Next Article in Journal
Mechanical Design of a Novel Functionally Graded Lattice Structure for Long Bone Scaffolds
Previous Article in Journal
Blending Nature with Technology: Integrating NBSs with RESs to Foster Carbon-Neutral Cities
Previous Article in Special Issue
A User Journey: Development of Drone-Based Medication Delivery—Meeting Developers and Co-Developers’ Expectations
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

An Efficient Framework for Secure Communication in Internet of Drone Networks Using Deep Computing

1
Department of Electronics and Communication, University of Allahabad, Prayagraj 211002, India
2
School of Engineering Management, Tianjin University, Tianjin 300072, China
3
Cardiff School of Technologies, Cardiff Metropolitan University, Cardiff CF5 2YB, UK
*
Author to whom correspondence should be addressed.
Designs 2025, 9(3), 61; https://doi.org/10.3390/designs9030061
Submission received: 25 March 2025 / Revised: 6 May 2025 / Accepted: 8 May 2025 / Published: 13 May 2025
(This article belongs to the Collection Editorial Board Members’ Collection Series: Drone Design)

Abstract

:
The rapid deployment of the Internet of Drones (IoD) across different fields has brought forth enormous security threats in real-time data communication. To overcome authentication vulnerabilities, this paper introduces a secure lightweight framework integrating deep learning-based user behavior analysis and cryptographic protocols. The proposed framework is verified through AVISPA security verification against replay, man-in-the-middle, and impersonation attacks. Performance analysis via NS2 simulations based on changing network parameters (5–50 drones, 1–20 users, 2–8 ground stations) validates enhancements in computation overhead, authentication delay, memory usage, power consumption, and communication effectiveness in comparison with recent models such as LDAP, TAUROT, IoD-Auth, and LEMAP, thereby establishing our system as an optimal choice for safe IoD operation.

1. Introduction

The Internet of Drones (IoD) is an emerging paradigm for unmanned aerial vehicle (UAV) networking that allows controlled coordination and communication of numerous drones under a unified framework [1]. The IoD is an evolving technology that encompasses the conventional Internet of Things (IoT) frameworks and additionally includes the unique mobility, communication, and computing limitations of drone systems [2]. The current market survey estimates the global market for drones to be USD 63.6 billion as of 2025, growing at a compound annual rate of more than 25% [3], underscoring, again, the need to develop secure and efficient IoD infrastructures. Drones have become unavoidable across various application fields such as precision agriculture [4], disaster relief [5], military reconnaissance [6], package delivery [7], border protection [8], and city surveillance [9]. Drones have become vital tools in many industries, with real-world deployment providing compelling proof of their worth [10]. In the field of precision agriculture, for example, monitoring using UAVs has enhanced crop yields by up to 15% and decreased pesticide applications by 30% [11]. In disaster relief efforts, drones cut search and rescue times by more than 40% during the 2015 Nepalese earthquake response [12]. The market for commercial drone delivery alone is projected to exceed USD 5.6 billion by 2026, with more than 1.3 million deliveries already made worldwide by firms such as Zipline and Amazon Prime Air [13]. This extensive usage is due to technological innovations in the miniaturization of sensors, increased battery life, better processing power, and extended wireless connectivity options [14]. Today’s drones incorporate advanced sensing technologies such as high-definition cameras, LiDAR, thermal cameras, and multispectral sensors, producing unprecedented levels of real-time information that facilitate advanced decision-making processes [15].
Security vulnerabilities have already resulted in real-world incidents: in 2019, a GPS spoofing attack diverted multiple UAVs in a commercial testbed, resulting in loss of drones worth more than USD 200,000 [16]. Furthermore, in a simulated man-in-the-middle attack on a drone swarm control network, researchers proved that up to 80% of the drones might be hijacked in 90 s [17]. The intrinsic nature of IoD systems poses distinctive security threats to those using conventional IoT networks [18], such as resource limitations, since drones usually have limited computational capabilities, power sources, and storage capacities, calling for lightweight security measures [19]; dynamic network topologies [20], with the high mobility of drones resulting in perpetually varying network topologies, making it difficult to integrate static security measures [21]; real-time requirements [22], as some critical applications require minimal latency in data processing and transmission, putting high-performance requirements on security measures [23]; wireless vulnerabilities, such as the use of wireless communications making drone networks susceptible to jamming, eavesdropping, and man-in-the-middle attacks [24]; and physical accessibility, with drones deployed in open environments being more exposed to capture and hardware attacks [25]. Current security solutions for IoD systems have generally relied on encryption methods [26], blockchain [27], and legacy authentication schemes [28]. Although these methods deal with some security issues [29], they usually have huge computational overheads that contradict the real-time constraints and limited resources of drone systems [30]. Furthermore, legacy security protocols also tend to overlook the specific mobility characteristics and communication constraints of drone networks [31].
Several authentication frameworks have been suggested for IoD environments in particular. Rathore et al. [32] suggested a mutual authentication scheme based on elliptic curve cryptography, which is secure but consumingly computational. Likewise, Khan et al. [33] suggested a lightweight authentication mechanism for communication in drones, although it is not very secure against advanced attack vectors. Sharma et al. [34] proposed a blockchain-based authentication system for UAVs, which provides strong security assurances but imposes prohibitive delays for real-time use. Notwithstanding these efforts, there is still an important research gap regardingauthentication protocols that, at the same time, meet the ostensibly conflicting demands of strong security, low computational overhead, and low delay for real-time IoD operations.
To meet these challenges, this paper introduces a new machine learning-augmented cryptographic protocol for secure user authentication in IoD systems. Our design employs behavioral biometrics and lightweight cryptographic primitives to establish an effective authentication framework that strikes a good balance between computational overhead reduction and security enhancement. The protocol proposed has adaptive security measures that automatically adjust to varying threat levels and usage environments for optimal balance between the strength of security and efficiency of performance.
The major contributions of this work are:
  • The design of a lightweight authentication framework based on a hybrid machine learning model that incorporates random forest and LSTM models with comparable security and significantly lower computational demands.
  • Complete security verification by way of formal verification using AVISPA (Automated Validation of Internet Security Protocols and Applications) and informal security analysis to show immunity to typical attack mechanisms such as replay attacks, man-in-the-middle attacks, and impersonation attacks.
  • Extensive performance assessment with NS2 simulation, achieving a 43% decrease in computational overhead, 37% reduction in communication latency, and 28% less energy expenditure than current IoD authentication mechanisms.
The rest of this paper is structured as follows: Section 2 surveys relevant work on IoD security and authentication protocols. Section 3 explains the system model and an assumption made by our approach and introduces the proposed authentication protocol and its building blocks. Section 4 provides performance evaluation and simulation results. Section 5 gives a discussion of the overall results. Lastly, Section 6 concludes the paper and states future directions of work.

2. Related Work

This part offers an extensive review of the literature on security protocols for the Internet of Drones (IoD) from the perspective of authentication mechanisms, cryptographic methods, and machine learning-based security solutions. We classify the literature into three main groups: general IoD security frameworks, lightweight authentication protocols, and machine learning applications in drone security.

2.1. IoD Security Frameworks

The special nature of drone networks requires dedicated security architectures to deal with their specific issues. Sharma et al. [35] discussed the security architecture for dronecommunication networks, revealing flaws in current protocols and recommending a multi-layered security scheme. Likewise, Adil et al. [36] presented an extensive study of cyber threats in UAV networks, classifying attacks according to their effects on confidentiality, integrity, and availability of drone services. Garcia-Magarino et al. [37] presented a self-deployment UAV network structure with security measures tailored for emergencies, highlighting the significance of secure communication in dynamic settings but without comprehensive authentication mechanisms. Closing this shortcoming, Patel et al. [38] created a hierarchical security framework for swarms of drones that integrated cryptographic primitives and secure routing protocols. Bera et al. [39] proposed a fog-supported secure Internet of Drones (IoD) scheme that promotes better data security along with less latency, exhibiting more efficiency than existing cloud-based designs, but demanding great amounts of edge computing hardware. Following this theme, Zhang et al. [40] advanced software-defined networking (SDN)-powered security solutions for anIoD system based on flexible enforcement of security policy on heterogeneous networks of drones. Recent developments involve zero-trust architectures [41] for ongoing identity authentication [42] and blockchain-supporting frameworks for tamper-evident activity logging with efficiency preservation [43]. Our solution implements ongoing verification with smaller computational needs compared to blockchain-based implementations.

2.2. Lightweight Authentication Protocols

Authentication is a key security element in IoD systems. Wu et al. [44] proposed a lightweight mutual authentication scheme for drones using physically unclonable functions (PUFs), exhibiting resistance to replay and man-in-the-middle attacks with low computational overhead; nevertheless, their method needs dedicated hardware that adds costs to drones. Wazid et al. [45] proposed a lightweight authentication and key agreement protocol for UAV communication networks with lower computational complexity compared to traditional public key mechanisms but equal security levels. Da et al. [46] also proposed a certificateless signcryption scheme for drone communication with no certificate management infrastructure, hence reducing communication overhead. For computational resource-limited drone systems, Thakur et al. [47] designed an ultra-lightweight nonce-based bitwise operation authentication protocol that reduced computational needs but provided little defense against advanced attack channels. To overcome this limitation, Gope and Sikdar [48] offered a provably secure anonymous IoD authentication protocol that satisfied security strength and efficiency in computation. Recent research has involved RAPID-Auth, which attains 40% reduced energy consumption with elliptic curve cryptography [49], and context-aware authentication that adjusts security levels according to environmental conditions [50]. Our framework builds on these by integrating behavioral analysis with cryptographic mechanisms without usual energy costs.

2.3. Machine Learning for IoD Security

The use of machine learning methods to improve IoD security has been recently investigated. Alkadi et al. [51] utilized deep-learning methods [52] to identify unauthorized drone intrusions into defended airspace and found high accuracy in identifying legitimate versus malicious drone activity; however, their method is not concerned with authentication needs. Wang et al. [53] created a multi-factor authentication scheme for drones based on machine learning-based behavioral biometrics that examine flight trajectories to authenticate the identity of the drone in real-time, demonstrating the potential for prevention of session hijacking attacks but with a requirement for extensive training data. Likewise, Kumar et al. [54] have designed an intrusion detection system for IoD networks based on ensemble learning methods that dynamically respond to changing threat scenarios. Reinforcement learning [55] has also been identified to have potential for enhancing drone security, as seen with Sedjelmaci et al. [56], who came up with a reinforcement learning-driven intrusion detection framework for flying ad hoc networks (FANETs) that achieves maximum detection accuracy with low false positives. Their work recognizes the potential of adaptive security mechanisms for drone networks but focuses more on detection than on prevention. Some recent advances involve federated learning for distributed anomaly detection of drone swarms [57] and transformer models verifying drone pilots by control signal patterns with 97.8% accuracy [58]. Our proposed hybrid method is as accurate as that but has much lower computational requirements.

2.4. Security Evaluation Methodologies

Security protocol evaluation is a critical part of IoD research. Won et al. [59] established a solid security evaluation framework for IoD systems, suggesting metrics for the evaluation of authentication protocols in resource-constrained systems, and their work guided our methodology towards performance evaluation. Simulation-based security analysis can be applied in IoD studies, as evidenced by Agrawal et al. [60], who utilized NS2 simulations to compare and contrast secure routing protocols for FANETs in various attack scenarios, illustrating that mobility patterns must be considered when assessing the performance of security protocols. Building on this approach, Sohail et al. [61] suggested a hybrid simulation model combining network and hardware simulation to evaluate the impact of security measures on drone battery life [62]. Formal verification methods provide mathematical guarantees of security protocol correctness, as shown by Hussain et al. [63], who used AVISPA formal verification to examine mutual authentication protocols for IoT devices, proving its usability in resource-constrained systems. Also, Wang et al. [64] employed BAN logic to certify the security properties of a lightweight authentication scheme for heterogeneous wireless sensor networks, establishing a basis for formal security analysis in IoD scenarios. Modern solutions include DroneSim for simulating energy consumption effects of security mechanisms [65] and an automated theorem proving for authenticating security protocols in time-critical IoD applications [66]. Our strategy integrates formal verification with AVISPA and systematic performance analysis in practical mobility patterns.

2.5. Research Gap

Despite breakthroughs in IoD security, some important gaps still exist. Current authentication schemes typically do not handle the peculiar combination of mobility, resource limitations, and timeliness typical of drone networks. Moreover, although machine learning has exhibited great promise in strengthening security in a variety of contexts, its use in the context of IoD authentication is under-investigated. In addition, holistic security analysis that combines formal verification with performance evaluation in realistic scenarios is largely missing from the existing literature. Though recent contributions have considered separate features such as energy efficiency [49] or behavior-based authentication [58], there areno prior works that combine these factors within a unified framework verified using both rigorous formal security verification and genuine performance analysis. Our contribution fills this gap with anintegrated approach.

3. Materials and Methods

The SecureDrone authentication framework is a strong, multi-layer architecture developed for Internet of Drone (IoD) networks that includes cloud servers, edge servers, ground control stations, user controllers, and drones with domain-specific authentication and cryptography modules. It uses a three-stage authentication process—registration with secure key pairs, authentication via behavior analysis and cryptographic authentication, and session management with periodic re-authentication. The important cryptographic building blocks are SHA-256 for hashing, AES-GCM for encryption, ECC for key exchange, and nonce-timestamp protection for preventing replay attacks. One of the novel aspects is the inclusion of behavior analysis based on a hybrid machine learning technique—Random Forest for categorical and LSTM for time-series attributes—constructing behavioral profiles and calculating a Behavior Deviation Score (BDS) to invoke extra authentication upon detection of abnormalities. The protocol maximizes security through resource-conscious design, offloading model training to cloud servers but allowing real-time inference on edge servers, thereby minimizing computational overhead, latency, and energy consumption. Its multi-layered defense approach includes two-factor authentication, ongoing session monitoring, and adaptive re-authentication to counter several attack vectors. Innovative aspects are the addition of behavioral biometrics in drone verification, an adaptive security system scaling security measures according to anomaly detection, security-resource optimization as a measurable metric, and a distributed processing architecture distributing security functions among cloud, edge, and local units. The protocol has been systematically verified employing AVISPA tools (OFMC, CL-AtSe, SATMC, and TA4SP) and the outcome affirming its capability to work well against identified threats and guaranteeing all the security properties as SAFE. A flowchart in Figure 1 shows the proposed SecureDrone Authentication Framework, a total security solution for drone operations. The framework connects three major components: User/Controller, Ground Control Station, and the dronesthemselves. The authentication occurs in two phases: (a) the registration phase (establish the ECC key pairs, store the credentials, and setup the behavioral profiles) and (b) the authentication phase (which involves signing request, challenges, and session management). The system employs advanced cryptographic modules using SHA-256, AES-GCM, and ECC protocols to create secure sessions. Behavioral analysis is also utilized for ongoing security that is based on Random Forest for categorical data, and LSTM time series data, with processing performed on Edge and Cloud servers. This is a total security option in that both cryptographic and behavioral indication are verified and that drone operations are continuously monitored.

3.1. System Model and Problem Formulation

3.1.1. IoD Network Architecture

The Ground Control Station (GCS) edge servers, cloud servers, and drones compromising the Internet of Drones (IoD) network architecture are linked together with wireless communication channels. Drones (D), which are limited by computational and energy budgets, employ sensors and a communication module to sense data and send it to others. Localized control is offered through GCS, which serves as a bridge between drones and the infrastructure backend. Edge servers (ES), which offer computational power with low latency, are located near drone operating areas, while cloud servers (CS) process data and large-scale computations. Drone-to-GCS (D2G) through light protocols, GCS-to-Edge (G2E) through secure wireless links, and Edge-to-Cloud (E2C) via high-bandwidth lines are all components of the communication system. An IoD network architecture is shown in Figure 2.

3.1.2. Security Requirements

Mutual authentication, between the drone and the approved User/Controller, which authenticate each other’s identities before creating a secure communication channel, must be an aspect of the IoD authentication protocol. It must ensure data integrity to prevent transmitted information from being tampered with and offer data confidentiality by encrypting all data being communicated to prevent unlawful access by eavesdroppers. To avoid denial of participation in communication by the parties, non-repudiation should also be included in the protocol. Forward secrecy should be utilized for further security in a way that past communication is not affected by the compromise of current session keys. Lastly, to make the communication of the IoD both reliable and of integrity, the protocol should be resistant against commonly known attacks like replay, man-in-the-middle, and impersonation attacks.

3.1.3. Threat Model and Problem Formulation

The threat model considers both active attackers (Aa), who intercept, modify, or destroy messages, impersonate parties, launch denial-of-service (DoS) attacks, or take control of drones, and passive attackers (Ap), who listen in on and inspect communications. The probability that an attack will succeed is expressed as:
Pattack = Pdetection × Pexploitation × (1 − Pmitigation)
where Pdetection is the probability of detecting a vulnerability, Pexploitation is the probability of successful exploitation, and Pmitigation is the system’s mitigation probability. The authentication problem in the Internet of Drones (IoD) can be posed as an optimization problem that balances security strength and resource utilization. The objective function F is presented as:
F = max {w1 × S − w2 × C − w3 × L − w4 × M − w5 × E}
concerning the constraints:
S ≥ Smin, C ≤ Cmax, L ≤ Lmax, M ≤ Mmax, E ≤ Emax
where w1, w2, w3, w4, and w5 are weighting factors representing different protocol features of importance, Smin is the minimum security level acceptable, and Cmax, Lmax, Mmax, and Emax are maximum permissible constraints for computational overhead, authentication latency, memory use, and energy consumption, respectively. The authentication process between a drone Diand a user Uj is expressed as:
Auth(Di,Uj) = {m1, m2,..., mn}
where m1, m2,…., mn are the sequence of authentication messages. The security strength S is quantified as:
  S = k = 1 k α k ( 1 P a t t a c k , k )
where K is the number of available attack vectors, α k is the effect of the k-th attack vector, and Pattack,k is the probability of success of an attack via the k-th vector. The computational overhead C is expressed as:
  i = 1 n c c r y p t o ,     i + c M L ,   i
where c c r y p t o ,   i is the cost of cryptographic computations, and   c M L ,   i is the cost of computations for machine learning at the i-th step. The optimization framework ensures that authentication in IoD is extremely secure while minimizing the usage of resources.

3.1.4. Proposed Authentication Protocol

The SecureDrone authentication protocol is a robust security mechanism that is suitable for the Internet of Drones (IoD). It uses machine learning-based behavior analysis of the users and lightweight cryptographic primitives for providing secure and lightweight authentication with low latency and processing overhead. There exists a cloud server, edge server, Ground Control Station, user controllers, and drones in the protocol structure; each includes domain-specific behavior analysis, authentication, and cryptographic modules. An architecture is shown in Figure 3.
There are three stages in the authentication procedure: the registration stage, in which the users, drones, and control stations are registered; the authentication stage, based on behavior analysis and cryptographic primitives for trusted authentication; and the session management stage, with secure communication through constant re-authentication. A combination model incorporating a Random Forest classifier for classifying categorical attributes and a Long Short-Term Memory (LSTM) network for identifying time patterns identifies user behavior patterns such as command use, flight path requests, and control input attributes to specify a behavioral profile. The Random Forest and LSTM combination was chosen particularly by ablation studies that proved its performance to be better than for single-model approaches. This blended model supports current research by Zhang et al. [67], which illustrated the performance of ensemble methods to surpass single classifiers for drone behavior authentication by 12–18%. Our choice of parameters for the Random Forest (100 trees, maximum depth of 10) and LSTM network (128 hidden units, 2-layer architecture) was tuned using grid search experiments to trade off accuracy against computational cost. User behavior analysis through machine learning is a new component of this protocol. By computing the deviation between the profile and the current behavior vector, the protocol computes a Behavior Deviation Score (BDS), which, in case of deviations greater than a threshold value, triggers additional authentication challenges. SecureDrone employs SHA-256 for hashing, AES-GCM for session encryption, Elliptic Curve Cryptography (ECC) for key exchange and digital signatures, and nonce-timestamp algorithms to prevent replay attacks to ensure security with minimal computational overhead. To ensure that only authorized users and drones communicate, the authentication process includes one-time user registration, behavior analysis when receiving an authentication request, challenge-response verification, and session key distribution upon successful authentication. SecureDrone ensures quick and scalable authentication in IoD environments by offloading model training onto cloud servers while preserving real-time inference on edge servers. This enhances security without compromising operational efficiency.

3.1.5. Training Process of Machine Learning Models

The SecureDrone authentication mechanism employs a hybrid machine learning strategy that combines a Random Forest classifier for categorical features and an LSTM (Long Short-Term Memory) network for time-series features to provide strong security for drone systems. At the user registration stage, behavioral features like command usage and typing rhythm are extracted to train user behavior models. The LSTM model, aimed at identifying sequential patterns, is created with an initial input size equal to the number of features, two hidden layers of 64 neurons each, and trained for 100 iterations using forward propagation, calculation of the loss, and backpropagation. Simultaneously, a Random Forest classifier of 100 trees with a maximum depth of 10 is trained on a balanced dataset for differentiating normal from anomalous behavior. For drone authentication, the same procedure is adopted with telemetry information such as flight paths and sensor measurements. The LSTM drone model is relatively small, consisting of two hidden layers and 32 neurons in each, and pre-trained on manufacturer-supplied data to model normal drone behavior. The included Random Forest classifier for drones employs 80 trees of depth 8 and is trained on drone-specific data. Parameters of the model were tuned via ablation studies and grid search to balance accuracy against computational cost, with the collective model performing 12–18% better than single models. Also, the system utilizes continuous learning during verification, employing a low learning rate (e.g., 0.01) to slow-learning adapt to normal behavior changes without sacrificing stability. The twin-model approach maintains high security without being computationally resource-intense for resource-limited drone environments.

3.1.6. Protocol Phases

The proposed security protocol includes three phases: registration, authentication, and verification. These phases all utilize machine learning methods for optimizing security using behavioral biometrics and telemetry analysis. The Algorithms 1–5 described below outline the execution of these phases for a solid framework for secure communication between users, drones, and the entity server.
Algorithm 1: User Registration
Input: UserID, Credentials, InitialBehaviorProfile
Output: Registration token, Public Key of the Entity Server (PK_ES)
1:  (PK_U, SK_U)← GenerateECCKeyPair()
2:  Store UserID, PK_U, Hash(Credentials) in UserRegistry
3:  behavioralFeatures ← ExtractBehavioralFeatures(InitialBehaviorProfile)
4:  lstmModel ← InitializeLSTMNetwork(inputSize = |behavioralFeatures|, hiddenLayers = 2, hiddenSize = 64)
5:  lstmTrainingData ← GenerateSequentialBehaviorSamples(behavioralFeatures)
6:  for epoch = 1 to 100 do
7:     for each sequence in lstmTrainingData do
8:        output ← lstmModel.Forward(sequence)
9:        loss ← SequenceLoss(output, sequence)
10:        lstmModel.Backpropagate(loss)
11:    end for
12: end for
13: rfModel ← InitializeRandomForest(treeCount = 100, maxDepth = 10)
14: rfTrainingData ← GenerateBalancedTrainingSet(behavioralFeatures)
15: rfModel.Train(rfTrainingData)
16: Store (lstmModel, rfModel) in BehaviorDB under UserID
17: token ← SignECC(SK_ES, {UserID, PK_U, Timestamp})
18: return token, PK_ES
Explanation:
User Registration—An ECC key pair is created at the beginning of the user registration process. The system stores the hashed user credentials and public key in a secure registry. The initial data on user interactions is used to derive behavioral features related to command usage and typing rhythm. A Random Forest (RF) classifier is trained using these features for anomaly detection, and an LSTM network is trained for sequential behavior modeling. Real and synthetic data are used to train both models, which are then stored in a behavior profile database. Finally, a registration token is generated by using the entity server’s private key to sign the user’s credentials and public key.
Algorithm 2: Drone Registration
Input: DroneID, DroneType, Capabilities
Output: Drone Certificate
1:  (PK_D, SK_D)← GenerateECCKeyPair()
2:  Store DroneID, PK_D, DroneType, Capabilities in DroneRegistry
3:  telemetryFeatures ← ExtractTelemetryFeatures(DroneType, Capabilities)
4:  droneLSTM ← InitializeLSTMNetwork(inputSize = |telemetryFeatures|, hiddenLayers = 2, hiddenSize = 32)
5:  PretrainDroneLSTM(droneLSTM, DroneType)
6:  droneRF ← InitializeRandomForest(treeCount = 80, maxDepth = 8)
7:  PretrainDroneRF(droneRF, DroneType)
8:  Store (droneLSTM, droneRF) in DroneModelDB under DroneID
9:  SecureStore(DroneID, SK_D, PK_ES)
10: cert ← SignECC(SK_ES, {DroneID, PK_D, Timestamp})
11: return cert
Explanation:
Drone Registration—During registration of the drone, the system creates an ECC key pair and registers metadata of the drone like type and capabilities. Telemetry features like flight patterns, sensor readings, control latencies are extracted. A pre-trained LSTM model for drones is initiated and pre-trained with manufacturer-provided datasets mimicking normal operation of the drones. Simultaneously, a Random Forest classifier is trained to detect anomalies in real-time. The models are stored, and the drone is equipped with its private key and entity server public key. A digitally signed certificate by the server completes the secure enrollment.
Algorithm 3: User Authentication
Input: UserID, AuthRequest = {reqID, timestamp, nonce, signature}
Output: Encrypted challenge token or authentication failure
1:  if CurrentTime()-timestamp > TimeWindow then
2:      return AuthFailure(“Request expired”)
3:  end if
4:  userPK ← UserRegistry.getPK(UserID)
5:  if not VerifyECC(userPK, signature, {reqID, timestamp, nonce}) then
6:      return AuthFailure(“Invalid signature”)
7:  end if
8:  profile ← BehaviorDB.getProfile(UserID)
9:  lstmModel ← profile.LSTM
10: rfModel ← profile.RF
11: challenge ← GenerateUserBehaviorChallenge(profile)
12: challengeToken ← EncryptECC(userPK, {challenge, nonce + 1})
13: return challengeToken
Explanation:
User Authentication—After receiving an authentication request from a user, the system verifies the freshness of the request first to avoid replay attacks. The system then authenticates the digital signature based on the user’s stored public key. In case it is valid, the system obtains the behavior models of the user and produces a dynamic behavioral challenge (for example, typing sequence or interface interaction task). The challenge is encrypted and dispatched to the user to produce genuine-time behavior to be checked subsequently.
Algorithm 4: Verify User Response
UserID, Response = {challenge, responseData, signature} is the input.
Output: AuthFailure or AuthSuccess with session key
1: UserPK ← UserRegistry.getPK (UserID)
2: If VerifyECC(userPK, signature, {challenge, responseData}) is not present, then
3: return AuthFailure(“Invalid response”)
4: terminate if
5: Extract Behavior Features (responseData)← currentBehavior
6: behaviorSeq ← FormatBehaviorAsSequence(currentBehavior)
7: predictedSeq ← lstmModel.Forward(behaviorSeq)
8: SequenceLoss(predictedSeq, behaviorSeq[1:])← loss
9: lstmScore ← exp(−loss)
10: FormatBehaviorAsFeatureVector(currentBehavior)← rfVector
11: classProbs ← rfModel.PredictProbabilities(rfVector)
12: rfAnomaly ← 1 − classProbs[1]
13: behaviorScore ← 0.6 × lstmScore + 0.4 × (1 − rfAnomaly)
14: if behaviorScore is less than behavior threshold, then
15: Log(UserID, “Behavior anomaly”, behaviorScore)
16: AuthFailure(“Behavior anomaly detected”) is returned.
17: terminate if
18: lstmModel.Update(learningRate = 0.01, behaviorSeq)
19: rfModel.Update(rfVector, isPositive = TRUE)
20: BehaviorDB.update(UserID, currentBehavior, lstmModel, rfModel)
21: GenerateRandomKey(128) ← sessionKey
22: return AuthSuccess, encryptedKey
23: encryptedKey ← EncryptECC(userPK, sessionKey)
Explanation:
Verify User Response—Once the user reacts to the challenge, the system checks the signature of the response and extracts the features of the behavior. The LSTM model processes sequential patterns of behavior and computes confidence based on the accuracy of the prediction. Concurrently, RF model calculates the probability that the behavior is a legitimate user’s. These values are blended together to generate the final authentication score. When the score goes over a predetermined value, the models are refreshed with the new behavior data to facilitate adaptive learning and a secure session key is produced.
Algorithm 5: Verify Drone Response
Input: DroneID, Response = {challenge, telemetryData, signature}
Output: AuthSuccess with encrypted session key or failure
1:  dronePK ← DroneRegistry.getPK(DroneID)
2:  if not VerifyECC(dronePK, signature, {challenge, telemetryData}) then
3:      return AuthFailure(“Invalid drone response”)
4:  end if
5:  telemetryFeatures ← ExtractTelemetryFeatures(telemetryData)
6:  seq ← FormatTelemetryAsSequence(telemetryFeatures)
7:  predicted ← droneLSTM.Forward(seq)
8:  seqScore ←CalculateSequenceSimilarity(predicted, seq)
9:  vector ← FormatTelemetryAsFeatureVector(telemetryFeatures)
10: prob ← droneRF.PredictProbabilities(vector)
11: anomaly ← 1 − prob[1]
12: authScore ← 0.5 × seqScore + 0.5 × (1 − anomaly)
13: if authScore < DroneAuthThreshold then
14:    Log(DroneID, “Compromised drone”, authScore)
15:    return AuthFailure(“Telemetry mismatch”)
16: end if
17: droneLSTM.Update(seq)
18: droneRF.Update(vector, isNormal = TRUE)
19: DroneModelDB.update(DroneID, droneLSTM, droneRF)
20: sessionKey ← GenerateRandomKey(128)
21: encryptedKey ← EncryptECC(dronePK, sessionKey)
22: return AuthSuccess, encryptedKey
Explanation:
Verify Drone Response—The system authenticates drones based on the examination of telemetry data gathered in response to a challenge. It confirms the signature of the drone and extracts telemetry features like command timing of execution, sensor values, and power utilization. The LSTM model calculates a sequence similarity score against known drone behavior patterns and the RF model calculates the probability of an anomaly. These scores are combined to calculate the authenticity of the drone. The models are updated if accepted with the new telemetry and a session key is issued to authenticate communication between the ground station and the drone.

3.1.7. Security Analysis and Verification

The security verification and analysis of the SecureDrone authentication protocol were performed using the AVISPA tool that comprises OFMC, CL-AtSe, SATMC, and TA4SP to ensure a thorough evaluation of security properties against a precisely defined threat model. The results are shown in Table 1. The protocol was described in HLPSL with designated roles like User/Controller, edge server, Ground Control Station, and drone, and the verification process focused on the secrecy of session keys, entity authentication, replay attack resistance, and message integrity. The outcome validated that the protocol fulfills all described security properties without any attacks discovered. The protocol exhibited man-in-the-middle attack resistance based on mutual authentication with digital signatures, maintaining message integrity as well as blocking unauthorized key establishment. Replay attacks were also prevented by using timestamps, nonces, and sequence numbers so that the attackers could not reuse intercepted messages. Impersonation attacks were also averted through a two-factor authentication procedure with cryptographic credentials and behavioral analysis, yielding adaptive credential loss protection. Termination, reachability, and liveness properties of the protocol were maintained through additional correctness testing, ensuring proper functioning under adversarial and normal settings. The cryptographic and behavioral defenses combined constitute a robust security framework well-suited for IoD applications. The choice of AVISPA for formal verification adheres to standard security protocol analysis methodologies in resource-constrained contexts [68]. The use of all four back-ends (OFMC, CL-AtSe, SATMC, and TA4SP) instead of a subset was influenced by Chen et al.’s [69] research that show that thorough multi-tool verification impacts severely on false negatives in security proofs. Behavior threshold parameters were tuned against a set of 10,000 authenticated sessions with a false positive rate of 0.5% and false negative rate of 0.2%, on par with industry standards for high-security applications [70].
SecureDrone authentication protocol was verified with the AVISPA tool which is shown in Figure 4 by using all four back-ends—OFMC, CL-AtSe, SATMC, and TA4SP—and each of them checking for important security properties. HLPSL-modeled, the protocol assigned roles to the User/Controller, Edge Server, Ground Control Station, and Drone. The verification outputs, indicated as “SAFE” in all tools, asserted the protocol’s strength against numerous attack vectors. The major achievements were to provide mutual authentication, secrecy of the session key, message integrity, forward secrecy, and protection against replay. The protocol was highly resistant to man-in-the-middle, replay, and impersonation attacks using digital signatures, timestamps, nonces, sequence numbers, and two-factor authentication techniques.

4. Results

4.1. Experimental Setup and Simulation Environment

The operation of the proposed SecureDrone authentication scheme was evaluated using thorough simulations in Network Simulator 2 (NS2) version 2.35, which simulated realistic Internet of Drones (IoD) deployment environments with varying numbers of drones, users, and network scenarios. The simulation parameters are shown in Table 2. The simulation was conducted on a 1000 m × 1000 m space for 1000 s with varying drones from 5 to 50, varying users from 1 to 20, ground stations from two to eight, and edge servers from one to five. Drones followed a Random Waypoint mobility model with speeds between 0 and 20 m/s and a 100 m communication range for drone-to-GCS connections. The bandwidth allocation was 5 Mbps for D2G, 20 Mbps for G2E, and 50 Mbps for E2C communications. IEEE 802.11n was the MAC protocol employed, with a two-ray ground propagation model. AES-128-GCM for symmetric encryption and ECC-256 for asymmetric encryption ensured cryptographic security for the 512-byte data packets. Moreover, a hybrid machine learning model of LSTM and Random Forest was utilized for authentication, which was performed at each 300 s interval. Background traffic exhibited a Constant Bit Rate (CBR) with different intensities. For comparison with SecureDrone, four latest authentication protocols—LDAP, TAUROT, IoD-Auth, and LEMAP were utilized as baseline schemes. The performance was measured in terms of computational overhead (CPU time used for authentication tasks), authentication latency (request-to-authentication time), memory consumption, energy use, communication overhead (size and number of messages exchanged), scalability (performance when the network size is growing), and authentication success rate (successful authentication ratio under different attack modes).

4.2. Computational Overhead Analysis

Figure 5 shows how computational overhead (in milliseconds) scales with the number of drones for each protocol. SecureDrone always shows less computational demand in all scales of networks, with the performance difference growing as the number of drones grows. This shows better scalability in resource-scarce settings. The computational cost was calculated as the CPU time taken to perform the entire authentication process, and the results proved that SecureDrone outperforms all other protocols in terms of computational cost. As evident from Figure 3, SecureDrone has around 30% less computational cost than LDAP, 33% less than TAUROT, 42% less than IoD-Auth, and 27% less than LEMAP when tested with 50 drones. All of these efficiencies owe their existence to the implementation of light ECC operations rather than heavy computations of RSA, an improved AES-GCM to encrypt sessions using optimized versioning, streamlined behavior pattern match algorithms, and the offloading of computationally exhaustive tasks like training ML models on cloud servers but maintaining the inference operations lightweight to deploy in edge. The computation overhead breakup is depicted in Table 3.

4.3. Authentication Latency

Authentication latency is the amount of time taken from the request for authentication to its successful completion, as shown in Figure 6 for a comparison of authentication latency among protocols under different network loads. This graph illustrates end-to-end authentication latencies between protocols with growing network loads. SecureDrone’s better performance during heavy network loads (100 requests/s) reflects its effectiveness under crowded network environments characteristic of dense city drone operations.The findings indicate that SecureDrone consistently records less authentication latency than other protocols in all the network conditions with about 35% less latency than LDAP, 32% less than TAUROT, 39% less than IoD-Auth, and 24% less than LEMAP at the maximum network loading (100 requests/s). This is made possible through an optimized security workflow with less message exchange, optimized cryptographic processing, parallel execution of independent security processes, behavior analysis in the edge, and adaptive challenge complexity based on security needs.

4.4. Memory Usage Analysis

Memory consumption is an important consideration for resource-limited drone devices, and we have observed the memory consumption during authentication with varying numbers of concurrent sessions in Figure 7. From the results, it can be seen that SecureDrone shows considerably less memory usage than other protocols, consuming around 36% less memory than LDAP, 33% less than TAUROT, 43% less than IoD-Auth, and 30% less than LEMAP with 50 concurrent sessions. This memory performance is made possible by enhanced session management data structures, effective storage of security credentials, reduced storage of state information, security parameter caching only of frequently accessed security parameters, and runtime garbage collection of obsolete session data. A breakdown of the memory use among various components of authentication is depicted in Table 4.

4.5. Energy Consumption

Energy consumption is a key consideration for battery-operated drones, and we recorded the energy consumption during the authentication process, as illustrated in Figure 8. The findings show that SecureDrone is more energy efficient in all authentication operations, using about 38% less energy than LDAP, 33% less than TAUROT, 44% less than IoD-Auth, and 27% less than LEMAP for a complete authentication process. The energy efficiency is even more significant in re-authentication and key refresh operations, which are performed often under normal conditions, thus making SecureDrone very effective in increasing drone flight time and capabilities. This low energy usage comes through reduced computational complexity of the cryptographic operations, decreased communication overhead, efficient execution of security algorithms, optimized behavior analysis process, and adaptive security levels depending on threat assessment. Moreover, SecureDrone is even more efficient since LDAP and IoD-Auth do not have behavior analysis, and thus are not as optimized for smart threat detection and resource management.

4.6. Communication Overhead

Communication overhead was calculated in terms of the number of messages and their size passed through during the authentication process, and Figure 9 shows a comparative analysis. From the results, SecureDrone has less communication overhead compared to other protocols with 33% fewer messages compared to LDAP, 20% fewer compared to TAUROT, 43% fewer compared to IoD-Auth, and the same as LEMAP. As far as overall message size is concerned, SecureDrone’s overhead is about 32% less than LDAP, 22% less than TAUROT, 43% less than IoD-Auth, and 17% less than LEMAP. All this is achieved through compact message formats with less padding, efficient encoding of security parameters, aggregated authentication, and key establishment messages, context-dependent selection of security parameters, and compressed behavior feature representation. Table 5 offers a detailed comparison of the communication overhead per protocol.

4.7. Scalability Analysis

Figure 10 shows a 3D visualization of authentication time as both user count and drone count grow. The comparatively level surface for SecureDrone over other protocols illustrates better performance scaling in large-scale deployments with multiple concurrent users and drones. The 3D visualization proves that SecureDrone has better scalability, having lower authentication time as the number of drones and users increases. At the largest tested scale (50 drones and 20 users), SecureDrone’s authentication time is roughly 32% less than LDAP. This scalability is made possible by effective parallel processing of authentication requests, optimized session management with low-state information, distributed processing across edge servers, effective handling of concurrent authentication sessions, and low computational complexity of cryptographic operations.

4.8. Authentication Success Rate Under Attack Scenarios

To compare security effectiveness, we quantified the authentication success rate under different attack conditions, and Figure 11 shows the comparison. This graph illustrates the strength of each protocol against more intense attack scenarios. SecureDrone has over 85% success rate even in extreme DoS conditions (80%), illustrating its strong security architecture and attack resistance compared to other methods. The results show that SecureDrone has higher authentication success rates under all attack conditions, especially under heavy DoS attacks, where it has an 85.7% success rate under 80% DoS attack conditions, compared to 62.3% for LDAP, 68.7% for TAUROT, 65.2% for IoD-Auth, and 67.4% for LEMAP. This improved security performance is credited to dual-factor authentication based on cryptography credentials and behavioral analysis, high-quality anti-replay capabilities using timestamps and nonces, aggressive mutual authentication against MITM attacks, effective DoS protection using rate limiting and adaptive challenge complexity, and behavioral-based anomaly detection for impersonation attempts.

4.9. Performance Comparison Summary

Table 6 presents a detailed comparison of all protocols on major performance metrics, aggregating their efficiency in computational overhead, authentication latency, memory consumption, energy expenditure, communication overhead, scalability, and security effectiveness. The comparison identifies SecureDrone’s strengths in maximizing resource utilization, minimizing authentication time, reducing communication expenses, and maximizing security resilience against different attack scenarios.

4.10. Impact of Deep Learning Model Complexity

Figure 12 illustrates performance comparisons of different machine learning methods for behavioral authentication. Although Deep LSTM has the highestperformance(~99%), the RF + LSTM hybrid model implemented (~98%) offers almost the same security with much lower computational demands, which is an ideal balance between security and resource utilization for drone environments.

5. Discussion

The SecureDrone authentication protocol settles the key security issues surrounding the Internet of Drones (IoD) effectively. The protocol effectively balances between low-resource-utility and high-security attributes by integrating lightweight cryptographic algorithms with behavior analysis using machine learning. The main contribution of SecureDrone is to enable more accurate authentication with minimal computational overhead. Comparison with other protocols such as LDAP, TAUROT, IoD-Auth, and LEMAP demonstrates notable enhancement in relevant performance metrics of interest. SecureDrone holds a 30% reduction in computation overhead, 25% lower authentication delay, and 40% reduced memory usage without losing strict security guarantees. All of this validates that our protocol is particularly well designed for resource-constrained drone networks with real-time authentication at the cost of nothing else. Additionally, adaptive security is also achieved through the behavior analysis module that uses machine learning, making SecureDrone stronger against dynamic and adaptive types of attacks. SecureDrone uses ensemble learning methods such as Long Short-Term Memory (LSTM) networks and Random Forest classifiers to detect anomalous user activity and catch attacks prior to causing harm. This aspect greatly boosts impersonation attack resistance and unauthorized access attempts common in IoD environments. The security verification performed using the assistance of the AVISPA tool also reinforces the high resilience of SecureDrone to significant attacks including man-in-the-middle (MITM) attacks, replay attacks, and key compromise attempts. The timestamps employed along with nonces, digital signatures, and the application of elliptic curve cryptography (ECC) in SecureDrone secure cryptographic integrity firmly while the resource consumption is minimized to an absolute level. Scalability testing also highlights how practical SecureDrone is on large-scale drone networks. Even during heavy network loads, SecureDrone exhibits steady authentication performance, demonstrating the capability to carry an increasing quantity of drones and users without wasting resources in an observable manner. Scalability is achieved through optimization of session handling, distributed computation on edge servers, and cryptographically optimized functions. Although the envisioned authentication framework is specifically designed for the IoD environment, it can be adapted to other domains that have mobility restrictions and scarce resources in the future, e.g., autonomous vehicular networks, underwater sensor networks, and wearable medical devices. These extensions can further show the flexibility and broader applicability of the framework. In spite of all these benefits, there are certain drawbacks. First, behavior analysis does improve security, but needs startup training data to create precise user profiles, and this may involve a deployment learning curve. Second, the protocol makes use of edge computing capabilities to run real-time behavior analysis, which may not be present in all IoD settings. Future work might look to explore fully decentralized authentication approaches that can counteract such limitations.

6. Conclusions

The SecureDrone authentication framework improves IoD security through a combination of machine-learning based behavior analysis with light-weight cryptographic schemes to provide strong security at minimal resource costs. The proposed SecureDrone provides a 30% decrease in processing, 25% decrease in authentication latency and 40% decrease in memory usage, when compared with the existing protocols of LDAP, TAUROT, IoD-Auth and LEMAP, making it extremely efficient for deployment in low-resource drone networks. The proposed SecureDrone uses LSTM and Random Forest algorithms to identify anomalous behaviors and provides adaptive defenses to manifestations of threats, such as impersonation and unauthorized access. Formal security verification via AVISPA demonstrates the proposed framework’s resistance to man-in-the-middle, replay and key compromised attacks, as well as scalability testing demonstrating the proposed framework maintains performance predictability in high network load scenarios. The implementation of optimized cryptographic pipelines, session handling, and distributed processing across edge servers further improves efficiencies. However, planning for the initial training data requirements and a dependence on edge computing for processing to provide real time responses may not be suitable for all deployments. This framework has immediate utility in the military drone domain, commercial delivery networks and smart city surveillance systems where a blend of resource efficiency and strong security is paramount. In military scenarios, SecureDrone’s ability to withstand sophisticated attacks allows for secure tactical communications in contested environments. In commercial drone delivery operations, the low computational overhead of our framework means that it can be implemented on low-cost hardware while maintaining sufficient security to operate in populated areas. For public safety agencies, the behavioral analysis portion of the framework offers additional security by identifying drones subjected to malicious attacks, and providing indicators of unauthorized control attempts during critical incidents. SecureDrone’s demonstrated improvements in performance, from this work, allows for rapid rollout and adoption in production environments, while also establishing a new standard in IoD security protocols. Current and future work will continue to improve decentralized authentication, consider blockchain to add security to IoD operations, and enhance the behavior analysis model to add more layers of security to IoD authentication frameworks, and consider extending IoD authentication frameworks operations to new areas including agricultural monitoring, infrastructure inspection and fully autonomous drone swarms.

Author Contributions

Conceptualization, V.K.P., S.P. and A.R.; investigation, V.K.P., S.P. and S.K.J.; methodology, V.K.P. and X.L.; supervision, S.P. and R.S.R.; validation, A.R., X.L. and R.S.R.; writing, V.K.P., S.P. and S.K.J.; review and editing, A.R., S.P., X.L. and R.S.R. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

Links to publicly archived datasets are https://www.kaggle.com/datasets; https://archive.ics.uci.edu/datasets (accessed on 25 March 2025).

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Fotouhi, A.; Qiang, H.; Ding, M.; Hassan, M.; Giordano, L.G.; Garcia-Rodriguez, A.; Yuan, J. Survey on UAV cellular communications: Practical aspects, standardization advancements, regulation, and security challenges. IEEE Commun. Surv. Tutor. 2019, 21, 3417–3442. [Google Scholar] [CrossRef]
  2. Akram, J.; Anaissi, A.; Akram, A.; Rathore, R.S.; Jhaveri, R.H. Adversarial Label-Flipping Attack and Defense for Anomaly Detection in Spatial Crowdsourcing UAV Services. IEEE Trans. Consum. Electron. 2024, 1. [Google Scholar] [CrossRef]
  3. Maulana, F.I.; Febriantono, M.A.; Hamim, M.; Fajri, B.R.; Arifuddin, R. Scientometric analysis in the field of big data and artificial intelligence in industry. In Proceedings of the 2022 1st International Conference on Information System & Information Technology (ICISIT), Virtual Conference, 27–28 July 2022; IEEE: Piscataway, NJ, USA, 2022. [Google Scholar]
  4. Su, J.; Zhu, X.; Li, S.; Chen, W.H. AI meets UAVs: A survey on AI empowered UAV perception systems for precision agriculture. Neurocomputing 2023, 518, 242–270. [Google Scholar] [CrossRef]
  5. Hayajneh, A.M.; Zaidi, S.A.R.; McLernon, D.C.; Di Renzo, M.; Ghogho, M. Performance analysis of UAV enabled disaster recovery networks: A stochastic geometric framework based on cluster processes. IEEE Access 2018, 6, 26215–26230. [Google Scholar] [CrossRef]
  6. Jha, S.K.; Prakash, S.; Rathore, R.S.; Mahmud, M.; Kaiwartya, O.; Lloret, J. Quality-of-service-centric design and analysis of unmanned aerial vehicles. Sensors 2022, 22, 5477. [Google Scholar] [CrossRef]
  7. Jha, S.K.; Prakash, S.; Rathore, R.S.; Mahmud, M.; Kaiwartya, O.; Lloret, J. UAV-enabled intelligent transportation systems for the smart city: Applications and challenges. IEEE Commun. Mag. 2017, 55, 22–28. [Google Scholar]
  8. Purohit, S.; Mishra, N.; Yang, T.; Singh, R.; Mo, D.; Wang, L. Real-Time Threat Detection and Response Using Computer Vision in Border Security. In Proceedings of the 2024 International Conference on Intelligent Algorithms for Computational Intelligence Systems (IACIS), Hassan, India, 23–24 August 2024; IEEE: Piscataway, NJ, USA, 2024. [Google Scholar]
  9. Bhawana; Kumar, S.; Rathore, R.S.; Mahmud, M.; Kaiwartya, O.; Lloret, J. BEST—Blockchain-enabled secure and trusted public emergency services for smart cities environment. Sensors 2022, 22, 5733. [Google Scholar] [CrossRef]
  10. Mishra, D.; Singh, M.; Rewal, P.; Pursharthi, K.; Kumar, N.; Barnawi, A.; Rathore, R.S. Quantum-safe secure and authorized communication protocol for internet of drones. IEEE Trans. Veh. Technol. 2023, 72, 16499–16507. [Google Scholar] [CrossRef]
  11. Zhang, C.; Kovacs, J.M. The application of small unmanned aerial systems for precision agriculture: A review. Precis. Agric. 2012, 13, 693–712. [Google Scholar] [CrossRef]
  12. Erdelj, M.; Król, M.; Natalizio, E. Wireless sensor networks and multi-UAV systems for natural disaster management. Comput. Netw. 2017, 124, 72–86. [Google Scholar] [CrossRef]
  13. Otto, A.; Agatz, N.; Campbell, J.; Golden, B.; Pesch, E. Optimization approaches for civil applications of unmanned aerial vehicles (UAVs) or aerial drones: A survey. Networks 2018, 72, 411–458. [Google Scholar] [CrossRef]
  14. Zeng, Y.; Zhang, R.; Lim, T.J. Wireless communications with unmanned aerial vehicles: Opportunities and challenges. IEEE Commun. Mag. 2016, 54, 36–42. [Google Scholar] [CrossRef]
  15. Rathore, R.S.; Sangwan, S.; Kaiwartya, O.; Aggarwal, G. Green Communication for Next-Generation Wireless Systems: Optimization Strategies, Challenges, Solutions, and Future Aspects. Wirel. Commun. Mob. Comput. 2021, 2021, 5528584. [Google Scholar] [CrossRef]
  16. Humphreys, T.E. Statement on the vulnerability of civil unmanned aerial vehicles and other systems to civil GPS spoofing. In US Congressional Testimony; The University of Texas at Austin: Austin, TX, USA, 2012. [Google Scholar]
  17. Durfey, N.; Sajal, S. A comprehensive survey: Cybersecurity challenges and futures of autonomous drones. In Proceedings of the 2022 Intermountain Engineering, Technology and Computing (IETC), Orem, UT, USA, 13–14 May 2022; pp. 1–7. [Google Scholar]
  18. Shakhatreh, H.; Sawalmeh, A.H.; Al-Fuqaha, A.; Dou, Z.; Almaita, E.; Khalil, I.; Guizani, M. Unmanned aerial vehicles (UAVs): A survey on civil applications and key research challenges. IEEE Access 2019, 7, 48572–48634. [Google Scholar] [CrossRef]
  19. Wang, C.; Wang, D.; Duan, Y.; Tao, X. Secure and lightweight user authentication scheme for cloud-assisted Internet of Things. IEEE Trans. Inf. Forensics Secur. 2023, 18, 2961–2976. [Google Scholar] [CrossRef]
  20. Akram, J.; Hussain, W.; Jhaveri, R.H.; Rathore, R.S.; Anaissi, A. Dynamic GNN-based multimodal anomaly detection for spatial crowdsourcing drone services. Digit. Commun. Netw. 2025; in press. [Google Scholar]
  21. Cao, X.; Shila, D.M.; Cheng, Y.; Yang, Z.; Zhou, Y.; Chen, J. Ghost-in-zigbee: Energy depletion attack on zigbee-based wireless networks. IEEE Internet Things J. 2016, 3, 816–829. [Google Scholar] [CrossRef]
  22. Nawaj, M.D.; Mohanta, H.; Yang, T.; Rathore, R.S.; Mo, D.; Wang, L. Adaptive Self-Tuning Robotic Autonomy for Unmanned Aerial Vehicles. In Proceedings of the 2024 International Conference on Intelligent Algorithms for Computational Intelligence Systems (IACIS), Hassan, India, 23–24 August 2024. [Google Scholar]
  23. Boukoberine, M.N.; Zhou, Z.; Benbouzid, M. A critical review on unmanned aerial vehicles power supply and energy management: Solutions, strategies, and prospects. Appl. Energy 2019, 255, 113823. [Google Scholar] [CrossRef]
  24. Raj, M.; Harshini, N.B.; Gupta, S.; Atiquzzaman, M.; Rawlley, O.; Goel, L. Leveraging precision agriculture techniques using UAVs and emerging disruptive technologies. Energy Nexus 2024, 14, 100300. [Google Scholar] [CrossRef]
  25. Kumar, S.; Singh, A.; Benslimane, A.; Chithaluru, P.; Albahar, M.A.; Rathore, R.S.; Álvarez, R.M. An optimized intelligent computational security model for interconnected blockchain-IoT system & cities. Ad Hoc Netw. 2023, 151, 103299. [Google Scholar]
  26. Khan, A.S.; Balan, K.; Javed, Y.; Tarmizi, S.; Abdullah, J. Secure trust-based blockchain architecture to prevent attacks in VANET. Sensors 2019, 19, 4954. [Google Scholar] [CrossRef]
  27. Yazdinejad, A.; Parizi, R.M.; Dehghantanha, A.; Choo, K.K.R. Blockchain-enabled authentication handover with efficient privacy protection in SDN-based 5G networks. IEEE Trans. Netw. Sci. Eng. 2019, 8, 1120–1132. [Google Scholar] [CrossRef]
  28. Wang, W.; Xu, P.; Yang, L.T. Secure data collection, storage and access in cloud-assisted IoT. IEEE Cloud Comput. 2018, 5, 77–88. [Google Scholar] [CrossRef]
  29. Akram, J.; Anaissi, A.; Rathore, R.S.; Jhaveri, R.H.; Akram, A. Galtrust: Generative adverserial learning-based framework for trust management in spatial crowdsourcing drone services. IEEE Trans. Consum. Electron. 2024, 70, 6196–6207. [Google Scholar] [CrossRef]
  30. Wang, J.; Wu, L.; Choo, K.K.R.; He, D. Blockchain-based anonymous authentication with key management for smart grid edge computing infrastructure. IEEE Trans. Ind. Inform. 2019, 16, 1984–1992. [Google Scholar] [CrossRef]
  31. Sciancalepore, S.; Oligeri, G.; Di Pietro, R. Strength of crowd (SOC)—Defeating a reactive jammer in IoT with decoy messages. Sensors 2018, 18, 3492. [Google Scholar] [CrossRef]
  32. Rathore, R.S.; Hewage, C.; Kaiwartya, O.; Lloret, J. In-vehicle communication cyber security: Challenges and solutions. Sensors 2022, 22, 6679. [Google Scholar] [CrossRef]
  33. Khan, M.A.; Salah, K. IoT security: Review, blockchain solutions, and open challenges. Future Gener. Comput. Syst. 2018, 82, 395–411. [Google Scholar] [CrossRef]
  34. Sharma, P.K.; Singh, S.; Jeong, Y.S.; Park, J.H. Distblocknet: A distributed blockchains-based secure sdn architecture for iot networks. IEEE Commun. Mag. 2017, 55, 78–85. [Google Scholar] [CrossRef]
  35. Sharma, S.; Chen, K.; Sheth, A. Toward practical privacy-preserving analytics for IoT and cloud-based healthcare systems. IEEE Internet Comput. 2018, 22, 42–51. [Google Scholar] [CrossRef]
  36. Adil, M.; Jan, M.A.; Liu, Y.; Abulkasim, H.; Farouk, A.; Song, H. A systematic survey: Security threats to UAV-aided IoT applications, taxonomy, current challenges and requirements with future research directions. IEEE Trans. Intell. Transp. Syst. 2022, 24, 1437–1455. [Google Scholar] [CrossRef]
  37. García-Magariño, I.; Lacuesta, R.; Rajarajan, M.; Lloret, J. Security in networks of unmanned aerial vehicles for surveillance with an agent-based approach inspired by the principles of blockchain. Ad Hoc Netw. 2019, 86, 72–82. [Google Scholar] [CrossRef]
  38. Patel, A.D.; Jhaveri, R.H.; Shah, K.A.; Patel, A.D.; Rathore, R.S.; Paliwal, M.; Thakker, D. Security Trends in Internet-of-things for Ambient Assistive Living: A Review. Recent Adv. Comput. Sci. Commun. (Former. Recent Pat. Comput. Sci.) 2024, 17, 18–46. [Google Scholar] [CrossRef]
  39. Bera, S.; Misra, S.; Vasilakos, A.V. Software-defined networking for internet of things: A survey. IEEE Internet Things J. 2017, 4, 1994–2008. [Google Scholar] [CrossRef]
  40. Zhang, H.; Song, L.; Han, Z.; Poor, H.V. Cooperation techniques for a cellular internet of unmanned aerial vehicles. IEEE Wirel. Commun. 2019, 26, 167–173. [Google Scholar] [CrossRef]
  41. Akram, J.; Anaissi, A.; Rathore, R.S.; Jhaveri, R.H.; Akram, A. Digital twin-driven trust management in open ran-based spatial crowdsourcing drone services. IEEE Trans. Green Commun. Netw. 2024, 26, 167–173. [Google Scholar] [CrossRef]
  42. Ouiazzane, S.; Addou, M.; Barramou, F. A Zero-Trust Model for Intrusion Detection in Drone Networks. Int. J. Adv. Comput. Sci. Appl. 2023, 14, 525–537. [Google Scholar] [CrossRef]
  43. Wazid, M.; Bera, B.; Das, A.K.; Garg, S.; Niyato, D.; Hossain, M.S. Secure communication framework for blockchain-based internet of drones-enabled aerial computing deployment. IEEE Internet Things Mag. 2021, 4, 120–126. [Google Scholar] [CrossRef]
  44. Wu, L.; Wang, J.; Choo, K.K.R.; He, D. Secure key agreement and key protection for mobile device user authentication. IEEE Trans. Inf. Forensics Secur. 2018, 14, 319–330. [Google Scholar] [CrossRef]
  45. Wazid, M.; Das, A.K.; Odelu, V.; Kumar, N.; Susilo, W. Secure remote user authenticated key establishment protocol for smart home environment. IEEE Trans. Dependable Secur. Comput. 2017, 17, 391–406. [Google Scholar] [CrossRef]
  46. Da, L.; Wang, Y.; Ding, Y.; Xiong, W.; Wang, H.; Liang, H. An efficient certificateless signcryption scheme for secure communication in uav cluster network. In Proceedings of the 2021 IEEE International Conferenceon Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom), New York, NY, USA, 30 September–3 October 2021; IEEE: Piscataway, NJ, USA, 2021. [Google Scholar]
  47. Thakur, A.; Tyagi, R.; Tripathy, H.K.; Yang, T.; Rathore, R.S.; Mo, D.; Wang, L. Detecting Network Attack using Federated Learning for IoT Devices. In Proceedings of the 2024 International Conference on Intelligent Algorithms for Computational Intelligence Systems (IACIS), Hassan, India, 23–24 August 2024; IEEE: Piscataway, NJ, USA, 2024. [Google Scholar]
  48. Gope, P.; Sikdar, B. Lightweight and privacy-preserving two-factor authentication scheme for IoT devices. IEEE Internet Things J. 2018, 6, 580–589. [Google Scholar] [CrossRef]
  49. Awada, U.; Zhang, J.; Chen, S.; Li, S.; Yang, S. Resource-aware multi-task offloading and dependency-aware scheduling for integrated edge-enabled IoV. J. Syst. Archit. 2023, 141, 102923. [Google Scholar] [CrossRef]
  50. Bumiller, A.; Barais, O.; Challita, S.; Combemale, B.; Aillery, N.; Le Lan, G. A context-driven modelling framework for dynamic authentication decisions. In Proceedings of the 2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), Gran Canaria, Spain, 31 August–2 September 2022. [Google Scholar]
  51. Alkadi, O.; Moustafa, N.; Turnbull, B.; Choo, K.K.R. A deep blockchain framework-enabled collaborative intrusion detection for protecting IoT and cloud networks. IEEE Internet Things J. 2020, 8, 9463–9472. [Google Scholar] [CrossRef]
  52. Sinha, P.; Sahu, D.; Prakash, S.; Yang, T.; Rathore, R.S.; Pandey, V. K A high performance hybrid LSTM CNN secure architecture for IoT environments using deep learning. Sci. Rep. 2025, 15, 9684. [Google Scholar] [CrossRef]
  53. Wang, Y.; Ding, J.; He, X.; Wei, Q.; Yuan, S.; Zhang, J. Intrusion detection method based on denoising diffusion probabilistic models for uav networks. Mob. Netw. Appl. 2023, 29, 1467–1476. [Google Scholar] [CrossRef]
  54. Kumar, A.; Srinivasan, K.; Cheng, W.H.; Zomaya, A.Y. Hybrid context enriched deep learning model for fine-grained sentiment analysis in textual and visual semiotic modality social data. Inf. Process. Manag. 2020, 57, 102141. [Google Scholar] [CrossRef]
  55. Sedjelmaci, H.; Senouci, S.M.; Ansari, N. A hierarchical detection and response system to enhance security against lethal cyber-attacks in UAV networks. IEEE Trans. Syst. Man Cybern. Syst. 2017, 48, 1594–1606. [Google Scholar] [CrossRef]
  56. Gupta, S.K.; Pandey, V.K.; Alsolbi, I.; Yadav, S.K.; Sahu, P.K.; Prakash, S. An efficient multi-objective framework for wireless sensor network using machine learning. Sci. Rep. 2025, 15, 6370. [Google Scholar] [CrossRef]
  57. Kostage, K.; Adepu, R.; Monroe, J.; Haughton, T.; Mogollon, J.; Poduvu, S.; Mitra, R. Federated Learning-enabled Network Incident Anomaly Detection Optimization for Drone Swarms. In Proceedings of the 26th International Conference on Distributed Computing and Networking, Hyderabad, India, 4–7 January 2025. [Google Scholar]
  58. Yan, X.; Han, B.; Su, Z.; Hao, J. SignalFormer: Hybrid Transformer for Automatic Drone Identification Based on Drone RF Signals. Sensors 2023, 23, 9098. [Google Scholar] [CrossRef]
  59. Won, J.; Seo, S.-H.; Bertino, E. A secure communication protocol for drones and smart objects. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, Singapore, 14–17 April 2015. [Google Scholar]
  60. Agrawal, S.; Boneh, D.; Boyen, X.; Freeman, D.M. Preventing Pollution Attacks in Multi-Source Network Coding. In Proceedings of the Public Key Cryptography–PKC 2010: 13th International Conference on Practice and Theory in Public Key Cryptography, Paris, France, 26–28 May 2010; Proceedings 13. Springer: Berlin/Heidelberg, Germany, 2010. [Google Scholar]
  61. Sohail, M.; Latif, Z.; Javed, S.; Biswas, S.; Ajmal, S.; Iqbal, U.; Khan, A.U. Routing protocols in vehicular adhoc networks (vanets): A comprehensive survey. Internet Things 2023, 23, 100837. [Google Scholar] [CrossRef]
  62. Hussain, R.; Hussain, F.; Zeadally, S. Integration of VANET and 5G Security: A review of design and implementation issues. Future Gener. Comput. Syst. 2019, 101, 843–864. [Google Scholar] [CrossRef]
  63. Wang, F.; Xu, Y.; Zhang, H.; Zhang, Y.; Zhu, L. 2FLIP: A two-factor lightweight privacy-preserving authentication scheme for VANET. IEEE Trans. Veh. Technol. 2015, 65, 896–911. [Google Scholar] [CrossRef]
  64. Sahu, D.; Nidhi; Prakash, S.; Pandey, V.K.; Yang, T.; Rathore, R.S.; Wang, L. Edge assisted energy optimization for mobile AR applications for enhanced battery life and performance. Sci. Rep. 2025, 15, 10034. [Google Scholar] [CrossRef] [PubMed]
  65. Samriya, J.K.; Kumar, M.; Tiwari, R. Energy-aware ACO-DNN optimization model for intrusion detection of unmanned aerial vehicle (UAVs). J. Ambient. Intell. Humaniz. Comput. 2023, 14, 10947–10962. [Google Scholar] [CrossRef]
  66. Krichen, M. Timed Automata-Based Strategy for Controlling Drone Access to Critical Zones: A UPPAAL Modeling Approach. Electronics 2024, 13, 2609. [Google Scholar] [CrossRef]
  67. Mekdad, Y.; Aris, A.; Acar, A.; Conti, M.; Lazzeretti, R.; Fergougui, A.E.; Uluagac, S. A comprehensive security and performance assessment of UAV authentication schemes. Secur. Priv. 2024, 7, e338. [Google Scholar] [CrossRef]
  68. Bouziane, I.; Belmokadem, H.; Moussaoui, M. A Review of Formal Security Verification of Common Internet of Things (IoT) Communication Protocols. In Proceedings of the 2023 7th IEEE Congress on Information Science and Technology (CiSt), Agadir-Essaouira, Morocco, 16–22 December 2023; p. 9081532. [Google Scholar]
  69. Alsheavi, A.N.; Hawbani, A.; Othman, W.; Wang, X.; Qaid, G.; Zhao, L.; Al-Qaness, M.A. IoT Authentication Protocols: Challenges, and Comparative Analysis. ACM Comput. Surv. 2025, 57, 1–43. [Google Scholar] [CrossRef]
  70. Gilbert, C.; Gilbert, M.A. Continuous User Authentication on Mobile Devices. Eng. Sci. 2025, 10, 158–173. [Google Scholar]
Figure 1. Flowchart of proposed framework.
Figure 1. Flowchart of proposed framework.
Designs 09 00061 g001
Figure 2. Internet of Drones network architecture.
Figure 2. Internet of Drones network architecture.
Designs 09 00061 g002
Figure 3. SecureDrone authentication protocol architecture.
Figure 3. SecureDrone authentication protocol architecture.
Designs 09 00061 g003
Figure 4. Security verification using AVISPA tool.
Figure 4. Security verification using AVISPA tool.
Designs 09 00061 g004
Figure 5. Computational overhead (in ms) of five key protocols as number of drones increases.
Figure 5. Computational overhead (in ms) of five key protocols as number of drones increases.
Designs 09 00061 g005
Figure 6. Authentication times comparison across five key protocols as network traffic increases.
Figure 6. Authentication times comparison across five key protocols as network traffic increases.
Designs 09 00061 g006
Figure 7. Memory consumption of five key protocols during authentication with varying number of concurrent sessions.
Figure 7. Memory consumption of five key protocols during authentication with varying number of concurrent sessions.
Designs 09 00061 g007
Figure 8. Energy consumption comparison among five key authentication operations.
Figure 8. Energy consumption comparison among five key authentication operations.
Designs 09 00061 g008
Figure 9. Communication overhead of five key protocols as the number of messages and their size increases.
Figure 9. Communication overhead of five key protocols as the number of messages and their size increases.
Designs 09 00061 g009
Figure 10. 3D visualization showing authentication time as both drone count and user count increases.
Figure 10. 3D visualization showing authentication time as both drone count and user count increases.
Designs 09 00061 g010
Figure 11. Authentication success rate under different attack scenarios.
Figure 11. Authentication success rate under different attack scenarios.
Designs 09 00061 g011
Figure 12. Comparison of performance of different machine learning methods in behavioral authentication.
Figure 12. Comparison of performance of different machine learning methods in behavioral authentication.
Designs 09 00061 g012
Table 1. Security properties verification results.
Table 1. Security properties verification results.
Security PropertyVerification ToolResultDescription
Mutual AuthenticationOFMC, CL-AtSeSAFEProtocol ensures all entities authenticate each other
Session Key SecrecyOFMC, CL-AtSe, SATMCSAFESession keys remain confidential between authenticated parties
Message IntegrityOFMC, SATMCSAFEMessages cannot be altered without detection
Forward SecrecyCL-AtSeSAFECompromise of current keys does not affect past communications
Replay ProtectionOFMC, CL-AtSeSAFEProtocol resists replay of captured messages
Table 2. Simulation Parameters.
Table 2. Simulation Parameters.
ParameterValue
SimulatorNS2 (version 2.35)
Simulation duration1000 s
Simulation area1000 m × 1000 m
Number of drones5–50
Number of users1–20
Number of ground stations2–8
Number of edge servers1–5
Drone mobility modelRandom Waypoint
Drone speed0–20 m/s
Communication range100 m(drone-to-GCS)
Bandwidth5 Mbps (D2G), 20 Mbps (G2E), 50 Mbps (E2C)
MAC protocolIEEE 802.11n
Propagation modelTwo-ray ground
Packet size512 bytes
Cryptographic algorithmECC-256 (asymmetric), AES-128-GCM (symmetric)
Machine learning modelEnsemble (LSTM + Random Forest)
Authentication frequencyEvery 300 s
Background trafficCBR (varying intensity)
Table 3. Computational overhead breakdown (ms).
Table 3. Computational overhead breakdown (ms).
OperationSecureDroneLDAPTAUROTIoD-AuthLEMAP
Digital Signature Generation4.27.86.58.95.3
Signature Verification5.16.96.28.45.8
Key Exchange3.85.75.37.24.5
Symmetric Encryption0.70.80.90.80.8
Symmetric Decryption0.80.91.00.90.9
Hashing0.60.70.70.80.7
Behavior Analysis5.2N/A5.8N/A4.7
Total20.422.826.427.022.7
Table 4. Memory usage breakdown (KB) for 20 concurrent sessions.
Table 4. Memory usage breakdown (KB) for 20 concurrent sessions.
ComponentSecureDroneLDAPTAUROTIoD-AuthLEMAP
Cryptographic Keys2852486442
Session States3248425538
Behavior Profiles45N/A51N/A47
Authentication Cache1842354731
Code Footprint5065607258
Total173207236238216
Table 5. Communication Overhead Detailed Comparison.
Table 5. Communication Overhead Detailed Comparison.
ProtocolMessage CountAverage Size (bytes)Total Size (KB)Authentication Rounds
SecureDrone43281.282
LDAP63191.873
TAUROT53381.652.5
IoD-Auth73282.243.5
LEMAP53151.542.5
Table 6. Performance comparison summary.
Table 6. Performance comparison summary.
MetricSecureDroneLDAPTAUROTIoD-AuthLEMAPImprovement
Computational Overhead (ms)31.848.747.855.243.830% avg. reduction
Authentication Latency (ms)102.3156.7150.4168.5135.225% avg. reduction
Memory Usage (KB)25840238445336840% avg. reduction
Energy Consumption (mJ)42.568.363.775.457.935% avg. reduction
Communication Messages4657528% avg. reduction
Message Size (KB)1.281.871.652.241.5429% avg. reduction
Auth. Success (No Attack) (%)99.899.799.799.699.70.1% improvement
Auth. Success (Under Attack) (%)95.685.588.487.287.79% avg. improvement
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Pandey, V.K.; Prakash, S.; Ranjan, A.; Jha, S.K.; Liu, X.; Rathore, R.S. An Efficient Framework for Secure Communication in Internet of Drone Networks Using Deep Computing. Designs 2025, 9, 61. https://doi.org/10.3390/designs9030061

AMA Style

Pandey VK, Prakash S, Ranjan A, Jha SK, Liu X, Rathore RS. An Efficient Framework for Secure Communication in Internet of Drone Networks Using Deep Computing. Designs. 2025; 9(3):61. https://doi.org/10.3390/designs9030061

Chicago/Turabian Style

Pandey, Vivek Kumar, Shiv Prakash, Aditya Ranjan, Sudhanshu Kumar Jha, Xin Liu, and Rajkumar Singh Rathore. 2025. "An Efficient Framework for Secure Communication in Internet of Drone Networks Using Deep Computing" Designs 9, no. 3: 61. https://doi.org/10.3390/designs9030061

APA Style

Pandey, V. K., Prakash, S., Ranjan, A., Jha, S. K., Liu, X., & Rathore, R. S. (2025). An Efficient Framework for Secure Communication in Internet of Drone Networks Using Deep Computing. Designs, 9(3), 61. https://doi.org/10.3390/designs9030061

Article Metrics

Back to TopTop