A Lightweight Authentication Protocol for UAVs Based on ECC Scheme

Round 1

Reviewer 1 Report

The main concern about this study is the comparison part, which is too weak. Comparing with schemes of 2014 till 2018 cannot be justified. The literature is too old and irrelevant. In the presence of dozens of authentication schemes for DRONES/UAVs published in 2021, 2022 and 2023, the comparison section of this study becomes irrelevant.

Several heading are without any text.

The proposal figures (4,5 etc.) are incomplete. Authors may refer to some latest schemes to get a clear idea for these figures.

Author Response

We feel great thanks for your professional review work on our article. As you are concerned, there are several problems that need to be addressed. According to your nice suggestions, we have made some corrections to our previous draft, point-by-point responses to the nice reviewer are listed below this letter. All changes to the manuscript has been highlighted.

Author Response File: Author Response.docx

Reviewer 2 Report

Comment: 

This paper proposes LAPEC, an identity authentication protocol based on ECC that addresses authentication threats and data leakage in UAV networks. LAPEC ensures backward security by including an additional key update process, and provides flexibility for large-scale deployments through pre-registration. Compared to EDHOC, LAPEC offers superior backward security and flexibility with minimal overhead.

Problems that need to be revised in the paper:

1.In introduction section, Line 27 is missing a period after "etc. [2, 3]".

2.The introduction to EDHOC in section 2.2 could be improved as it may not be clear enough. It would be helpful if the message in detail, such as message_1, message_2, and message_3, are specified along with their functions. Additionally, it would be beneficial to introduce SIGMA, which is proposed in this section, and explain how it differs from EDHOC.

3.To further address the Problem Analysis in Section 2.3, you need to provide a detailed explanation of how EDHOC lacks Post-Compromise Security (PCS).

4. In section 5.1,You should be careful and solve the “Error! Reference source not found.” problem.

5. In line 470 of section 5.2, you should place the text “in Table 5 can be obtained:” above the table.

Author Response

We feel great thanks for your professional review work on our article. As you are concerned, there are several problems that need to be addressed. According to your nice suggestions, we have made some corrections to our previous draft, point-by-point responses to the nice reviewer are listed below this letter. All changes to the manuscript has been highlighted.

Author Response File: Author Response.docx

Reviewer 3 Report

An interesting work on a useful topic. The paper needs to go through a thorough revision, improving the grammatical issues and adding clarifications on few points. Detailed feedback is provided below:

 

Line 15 ‘lacks of’--- lack of

Line 27: agriculture, etc. (comma missing)

28: as shown

33: videos, photos (plural from)

39: serious consequence, (make plural

44: revise: most drones have shortcomings (such 44

as low computing power, small storage space, and etc.), (and etc.??

 

 44: Because most drones have shortcomings (such

as low computing power, small storage space, and etc.), it is difficult to directly apply 45

traditional identity authentication and key agreement protocols [6].-àfind additional reference that resonates to the challenge of uav authentication and their low capacity resources.

49: double check ref 8 – if it can be used for UAVs.

50: revise the sentence (49); 50: double check if Ref 10 is about security hindering large scale UAV deployment.

 

EDHOC protocol--- expand in first use on line 52.

ECC- expand in first use in line 52

58: one line paragraph! Merge with next paragraph.

61: researchers use it- proposed the use of it..

Fix grammar: both commercial and/or military scenarios

Fix grammar : In this case, these drones can be

equipped with RFID tags and be required to pass through a reader checkpoint whereby

the tag is scanned and it is credentials sent to a secure server unit for verification. (it is)

fix grammar: 65: Though the authentication

check grammar: 73

Too strong claim, needs supporting statements: However, their methods could dealt with problems related to one-to-one authentication, but failed to provide solutions for dynamic and large-scale networks [18]. [pg 73]

86: what does this sentence mean? Wha tis Ever 20? What inherent issues remained? Explain.

 

88 : Some related work can be found in [27], [29-30], and we will compare with them 88

when analyzing the time cost in section 5.--- mention briefly here what these works are (details may be in Sec 5).

Sec 2.2: use citation for the RFCs. As well as for the EDHOC scheme. Expand the name on the first use.

2.2 suddenly talks about EDHOC scheme without any linkage shown in prior parts: how is that relevant to the paper?

“EDHOC consists of three messages (message_1, message_2, message_3) that map directly to the three messages in SIGMA-I.”- To achieve what?

Improve Figure 2 caption: which feature of EDHOC scheme is being shown? Which purpose do the exchanges of messages serve?

Fix citation: known as future security or post-compromise security (PCS), was formally defined by Katriel et al. 22.

Fig 4: are the LAPEC messages different than the EDHOC authentication messages? If *not* then please do not use a different name (LAPEC) message (Fig3 also).

Figure 5: use a complete caption: Authentication phase of ….. showing….

193: fix grammar (Use the…)

300 “If the session key 300

needs to be updated, either party will initiate a key update request” – discuss when the ‘if’ will come true, i.e., how the entity finds that it is time to update the session key.

 

The discussion  on the new session key generation by the EDHOC and the proposed protocol needs  more clarity: why the EDHOC new key gen works worse for backward security than that of the proposed one?

 

“Since the pre-registration process added to the LAPEC protocol does not change the key calculation in the authentication protocol phase,” – it is *not clear* if the authentication protocol phase in the proposed protocol is different than that of EDHOC. Most of the text concentrated on the authentication phase of the proposed protocol, however.

 

Present a diagram /picture from the use of Tamarin tools showing the formal analysis of .

 

In terms of time overhead, related primitive operations and 413

communication overhead are mainly considered 23-26Error! Reference source not 414

found..—fix the referencing issue.

 

Table 4: include citation for the schemes. For example, Xu27 does not mean much if not linked to the work via the citation.

 

“Among the table”—what does it  mean? Fix it please.

“The pre-registration phase only performs 2TH which costs 425

10% of the authentication phase computation cost.” Where is this 10% coming from?

-Fix citation: results of Roy et al.34.

-Fix sentence: In order to facilitate the time cost comparison without the hardware platform, referring to the experimental results of Roy et al.34.

 

Please elaborate with a couple of examples: “As it is shown in Table 4, LAPEC has computational overhead

similar to most schemes in the authentication phase, especially to EDHOC scheme. What’s

more, LAPEC is better than some ECC-based schemes.”

 

Rewrite Conclusion: briefly talk about problem this paper addresses, proposed idea, performance discussion and future work.

 

 

 

 

 

 

 

 

 

 

Author Response

We feel great thanks for your professional review work on our article. As you are concerned, there are several problems that need to be addressed. According to your nice suggestions, we have made some corrections to our previous draft, point-by-point responses to the nice reviewer are listed below this letter. All changes to the manuscript has been highlighted.

Author Response File: Author Response.docx

Round 2

Reviewer 2 Report

In this paper, LAPEC is presented as an identity authentication protocol that utilizes ECC to tackle authentication risks and information leakage in UAV networks. By implementing an extra key update mechanism, LAPEC guarantees backward security and offers scalability for broad deployments through pre-registration. LAPEC outperforms EDHOC in terms of backward security and flexibility, while maintaining low overhead.

This paper provides a comprehensive technical description of the LAPEC protocol, covering its cryptographic algorithms, key generation and management, message exchange process, as well as experimental results demonstrating its performance in terms of message overhead and computational complexity.The article seems to be a well-researched and technically sound exploration of the LAPEC protocol, with a focus on its security and practicality.

 

Problems that need to be revised in the paper:

1.At line 61, you need to standardize the indentation format at the beginning of the paragraph.

2.In Figure 6, you should standardize the style of the two diagrams. First, you should unify the fonts of "Device" and "GWN" in both diagrams. Secondly, in the protocol flow, you should standardize the notation of "<Enc(SK;G_Y')>" and "<Enc(SK,G_Y')>".

Author Response

We feel great thanks for your professional review work on our article. As you are concerned, there are several problems that need to be addressed. According to your nice suggestions, we have made some corrections to our previous draft, point-by-point responses to the nice reviewer are listed below this letter. All changes to the manuscript has been highlighted.

Author Response File: Author Response.docx