An Efficient Framework for Secure Communication in Internet of Drone Networks Using Deep Computing

Abstract

The rapid deployment of the Internet of Drones (IoD) across different fields has brought forth enormous security threats in real-time data communication. To overcome authentication vulnerabilities, this paper introduces a secure lightweight framework integrating deep learning-based user behavior analysis and cryptographic protocols. The proposed framework is verified through AVISPA security verification against replay, man-in-the-middle, and impersonation attacks. Performance analysis via NS2 simulations based on changing network parameters (5–50 drones, 1–20 users, 2–8 ground stations) validates enhancements in computation overhead, authentication delay, memory usage, power consumption, and communication effectiveness in comparison with recent models such as LDAP, TAUROT, IoD-Auth, and LEMAP, thereby establishing our system as an optimal choice for safe IoD operation.

1. Introduction

The Internet of Drones (IoD) is an emerging paradigm for unmanned aerial vehicle (UAV) networking that allows controlled coordination and communication of numerous drones under a unified framework [1]. The IoD is an evolving technology that encompasses the conventional Internet of Things (IoT) frameworks and additionally includes the unique mobility, communication, and computing limitations of drone systems [2]. The current market survey estimates the global market for drones to be USD 63.6 billion as of 2025, growing at a compound annual rate of more than 25% [3], underscoring, again, the need to develop secure and efficient IoD infrastructures. Drones have become unavoidable across various application fields such as precision agriculture [4], disaster relief [5], military reconnaissance [6], package delivery [7], border protection [8], and city surveillance [9]. Drones have become vital tools in many industries, with real-world deployment providing compelling proof of their worth [10]. In the field of precision agriculture, for example, monitoring using UAVs has enhanced crop yields by up to 15% and decreased pesticide applications by 30% [11]. In disaster relief efforts, drones cut search and rescue times by more than 40% during the 2015 Nepalese earthquake response [12]. The market for commercial drone delivery alone is projected to exceed USD 5.6 billion by 2026, with more than 1.3 million deliveries already made worldwide by firms such as Zipline and Amazon Prime Air [13]. This extensive usage is due to technological innovations in the miniaturization of sensors, increased battery life, better processing power, and extended wireless connectivity options [14]. Today’s drones incorporate advanced sensing technologies such as high-definition cameras, LiDAR, thermal cameras, and multispectral sensors, producing unprecedented levels of real-time information that facilitate advanced decision-making processes [15].

Security vulnerabilities have already resulted in real-world incidents: in 2019, a GPS spoofing attack diverted multiple UAVs in a commercial testbed, resulting in loss of drones worth more than USD 200,000 [16]. Furthermore, in a simulated man-in-the-middle attack on a drone swarm control network, researchers proved that up to 80% of the drones might be hijacked in 90 s [17]. The intrinsic nature of IoD systems poses distinctive security threats to those using conventional IoT networks [18], such as resource limitations, since drones usually have limited computational capabilities, power sources, and storage capacities, calling for lightweight security measures [19]; dynamic network topologies [20], with the high mobility of drones resulting in perpetually varying network topologies, making it difficult to integrate static security measures [21]; real-time requirements [22], as some critical applications require minimal latency in data processing and transmission, putting high-performance requirements on security measures [23]; wireless vulnerabilities, such as the use of wireless communications making drone networks susceptible to jamming, eavesdropping, and man-in-the-middle attacks [24]; and physical accessibility, with drones deployed in open environments being more exposed to capture and hardware attacks [25]. Current security solutions for IoD systems have generally relied on encryption methods [26], blockchain [27], and legacy authentication schemes [28]. Although these methods deal with some security issues [29], they usually have huge computational overheads that contradict the real-time constraints and limited resources of drone systems [30]. Furthermore, legacy security protocols also tend to overlook the specific mobility characteristics and communication constraints of drone networks [31].

Several authentication frameworks have been suggested for IoD environments in particular. Rathore et al. [32] suggested a mutual authentication scheme based on elliptic curve cryptography, which is secure but consumingly computational. Likewise, Khan et al. [33] suggested a lightweight authentication mechanism for communication in drones, although it is not very secure against advanced attack vectors. Sharma et al. [34] proposed a blockchain-based authentication system for UAVs, which provides strong security assurances but imposes prohibitive delays for real-time use. Notwithstanding these efforts, there is still an important research gap regardingauthentication protocols that, at the same time, meet the ostensibly conflicting demands of strong security, low computational overhead, and low delay for real-time IoD operations.

To meet these challenges, this paper introduces a new machine learning-augmented cryptographic protocol for secure user authentication in IoD systems. Our design employs behavioral biometrics and lightweight cryptographic primitives to establish an effective authentication framework that strikes a good balance between computational overhead reduction and security enhancement. The protocol proposed has adaptive security measures that automatically adjust to varying threat levels and usage environments for optimal balance between the strength of security and efficiency of performance.

The major contributions of this work are:

• The design of a lightweight authentication framework based on a hybrid machine learning model that incorporates random forest and LSTM models with comparable security and significantly lower computational demands.
• Complete security verification by way of formal verification using AVISPA (Automated Validation of Internet Security Protocols and Applications) and informal security analysis to show immunity to typical attack mechanisms such as replay attacks, man-in-the-middle attacks, and impersonation attacks.
• Extensive performance assessment with NS2 simulation, achieving a 43% decrease in computational overhead, 37% reduction in communication latency, and 28% less energy expenditure than current IoD authentication mechanisms.

The rest of this paper is structured as follows: Section 2 surveys relevant work on IoD security and authentication protocols. Section 3 explains the system model and an assumption made by our approach and introduces the proposed authentication protocol and its building blocks. Section 4 provides performance evaluation and simulation results. Section 5 gives a discussion of the overall results. Lastly, Section 6 concludes the paper and states future directions of work.

2. Related Work

This part offers an extensive review of the literature on security protocols for the Internet of Drones (IoD) from the perspective of authentication mechanisms, cryptographic methods, and machine learning-based security solutions. We classify the literature into three main groups: general IoD security frameworks, lightweight authentication protocols, and machine learning applications in drone security.

2.1. IoD Security Frameworks

The special nature of drone networks requires dedicated security architectures to deal with their specific issues. Sharma et al. [35] discussed the security architecture for dronecommunication networks, revealing flaws in current protocols and recommending a multi-layered security scheme. Likewise, Adil et al. [36] presented an extensive study of cyber threats in UAV networks, classifying attacks according to their effects on confidentiality, integrity, and availability of drone services. Garcia-Magarino et al. [37] presented a self-deployment UAV network structure with security measures tailored for emergencies, highlighting the significance of secure communication in dynamic settings but without comprehensive authentication mechanisms. Closing this shortcoming, Patel et al. [38] created a hierarchical security framework for swarms of drones that integrated cryptographic primitives and secure routing protocols. Bera et al. [39] proposed a fog-supported secure Internet of Drones (IoD) scheme that promotes better data security along with less latency, exhibiting more efficiency than existing cloud-based designs, but demanding great amounts of edge computing hardware. Following this theme, Zhang et al. [40] advanced software-defined networking (SDN)-powered security solutions for anIoD system based on flexible enforcement of security policy on heterogeneous networks of drones. Recent developments involve zero-trust architectures [41] for ongoing identity authentication [42] and blockchain-supporting frameworks for tamper-evident activity logging with efficiency preservation [43]. Our solution implements ongoing verification with smaller computational needs compared to blockchain-based implementations.

2.2. Lightweight Authentication Protocols

Authentication is a key security element in IoD systems. Wu et al. [44] proposed a lightweight mutual authentication scheme for drones using physically unclonable functions (PUFs), exhibiting resistance to replay and man-in-the-middle attacks with low computational overhead; nevertheless, their method needs dedicated hardware that adds costs to drones. Wazid et al. [45] proposed a lightweight authentication and key agreement protocol for UAV communication networks with lower computational complexity compared to traditional public key mechanisms but equal security levels. Da et al. [46] also proposed a certificateless signcryption scheme for drone communication with no certificate management infrastructure, hence reducing communication overhead. For computational resource-limited drone systems, Thakur et al. [47] designed an ultra-lightweight nonce-based bitwise operation authentication protocol that reduced computational needs but provided little defense against advanced attack channels. To overcome this limitation, Gope and Sikdar [48] offered a provably secure anonymous IoD authentication protocol that satisfied security strength and efficiency in computation. Recent research has involved RAPID-Auth, which attains 40% reduced energy consumption with elliptic curve cryptography [49], and context-aware authentication that adjusts security levels according to environmental conditions [50]. Our framework builds on these by integrating behavioral analysis with cryptographic mechanisms without usual energy costs.

2.3. Machine Learning for IoD Security

The use of machine learning methods to improve IoD security has been recently investigated. Alkadi et al. [51] utilized deep-learning methods [52] to identify unauthorized drone intrusions into defended airspace and found high accuracy in identifying legitimate versus malicious drone activity; however, their method is not concerned with authentication needs. Wang et al. [53] created a multi-factor authentication scheme for drones based on machine learning-based behavioral biometrics that examine flight trajectories to authenticate the identity of the drone in real-time, demonstrating the potential for prevention of session hijacking attacks but with a requirement for extensive training data. Likewise, Kumar et al. [54] have designed an intrusion detection system for IoD networks based on ensemble learning methods that dynamically respond to changing threat scenarios. Reinforcement learning [55] has also been identified to have potential for enhancing drone security, as seen with Sedjelmaci et al. [56], who came up with a reinforcement learning-driven intrusion detection framework for flying ad hoc networks (FANETs) that achieves maximum detection accuracy with low false positives. Their work recognizes the potential of adaptive security mechanisms for drone networks but focuses more on detection than on prevention. Some recent advances involve federated learning for distributed anomaly detection of drone swarms [57] and transformer models verifying drone pilots by control signal patterns with 97.8% accuracy [58]. Our proposed hybrid method is as accurate as that but has much lower computational requirements.

2.4. Security Evaluation Methodologies

Security protocol evaluation is a critical part of IoD research. Won et al. [59] established a solid security evaluation framework for IoD systems, suggesting metrics for the evaluation of authentication protocols in resource-constrained systems, and their work guided our methodology towards performance evaluation. Simulation-based security analysis can be applied in IoD studies, as evidenced by Agrawal et al. [60], who utilized NS2 simulations to compare and contrast secure routing protocols for FANETs in various attack scenarios, illustrating that mobility patterns must be considered when assessing the performance of security protocols. Building on this approach, Sohail et al. [61] suggested a hybrid simulation model combining network and hardware simulation to evaluate the impact of security measures on drone battery life [62]. Formal verification methods provide mathematical guarantees of security protocol correctness, as shown by Hussain et al. [63], who used AVISPA formal verification to examine mutual authentication protocols for IoT devices, proving its usability in resource-constrained systems. Also, Wang et al. [64] employed BAN logic to certify the security properties of a lightweight authentication scheme for heterogeneous wireless sensor networks, establishing a basis for formal security analysis in IoD scenarios. Modern solutions include DroneSim for simulating energy consumption effects of security mechanisms [65] and an automated theorem proving for authenticating security protocols in time-critical IoD applications [66]. Our strategy integrates formal verification with AVISPA and systematic performance analysis in practical mobility patterns.

2.5. Research Gap

Despite breakthroughs in IoD security, some important gaps still exist. Current authentication schemes typically do not handle the peculiar combination of mobility, resource limitations, and timeliness typical of drone networks. Moreover, although machine learning has exhibited great promise in strengthening security in a variety of contexts, its use in the context of IoD authentication is under-investigated. In addition, holistic security analysis that combines formal verification with performance evaluation in realistic scenarios is largely missing from the existing literature. Though recent contributions have considered separate features such as energy efficiency [49] or behavior-based authentication [58], there areno prior works that combine these factors within a unified framework verified using both rigorous formal security verification and genuine performance analysis. Our contribution fills this gap with anintegrated approach.

3. Materials and Methods

The SecureDrone authentication framework is a strong, multi-layer architecture developed for Internet of Drone (IoD) networks that includes cloud servers, edge servers, ground control stations, user controllers, and drones with domain-specific authentication and cryptography modules. It uses a three-stage authentication process—registration with secure key pairs, authentication via behavior analysis and cryptographic authentication, and session management with periodic re-authentication. The important cryptographic building blocks are SHA-256 for hashing, AES-GCM for encryption, ECC for key exchange, and nonce-timestamp protection for preventing replay attacks. One of the novel aspects is the inclusion of behavior analysis based on a hybrid machine learning technique—Random Forest for categorical and LSTM for time-series attributes—constructing behavioral profiles and calculating a Behavior Deviation Score (BDS) to invoke extra authentication upon detection of abnormalities. The protocol maximizes security through resource-conscious design, offloading model training to cloud servers but allowing real-time inference on edge servers, thereby minimizing computational overhead, latency, and energy consumption. Its multi-layered defense approach includes two-factor authentication, ongoing session monitoring, and adaptive re-authentication to counter several attack vectors. Innovative aspects are the addition of behavioral biometrics in drone verification, an adaptive security system scaling security measures according to anomaly detection, security-resource optimization as a measurable metric, and a distributed processing architecture distributing security functions among cloud, edge, and local units. The protocol has been systematically verified employing AVISPA tools (OFMC, CL-AtSe, SATMC, and TA4SP) and the outcome affirming its capability to work well against identified threats and guaranteeing all the security properties as SAFE. A flowchart in Figure 1 shows the proposed SecureDrone Authentication Framework, a total security solution for drone operations. The framework connects three major components: User/Controller, Ground Control Station, and the dronesthemselves. The authentication occurs in two phases: (a) the registration phase (establish the ECC key pairs, store the credentials, and setup the behavioral profiles) and (b) the authentication phase (which involves signing request, challenges, and session management). The system employs advanced cryptographic modules using SHA-256, AES-GCM, and ECC protocols to create secure sessions. Behavioral analysis is also utilized for ongoing security that is based on Random Forest for categorical data, and LSTM time series data, with processing performed on Edge and Cloud servers. This is a total security option in that both cryptographic and behavioral indication are verified and that drone operations are continuously monitored.

3.1. System Model and Problem Formulation

3.1.1. IoD Network Architecture

The Ground Control Station (GCS) edge servers, cloud servers, and drones compromising the Internet of Drones (IoD) network architecture are linked together with wireless communication channels. Drones (D), which are limited by computational and energy budgets, employ sensors and a communication module to sense data and send it to others. Localized control is offered through GCS, which serves as a bridge between drones and the infrastructure backend. Edge servers (ES), which offer computational power with low latency, are located near drone operating areas, while cloud servers (CS) process data and large-scale computations. Drone-to-GCS (D2G) through light protocols, GCS-to-Edge (G2E) through secure wireless links, and Edge-to-Cloud (E2C) via high-bandwidth lines are all components of the communication system. An IoD network architecture is shown in Figure 2.

3.1.2. Security Requirements

Mutual authentication, between the drone and the approved User/Controller, which authenticate each other’s identities before creating a secure communication channel, must be an aspect of the IoD authentication protocol. It must ensure data integrity to prevent transmitted information from being tampered with and offer data confidentiality by encrypting all data being communicated to prevent unlawful access by eavesdroppers. To avoid denial of participation in communication by the parties, non-repudiation should also be included in the protocol. Forward secrecy should be utilized for further security in a way that past communication is not affected by the compromise of current session keys. Lastly, to make the communication of the IoD both reliable and of integrity, the protocol should be resistant against commonly known attacks like replay, man-in-the-middle, and impersonation attacks.

3.1.3. Threat Model and Problem Formulation

The threat model considers both active attackers (Aa), who intercept, modify, or destroy messages, impersonate parties, launch denial-of-service (DoS) attacks, or take control of drones, and passive attackers (Ap), who listen in on and inspect communications. The probability that an attack will succeed is expressed as:

Pattack = Pdetection × Pexploitation × (1 − Pmitigation)

where Pdetection is the probability of detecting a vulnerability, Pexploitation is the probability of successful exploitation, and Pmitigation is the system’s mitigation probability. The authentication problem in the Internet of Drones (IoD) can be posed as an optimization problem that balances security strength and resource utilization. The objective function F is presented as:

F = max {w1 × S − w2 × C − w3 × L − w4 × M − w5 × E}

concerning the constraints:

S ≥ Smin, C ≤ Cmax, L ≤ Lmax, M ≤ Mmax, E ≤ Emax

where w1, w2, w3, w4, and w5 are weighting factors representing different protocol features of importance, Smin is the minimum security level acceptable, and Cmax, Lmax, Mmax, and Emax are maximum permissible constraints for computational overhead, authentication latency, memory use, and energy consumption, respectively. The authentication process between a drone Diand a user Uj is expressed as:

Auth(Di,Uj) = {m1, m2,..., mn}

where m1, m2,…., mn are the sequence of authentication messages. The security strength S is quantified as:

$$S={\sum }_{k=1}^k{\alpha }_k-{(1-P}_{attack,k})$$

where K is the number of available attack vectors, ${\alpha }_k$ is the effect of the k-th attack vector, and P_attack,k is the probability of success of an attack via the k-th vector. The computational overhead C is expressed as:

$$\sum _{i=1}^n{c}_{crypto, i}+c_{ML, i}$$

where $c_{crypto, i}$ is the cost of cryptographic computations, and ${ c}_{ML, i}$ is the cost of computations for machine learning at the i-th step. The optimization framework ensures that authentication in IoD is extremely secure while minimizing the usage of resources.

3.1.4. Proposed Authentication Protocol

The SecureDrone authentication protocol is a robust security mechanism that is suitable for the Internet of Drones (IoD). It uses machine learning-based behavior analysis of the users and lightweight cryptographic primitives for providing secure and lightweight authentication with low latency and processing overhead. There exists a cloud server, edge server, Ground Control Station, user controllers, and drones in the protocol structure; each includes domain-specific behavior analysis, authentication, and cryptographic modules. An architecture is shown in Figure 3.

There are three stages in the authentication procedure: the registration stage, in which the users, drones, and control stations are registered; the authentication stage, based on behavior analysis and cryptographic primitives for trusted authentication; and the session management stage, with secure communication through constant re-authentication. A combination model incorporating a Random Forest classifier for classifying categorical attributes and a Long Short-Term Memory (LSTM) network for identifying time patterns identifies user behavior patterns such as command use, flight path requests, and control input attributes to specify a behavioral profile. The Random Forest and LSTM combination was chosen particularly by ablation studies that proved its performance to be better than for single-model approaches. This blended model supports current research by Zhang et al. [67], which illustrated the performance of ensemble methods to surpass single classifiers for drone behavior authentication by 12–18%. Our choice of parameters for the Random Forest (100 trees, maximum depth of 10) and LSTM network (128 hidden units, 2-layer architecture) was tuned using grid search experiments to trade off accuracy against computational cost. User behavior analysis through machine learning is a new component of this protocol. By computing the deviation between the profile and the current behavior vector, the protocol computes a Behavior Deviation Score (BDS), which, in case of deviations greater than a threshold value, triggers additional authentication challenges. SecureDrone employs SHA-256 for hashing, AES-GCM for session encryption, Elliptic Curve Cryptography (ECC) for key exchange and digital signatures, and nonce-timestamp algorithms to prevent replay attacks to ensure security with minimal computational overhead. To ensure that only authorized users and drones communicate, the authentication process includes one-time user registration, behavior analysis when receiving an authentication request, challenge-response verification, and session key distribution upon successful authentication. SecureDrone ensures quick and scalable authentication in IoD environments by offloading model training onto cloud servers while preserving real-time inference on edge servers. This enhances security without compromising operational efficiency.

3.1.5. Training Process of Machine Learning Models

The SecureDrone authentication mechanism employs a hybrid machine learning strategy that combines a Random Forest classifier for categorical features and an LSTM (Long Short-Term Memory) network for time-series features to provide strong security for drone systems. At the user registration stage, behavioral features like command usage and typing rhythm are extracted to train user behavior models. The LSTM model, aimed at identifying sequential patterns, is created with an initial input size equal to the number of features, two hidden layers of 64 neurons each, and trained for 100 iterations using forward propagation, calculation of the loss, and backpropagation. Simultaneously, a Random Forest classifier of 100 trees with a maximum depth of 10 is trained on a balanced dataset for differentiating normal from anomalous behavior. For drone authentication, the same procedure is adopted with telemetry information such as flight paths and sensor measurements. The LSTM drone model is relatively small, consisting of two hidden layers and 32 neurons in each, and pre-trained on manufacturer-supplied data to model normal drone behavior. The included Random Forest classifier for drones employs 80 trees of depth 8 and is trained on drone-specific data. Parameters of the model were tuned via ablation studies and grid search to balance accuracy against computational cost, with the collective model performing 12–18% better than single models. Also, the system utilizes continuous learning during verification, employing a low learning rate (e.g., 0.01) to slow-learning adapt to normal behavior changes without sacrificing stability. The twin-model approach maintains high security without being computationally resource-intense for resource-limited drone environments.

3.1.6. Protocol Phases

The proposed security protocol includes three phases: registration, authentication, and verification. These phases all utilize machine learning methods for optimizing security using behavioral biometrics and telemetry analysis. The Algorithms 1–5 described below outline the execution of these phases for a solid framework for secure communication between users, drones, and the entity server.

Algorithm 1: User Registration

Input: UserID, Credentials, InitialBehaviorProfile Output: Registration token, Public Key of the Entity Server (PK_ES) 1:  (PK_U, SK_U)← GenerateECCKeyPair() 2:  Store UserID, PK_U, Hash(Credentials) in UserRegistry 3:  behavioralFeatures ← ExtractBehavioralFeatures(InitialBehaviorProfile) 4:  lstmModel ← InitializeLSTMNetwork(inputSize = |behavioralFeatures|, hiddenLayers = 2, hiddenSize = 64) 5:  lstmTrainingData ← GenerateSequentialBehaviorSamples(behavioralFeatures) 6:  for epoch = 1 to 100 do 7:     for each sequence in lstmTrainingData do 8:        output ← lstmModel.Forward(sequence) 9:        loss ← SequenceLoss(output, sequence) 10:        lstmModel.Backpropagate(loss) 11:    end for 12: end for 13: rfModel ← InitializeRandomForest(treeCount = 100, maxDepth = 10) 14: rfTrainingData ← GenerateBalancedTrainingSet(behavioralFeatures) 15: rfModel.Train(rfTrainingData) 16: Store (lstmModel, rfModel) in BehaviorDB under UserID 17: token ← SignECC(SK_ES, {UserID, PK_U, Timestamp}) 18: return token, PK_ES

Explanation:

User Registration—An ECC key pair is created at the beginning of the user registration process. The system stores the hashed user credentials and public key in a secure registry. The initial data on user interactions is used to derive behavioral features related to command usage and typing rhythm. A Random Forest (RF) classifier is trained using these features for anomaly detection, and an LSTM network is trained for sequential behavior modeling. Real and synthetic data are used to train both models, which are then stored in a behavior profile database. Finally, a registration token is generated by using the entity server’s private key to sign the user’s credentials and public key.

Algorithm 2: Drone Registration

Input: DroneID, DroneType, Capabilities Output: Drone Certificate 1:  (PK_D, SK_D)← GenerateECCKeyPair() 2:  Store DroneID, PK_D, DroneType, Capabilities in DroneRegistry 3:  telemetryFeatures ← ExtractTelemetryFeatures(DroneType, Capabilities) 4:  droneLSTM ← InitializeLSTMNetwork(inputSize = |telemetryFeatures|, hiddenLayers = 2, hiddenSize = 32) 5:  PretrainDroneLSTM(droneLSTM, DroneType) 6:  droneRF ← InitializeRandomForest(treeCount = 80, maxDepth = 8) 7:  PretrainDroneRF(droneRF, DroneType) 8:  Store (droneLSTM, droneRF) in DroneModelDB under DroneID 9:  SecureStore(DroneID, SK_D, PK_ES) 10: cert ← SignECC(SK_ES, {DroneID, PK_D, Timestamp}) 11: return cert

Explanation:

Drone Registration—During registration of the drone, the system creates an ECC key pair and registers metadata of the drone like type and capabilities. Telemetry features like flight patterns, sensor readings, control latencies are extracted. A pre-trained LSTM model for drones is initiated and pre-trained with manufacturer-provided datasets mimicking normal operation of the drones. Simultaneously, a Random Forest classifier is trained to detect anomalies in real-time. The models are stored, and the drone is equipped with its private key and entity server public key. A digitally signed certificate by the server completes the secure enrollment.

Algorithm 3: User Authentication

Input: UserID, AuthRequest = {reqID, timestamp, nonce, signature} Output: Encrypted challenge token or authentication failure 1:  if CurrentTime()-timestamp > TimeWindow then 2:      return AuthFailure(“Request expired”) 3:  end if 4:  userPK ← UserRegistry.getPK(UserID) 5:  if not VerifyECC(userPK, signature, {reqID, timestamp, nonce}) then 6:      return AuthFailure(“Invalid signature”) 7:  end if 8:  profile ← BehaviorDB.getProfile(UserID) 9:  lstmModel ← profile.LSTM 10: rfModel ← profile.RF 11: challenge ← GenerateUserBehaviorChallenge(profile) 12: challengeToken ← EncryptECC(userPK, {challenge, nonce + 1}) 13: return challengeToken

Explanation:

User Authentication—After receiving an authentication request from a user, the system verifies the freshness of the request first to avoid replay attacks. The system then authenticates the digital signature based on the user’s stored public key. In case it is valid, the system obtains the behavior models of the user and produces a dynamic behavioral challenge (for example, typing sequence or interface interaction task). The challenge is encrypted and dispatched to the user to produce genuine-time behavior to be checked subsequently.

Algorithm 4: Verify User Response

UserID, Response = {challenge, responseData, signature} is the input. Output: AuthFailure or AuthSuccess with session key 1: UserPK ← UserRegistry.getPK (UserID) 2: If VerifyECC(userPK, signature, {challenge, responseData}) is not present, then 3: return AuthFailure(“Invalid response”) 4: terminate if 5: Extract Behavior Features (responseData)← currentBehavior 6: behaviorSeq ← FormatBehaviorAsSequence(currentBehavior) 7: predictedSeq ← lstmModel.Forward(behaviorSeq) 8: SequenceLoss(predictedSeq, behaviorSeq[1:])← loss 9: lstmScore ← exp(−loss) 10: FormatBehaviorAsFeatureVector(currentBehavior)← rfVector 11: classProbs ← rfModel.PredictProbabilities(rfVector) 12: rfAnomaly ← 1 − classProbs[1] 13: behaviorScore ← 0.6 × lstmScore + 0.4 × (1 − rfAnomaly) 14: if behaviorScore is less than behavior threshold, then 15: Log(UserID, “Behavior anomaly”, behaviorScore) 16: AuthFailure(“Behavior anomaly detected”) is returned. 17: terminate if 18: lstmModel.Update(learningRate = 0.01, behaviorSeq) 19: rfModel.Update(rfVector, isPositive = TRUE) 20: BehaviorDB.update(UserID, currentBehavior, lstmModel, rfModel) 21: GenerateRandomKey(128) ← sessionKey 22: return AuthSuccess, encryptedKey 23: encryptedKey ← EncryptECC(userPK, sessionKey)

Explanation:

Verify User Response—Once the user reacts to the challenge, the system checks the signature of the response and extracts the features of the behavior. The LSTM model processes sequential patterns of behavior and computes confidence based on the accuracy of the prediction. Concurrently, RF model calculates the probability that the behavior is a legitimate user’s. These values are blended together to generate the final authentication score. When the score goes over a predetermined value, the models are refreshed with the new behavior data to facilitate adaptive learning and a secure session key is produced.

Algorithm 5: Verify Drone Response

Input: DroneID, Response = {challenge, telemetryData, signature} Output: AuthSuccess with encrypted session key or failure 1:  dronePK ← DroneRegistry.getPK(DroneID) 2:  if not VerifyECC(dronePK, signature, {challenge, telemetryData}) then 3:      return AuthFailure(“Invalid drone response”) 4:  end if 5:  telemetryFeatures ← ExtractTelemetryFeatures(telemetryData) 6:  seq ← FormatTelemetryAsSequence(telemetryFeatures) 7:  predicted ← droneLSTM.Forward(seq) 8:  seqScore ←CalculateSequenceSimilarity(predicted, seq) 9:  vector ← FormatTelemetryAsFeatureVector(telemetryFeatures) 10: prob ← droneRF.PredictProbabilities(vector) 11: anomaly ← 1 − prob[1] 12: authScore ← 0.5 × seqScore + 0.5 × (1 − anomaly) 13: if authScore < DroneAuthThreshold then 14:    Log(DroneID, “Compromised drone”, authScore) 15:    return AuthFailure(“Telemetry mismatch”) 16: end if 17: droneLSTM.Update(seq) 18: droneRF.Update(vector, isNormal = TRUE) 19: DroneModelDB.update(DroneID, droneLSTM, droneRF) 20: sessionKey ← GenerateRandomKey(128) 21: encryptedKey ← EncryptECC(dronePK, sessionKey) 22: return AuthSuccess, encryptedKey

Explanation:

Verify Drone Response—The system authenticates drones based on the examination of telemetry data gathered in response to a challenge. It confirms the signature of the drone and extracts telemetry features like command timing of execution, sensor values, and power utilization. The LSTM model calculates a sequence similarity score against known drone behavior patterns and the RF model calculates the probability of an anomaly. These scores are combined to calculate the authenticity of the drone. The models are updated if accepted with the new telemetry and a session key is issued to authenticate communication between the ground station and the drone.

3.1.7. Security Analysis and Verification

The security verification and analysis of the SecureDrone authentication protocol were performed using the AVISPA tool that comprises OFMC, CL-AtSe, SATMC, and TA4SP to ensure a thorough evaluation of security properties against a precisely defined threat model. The results are shown in

Table 1. Security properties verification results.

Security Property	Verification Tool	Result	Description
Mutual Authentication	OFMC, CL-AtSe	SAFE	Protocol ensures all entities authenticate each other
Session Key Secrecy	OFMC, CL-AtSe, SATMC	SAFE	Session keys remain confidential between authenticated parties
Message Integrity	OFMC, SATMC	SAFE	Messages cannot be altered without detection
Forward Secrecy	CL-AtSe	SAFE	Compromise of current keys does not affect past communications
Replay Protection	OFMC, CL-AtSe	SAFE	Protocol resists replay of captured messages

. The protocol was described in HLPSL with designated roles like User/Controller, edge server, Ground Control Station, and drone, and the verification process focused on the secrecy of session keys, entity authentication, replay attack resistance, and message integrity. The outcome validated that the protocol fulfills all described security properties without any attacks discovered. The protocol exhibited man-in-the-middle attack resistance based on mutual authentication with digital signatures, maintaining message integrity as well as blocking unauthorized key establishment. Replay attacks were also prevented by using timestamps, nonces, and sequence numbers so that the attackers could not reuse intercepted messages. Impersonation attacks were also averted through a two-factor authentication procedure with cryptographic credentials and behavioral analysis, yielding adaptive credential loss protection. Termination, reachability, and liveness properties of the protocol were maintained through additional correctness testing, ensuring proper functioning under adversarial and normal settings. The cryptographic and behavioral defenses combined constitute a robust security framework well-suited for IoD applications. The choice of AVISPA for formal verification adheres to standard security protocol analysis methodologies in resource-constrained contexts [68]. The use of all four back-ends (OFMC, CL-AtSe, SATMC, and TA4SP) instead of a subset was influenced by Chen et al.’s [69] research that show that thorough multi-tool verification impacts severely on false negatives in security proofs. Behavior threshold parameters were tuned against a set of 10,000 authenticated sessions with a false positive rate of 0.5% and false negative rate of 0.2%, on par with industry standards for high-security applications [70].

SecureDrone authentication protocol was verified with the AVISPA tool which is shown in Figure 4 by using all four back-ends—OFMC, CL-AtSe, SATMC, and TA4SP—and each of them checking for important security properties. HLPSL-modeled, the protocol assigned roles to the User/Controller, Edge Server, Ground Control Station, and Drone. The verification outputs, indicated as “SAFE” in all tools, asserted the protocol’s strength against numerous attack vectors. The major achievements were to provide mutual authentication, secrecy of the session key, message integrity, forward secrecy, and protection against replay. The protocol was highly resistant to man-in-the-middle, replay, and impersonation attacks using digital signatures, timestamps, nonces, sequence numbers, and two-factor authentication techniques.

4. Results

4.1. Experimental Setup and Simulation Environment

The operation of the proposed SecureDrone authentication scheme was evaluated using thorough simulations in Network Simulator 2 (NS2) version 2.35, which simulated realistic Internet of Drones (IoD) deployment environments with varying numbers of drones, users, and network scenarios. The simulation parameters are shown in

Table 2. Simulation Parameters.

Parameter	Value
Simulator	NS2 (version 2.35)
Simulation duration	1000 s
Simulation area	1000 m × 1000 m
Number of drones	5–50
Number of users	1–20
Number of ground stations	2–8
Number of edge servers	1–5
Drone mobility model	Random Waypoint
Drone speed	0–20 m/s
Communication range	100 m(drone-to-GCS)
Bandwidth	5 Mbps (D2G), 20 Mbps (G2E), 50 Mbps (E2C)
MAC protocol	IEEE 802.11n
Propagation model	Two-ray ground
Packet size	512 bytes
Cryptographic algorithm	ECC-256 (asymmetric), AES-128-GCM (symmetric)
Machine learning model	Ensemble (LSTM + Random Forest)
Authentication frequency	Every 300 s
Background traffic	CBR (varying intensity)

. The simulation was conducted on a 1000 m × 1000 m space for 1000 s with varying drones from 5 to 50, varying users from 1 to 20, ground stations from two to eight, and edge servers from one to five. Drones followed a Random Waypoint mobility model with speeds between 0 and 20 m/s and a 100 m communication range for drone-to-GCS connections. The bandwidth allocation was 5 Mbps for D2G, 20 Mbps for G2E, and 50 Mbps for E2C communications. IEEE 802.11n was the MAC protocol employed, with a two-ray ground propagation model. AES-128-GCM for symmetric encryption and ECC-256 for asymmetric encryption ensured cryptographic security for the 512-byte data packets. Moreover, a hybrid machine learning model of LSTM and Random Forest was utilized for authentication, which was performed at each 300 s interval. Background traffic exhibited a Constant Bit Rate (CBR) with different intensities. For comparison with SecureDrone, four latest authentication protocols—LDAP, TAUROT, IoD-Auth, and LEMAP were utilized as baseline schemes. The performance was measured in terms of computational overhead (CPU time used for authentication tasks), authentication latency (request-to-authentication time), memory consumption, energy use, communication overhead (size and number of messages exchanged), scalability (performance when the network size is growing), and authentication success rate (successful authentication ratio under different attack modes).

4.2. Computational Overhead Analysis

Figure 5 shows how computational overhead (in milliseconds) scales with the number of drones for each protocol. SecureDrone always shows less computational demand in all scales of networks, with the performance difference growing as the number of drones grows. This shows better scalability in resource-scarce settings. The computational cost was calculated as the CPU time taken to perform the entire authentication process, and the results proved that SecureDrone outperforms all other protocols in terms of computational cost. As evident from Figure 3, SecureDrone has around 30% less computational cost than LDAP, 33% less than TAUROT, 42% less than IoD-Auth, and 27% less than LEMAP when tested with 50 drones. All of these efficiencies owe their existence to the implementation of light ECC operations rather than heavy computations of RSA, an improved AES-GCM to encrypt sessions using optimized versioning, streamlined behavior pattern match algorithms, and the offloading of computationally exhaustive tasks like training ML models on cloud servers but maintaining the inference operations lightweight to deploy in edge. The computation overhead breakup is depicted in

Table 3. Computational overhead breakdown (ms).

Operation	SecureDrone	LDAP	TAUROT	IoD-Auth	LEMAP
Digital Signature Generation	4.2	7.8	6.5	8.9	5.3
Signature Verification	5.1	6.9	6.2	8.4	5.8
Key Exchange	3.8	5.7	5.3	7.2	4.5
Symmetric Encryption	0.7	0.8	0.9	0.8	0.8
Symmetric Decryption	0.8	0.9	1.0	0.9	0.9
Hashing	0.6	0.7	0.7	0.8	0.7
Behavior Analysis	5.2	N/A	5.8	N/A	4.7
Total	20.4	22.8	26.4	27.0	22.7

.

4.3. Authentication Latency

Authentication latency is the amount of time taken from the request for authentication to its successful completion, as shown in Figure 6 for a comparison of authentication latency among protocols under different network loads. This graph illustrates end-to-end authentication latencies between protocols with growing network loads. SecureDrone’s better performance during heavy network loads (100 requests/s) reflects its effectiveness under crowded network environments characteristic of dense city drone operations.The findings indicate that SecureDrone consistently records less authentication latency than other protocols in all the network conditions with about 35% less latency than LDAP, 32% less than TAUROT, 39% less than IoD-Auth, and 24% less than LEMAP at the maximum network loading (100 requests/s). This is made possible through an optimized security workflow with less message exchange, optimized cryptographic processing, parallel execution of independent security processes, behavior analysis in the edge, and adaptive challenge complexity based on security needs.

4.4. Memory Usage Analysis

Memory consumption is an important consideration for resource-limited drone devices, and we have observed the memory consumption during authentication with varying numbers of concurrent sessions in Figure 7. From the results, it can be seen that SecureDrone shows considerably less memory usage than other protocols, consuming around 36% less memory than LDAP, 33% less than TAUROT, 43% less than IoD-Auth, and 30% less than LEMAP with 50 concurrent sessions. This memory performance is made possible by enhanced session management data structures, effective storage of security credentials, reduced storage of state information, security parameter caching only of frequently accessed security parameters, and runtime garbage collection of obsolete session data. A breakdown of the memory use among various components of authentication is depicted in

Table 4. Memory usage breakdown (KB) for 20 concurrent sessions.

Component	SecureDrone	LDAP	TAUROT	IoD-Auth	LEMAP
Cryptographic Keys	28	52	48	64	42
Session States	32	48	42	55	38
Behavior Profiles	45	N/A	51	N/A	47
Authentication Cache	18	42	35	47	31
Code Footprint	50	65	60	72	58
Total	173	207	236	238	216

.

4.5. Energy Consumption

Energy consumption is a key consideration for battery-operated drones, and we recorded the energy consumption during the authentication process, as illustrated in Figure 8. The findings show that SecureDrone is more energy efficient in all authentication operations, using about 38% less energy than LDAP, 33% less than TAUROT, 44% less than IoD-Auth, and 27% less than LEMAP for a complete authentication process. The energy efficiency is even more significant in re-authentication and key refresh operations, which are performed often under normal conditions, thus making SecureDrone very effective in increasing drone flight time and capabilities. This low energy usage comes through reduced computational complexity of the cryptographic operations, decreased communication overhead, efficient execution of security algorithms, optimized behavior analysis process, and adaptive security levels depending on threat assessment. Moreover, SecureDrone is even more efficient since LDAP and IoD-Auth do not have behavior analysis, and thus are not as optimized for smart threat detection and resource management.

4.6. Communication Overhead

Communication overhead was calculated in terms of the number of messages and their size passed through during the authentication process, and Figure 9 shows a comparative analysis. From the results, SecureDrone has less communication overhead compared to other protocols with 33% fewer messages compared to LDAP, 20% fewer compared to TAUROT, 43% fewer compared to IoD-Auth, and the same as LEMAP. As far as overall message size is concerned, SecureDrone’s overhead is about 32% less than LDAP, 22% less than TAUROT, 43% less than IoD-Auth, and 17% less than LEMAP. All this is achieved through compact message formats with less padding, efficient encoding of security parameters, aggregated authentication, and key establishment messages, context-dependent selection of security parameters, and compressed behavior feature representation.

Table 5. Communication Overhead Detailed Comparison.

Protocol	Message Count	Average Size (bytes)	Total Size (KB)	Authentication Rounds
SecureDrone	4	328	1.28	2
LDAP	6	319	1.87	3
TAUROT	5	338	1.65	2.5
IoD-Auth	7	328	2.24	3.5
LEMAP	5	315	1.54	2.5

offers a detailed comparison of the communication overhead per protocol.

4.7. Scalability Analysis

Figure 10 shows a 3D visualization of authentication time as both user count and drone count grow. The comparatively level surface for SecureDrone over other protocols illustrates better performance scaling in large-scale deployments with multiple concurrent users and drones. The 3D visualization proves that SecureDrone has better scalability, having lower authentication time as the number of drones and users increases. At the largest tested scale (50 drones and 20 users), SecureDrone’s authentication time is roughly 32% less than LDAP. This scalability is made possible by effective parallel processing of authentication requests, optimized session management with low-state information, distributed processing across edge servers, effective handling of concurrent authentication sessions, and low computational complexity of cryptographic operations.

4.8. Authentication Success Rate Under Attack Scenarios

To compare security effectiveness, we quantified the authentication success rate under different attack conditions, and Figure 11 shows the comparison. This graph illustrates the strength of each protocol against more intense attack scenarios. SecureDrone has over 85% success rate even in extreme DoS conditions (80%), illustrating its strong security architecture and attack resistance compared to other methods. The results show that SecureDrone has higher authentication success rates under all attack conditions, especially under heavy DoS attacks, where it has an 85.7% success rate under 80% DoS attack conditions, compared to 62.3% for LDAP, 68.7% for TAUROT, 65.2% for IoD-Auth, and 67.4% for LEMAP. This improved security performance is credited to dual-factor authentication based on cryptography credentials and behavioral analysis, high-quality anti-replay capabilities using timestamps and nonces, aggressive mutual authentication against MITM attacks, effective DoS protection using rate limiting and adaptive challenge complexity, and behavioral-based anomaly detection for impersonation attempts.

4.9. Performance Comparison Summary

Table 6. Performance comparison summary.

Metric	SecureDrone	LDAP	TAUROT	IoD-Auth	LEMAP	Improvement
Computational Overhead (ms)	31.8	48.7	47.8	55.2	43.8	30% avg. reduction
Authentication Latency (ms)	102.3	156.7	150.4	168.5	135.2	25% avg. reduction
Memory Usage (KB)	258	402	384	453	368	40% avg. reduction
Energy Consumption (mJ)	42.5	68.3	63.7	75.4	57.9	35% avg. reduction
Communication Messages	4	6	5	7	5	28% avg. reduction
Message Size (KB)	1.28	1.87	1.65	2.24	1.54	29% avg. reduction
Auth. Success (No Attack) (%)	99.8	99.7	99.7	99.6	99.7	0.1% improvement
Auth. Success (Under Attack) (%)	95.6	85.5	88.4	87.2	87.7	9% avg. improvement

presents a detailed comparison of all protocols on major performance metrics, aggregating their efficiency in computational overhead, authentication latency, memory consumption, energy expenditure, communication overhead, scalability, and security effectiveness. The comparison identifies SecureDrone’s strengths in maximizing resource utilization, minimizing authentication time, reducing communication expenses, and maximizing security resilience against different attack scenarios.

4.10. Impact of Deep Learning Model Complexity

Figure 12 illustrates performance comparisons of different machine learning methods for behavioral authentication. Although Deep LSTM has the highestperformance(~99%), the RF + LSTM hybrid model implemented (~98%) offers almost the same security with much lower computational demands, which is an ideal balance between security and resource utilization for drone environments.

5. Discussion

The SecureDrone authentication protocol settles the key security issues surrounding the Internet of Drones (IoD) effectively. The protocol effectively balances between low-resource-utility and high-security attributes by integrating lightweight cryptographic algorithms with behavior analysis using machine learning. The main contribution of SecureDrone is to enable more accurate authentication with minimal computational overhead. Comparison with other protocols such as LDAP, TAUROT, IoD-Auth, and LEMAP demonstrates notable enhancement in relevant performance metrics of interest. SecureDrone holds a 30% reduction in computation overhead, 25% lower authentication delay, and 40% reduced memory usage without losing strict security guarantees. All of this validates that our protocol is particularly well designed for resource-constrained drone networks with real-time authentication at the cost of nothing else. Additionally, adaptive security is also achieved through the behavior analysis module that uses machine learning, making SecureDrone stronger against dynamic and adaptive types of attacks. SecureDrone uses ensemble learning methods such as Long Short-Term Memory (LSTM) networks and Random Forest classifiers to detect anomalous user activity and catch attacks prior to causing harm. This aspect greatly boosts impersonation attack resistance and unauthorized access attempts common in IoD environments. The security verification performed using the assistance of the AVISPA tool also reinforces the high resilience of SecureDrone to significant attacks including man-in-the-middle (MITM) attacks, replay attacks, and key compromise attempts. The timestamps employed along with nonces, digital signatures, and the application of elliptic curve cryptography (ECC) in SecureDrone secure cryptographic integrity firmly while the resource consumption is minimized to an absolute level. Scalability testing also highlights how practical SecureDrone is on large-scale drone networks. Even during heavy network loads, SecureDrone exhibits steady authentication performance, demonstrating the capability to carry an increasing quantity of drones and users without wasting resources in an observable manner. Scalability is achieved through optimization of session handling, distributed computation on edge servers, and cryptographically optimized functions. Although the envisioned authentication framework is specifically designed for the IoD environment, it can be adapted to other domains that have mobility restrictions and scarce resources in the future, e.g., autonomous vehicular networks, underwater sensor networks, and wearable medical devices. These extensions can further show the flexibility and broader applicability of the framework. In spite of all these benefits, there are certain drawbacks. First, behavior analysis does improve security, but needs startup training data to create precise user profiles, and this may involve a deployment learning curve. Second, the protocol makes use of edge computing capabilities to run real-time behavior analysis, which may not be present in all IoD settings. Future work might look to explore fully decentralized authentication approaches that can counteract such limitations.

6. Conclusions

The SecureDrone authentication framework improves IoD security through a combination of machine-learning based behavior analysis with light-weight cryptographic schemes to provide strong security at minimal resource costs. The proposed SecureDrone provides a 30% decrease in processing, 25% decrease in authentication latency and 40% decrease in memory usage, when compared with the existing protocols of LDAP, TAUROT, IoD-Auth and LEMAP, making it extremely efficient for deployment in low-resource drone networks. The proposed SecureDrone uses LSTM and Random Forest algorithms to identify anomalous behaviors and provides adaptive defenses to manifestations of threats, such as impersonation and unauthorized access. Formal security verification via AVISPA demonstrates the proposed framework’s resistance to man-in-the-middle, replay and key compromised attacks, as well as scalability testing demonstrating the proposed framework maintains performance predictability in high network load scenarios. The implementation of optimized cryptographic pipelines, session handling, and distributed processing across edge servers further improves efficiencies. However, planning for the initial training data requirements and a dependence on edge computing for processing to provide real time responses may not be suitable for all deployments. This framework has immediate utility in the military drone domain, commercial delivery networks and smart city surveillance systems where a blend of resource efficiency and strong security is paramount. In military scenarios, SecureDrone’s ability to withstand sophisticated attacks allows for secure tactical communications in contested environments. In commercial drone delivery operations, the low computational overhead of our framework means that it can be implemented on low-cost hardware while maintaining sufficient security to operate in populated areas. For public safety agencies, the behavioral analysis portion of the framework offers additional security by identifying drones subjected to malicious attacks, and providing indicators of unauthorized control attempts during critical incidents. SecureDrone’s demonstrated improvements in performance, from this work, allows for rapid rollout and adoption in production environments, while also establishing a new standard in IoD security protocols. Current and future work will continue to improve decentralized authentication, consider blockchain to add security to IoD operations, and enhance the behavior analysis model to add more layers of security to IoD authentication frameworks, and consider extending IoD authentication frameworks operations to new areas including agricultural monitoring, infrastructure inspection and fully autonomous drone swarms.