows for the creation of security protocol models using the high-level protocol specification language (HLPSL), enabling users to define the behavior of entities and the objectives of the protocol. To perform this security analysis, AVISPA utilizes four back-end engines: (1) On-the-Fly Model-Checker (OFMC), (2) Constraint Logic-based Attack Searcher (CL-AtSe), (3) SAT-based Model Checker (SATMC), and (4) Tree Automata-based Protocol Analyzer (TA4SP). AVISPA automatically simulates potential attack scenarios to assess the protocol’s robustness. AVISPA supports the analysis of a wide range of security protocols, including those used in wireless networks, IoT systems, and blockchain environments.
We conducted AVISPA verification on the mutual authentication and key agreement phase between the drone and the user in our proposed protocol.
Figure 4 illustrates the roles of the user and drone as defined in the HLPSL code [
37]. The results are shown in
Figure 5. Since SATMC and TA4SP do not support bitwise XOR operations, the results are based on the OFMC and CL-AtSe back-ends, shown sequentially. As evidenced by the results, the proposed protocol is confirmed to be secure against replay attacks and man-in-the-middle attacks on both back-ends.
6.2. Formal Security Analysis Using BAN Logic
We perform the BAN logic analysis [
38] to prove the correctness of the proposed protocol. The BAN logic analysis is a formal analysis technique that verifies whether the communicating entities have correctly agreed on a session key through their shared keys. We explain the notations used in BAN logic in
Table 3 and conduct BAN logic analysis.
- 1.
Message meaning rule (MMR):
- 2.
Nonce verification rule (NVR):
- 3.
- 4.
- 5.
6.2.1. Goals
The goals of our scheme in BAN logic analysis are as follows:
Goal 1:
Goal 2:
Goal 3:
Goal 4:
6.2.2. Assumptions
The BAN logic assumptions of our protocol are as follows:
:
:
:
:
:
:
:
:
6.2.3. Idealized Forms
To perform the BAN logic analysis, we convert the transmitted messages of the proposed protocol into idealized forms. The idealized forms of the proposed scheme are as follows:
:
:
:
6.2.4. BAN Logic Implementation
The BAN logic implementation of our scheme can be performed as follows:
S2: The message is encrypted with
and
.
considers the message is from
by
.
S3: assumes that the message is fresh by
.
S4: assumes that
believes the message by
and
.
S6: The message is encrypted with
and
.
considers the message is from
by
.
S7: assumes that the message is fresh by
.
S8: assumes that
believes the message by
and
.
S9: Since
considers that
is a trusted entity,
can assume that the message is from
.
S11: The message is encrypted with
and
.
considers the message is from
by
.
S12: assumes that the message is fresh by
.
S13: assumes that
believes the message by
and
.
S14 and S15: Since
,
can believe that the session key is in agreement with
.
S16 and S17: In a similar way,
can believe that the session key is in agreement with
Finally, we prove that the session key is correctly agreed on between and in the proposed protocol.
6.3. Formal Security Analysis Using RoR Model
We prove the semantic security of the proposed protocol using the RoR model [
39]. An adversary
A tries various queries (i.e., attacks) under the RoR model and we calculate the advantage probability of
A after
A performs each query. Before demonstrating queries used in the RoR model, we describe notations used in the RoR model. We assume
is the
t-th instance of a network participant. For instance,
,
, and
are instances of
,
, and
, respectively.
Table 4 presents queries executed by
A.
Theorem 1. Let be the advantage function of A to pass the test. Then, the following inequality holds: , , and denote the range space of the output, the number of performed queries, and the number of performed queries, respectively.
Proof. A performs the following games: . When each game ends, we calculate to prove the semantic security of our scheme.
In
, we assume that
A has no information and obtains no messages or values. Then, the probability that
A passes the test is exactly
. Accordingly, we can obtain the following Equation:
:
A can conduct
query in this game.
A can obtain transmitted over public channels including
,
, and
.
A cannot obtain any meaningful value about
. Therefore, the advantage function of
A after
is not changed.
:
A can perform
queries and obtain the output.
A has no information about
, and
A must find it has collision to compromise the session key. Therefore, The advantage function of
A at the ends of
can be induced through the birthday paradox [
40].
:
A performs
and
queries in this game.
A disguises as
and generates a message to receive a response message.
A should generate a legitimate
and send it to
. However,
A cannot generate a legitimate
and
because these values are masked with
, which is a secret value of
. To obtain these values,
A must succeed to log in by correctly guessing
and
simultaneously. The advantage functions of
A when
ends are as follows:
and
denote an identity dictionary and a password dictionary, respectively. After all the games end,
A cannot obtain meaningful values to pass the test, and the following Equation (
21) holds:
Using these Equations (
17), (
18) and (
21), we can obtain Equation (
22):
The triangular inequality can be applied to Equation (
22).
Consequently, the advantage function of A is negligibly small and we can say that the proposed scheme guarantees the semantic security. □
6.4. Informal Analysis
6.4.1. Privileged Insider Attack
Assume there is an adversary A who has intercepted the registration message of user . Subsequently, A is able to extract stored data from ’s IoT device. With this information, A might attempt to compute session keys used in other communications or impersonate . However, since A does not know the exact password of , it cannot compute . Consequently, A is unable to generate messages to convincingly impersonate the legitimate . Moreover, A cannot compute and from the available data and intercepted messages to generate the session key of another user .
6.4.2. Stolen Device Attack
Adversary A extracts values stored in the memory of the stolen IoT device belonging to user . With access to , , , , and , A may attempt various attacks. However, to execute a valid attack, A needs the login credentials, specifically and . The real is concealed by the pseudonym , and the password is also unknown to A. Consequently, A is unable to perform legitimate login attempts or compute the necessary parameters for a successful attack using the extracted device data.
6.4.3. Drone Capture Attack
Adversary A extracts values stored in the memory of a hijacked drone through a power analysis attack. Using the values obtained from a legitimately registered drone , including , A may attempt an attack. However, A cannot replicate the exact PUF applied to the drone. Therefore, even with , A cannot generate the same response required for a valid attack. As a result, A is unable to impersonate or compute the session key used in communication for a successful attack.
6.4.4. Impersonation Attack
Adversary A may attempt to impersonate a legitimately registered user or drone . To successfully do so, A must create valid verification messages and to convince each party of their legitimacy. However, A is unable to generate the essential and required for these messages. As a result, A fails to produce valid and , leading to detection as an unauthorized entity during the verification process. Consequently, both the user and drone are safeguarded against impersonation attacks.
6.4.5. Man-in-the-Middle Attack
Adversary A may attempt a man-in-the-middle attack by intercepting, modifying, and then forwarding messages in the communication channel. However, for the receiving entity to accept these altered messages as valid, A must know the unique parameters embedded within each message. For instance, if A tries to redirect user ’s message to a different drone with instead of the intended with , A would need to know in , which is not possible. Since A cannot compute critical parameters like or , the proposed protocol remains secure against man-in-the-middle attacks.
6.4.6. Replay Attack
A replay attack involves intercepting message data and retransmitting them to delay communications or fraudulently repeat actions. However, our proposed protocol incorporates a timestamp in every message sent over the communication channel. These timestamps are promptly verified upon receipt. Any message with an invalid timestamp is immediately rejected, and no further action is taken. Consequently, the proposed scheme is robust against replay attacks.
6.4.7. DoS Attack
Adversary A may attempt a DDoS attack by generating arbitrary messages to overwhelm the communication of the connected server . However, utilizes the verification message included in the communication to determine the legitimacy of the request. If the message is found to be invalid, does not perform any further unnecessary computations, thereby defending against the DDoS attack.
6.4.8. Anonymity
In all communications, the IDs of the user and drone are replaced with pseudonym IDs and . For adversary A to calculate the real ID from the , they would need additional information such as the user and drone’s registration timestamp and, for the user, the value . However, A has no way of obtaining these values, making it impossible to compute the ID from the or vice versa. Therefore, the proposed scheme provides anonymity for both the user and the drone.
6.4.9. Untraceability
To ensure untraceability, adversary A must be unable to distinguish messages sent by , even if Ui communicates multiple times. generates to send its to . Although contains , the message changes each time due to the timestamp. As a result, even if initiates multiple communications, the value of that could identify varies with each attempt. Therefore, the proposed protocol effectively provides untraceability.
7. Performance Analysis
7.1. Security Features Comparison
We compared the schemes and security elements of similar studies in IoD environments [
16,
17,
18,
23,
41], including that of Wang et al. [
12], and summarized the results in
Table 5. We evaluated a total of 13 security features, comparing whether each scheme provided these features or exhibited any known vulnerabilities. Only our proposed scheme and the scheme proposed by Hussain et al. in 2023 were found to provide all 13 security features.
7.2. Communication Costs Comparison
The comparison results of the communication costs during the authentication and login phases of related studies, including Wang et al.’s protocol, are shown in
Table 6 and
Figure 6. For the comparison, we set the bit sizes of the hash function, timestamp, string, random nonce, and elliptic curve point to 256 bits, 32 bits, 160 bits, 160 bits, and 160 bits, respectively.
The proposed protocol proceeds through a total of three rounds, and in each round, the following messages are transmitted:
. The total communication cost of the messages is calculated as (256 ∗ 7 + 160 + 32 ∗ 3) = 2048 bits. It can be observed that the proposed protocol saves more on communication costs compared to Wang et al.’s protocol. Additionally, the protocol proposed by Hussain et al. [
17] required the highest communication cost at 2679 bits, while the protocol by Tanveer et al. required the lowest communication cost at 1952 bits. However, as seen in the security feature comparison, Tanveer et al.’s protocol has several issues, including vulnerabilities to drone capture attacks and drone impersonation attacks, as well as the failure to provide anonymity.
7.3. Computation Costs Comparison
We conducted experiments to determine the optimal computation cost in the IoD environment. Using two distinct computational setups, we measured the time required for communication with MIRACL, a cryptographic software library written in C and C++. MIRACL is designed for devices with limited computational power, such as embedded systems, eSIMs, and IoT devices, providing robust security through code simplification and optimization at the processor and memory levels. Our experiments included simulating a server environment and an IoT/drone environment. Additionally, detailed operation symbols and the max/average times (ms) for these operations in the specified environments are shown in
Table 7.
- (1)
Server: Desktop, Intel Core i5-11400 @2.60 GHz(Hexa-core), Ubuntu 20.04 LTS 64 bit with 24.0 GB Ram memory;
- (2)
User: Raspvberry PI, ARM Cortex-A72 @1.5 GHz(Quad-core) GUI installed Ubuntu 20.04 LTS 64 bit with 8.0 Ram memory.
Table 8 compares the computational costs of several cryptographic schemes in IoD environments, detailing the efficiency for users, drones, and servers.
Wang et al.’s scheme is efficient, requiring
for both users and drones, totaling approximately 0.108 ms, with the server requiring
at approximately 0.007 ms. The scheme proposed by Tanveer et al. recorded the highest computation cost, requiring
for the user and
for the drone, with an estimated delay of approximately 14.216 ms. This delay is inefficient for IoT-Drone environments that require real-time communication. Next, Hussain et al. [
18]’s scheme is estimated to have a delay of approximately 7.185 ms. Among lightweight protocols, such as the one we proposed, Yu et al.’s scheme had the highest delay at 4.886 ms. Our scheme demonstrates a balanced approach, with user and drone computation totaling approximately 0.135 ms and server computation at 0.008 ms, suggesting a trade-off between efficiency and security. To sum up, the differences in costs—less than 0.04 ms on the user–drone side and less than 0.001 ms on the server side, are minimal and unlikely to result in any significant communication overhead.
8. Conclusions
This study addresses critical security challenges in UAV communication systems within IoT environments. IoD has introduced new complexities in securing communication channels, data integrity, and user privacy. Existing authentication protocols, such as the one recently proposed by Wang et al., have demonstrated limitations in effectively mitigating emerging threats, particularly in scenarios involving resource-constrained IoT devices and real-time UAV operations. This research identified several critical vulnerabilities in Wang et al.’s protocol through comprehensive cryptanalysis, including susceptibility to drone impersonation attacks, session key leakage, and failures in mutual key agreement.
To address these security issues, we proposed a lightweight authentication scheme designed specifically for blockchain-assisted multi-server IoD environments. Our protocol leverages the decentralized and tamper-resistant features of blockchain technology, combined with advanced cryptographic techniques such as PUFs and hash operations. This approach ensures robust mutual authentication and mitigates the risks of common attacks, including replay attacks, man-in-the-middle (MitM) attacks, and session key compromise. The proposed scheme achieves a delicate balance between security and efficiency, making it particularly suitable for real-time applications in resource-constrained IoD networks.
The security of our protocol was rigorously validated using both formal and informal methods. Formal analysis through the RoR model and BAN logic has demonstrated the robustness of the scheme against a wide range of adversarial scenarios, including drone capture attacks and session key disclosure. The informal analysis further corroborated the protocol’s resilience, highlighting its ability to withstand physical tampering and various impersonation attacks. In addition to its strong security properties, the proposed scheme was evaluated in terms of computational and communication costs. Comparative performance analysis with existing protocols has shown that our scheme achieves reductions in terms of communication cost, thereby enhancing its practicality for large-scale IoD deployments. While there is a slight increase in computation cost due to the heightened security features, the delay introduced is minimal and well within acceptable limits for real-time IoD applications. The results of this research contribute to advancing the field of secure IoD communications and lay the groundwork for future developments in this rapidly evolving area. In future research, we plan to use NS-3 to simulate a realistic network environment, incorporating moving users and drones with designated altitudes, as well as fixed servers. This will allow us to further investigate issues such as latency and other related challenges.
Author Contributions
Methodology, Y.P. (Youngho Park) and Y.P. (Yohan Park); validation, H.K. and Y.P. (Youngho Park); formal analysis, H.P. and S.S.; investigation, S.J. and Y.P. (Yohan Park); resources, S.J.; data curation, H.P. and S.S.; writing—original draft preparation, S.J.; writing—review and editing, H.K. and Y.P. (Yohan Park); supervision, Y.P. (Youngho Park) and Y.P. (Yohan Park); project administration, Y.P. (Yohan Park); funding acquisition, Y.P. (Youngho Park). All authors have read and agreed to the published version of the manuscript.
Funding
This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (2021R1I1A3059551).
Institutional Review Board Statement
Not applicable.
Informed Consent Statement
Not applicable.
Data Availability Statement
Data are contained within the article.
Conflicts of Interest
The authors declare no conflicts of interest.
Abbreviations
The following abbreviations are used in this manuscript:
MDPI | Multidisciplinary Digital Publishing Institute |
DOAJ | Directory of open access journals |
TLA | Three letter acronym |
LD | Linear dichroism |
References
- Reddy Maddikunta, P.K.; Hakak, S.; Alazab, M.; Bhattacharya, S.; Gadekallu, T.R.; Khan, W.Z.; Pham, Q.V. Unmanned Aerial Vehicles in Smart Agriculture: Applications, Requirements, and Challenges. IEEE Sens. J. 2021, 21, 17608–17619. [Google Scholar] [CrossRef]
- Attenni, G.; Arrigoni, V.; Bartolini, N.; Maselli, G. Drone-Based Delivery Systems: A Survey on Route Planning. IEEE Access 2023, 11, 123476–123504. [Google Scholar] [CrossRef]
- Motlagh, N.H.; Bagaa, M.; Taleb, T. UAV-Based IoT Platform: A Crowd Surveillance Use Case. IEEE Commun. Mag. 2017, 55, 128–134. [Google Scholar] [CrossRef]
- Adil, M.; Jan, M.A.; Liu, Y.; Abulkasim, H.; Farouk, A.; Song, H. A Systematic Survey: Security Threats to UAV-Aided IoT Applications, Taxonomy, Current Challenges and Requirements With Future Research Directions. IEEE Trans. Intell. Transp. Syst. 2023, 24, 1437–1455. [Google Scholar] [CrossRef]
- Raimundo, R.J.; Rosário, A.T. Cybersecurity in the internet of things in industrial management. Appl. Sci. 2022, 12, 1598. [Google Scholar] [CrossRef]
- Adil, M.; Song, H.; Mastorakis, S.; Abulkasim, H.; Farouk, A.; Jin, Z. UAV-Assisted IoT Applications, Cybersecurity Threats, AI-Enabled Solutions, Open Challenges With Future Research Directions. IEEE Trans. Intell. Veh. 2024, 9, 4583–4605. [Google Scholar] [CrossRef]
- Sinha, S. State of IoT 2024: Number of Connected IoT Devices Growing 13% to 18.8 Billion Globally; IoT Analytics: Hamburg, Germany, 2024. [Google Scholar]
- Park, Y.; Ryu, D.; Kwon, D.; Park, Y. Provably secure mutual authentication and key agreement scheme using PUF in internet of drones deployments. Sensors 2023, 23, 2034. [Google Scholar] [CrossRef]
- Son, S.; Kwon, D.; Lee, S.; Jeon, Y.; Das, A.K.; Park, Y. Design of secure and lightweight authentication scheme for UAV-enabled intelligent transportation systems using blockchain and PUF. IEEE Access 2023, 11, 60240–60253. [Google Scholar] [CrossRef]
- Lin, Y.; Xie, Z.; Chen, T.; Cheng, X.; Wen, H. Image privacy protection scheme based on high-quality reconstruction DCT compression and nonlinear dynamics. Expert Syst. Appl. 2024, 257, 124891. [Google Scholar] [CrossRef]
- Hafeez, S.; Khan, A.R.; Al-Quraan, M.M.; Mohjazi, L.; Zoha, A.; Imran, M.A.; Sun, Y. Blockchain-assisted UAV communication systems: A comprehensive survey. IEEE Open J. Veh. Technol. 2023, 4, 558–580. [Google Scholar] [CrossRef]
- Wang, W.; Han, Z.; Gadekallu, T.R.; Raza, S.; Tanveer, J.; Su, C. Lightweight Blockchain-Enhanced Mutual Authentication Protocol for UAVs. IEEE Internet Things J. 2024, 11, 9547–9557. [Google Scholar] [CrossRef]
- Wazid, M.; Das, A.K.; Kumar, N.; Vasilakos, A.V.; Rodrigues, J.J.P.C. Design and Analysis of Secure Lightweight Remote User Authentication and Key Agreement Scheme in Internet of Drones Deployment. IEEE Internet Things J. 2019, 6, 3572–3584. [Google Scholar] [CrossRef]
- Srinivas, J.; Das, A.K.; Kumar, N.; Rodrigues, J.J.P.C. TCALAS: Temporal Credential-Based Anonymous Lightweight Authentication Scheme for Internet of Drones Environment. IEEE Trans. Veh. Technol. 2019, 68, 6903–6916. [Google Scholar] [CrossRef]
- Ali, Z.; Chaudhry, S.A.; Ramzan, M.S.; Al-Turjman, F. Securing Smart City Surveillance: A Lightweight Authentication Mechanism for Unmanned Vehicles. IEEE Access 2020, 8, 43711–43724. [Google Scholar] [CrossRef]
- Zhang, Y.; He, D.; Li, L.; Chen, B. A lightweight authentication and key agreement scheme for Internet of Drones. Comput. Commun. 2020, 154, 455–464. [Google Scholar] [CrossRef]
- Hussain, S.; Farooq, M.; Alzahrani, B.A.; Albeshri, A.; Alsubhi, K.; Chaudhry, S.A. An Efficient and Reliable User Access Protocol for Internet of Drones. IEEE Access 2023, 11, 59688–59700. [Google Scholar] [CrossRef]
- Hussain, S.; Chaudhry, S.A.; Alomari, O.A.; Alsharif, M.H.; Khan, M.K.; Kumar, N. Amassing the Security: An ECC-Based Authentication Scheme for Internet of Drones. IEEE Syst. J. 2021, 15, 4431–4438. [Google Scholar] [CrossRef]
- Wu, T.; Guo, X.; Chen, Y.; Kumari, S.; Chen, C. Amassing the security: An enhanced authentication protocol for drone communications over 5G networks. Drones 2021, 6, 10. [Google Scholar] [CrossRef]
- Zhang, M.; Xu, C.; Li, S.; Jiang, C. On the Security of an ECC-Based Authentication Scheme for Internet of Drones. IEEE Syst. J. 2022, 16, 6425–6428. [Google Scholar] [CrossRef]
- Chaudhry, S.A.; Yahya, K.; Karuppiah, M.; Kharel, R.; Bashir, A.K.; Zikria, Y.B. GCACS-IoD: A certificate based generic access control scheme for Internet of drones. Comput. Netw. 2021, 191, 107999. [Google Scholar] [CrossRef]
- Das, A.K.; Bera, B.; Wazid, M.; Jamal, S.S.; Park, Y. iGCACS-IoD: An Improved Certificate-Enabled Generic Access Control Scheme for Internet of Drones Deployment. IEEE Access 2021, 9, 87024–87048. [Google Scholar] [CrossRef]
- Tanveer, M.; Khan, A.U.; Kumar, N.; Hassan, M.M. RAMP-IoD: A Robust Authenticated Key Management Protocol for the Internet of Drones. IEEE Internet Things J. 2021, 9, 1339–1353. [Google Scholar] [CrossRef]
- Bera, B.; Chattaraj, D.; Das, A.K. Designing secure blockchain-based access control scheme in IoT-enabled Internet of Drones deployment. Comput. Commun. 2020, 153, 229–249. [Google Scholar] [CrossRef]
- Irshad, A.; Chaudhry, S.A.; Ghani, A.; Bilal, M. A secure blockchain-oriented data delivery and collection scheme for 5G-enabled IoD environment. Comput. Netw. 2021, 195, 108219. [Google Scholar] [CrossRef]
- Feng, C.; Liu, B.; Guo, Z.; Yu, K.; Qin, Z.; Choo, K.K.R. Blockchain-based cross-domain authentication for intelligent 5G-enabled internet of drones. IEEE Internet Things J. 2021, 9, 6224–6238. [Google Scholar] [CrossRef]
- Herder, C.; Yu, M.D.; Koushanfar, F.; Devadas, S. Physical unclonable functions and applications: A tutorial. Proc. IEEE 2014, 102, 1126–1141. [Google Scholar] [CrossRef]
- Karpinskyy, B.; Lee, Y.; Choi, Y.; Kim, Y.; Noh, M.; Lee, S. 8.7 Physically unclonable function for secure key generation with a key error rate of 2E-38 in 45nm smart-card chips. In Proceedings of the 2016 IEEE International Solid-State Circuits Conference (ISSCC), San Francisco, CA, USA, 31 January–4 February 2016; pp. 158–160. [Google Scholar]
- Zhang, R.; Xue, R.; Liu, L. Security and privacy on blockchain. ACM Comput. Surv. (CSUR) 2019, 52, 1–34. [Google Scholar] [CrossRef]
- Tanveer, M.; Aldosary, A.; Das, A.K.; Aldossari, S.A.; Chaudhry, S.A. PAF-IoD: PUF-Enabled Authentication Framework for the Internet of Drones. IEEE Trans. Veh. Technol. 2024. [Google Scholar] [CrossRef]
- Dib, O.; Brousmiche, K.L.; Durand, A.; Thea, E.; Hamida, E.B. Consortium blockchains: Overview, applications and challenges. Int. J. Adv. Telecommun 2018, 11, 51–64. [Google Scholar]
- Fyrbiak, M.; Strauß, S.; Kison, C.; Wallat, S.; Elson, M.; Rummel, N.; Paar, C. Hardware reverse engineering: Overview and open challenges. In Proceedings of the 2017 IEEE 2nd International Verification and Security Workshop (IVSW), Thessaloniki, Greece, 3–5 July 2017; pp. 88–94. [Google Scholar]
- Du, Z.; Jiang, W.; Tian, C.; Rong, X.; She, Y. Blockchain-based authentication protocol design from a cloud computing perspective. Electronics 2023, 12, 2140. [Google Scholar] [CrossRef]
- Karmakar, R.; Kaddoum, G.; Akhrif, O. A blockchain-based distributed and intelligent clustering-enabled authentication protocol for UAV swarms. IEEE Trans. Mob. Comput. 2023, 23, 6178–6195. [Google Scholar] [CrossRef]
- Guo, Y.; Zhang, Z.; Guo, Y.; Xiong, P. Bsra: Blockchain-based secure remote authentication scheme for the fog-enabled internet of things. IEEE Internet Things J. 2023. [Google Scholar] [CrossRef]
- Armando, A.; Basin, D.; Boichut, Y.; Chevalier, Y.; Compagna, L.; Cuéllar, J.; Drielsma, P.H.; Héam, P.C.; Kouchnarenko, O.; Mantovani, J.; et al. The AVISPA tool for the automated validation of internet security protocols and applications. In Proceedings of the Computer Aided Verification: 17th International Conference, CAV 2005, Edinburgh, UK, 6–10 July 2005; Proceedings 17. Springer: Berlin/Heidelberg, Germany, 2005; pp. 281–285. [Google Scholar]
- Park, H. AVISPA Source Code. Available online: https://github.com/Sieun-Ju/AVISPA_demo (accessed on 25 November 2024).
- Burrows, M.; Abadi, M.; Needham, R. A logic of authentication. ACM Trans. Comput. Syst. (TOCS) 1990, 8, 18–36. [Google Scholar] [CrossRef]
- Abdalla, M.; Fouque, P.A.; Pointcheval, D. Password-based authenticated key exchange in the three-party setting. In Proceedings of the Public Key Cryptography-PKC 2005: 8th International Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets, Switzerland, 23–26 January 2005; Proceedings 8. Springer: Berlin/Heidelberg, Germany, 2005; pp. 65–84. [Google Scholar]
- Boyko, V.; MacKenzie, P.; Patel, S. Provably secure password-authenticated key exchange using Diffie-Hellman. In Proceedings of the Advances in Cryptology—EUROCRYPT 2000: International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, 14–18 May 2000; Proceedings 19. Springer: Berlin/Heidelberg, Germany, 2000; pp. 156–171. [Google Scholar]
- Yu, S.; Das, A.K.; Park, Y.; Lorenz, P. SLAP-IoD: Secure and Lightweight Authentication Protocol Using Physical Unclonable Functions for Internet of Drones in Smart City Environments. IEEE Trans. Veh. Technol. 2022, 71, 10374–10388. [Google Scholar] [CrossRef]
| Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).