Anonymous Mutual and Batch Authentication with Location Privacy of UAV in FANET

: As there has been an advancement in avionic systems in recent years, the enactment of unmanned aerial vehicles (UAV) has upgraded. As compared to a single UAV system, multiple UAV systems can perform operations more inexpensively and efﬁciently. As a result, new technologies between user/control station and UAVs have been developed. FANET (Flying Ad-Hoc Network) is a subset of the MANET (Mobile Ad-Hoc Network) that includes UAVs. UAVs, simply called drones, are used for collecting sensitive data in real time. The security and privacy of these data are of priority importance. Therefore, to overcome the privacy and security threats problem and to make communication between the UAV and the user effective, a competent anonymous mutual authentication scheme is proposed in this work. There are several methodologies addressed in this work such as anonymous batch authentication in FANET which helps to authenticate a large group of drones at the same time, thus reducing the computational overhead. In addition, the integrity preservation technique helps to avoid message alteration during transmission. Moreover, the security investigation section discusses the resistance of the proposed work against different types of possible attacks. Finally, the proposed work is related to the prevailing schemes in terms of communication and computational cost and proves to be more efﬁcient.


Introduction
Aerial drone technology may be utilized for a variety of reasons to improve our lives due to its rapid invention and modification as well as the shrinking of integrated sensors, CPU processing speed, and widespread connectivity of wireless systems. Moreover, UAVs are known as drones used in numerous applications ranging from civilian to military platforms [1]. There has been a significant improvement in the number of drone applications, as the advancement in drone technology increases. Drone application in the field of the military is boundless, as they are a vital asset on the modern battlefield. Internet-connected drones provide accurate and efficient flying strategies to ensure the quality of service. Using the drone's sensors, the assigning field's physical parameters are collected [2]. In addition, the drone's cameras and microphones transmit real-time video to the service provider or user via a wireless medium. By controlling a drone, a service provider/user can obtain real-time information from a remote location [3]. A drone's data collection poses new security and privacy risks as technology advances.
Manpower is saved when the drones are used to deliver packages via airways. Moreover, for short-distance delivery of goods, drones are very obliging. Drones can be used to record video, which was previously impossible due to the need for expensive aircraft and scaffolding to capture the images. The current pandemic situation can be addressed with the help of drones as they are used to transport medicine and necessary items to the contaminated zones. The Internet of Drones (IoD) environment helps to monitor crops and provide the required water facilities frequently, thus helping in smart farming. During the occurrence of any natural calamities, drones will be helpful for collecting the required disaster information. Further, drones are used to monitor a large group of people during public meetings/gatherings as a surveillance and to record the data to guarantee public safety. Drones are not only useful for searching operations but also help to rescue a person in danger from war fields and provide them with food, clothing, and medicine. Moreover, the vital role of safeguarding each country's border surveillance can be also performed by drones.
In addition to the above-mentioned applications, a drone's location and other sensitive data are also to be collected and preserved [4]. An adversary can easily intercept the information sent by a drone due to IoD's public, insecure network connection. Wireless networks are more vulnerable to cyber-attacks than wired networks due to their open nature. To reduce this risk in MANET, predominantly in the IoD environment, various approaches based on single or combined security mechanisms have been proposed. Currently, drones face several issues related to security, privacy, and authentication, which makes them an appealing research topic [5]. IoD is susceptible to several kinds of security attacks. Before exchanging confidential data via an unreliable channel, security precautions should be taken [6]. In this paper, drones are used for providing information related to obstruction on pathways in hilly and other highly populated areas. Roadside infrastructure is desperately required for the sake of safety to help quickly transmit and livestream necessary details about the path ahead in real time. Some of the services that drones can provide include monitoring of low-altitude, disaster relief, and data transmission assistance. It is believed that drones have the greatest potential for providing connectivity and solutions because of their ease of access. A blended wireless protocol is used in mountain ranges and rural places where there are weak signals or interferences. Moreover, if any fault occurs in the current existing drone, it should be replaced with another drone exactly at the same position. Hence, the current location of the drone should be preserved from adversaries.
Authentication and privacy are two of the prevalent security issues with IoD communications [7][8][9]. Drones are attractive targets for adversaries because they are used for sensitive applications. Along with drone data, adversaries may also try to track down geographic location to obtain confidential data. The main challenge is the security between the users and drones during the exchange of information. Due to the open nature of the communication medium, an adversary can read, alter, or respond to the message communicated and send fake information. Moreover, another important vital challenge is to preserve the privacy of the user/drone from an adversary [10]. If the real identity of the drone is revealed, then there may be a possibility for an adversary to perform an impersonation attack and steal the original confidential information of the drone. Though most of the currently existing schemes provide authentication, these are vulnerable to several possible attacks.
Drones are mainly used for aerial surveillance and monitoring operations. During natural disasters and emergency periods, drones play a significant role. The integrity of the collected sensitive data should be preserved without any modification. In addition, privacy of the drone and end user should be preserved. Thus, the main significance of the proposed scheme is that the drone and the end user should be authenticated anonymously without revealing its privacy. Therefore, a simple cryptographic pairing and hashing operations are used for privacy preservation in our work during both mutual and batch authentication. Thus, the computational cost, communication cost, and storage cost are reduced significantly when compared to the prevailing existing works. Moreover, to avoid tracing of the authenticated drones, a location privacy scheme is proposed in this work. The proposed scheme is applicable in the following ways: privacy and anonymity are preserved and the computational cost for verifying a group of drones is significantly reduced. Finally, an intruder will be unable to track the authenticated drones' location. The research impact of this manuscript are as follows:

•
To develop a privacy-preserving anonymous mutual authentication scheme between a drone and a user.

•
To authenticate a group of drones anonymously based on batch authentication protocol to reduce the total computational overhead.

•
To ensure the privacy of the confidential information from the authenticated drone to the authenticated user.

•
To guarantee location privacy for the authenticated drones from an adversary.
The systematic flow of a research article is as follows. Section 2 deals with the related prevailing works which deal with security and privacy. The overview of the entire system is described in Section 3. This section describes the basic system model, bilinear pairing, and security measures of the proposed work. Section 4 explains the proposed scheme. This section explains the initialization of the system, registration of the end-user and drone, key exchange protocol, mutual and batch authentication, integrity preservation, and location privacy. Some conceivable security attacks are described in Section 5. Performance analysis is explained in Section 6. This section deals with the analysis of computational cost, communication cost, storage cost, and drone service providing capability. Finally, Section 7 concludes the work.

Related Work
Security and privacy are the major concern in the IoD environment [11][12][13][14]. There are many works focused on security issues concerning drones [15], but this work not only discusses the security issues but also focuses on the location privacy of the drones. Turkanovic et al. [16] suggested a mutual authentication framework between the drones and the end-user without the involvement of any third-party node. However, the scheme suffers from several security threats such as the man in the middle attack and the impersonation attack. Amin et al. [17] suggested a strong authentication protocol based on the smart card. However, this scheme suffers from password guessing attacks and damage to smart cards, etc. Challa et al. [18] suggested a signature-based authentication scheme using elliptic curve cryptography (ECC). Though ECC is used in this scheme, this work suffers from increased computational and storage costs for storing the required keys. A certificateless scheme was suggested by Won et al. [19] for the security of drones. In this scheme, three scenarios for communication are taken into consideration. They are one-to-one, many-to-one, and one-to-many communication between drones and smart devices. Moreover, the conditional tracking mechanism is also adopted in this scheme. However, the scheme lacks location privacy and has increased communication cost during batch authentication.
Tai et al. [20] suggested a two-factor authentication scheme. This work is mainly based on user passwords and smart card systems. It generally uses a hash function based on cryptography. However, this work fails to provide resistance against several well-known attacks such as replay attack, privileged-insider attack, etc. Wazid et al. [21] recommended a three-factor authentication scheme. This scheme is based on three parameters such as biometrics, smart card, and password. Though a one-way hash function is used, it lacks conditional tracking and revocability. Yue et al. [22] suggested a technique based on AI for drone surveillance. This work focused on wireless networking protocol. Different features of the drone and the exact location of the drone are traced using this scheme. However, this work does not focus on security issues and latency. Bouman et al. [23] proposed a traveling salesman problem based on a drone. A solution was achieved based on dynamic programming for this problem. The communication cost of this work is significantly lower but it has high computational complexity. Hong et al. [24] suggested a new model of recharging station for the spatial drone. A heuristic algorithm was used in this work which for maximum coverage and to avoid range restriction. There was no analysis regarding the storage cost and security threats. Shavarani et al. [25] proposed an effective method for the delivery of the essential components with less time. A mathematical model based on a biobjective was designed in this work. The drawback of this work is the non-deterministic polynomial time-hard problem and computational complexity. Aggarwal et al. [26] suggested an authentication scheme based on blockchain topology. The framework focuses on etherem based protocol. Though this work ensures privacy and security, the computational complexity of this work is very high. Huang et al. [27] proposed a new method of implementing the charging stations for the drones. A triangular-based approach was used in this work. Moreover, the charging stations with less or no customers were recursively removed. This work does not focus on the communication and storage cost. Shavarani et al.'s [28] work deals with reducing the transportation cost during the delivery time of the goods by drones. A fuzzy logic-based approach was used in this work. Security and privacy concerns were not discussed in this work. Automated swapping of the battery method was suggested by Cokyasar et al. [29]. This work focused on the selection of optimal automated battery swapping machine location and minimized the delivery cost. Although communication cost was reduced in this work, it increased the computational cost. This work does not deal with major security threats. A secure authentication framework was presented from the human-centered industrial internet of things (IIoT) perspective by Singh et al. [30]. When a node first joins the network, a registration hub generates the required credentials for the node. Moreover, nodes are involved in further complex operations such as mutual authentication, exchange of keys, etc., and the registration hub is no longer required to perform these functions. However, this scheme writhes from hefty computational cost, and there is no location privacy. Tian et al. [31] proposed an authentication protocol that integrates both efficiency and security. This framework relies on a compact online/offline signature layout, and it can be deployed on resourcerestricted small-scale unmanned aerial vehicles. Moreover, in this work, due to the high mobility of UAVs, the investigation of an extrapolative authentication approach using mobile edge computing (MEC) was performed to decrease authentication costs for possible authentication accomplishments. However, this work suffers from high computational and storage costs.
Gope et al. [32] suggested a scheme that ensures the physical security of the drone. Physically unclonable function and hash operations are used in this scheme. Though the physical security of drones is ensured, it lacks location privacy. Zhang et al. [33] suggested a compact authentication and key agreement (AKA) scheme that relies solely on a one-way secure hash function where drones and users authenticate one another mutually. Though this scheme is robust to different security threats, it lacks location privacy and physical threats. Ever et al. [34] suggested a secure authentication framework based on ECC. Though several potential attacks were defended using this work, it lacks preservation of the location privacy and involves high communication cost. Hussain et al. [35] proposed a three-factor authentication scheme. This work mainly compares the drawback of Wazid et al. [21] but it involved high computational time. Table 1 shows the summary of the different existing approaches.

Existing Works Publication Year Techniques Drawbacks
Turkanovic et al. [16] 2014 One way hash fuction is utilized.
User anonymity is not preserved. Impersonation attack on sensor node is possible.
Amin et al. [17] 2016 Secured authentication protocol for smart card. Suffers from password guessing attack.
Challa et al. [18] 2017 Signature-based authentication scheme using ECC. High computational and storage costs.
Lacks location privacy. High communication cost.
Tai et al. [20] 2017 Two-factor authentication scheme Cannot withstand replay attack and privileged-insider attack.

Existing Works Publication Year Techniques Drawbacks
Wazid et al. [21] 2018 Three-factor authentication. One way hash fuction is utilized.
No mutual authentication. Privileged insider attack and impersonation attack.
Yue et al. [22] 2018 Secured AI-based technique. Not focussed on security issues. Latency problem.
Hong et al. [24] 2018 A heuristic algorithm approach. Lacks security analysis and privacy.
Huang et al. [27] 2020 Triangular-based approach. High communication and storage cost.
High computational cost, and there is no location privacy.
Tian et al. [31] 2019 Secured authentication protocol. High computational and storage costs.
Gope et al. [32] 2020 Physically unclonable function and one way hash operation is utilized. Lacks location privacy.
It does not offer untraceability.
High communication cost. Lacks location privacy.

System Overview
In this section, system model, bilinear pairing, and security measures are described in detail.

System Model
The proposed work's system model comprises of three major entities, namely, trusted server, end user, and drone [36]. Figure 1 portrays the system model of the proposed work. The role of each entity is described as follows.

Trusted server (TS)
TS is the key entity in our proposed work. Initialization, secret key generation, drone and end-user registrations are performed by TS. Moreover, unique keys are generated during the key generation process to avoid collision attacks. Initially, both the drone and the end-user should register to the TS through an offline registration. Only after the successful registration, TS provides the required credentials to the drone and end-user.
End-user (EU i ) EU i is the participant in the FANET network. The required credentials for the EU i to participate in the network are provided by TS. The EU i is able to communicate with the control device of the drone through the specialized equipment with him. This highly sophisticated equipment of EU i is capable of performing the computational operations efficiently. Moreover, the information collected from the controlling device of the drone is stored in the specialized equipment EU i .

Drone (D j )
The D j is embedded with a control device which has high computational competence. Moreover, specialized sensors are implanted in the controlling device which helps to capture the image of long-distance. The control device of D j is capable of generating the short life session keys during key exchange protocol. In addition, the controlling device of D j is provided with a large storage capability to store the secret keys provided by TS during the initial registration.

Bilinear Pairing
Let G x , G y , and G T be the cyclic multiplicative group of prime order a. Moreover, let e : G x × G y → G T be the asymmetric bilinear map that gratifies the condition No effective isomorphism between G x and G y .

Security Measures
Four security measures must be met by a proposed system to ensure secure communications in FANET.
Mutual authentication: To protect the FANET system from impersonation attacks, the EU i and controlling device of D j should authenticate each other. Moreover, during the exchange of confidential information from D j to EU i , mutual authentication between vehicle users and RSUs is indispensable.
Exchange of session key: The session key should be shared in an efficient anonymous way between the EU i and D j to maintain confidentiality. Secure communication can be ensured only with the help of the short life session key.
Privacy preservation: The unique identity of EU i and D j should be preserved during the exchange of data. Here, anonymous identity is used during mutual authentication which helps to protect the real identity of both D j and EU i from the adversary.
Performance analysis: This mainly depends on communication and computational cost. The proposed work mainly focuses on a faster message verification time (shorter delay) for the D j with less communication and computational cost.

Proposed Scheme
In this article, a proficient anonymous mutual and batch authentication with location privacy is presented. System initialization, EU i registration, D j registration, key exchange, mutual and batch authentication, integrity preservation, and location privacy are the stages in our proposed scheme. Table 2 describes the list of notations and descriptions used in this work.

System Initialization
The TS selects the master key m ∈ Z * a from a large prime number a. The private key for the TS is chosen as q such that, ∈ Z * a , where Z * a = [1,2, . . . ,a−1]. Here, Z * a is the non-zero elements of a finite field Z a and it forms the group under the modulo multiplication a. The corresponding public key for TS is calculated as α ts = g m+q 1 . Here, G 1 , G 2 , and G T are the multiplicative cyclic groups and g 1 , g 2 are the corresponding generators of the group G 1 and G 2 , respectively. The secure hash function chosen by TS is H : {0, 1} → Z * a and the bilinear mapping is given by e : G 1 × G 2 → G T . Then, the TS publishes the parameters (G 1 , G 2 , g 1 , g 2 , α ts , e, H, a) as the required credentials after computing Z = e(g 1 , g 2 ).

EU i Registration
The EU i provides his required credentials to TS during his initial offline registration. The genuine credentials provided by EU i are verified by TS. Once the offline registration is completed, the private key for the EU i is chosen by TS as u j from the random number such that u j ∈ Z * a . Moreover, the public key and the fake identity for the EU i are calculated as α eu = g . Moreover, to trace the exact location of the D j , the TS provides the secret key ∂ f , such that ∂ f ∈ Z * a to the EU i .

D j Registration
The TS chooses the private key for the D j as d j such that d j ∈ Z * a . Based on the private key, the public key is calculated as α D j = g 1 m+q+d j 2 . The fake identity for the D j is calculated During batch authentication process, to authenticate a large number of drones, the drone batch key and the drone tracking key are calculated as DBK j = g m+q+d j 2 and DTK j = g −m−q 2 , respectively.

Mutual Authentication
Anonymous mutual authentication must be conceded in an efficient way between the D j and the EU i to perform effective communication. The following steps are to be followed.
Step 1: If an EU i requires a specific service from the D j , then the EU i calculates γ = g u j 1 . Moreover, after calculating the value of γ, the parameters (γ, α eu , FID eu ) are sent to D j .
Step 2: The controlling device in the D j checks e(γ. α ts , α eu ) = Z. If the condition is gratified, then the EU i request is accepted, else the request from the EU i is rejected.
Proof of correctness e(γ. α ts , α eu ) == e(g u j Step 3: Similarly, the controlling device in the D j calculates the value of γ = g d j 1 and sends the parameters (γ , α D j , FID D j ) to the EU i .
Step 4: Then, the EU i checks e(γ . α ts , α D j ) = Z. If the condition is gratified, the communication with D j is accepted, else it is rejected.

Session Key Exchange Protocol
In this phase, session key generation request, session key integrity preservation, and session key exchange are discussed. Once the mutual authentication scheme is successfully performed, the key exchange should be carried out between the D j and EU i . The session key generation request is carried out as follows: Step 1: Initially, the EU i chooses a random number x such that x ∈ Z * a and calculates s 0 , s 1 and s 2 respectively, where s 0 = g (m+n)u j 1 , s 1 = FID D j ⊕ x and s 2 = H(s 0 s 1 x) Step 2: Finally, EU i sends (s 0 , s 2 , x, T) to the D j where T is the timestamp.
Step 3: Initially, the controlling device of D j checks for the validity of the T, if it holds then the controlling device of D j calculates e(FID eu , s 0 ). If e(FID eu , s 0 ) = e(g 1 , g 1 ), the session key generation request is accepted. Step 4: Moreover, the integrity of session key is verified by checking s 1 = s 1 . The value of s 1 is calculated by the controlling device of D j as s 1 = FID D j ⊕ x.
Step 5: By using s 1 , the value of s 2 = H s 0 s 1 x is calculated. Thus s 2 = s 2 , then the integrity is preserved, else request is discarded.
Step 6: Once the session key generation request is accepted and session key integrity is preserved, the session key is generated by the controlling device of D j as sk = (FID eu ) d j and sends (sk, T1) to EU i .
Step 7: The EU i first checks the validity of the timestamp T1. Once, the validity is validated, EU i checks (sk) u j .FID d j = α ts . If the condition is satisfied, then the session key exchange is performed between the EU i and D j for effective communication of data. Proof of correctness

Batch Authentication
The end user cannot rely on only one D j for gathering the required information. If the EU i requires more data, then a greater number of drones should be authenticated at the same time to reduce the computational cost and to increase the performance. The steps involved in batch authentication are as follows Step 1: Initially, the controlling device of D j picks a random number c j as its short life private key such that c j ∈ Z * a . The short life public key is calculated as e j = g Step 2: To make an effective communication, the controlling device of D j calculates is the batch authentication key for D j .
Step 3: Moreover, the controlling device of D j computes the G j = H(e j F j ) to preserve the integrity of the confidential information. Then, the quadruple is calculated as is the drone tracking key, and it is sent to the EU i .
Step 4: To validate the number of individual messages sent by each D j , the EU i first checks the integrity of each message by calculating the hash value of F j and e j .
Step 5: If the integrity is verified, then the EU i gathers F 1 , Similarly, e 1 , e 2 , e 3 . . . . . . e j are accumulated as e = j ∏ i=1 e j .
Step 6: Finally, EU i checks F e = UBK j j . If this condition is satisfied, then the messages send by j number of drones are batch authenticated. Proof of correctness

Location Privacy
In case of any energy loss or fault in the current active D j , it should be replaced by the EU i . However, the real location of the is anonymous. Therefore, in order to retrieve the actual real location, the TS sends the real location of the D j to the authenticated EU i anonymously. To perform the location privacy, the three coordinates of the D j location are to be known. The three coordinates are generally represented as latitude, longitude, and altitude. Since the D j is placed at a certain distance from the ground surface, the altitude is to be incorporated as the third coordinate. Figure 2 shows the schematic location of drone in the three-coordinate system.  For instance, let us consider the geographic location as (15.92,80.18,400). Here, , , and represent latitude ( ), longitude ( ), and altitude (ℎ), respectively. The executes the following steps as follows, calculates Finally, the value of ℳ is provided to the . The value of secret key is provided to the by during initial offline registration. The calculates as For instance, let us consider the D j geographic location as (15.92,80.18,400). Here, x, y, and z represent latitude (ϕ), longitude (λ), and altitude (h), respectively. The TS executes the following steps as follows, TS calculates 5. M = µ × ω, here ω = E r (ϕ| |λ| |h).
Finally, the value of M is provided to the EU i . The value of secret key ∂ f is provided to the EU i by TS during initial offline registration. The EU i calculates ω as M mod ∂ i . By decrypting ω with the public key of the TS, the three required coordinates can be retrieved by the EU i . This protocol is mainly based on Chinese remainder theorem (CRT) [37].

Security Analysis
Analysis of some conceivable security attacks is described in this section.

Impersonation Attack
When an adversary efficaciously imitates a legitimate EU i or D j in the FANET, it is called an impersonation attack. In our suggested scheme, security parameters such as private key (α eu ), fake identity (FID eu ), end-user batch key (UBK j ), and the secret key for finding the exact location ∂ f are provided by the TS during offline registration. To regenerate the exact replica of the keys, an adversary should have knowledge regarding the master key and private key of TS. However, the confidentiality of these keys is high, and it is hard for an attacker to compute these keys. Moreover, to compute the value of the public key α eu = g 1 m+q+u j 2 , the value of the private key of the EU i (u j ) should be known. However, it is a randomly chosen number, and the computation involves a discrete logarithm problem (DLP) [38].

Bogus Message Attack
The adversary should be capable of sending a bogus message in place of the real message to the EU i . To perform this task, the adversary should compromise the controlling device of the D j . However, this is practically not possible since the drone is registered with TS and any misbehavior of the D j leads to its revocation from the network by TS. Thus, our suggested work shows resistance against fake message attack.

Message Modification Attack
The collected confidential information/data from the D j to EU i are3 transferred in a secured way. Here, short time session keys are generated for transferring the information to the EU i . It is very difficult for an adversary to generate the equivalent short life session key and to perform the message modification attack. Moreover, the integrity of the session key is also ensured in our suggested work. As a result, our scheme is resistant to message alteration attack.

Reply Attack
When an adversary is capable of capturing the transferred information, modifying it and sending to the EU i in the same stipulated time, it is called a reply attack. However, in this proposed work, timestamps are attached during the session key exchange. During initial session key generation request, EU i sends (s 0 , s 2 , x, T) to the D j ; here, D j checks the validity of the current timestamp (T). If the minimum delay is not satisfied, then the request is discarded. Moreover, after the session key generation, D j sends (sk, T1) to EU i . Here also, the validity of (T1) is checked to ensure the legitimacy of the session key. Since the information is transferred with the assistance of the session key, without capturing the session key, it is hard for an adversary to perform a reply attack. Thus, our scheme is resistant to reply attack.

Privacy Preservation
Anonymous dummy identities are used to hide the real identities of the D j and the EU i in this proposed scheme. Mutual authentication uses only the dummy EU i identity and dummy D j identity. Therefore, even if the adversary discovers the dummy identity of the EU i /D j , it is difficult for the adversary to determine the original identity of the EU i /D j . In addition, the fake identity of EU i and D j are calculated as FID eu = g 1 (m+q)u j 1 and FID D j = (m+q) 2 d j , which involves the master key, the private key of TS, and the private key of EU i and D j . Tracing of the private keys of EU i /D j is hard due to DLP. As a result, privacy is preserved in this suggested work.

Repudiation Attack
In this suggested framework, repudiation of the EU i is not possible. Here, the EU i is registered with the TS offline. Only after the successful authentication, the security parameters are transferred to EU i and the authenticated EU i becomes the part of the network. As a result, only the authenticated EU i can request information/data from the authenticated drone. Therefore, on receiving the confidential data from the controlling device of D j , the EU i cannot repudiate.

Unlinkability
Confidential information is transferred using the short life session key. These session keys have a limited life span. As a result, once the information is transferred with this short life session key, the validity of this session key expires. During the next/successive information transfer, a new session key is to be generated for efficient transfer of information. Thus, there exists an unlinkability between the two successive messages. Therefore, it is hard for an adversary to link the two messages from the same user.

Man in Middle Attack
If an adversary is capable of deceiving both the D j and the EU i , a man in the middle attack is possible. In our suggested work, even if an adversary captures (γ , α D j , FID D j ) from D j , it is difficult for an adversary to alter the parameters in the list. Even if the adversary modifies the credentials, EU i checks the condition e(γ . α ca , α D j ) = Z. If the condition is not gratified, then the current authentication request is aborted. Thus, our work is resistant to man in the middle attack.

Privileged Insider Attack
The required credentials for the D j and EU i are provided by TS during the initial offline registration in a secure way. Therefore, it is impossible for an inside attacker to generate fake credentials for D j /EU i . Moreover, TS is a completely trusted authority and it is difficult for an inside attacker to compromise it. The validity of the session key generated is only for a limited period and it is hard for an inside attacker to crack it. Thus, our proposed work is resistant to insider attack.

Performance Analysis
The performance investigation of the suggested scheme is described in terms of computational cost, communication cost, storage cost, and drone's service providing capability. The following subsections briefly explain the aforementioned analysis.

Computational Cost
In the analysis of the computational cost, the cost involved in the generation of public key, fake identity generation, and key exchange protocol is examined. The cryptographic operations involved in the analysis of computational cost are hashing operation, exponential operation, multiplication operation, one-point addition operation, pairing operation, and reverse fuzzy extraction operation. The execution time representations of the above-mentioned operations are Ex h , Ex e , Ex m , Ex a ,Ex p , and Ex f e , respectively. To accomplish these operations, the cryptographic library based on pairing is utilized with Type-A curve. Moreover, Cygwin version 1.7.35 [39] is used with the system requirements of Core i7, 3.4GHz processor, 8GB memory, and gcc version 4.9.2. The implementation time for performing Ex h , Ex m , Ex e , Ex a , Ex p , and Ex f e are calculated as 2.6 ms, 1.2 ms, 0.6 ms, 2.6 ms, 1.72 ms, and 2.13 ms, respectively, where ms represents the execution time in milliseconds. Table 3 clearly shows the comparison of the computational cost for various schemes in terms of the execution time for different cryptographic functions. A total of 3Ex e + 2Ex p + Ex h = 7.84 ms is required as the computational time at the D j side. The suggested work is compared with the related existing schemes such as Singh et al. [30], Tian et al. [31], Wazid et al. [21], Gope et al. [32], Zhang et al. [33], Ever et al. [34], and Hussain et al. [35] schemes, respectively. The computational cost for the schemes [21,[30][31][32][33][34][35] are 9.6 ms, 9 ms, 18.2 ms, 19.04 ms, 18.2 ms, 31.64 ms, and 18.2 ms which are high when compared to the suggested work. Similarly, a total of 4Ex e + Ex p + Ex h = 6.72 ms is required as the computational cost at the EU i side, whereas the prevailing schemes such as [21,[30][31][32][33][34][35] Figures 3 and 4 show the graphical representation of computational cost both at D j side and EU i side for different schemes. From the figures, it is clear that the suggested work has less computational cost both at the drone and user side. Table 4 shows the computational cost analysis for the batch authentication process. The investigation is performed for 100 simulations and performance is evaluated. Figure 5 shows the pictorial representation of batch authentication for the large number of drones. The graph portrays that the suggested work outperforms the prevailing works. Table 3. Computational cost at drone and end user side for different schemes.

Schemes
Batch Authentication at the Side Singh et al. [30] ( + 1) + 5   Table 4. Computational cost analysis for the batch authentication process.

Communication Cost
Once the mutual authentication is accomplished between the and , exchange of session key takes place. During session key exchange protocol, the sends ( , , , ) to . Here, ( , , , ) are the elements of * . Moreover, the returns the value of ( , 1) to the after successful validation. The communication cost for

Communication Cost
Once the mutual authentication is accomplished between the EU i and D j , exchange of session key takes place. During session key exchange protocol, the EU i sends (s 0 , s 2 , x, T) to D j . Here, (s 0 , s 2 , x, T) are the elements of Z * a . Moreover, the returns the value of (sk, T1) to the EU i after successful validation. The communication cost for the key exchange protocol is calculated as (5 * 32 + 1024 = 1184 bits). Table 5 portrays the assessment of communication cost for various schemes. From the table, it is clear that the suggested scheme consumes minimum cost when compared to the prevailing schemes. Figure 6 clearly displays the graphical representation of communication cost for various prevailing schemes with our proposed work.

Storage Cost
The capacity of the D j to store the keys in its controlling device is termed as the storage cost. Since the memory capacity is related to the resource constraint of D j 's design. The keys generated should be small enough to be accompanied in the design. In this suggested framework, the D j is equipped to store the value of session key and timestamp values for a period. The memory storage for the proposed protocol is calculated as 1046 bits. Table 6 shows the comparison of the storage cost of the proposed work with the existing schemes. The suggested work is compared with prevailing works such as Singh et al. [22], Tian et al. [23], and Zhang et al. [25] and found to have lower storage cost. Figure 7 depicts the graphical illustration of the storage cost of different prevailing works with the suggested work.   Proposed Scheme 1046

Drone's Serving Capability
The number of drones efficiently providing service to the end-user determines the drone's serving capability. Let Ρ be the probability of ℵ number of drones that provide service to the . The total computational time incurred in this suggested work is calculated as Λℳ = 7 + 2 + 2 . Thus, the service providing competency of the is calculated as = ℵ. ℳ * ℵ . Figure 8 shows the serving capability of . From the figure, it clearly indicates that the service-providing competency decreases with the increase in the number of drones. Moreover, the figure s if the computational time is low, the serving

Drone's Serving Capability
The number of drones efficiently providing service to the end-user determines the drone's serving capability. Let P be the probability of ℵ number of drones that provide service to the EU i . The total computational time incurred in this suggested work is calculated as ΛM = 7Ex e + 2Ex p + 2Ex h . Thus, the service providing competency of the D j is calculated as = P ℵ.ΛM * ℵ . Figure 8 shows the serving capability of D j . From the figure, it clearly indicates that the service-providing competency decreases with the increase in the number of drones. Moreover, the figure s if the computational time is low, the serving capability is high.

Conclusions
A competent mutual and batch anonymous authentication scheme with privacy is suggested in this article. This work suggests an effective secure commu in the IoD environment. In case of critical situations, the location privacy o preserved in this suggested work. The security investigation section ensures the re of the proposed work against various well-known attacks. Finally, 's serving ca to the is also deliberated. The main contribution of privacy preservation betw end users is achieved. Moreover, for authenticating groups of drones authentication with reduced computational overhead is implemented. In a integrity preservation of the confidential information from the drone and location of the drone is preserved.
The suggested work uses only a simple cryptographic pairing and operations for both privacy preservation during mutual and batch authenticatio reduces the computational cost, communication cost, and storage cost significant compared to prevailing existing schemes. Session keys are generated the pres integrity and privacy of the confidential information. Moreover, a simple EXOR o is utilized during the session key generation request, session key integrity prese and key exchange. Finally, location privacy can be achieved by efficiently by utili CRT algorithm. The future scope of this work can be extended to the incorpor artificial intelligence (AI) and blockchain technology into the authentication proto

Conclusions
A competent mutual and batch anonymous authentication scheme with location privacy is suggested in this article. This work suggests an effective secure communication in the IoD environment. In case of critical situations, the location privacy of D j is preserved in this suggested work. The security investigation section ensures the resistance of the proposed work against various well-known attacks. Finally, D j 's serving capability to the EU i is also deliberated. The main contribution of privacy preservation between the end users is achieved. Moreover, for authenticating groups of drones, batch authentication with reduced computational overhead is implemented. In addition, integrity preservation of the confidential information from the drone and location privacy of the drone is preserved.
The suggested work uses only a simple cryptographic pairing and hashing operations for both privacy preservation during mutual and batch authentication which reduces the computational cost, communication cost, and storage cost significantly when compared to prevailing existing schemes. Session keys are generated the preserve the integrity and privacy of the confidential information. Moreover, a simple EXOR operation is utilized during the session key generation request, session key integrity preservation, and key exchange. Finally, location privacy can be achieved by efficiently by utilizing the CRT algorithm. The future scope of this work can be extended to the incorporation of artificial intelligence (AI) and blockchain technology into the authentication protocol.