Identity and Aggregate Signature-Based Authentication Protocol for IoD Deployment Military Drone

With the rapid miniaturization in sensor technology, ruddervator, arduino, and multi-rotor system, drone technology has fascinated researchers in the field of network security. It is of critical significance given the advancement in modern strategic narratives. This has special relevance to drone-related operations. This technology can be controlled remotely by an invisible yet credible operator sitting to a powerful intelligence computer system (PICS) or an airborne control and command platform (AC2P). The two types of drones (reconnaissance and attacking) can communicate with each other and with the PICS or AC2P through wireless network channels referred to as Flying Ad Hoc Network or Unmanned Aerial Vehicular Network (FANET or UAVN). This mode of communication is not without some inconvenience. For instance, when the line of sight is broken, communication is mainly carried out through satellite using GPS (Global Positioning System) signals. Both GPS and UAVN/FANET use open network channels for data broadcasting, which are exposed to several threats, thus making security risky and challenging. This risk is specifically eminent in monitoring data transmission traffic, espionage, troop movement, border surveillance, searching, and warfare battlefield phenomenon, etc. This issue of security risk can be minimized conspicuously by developing a robust authentication scheme for IoD deployment military drones. Therefore, this research illustrates the designing of two separate protocols based on the aggregate signature, identity, pairing cryptography, and Computational Diffie-Hellman Problem (CDHP) to guarantee data integrity, authorization, and confidentiality among drones and AC2P/PICS. More importantly, the outdated data transmission flaw has also been tackled, which is of obvious concern to the past designed protocols. The security of the proposed designs is formally verified using a random oracle model (ROM), a real-or-random (ROR) model, and by informally using pragmatic illustration and mathematical lemmas. Nonetheless, the performance analysis section will be executed using the algorithmic big-O notation. The results show that these protocols are verifiably protected in the ROM and ROR model using the CDHP.


I. INTRODUCTION
The use of drones in the military field is more prominent than the civilian domain. This rapid advancement in military drone technology can be used for stealth, espionage, attacking, border monitoring, and surveillance of troops movement. Besides these, the military mission delivery is crucial because it carries sensitive data using an open network channel, which The associate editor coordinating the review of this manuscript and approving it for publication was Aneel Rahim . requires secure IoD architecture and needs physical logistic security to the intersecting route. This mission delivery of miliatry drone face many issues and challenges, especially the protection of intelligent command delivery, privacy, message authentication, and identification authentication [1]. It is mandatory that, before operationalizing a drone for military mission delivery, its control infrastructure is required for securing its open network channel. As wireless networking and computing technologies are contemporary fields of computing technologies, like Unmanned Aerial Vehicular VOLUME 9, 2021 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ Network (UAVNs) and Flying Ad Hoc Network (FANET) have been contributed a lot in providing numerous applications in the military domain. Miliatary drone technologies monitors suspicious spots, collect information, control flowing of data, intelligence exchange of command and control in the warfare battlefield. This bilateral exchange of data needs to be controlled by the system (AC2P/PICS). The synergy among UAVN/FANET and control system periodically transmits real-time information fusion. A small dubious command can mislead the attacking drone for a wrong decision. By deploying drones in warfare, efficient information authentication is needed [2]; identification authentication is beyond the scope of this paper. Nevertheless, the vulnerability of such data may threaten the security of the entire country.
Overall, drone technology has matured, and unmanned aviation and aircraft, alone or in combination with AC2P/PICS and maritime vehicles, possess a high significance in the military sector. Despite increasing interest in civilian applications, military use is currently the largest market for drones/UAVs and is expected to remain so in the near future. The creation of Sense and Avoid (S&A) technology [3] will enable the UAV to autonomously detect a manned aircraft and then make flight path corrections to avoid a midair collision. Integrating military UAVs into congested airspace for current technology (FANET/UAVNs) is one of the most critical research areas [4]. Other associated issues and challenges in the military domain must be addressed for UAVs to remain operational, such as GPS signal spoofing/jamming is a severe threat that stops a receiver from receiving a reliable GPS signal. The cameras inside the military drone catch photograph containing invisible information like resolution, shooting time, and coordinates. This hidden information, in turn, badly affects the security and privacy of the system. An adversary can break the communication session by generating a fake signal and forging sensitive information. For example, system failure occurs, an adversary controls the signal's frequency used by the drone for sensitive data transmission and uses it for malicious deeds [5], [6].
Furthermore, the military drone is potentially vulnerable to several attacks, such as spoofing, physical capture, collation, and forgery attacks. Before exchanging secrets and confidential information over an unreliable communication channel (FANET/UAVNs), there is a lack of coordination and collaboration for not allowing a registered and permitted entity to interact securely in IoD. Similarly, drones also have limited flight time and energy resources, due to which it is exposed to many security threats. However, without solving these issues successfully, it would cause immense harm at any time [7]- [10] to IoD. So, these challenges can be addressed only by designing a flawless authentication protocol to effectively operationalize drones for military mission delivery and qualify for complex operation in IoD environment.

A. MILITARY DRONE SYSTEM ARCHITECTURE
Drone technology has become a precious weapon to militarized forces worldwide which is evident from its widespread use in many recent conflicts. This technology has minimized radar subscriptions, improved longevity, and emancipated humans from immediate danger. Even though none of these UAVs has an operator on board, human supervision remotely is an integral part of the technology. Similarly, though less developed, civilian uses of UAVs still necessitate supervisory authority for complex operations such as border patrol, agriculture monitoring, and disaster response. In order to develop an IoD environment that can effectively support single operator and multiple UAV control, efforts should be put together by a team of human operators, software agents, and UAVs to optimize mission effectiveness while keeping costs down. To do so, the system architecture presented here in this paper consists of reconnaissance drones, attacking drones, airborne control and command platform (AC2P), and a powerful intelligence computer system (PICS). All the participants are equipped with UAVNs/FANETs and can also be enabled for other wireless communication interfaces and integrated with GPS signals. The reconnaissance drones communicate with each other and with AC2P but not with a powerful intelligence computer system (PICS). In contrast, AC2P and PICS can speak directly and coordinate reconnaissance drones at any time. Similarly, attacking drones can communicate with AC2P, PICS, and with each other but not with reconnaissance drones. Collaboration and coordination (synergy) among all the participants are mandatory; otherwise, it cannot perform a complex tactical task, as shown in figure 1.

B. FLYING ZONE DESCRIPTION
Drones must be deployed in a specific flying zone, and their clusters are also be operationalized in pre-determined flight zones. PICS or AC2P can access a designated drone from some location and can detect unauthorized/compromised drones of any type. When a drone is in a specified zone, PICS/AC2P regulates its flight and authenticates its legitimacy. Confirming a legitimate drone's authenticity, integrity, and confidentiality or identifying an illegal drone in the flying zone can also easily be detected due to the intermediary agent (AC2P/PICS). Garibi et al. [11] explained the flying zone strategy for a vast terrestrial space in detail. We recognize their zone strategy for delivering neutrality, modularity, and uniformity so that a drone can broadcast information with AC2P/PICS and another drone securely. Also, to cover a larger area, such as a long border, the AC2P/PICS must be logically interacting. This strategy will supervise multiple UAVs in a cluster at different flying zones, traffic, shifting a UAV from one flying zone to another and providing mandatory statistics. Gharibi et al. [11] also explained the handover tactics when a drone turns its location from one to another flying zone.

C. NOMENCLATURE
The different notations used in this paper are described here in this subsection, as shown in Table 1.

D. TRAJECTORY DESCRIPTION
Using Dubin's route theory to establish a trajectory to materialize multiple UAVs and optimize the contact relay between UAVs and PICS/AC2P that can centrally administer the entire mission. Various strategic constraints should be considered, like planning, AC2P/PICS position, flying zone, and UAVs. But synergy is mandatory amongst all the participants for efficient and effective channel accessibility and minimum communication overheads. It is worth mentioning that the said communication is synchronous; AC2P/PICS must check every connection (drone → to → drone or drone → to → AC2P or drone → to → PICS) to qualify for a complex military operation. According to [12], [13] and [14], the path is allocated only to authorized participants. By doing so, the network too dynamically change its topology depends upon '' who access whom'' that can be obtained using semielasticity as given: (1) where f R (ob) e means change in topology without adding any additional resource, while f R (ob) e means change is made with the addition of allowed resource. According to [14], (1) is deduces as; where L = no. of links on ith drone Macaulay's equation [14] is a guarantee for the current value of the additional resource in the topology, as given: Next, network management over a specified channel can enhance connectivity, is given as: According to (6), channel connectivity as: In the context of network security, a threat means any potential danger to the IoD architecture using any wireless network (FANET/UAVN) that can exploit a vulnerability to breach system security. As the communications between all the participants are performed via a public network (wireless communication) channel, all known attacks are possible because the adversary is much strong nowadays. The possibilities [15], [16] of different kinds of attacks are listed VOLUME 9, 2021 as i) can de-authenticate one or all drones, ii) might inject false information on the exchanged information, iii) alter it at any stage, iv) disturbs the privacy of a drone, v) find the location of a drone and launch a physical attack on it, vi) can desynchronize the shared secrets, vii) spoof AC2P/PICS for a wrong decision, and viii) might mislead AC2P/PICS for a wrong decision by changing the coordinates' intelligence command regarding the suspicious target. The adversary cannot compromise the fully trusted entity PICS/AC2P at any stage, while all others are partially trusted entities. The different domains that identified for the possible threat are as under:

1) SIGNAL JAMMING THREAT
By jamming the signal, the adversary could disable the drone's link with the PICS/AC2P. An adversary obtains and monitors the critical GPS signals required by drones for data transmission; it then creates and regulates a fake GPS signal using Ettus-USRP, which has the same frequency and bandwidth as the real one. It aligns fake and reliable signals, increases the frequency of the fake signal to block the reliable signal, and then uses it to launch a GPS spoofing/jamming assault on both PICS/AC2P and drones.

2) FLIGHT-CONTROLLER THREAT
This threat is associated with falsifying factual data, disclosing data, and damaging the IoD infrastructure. This threat launched by an adversary by controlling all the services provided by ground-control-station for air traffic controllers; instead of GCS, the adversary directs the drone and fully manages it in the airspace; and offers advisory services to drone in the air non-controlled airspace.

3) SIGNAL SPOOFING THREAT
The adversary can mislead the drone for a wrong decision.
The intelligence data has a command sent by PICS/AC2P towards a drone; the attacker can catch it, after possible injection; mislead the attacking drone for a wrong decision.

4) FALSE DATA INJECTION THREAT
The attacker can manipulate the data sensed by the embedded sensor for a different physical phenomenon like troop movement, border surveillance, suspicious spot monitoring etc. This is a dangerous and undetected threat launched by an adversary to calculate the state variables and values.

5) ROUTING CONTROL THREAT
The adversary also can launch grey-hole, wormhole and black-hole attacks and constantly monitor the data flood by launching a rushing attack on it.

6) UNAUTHORIZED ACCESS THREAT
The attacker can also have a chance to modify the different parameters of the legal entity in the IoD environment. The adversary gains access to legitimate communication among drone and AC2P by bypassing a system's security protections in this threat.

7) PRIVACY THREAT
An adversary may use aircrack-ng software to extract the drone's coordinates and other helpful information from stolen data packets, airodump-ng to detect signal power, store and filter it for future attacks, and airplay-ng to disrupt the synergy. By sending disassociation packets regularly, the attacker might disrupt the entire network's regular operation.

8) PHYSICAL CAPTURE THREAT
An adversary can physically capture a drone. If a drone is lost or if an adversary can transcribe or kill it, the adversary can target it to gain access to the information contained in the drone's memory. After that, he or she may reveal the encrypted data and begin authentication with AC2P, PICS, or any other drone in the cluster or any other.

9) TRAFFIC ANALYSIS THREAT
The adversary will analyze drone traffic in order to derive useful information from IoD devices and networks. The traffic is made up of packets sent and received by the drone and AC2P/PICS. The forensic examination of traffic packets reveals sensitive information. The drone is fitted with sensors that capture data from the real-world environment on the battlefield, stored in packets containing helpful information. The adversary studied it to see if it could be used as a weapon.

10) ACCESS CONTROL THREAT
An attacker can be aware of all the rules, procedures, and communication channels available to a legitimate participant. He/she then has access to change rights, approvals, authorization, and authentication, resulting in significant losses.

11) IDENTITY SPOOFING THREAT
An adversary can effectively impersonate a legitimate entity by spoofing the identity of a real drone. After that, he or she has power over the public communication channel.

F. MOTIVATION AND CONTRIBUTIONS
As FANET/UAVN is an infrastructure-less, resource-less and self-organizing network, FANET⊆MANET but the security features being operationalized for MANET cannot apply to FANET/UAVN. Similarly, the available threats caused to the IoD environment don't include all security features. By mitigating all the associated threats to such a low-latency network, there is a dire need for a robust security mechanism to guarantee security against the known loopholes attached to IoD deployment military drone and data transmission over a public channel. Although numerous authentication protocols were proposed for IoD by different researchers using different techniques, no one claims with full confidence about a foolproof security mechanism. These schemes are either handicapped from a privileged insider, stolen-verifier attacks, or having outdated data transmission and designed flaws. The poor design can emerge that these cryptographic techniques don't work against many vulnerabilities because they can easily be targeted and malfunctioned by attackers. Therefore, we attempt to propose an identity and aggregate signaturebased authentication protocol based on [17]- [20] that ensures IoD deployment military drone information broadcasting security, efficient access by a legitimate user, and high availability. The key contributions of this research paper are as under: i. We have used pairing cryptography for generating public-private key pairs in protecting data from a strong adversary. While the computational Diffie-Hellman key exchanged method is used for communicating keys among all the participants of IoD. ii. These protocols/frameworks are free of forgery, privileged insider, collation, and stolen-verifier attacks. It doesn't have an outdated data transmission flaw. iii. A malicious node/drone cannot misguide a legitimate drone or AC2P/PICS for a wrong decision. iv. If an adversary physically captures a drone, it cannot figure out the internal credentials for a possible replay, side-channel, and DoS attacks. v. Each drone can individually check the validity of the aggregate signature to guarantee a GPS spoofing attack. vi. Due to the usage of pairing cryptography and the Computational Diffie-Hellman Problem (CDHP), the identities generated and used for different IoD participants in the proposed authentication protocol are verifiably unforgeable. vii. The aggregate signature length is equivalent to the independently generated signature, which offers better performance and minimum time complexity or computation cost.

II. PRELIMINARIES
The purpose of this section in the research paper is to attempt a concise definition of some indispensable cryptographic approaches which are needed for securing drone communication in the military environment. We discuss some mathematical background and associated preliminaries necessary for designing security frameworks, scrutinizing the security, and evaluating its performance. The other aspect of this section is to offer some scoop regarding pedagogic cryptography, public-key cryptosystem, certificateless cryptography, and associated computational complex problems. Finally, we have presented a concise description of the provable security. This foundation is, by no means, exhaustive so that it is just used to speed up drone application in both military and civilian domains.

A. DIGITAL SIGNATURE
An algorithm [21] used for information security having the following three sub-algorithms: Gen: By giving some security parameters (λ), this algorithm outputs public-private key pairs (P pk , P sk ) i.e. Gen(λ)←P pk , P sk Sign: By giving P sk and message m, this algorithm output a signature σ i.e. Sign(m, P sk )← (σ ) Verify: By inputting P pk , message m, and σ , the output is either 1 accept or 0 reject, i.e. verify (m, σ , P pk )← 1(

B. BILINEAR MAPPING
Suppose two groups, namely G 1 and G 2 , of order prime q, then e = G 1 x G 1 → G 2 called bilinear pair/map [22] having the following features: i. Non-degeneracy: If G 1 is a multiplicative group of generator g 1 and g 2 of order prime q, then g 1 , g 2 ∈ G 2 s.t. e (g 1 , g 2 ) = 1 ii. Computability: The existence of g 1 , g 2 ∈ G 2 means there must be an algorithm available for computing the pair e (g 1 , g 2 ). iii. Bilinearity: For all g 1 , g 2 ∈ G 2 and a, b ∈ Zq * , these are valid tuples e (g a 1 , g b 2 ), e (g 1 , g 2 ) ab , e (g 2 , g 1 ), and e (g 1 , g 1 + g 2 ). Inventive protocols for tasks like one-round three-party key agreement, identity-based encryption, and aggregate signatures can be constructed using the bilinear map process. VOLUME 9, 2021 Three parties share the secret M = xyzP; the bilinear method provides a secure way to the condition that if the key pairs xP, yP, zP, xyP, xzP and yzP are computationally hard for an adversary to calculate. While the following properties of pairing cryptography can easily be proved: i. e (P, ∞) = 1, and e (∞, P) = 1 ii. e (P, −Q) = e (−P, Q) = e (P, Q) −1 iii. e (xP, yQ) = e(P, Q) xy for all x, y ∈ Z iv. e (P, Q) = e (Q, P) v. e (Q, g 1 ) = 1 for all g 1 ∈ G 1 and P= ∞.
If e is represented as a bilinear map/pair, then the Bilinear Diffie-Hellman Problem (BDHP) on xP, yP, zP can be computed e (P, P) xyz .

C. PUBLIC KEY INFRASTRUCTURE (PKI)
There is no need to exchange key privately in conventional public-key cryptography but must be adequately managed each time. During the whole process, securely and efficiently, management of public/private keys pair is challenging. For such purpose, cryptographers [23] developed scenarios in which key pair is created, efficiently utilized it (public access for encryption and private for decryption), and finally, the key pairs invalidated. The invalidation phase has happened when the life cycle of the key pair becomes wind-off or compromised. This methodology is called public key infrastructure (PKI). In PKI, the key pair must be available to peers to verify its authenticity, validity and confirm other security features. If the session of one key becomes expire and declared invalid, PKI can manage the null key.

D. CERTIFICATELESS CRYPTOGRAPHY [24]
A novel idea aims to realize the benefits of identity-based cryptography without the need for key escrow problems. This technique bridges the gap between identity-based and PKI-based cryptography and eliminates identity-based cryptosystems (ID-PKC). Its encryption process does not necessitate any pairing computation, substantially lighter and quicker. It outperforms other cryptographic techniques in terms of computational performance, supports public keys that humans can remember, provides randomness in key construction, and re-use for the sake of understanding. It has a high level of unforgeability, solves issues with encryption methods, no need to use a certificate to connect the identity to the public key since any string, including identity, can be used as a public key, and keys can be revoked for a fixed time [24].
E. COMPUTATIONAL DIFFIE-HELLMAN PROBLEM (CDHP) [25] In 1976, Diffie and Hellman [25] demonstrated an elegant, efficient and reliable technique for establishing a secure key exchanging among two legitimate peers. Their idea is as under: Let a cyclic group G of random numbers of order prime, and g be a generator of G, then: Peer A chooses x, and peer B chooses y. A publishes P = g x , B published Q = g y ; A computes L = Q x and B computes R = P y . Finally, L, Q are public, and L = Q x = P x = g xy remains secret and is termed as Diffie-Hellman, shared private key. This is hard for an adversary to find or compute at any stage, called Computational Diffie-Hellman Problem (CDHP).

F. BIG O NOTATION
It's the most widely used metric for determining time complexity. It expresses a task's execution time regarding the number of steps taken to complete the protocol or standard symbols such as big-O to indicate execution time complexity and computation cost [26]. There are numerous forms of big-O notations; some of these are described as under: The other big-O types are beyond the scope of this research.

III. RELATED WORK
Kettering Bug was a person in the US Navy who first flew a drone in 1918 but was not deployed for war. Elmer Sperry led a project and invented a drone, which is said to be the founder of a drone. Initially, a drone was deployed for three main tasks: dangerous, dirty and dull, and was called the three-D operations.
The first identity-based cryptographic protocol was presented by Shamir [27] in 1984. He was the founder of identity and digital signature for message authentication. He said that a public key could easily be generated from a user's unique identity without any extra certificate. In contrast, the first aggregate signature-based protocol was presented by Boneh et al. [28] in 2003 by aligning n signatures on n messages for n signers. The signature of [28] was worked for two parties, but it couldn't resist forgery attack when users' number increased.
Srinivas et al. [29] demonstrated a mechanism consisting of five entities, i.e., Ground-Station-Server (GSS), flying zones (FZ), drones (D), external users (MU), and a control room (CR). They said that FANET is a low latency network, and limited bandwidth needs more attention for its security in performing any sensitive task. FANET/UAVN is suitable for drone technology in the IoD environment to track suspicious spots and location identification. FANET/UAVN is open network communication, and an adversary can track a drone, maliciously act to interrupt its services, and physically capture it. To make it protected from such a powerful adversary, [29] said that drones are exposed to potential threats because external users can operate drones from anywhere. However, the mechanism proposed by [29] is suffering from stolenverifier, tractability attacks, and doesn't facilitate anyone for dynamic addition of a drone.
Chaudhry et al. [30] tackled forgery attacks for a complex system by designing three-factor biometrics-based authentication schemes. They mitigated the privacy, location disclosure, and traceability concerns for the end-user in distributed cloud computing. Besides this, several other attempts have also been made to achieve the system's protection and privacy. But without strong authentication and privacy-preserving, no one can guarantee secure communication. The researchers of [30] have demonstrated that some identity-based authentication protocols are now vulnerable in distributed mobile cloud computing environments, especially suffered from forgery attacks. Since any adversary with access to only public parameters may forge the secret parameters of a legitimate service provider.
Chen et al. [31] proposed an ECC-based security framework for small UAVs to work collaboratively because FANET in IoD lacks fixed topology, challenging to make it secure. Their framework consists of manufacturers (UAVs), a trusted authority centre (TAC), a player (mobile device), and a ground-control station (GSC). UAVs, mobile-user, and GSC first registered with TAC, player, and manufacturer mutually authenticate each other and then deployed in IoD. They used the computational Diffie-Hellman key exchanged technique to advance the security of random keys among participants. But forgot to mentioned drone addition, revocation, and reissue phases. Also, their scheme is suffering from a privileged insider, stolen-verifier, and outdated data transmission flaw. Cho et al. [32] demonstrated that information security is crucial for drone technology before operationalizing it for a complex operation. They suggested that the drone, operator, and station must first register with the certificate authority, and then giving permission in the IoD environment for complex task, but protocol is lacking dynamic drone addition, revocation, and reissue phases.
Seo et al. [33] confessed the secure transmission of information between drones and GCS, a white-box encryption method efficiently delivered food, goods, and medicine and used in agricultural land monitoring. Farash et al. [34] proposed a secure and confidential data transmission for heterogeneous WSN enabled IoT can also be feasible in the IoD environment. Farash et al. used a simple symmetric encryption/decryption method to design a highly efficient scheme. Al-Turjman et al. [35] presented protocol for public cloud data security in IoT enabled equipment using MANET. They used bilinear pairing cryptography in combination with the ECC technique. Also feasible in IoD deployment drone technology. Jiang et al. [36] presented a three-factor key-agreement protocol for network-enabled devices using WSN. They claim that the Rabin cryptosystem is fast and secure than RSA and ECC; therefore, they named it 3FARC (Three-Factor Rabib Cryptosystem) technique. Ever et al. [37] demonstrated an authentication scheme for an e-health-care system using WMSN. An improved elliptic curve cryptographic system was used and claimed that their protocol is feasible against password guessing and stolen verifier attacks. Cheon et al. [38] urged that when an IoD environment's published homomorphic encryption-based authentication scheme has been presented; their method is innovative for drone deployment in different environments.
Zhang et al. [39] designed a privacy protection protocol for grid computing has been presented to guarantee secure communication between service providers and smart objects. Their scheme is also feasible for 5G enabled drones. Teng et al. [40] demonstrated an identity-based ECC certification method was used to design a three-factor authentication scheme for working in Unmanned Aerial Vehicular Networks (UAVNs) enabled vehicles (drones). They said that RSA couldn't be feasible for such a resourceless environment, as it provides a log certification facility. Feng et al. [41] proposed identity-based lightweight authentication for the distributed computing environment. Ali et al. [42] cryptanalyzed the TCALAS of Srinivas et al. and proposed an improved mechanism for drone monitoring smart city that works for the different physical phenomenon and named it iTCALAS. Ko et al. [43] proposed a hybrid cryptographic based protocol for IoD deployment military drone. Encryption/Decryption, Elliptic Curve Digital Signature Algorithm and Hash Message Authentication Code were used for designing the security framework and claimed that their protocol is guaranteed for the security of communication security amongst drone-to-drone instead of drone-to-GCS. Besides, they verified the security of their proposed using BAN authentication logic and Scyther software toolkit. To monitor a large geographic region Utsav et al. [44] proposed a UAV network-based technique in the military domain that utilized radar and antenna for beam steering to detect the unwanted signal. Their proposed scenario is a significant contribution to the knowledge field, but it couldn't perform well for UAVs working for a complex tactical operation.
Furthermore, Shen et al. [45] presented an identity-based aggregate signature authentication scheme grounded on pairing cryptography. Their scheme consisted of setup phase, key-generation, signing, aggregation and verification phase. The cryptanalysis result of Shen et al. [45] scheme shows that it is suffered from a forgery attack. Because, if a challenger says C picks a security parameter W and runs a setup algorithm, C not only calculates the valid param of the user but also retrieve a valid tuple.
Similarly, Hong et al. [46] presented an identity-based aggregate signature authentication scheme for UAVs working in the cluster and are possibly to be deployed in warfare battle filed or for border surveillance. Their strategy consisted of setup, request, response, aggregate, and verification phases. However, after the extensive analysis, their scheme is suffered from the following security vulnerabilities:

1) COLLATION ATTACK
Suppose adversary A identifies the frequency and bandwidth of a legitimate signal, A generates spoof signals of greater VOLUME 9, 2021 strength and higher intensity and sends REQ = Area||T A message over it. It overlays the system's request signals used for suspicious target monitoring. And let challenger C chooses a random number r, calculate public key R * = rP, obtained private key s and given back it to the A. A recycled it for calculating θ * = sH(REQ||R * ) and sends a fake request towards a valid user U n . Upon receiving θ * for m * i , U n is forced to verify e(θ * , P) = e(H(REQ||R * ), P pub ), which in turn gained for a potential replay attack. Because the user at this stage led to the wrong estimation of the current position and predicts wrong coordinates, promptly locks the target or suspicious spot and informs the base system for performing an action called collation attack. Due to this alignment of a forged signal on an original signal, the adversary successfully accesses the internal credentials of the system. Therefore, the scheme [46] is suffering from a collation attack.

2) FORGERY ATTACK
Suppose a challenger C obtained system public key P pub and param and returns it to A. A chooses a random number r, calculates R = rP pub , after polynomial times attempts by A and gets system secret key s. He/she can quickly produce user's identity ID i and computes user's public key Q Idi and sends a request message REQ||R towards user. Upon receiving REQ||R message from the adversary, the user calculates P pub from REQ||R and generates a fake signature = sH(REQ||R), sends towards the base station for verification, the system at the moment is forced to validate it. It means that adversary A successfully launched a forgery attack or forges the signature and obtained a valid signature. Therefore, scheme [46] is suffering from a forgery attack.

3) PRIVILEGED INSIDER ATTACK
Actually, the identity in the user is P pub = sP, and in the server, it is P = rP. Here, P pub matches P. A newly key, say T i = t i P is built temporarily for the cluster head and is exposed to the server; the privileged insider can easily identify this public parameter (key) of the system. And then masquerade the user in the request message from the server and impersonate the other users to the defrauded cluster head.

IV. PROPOSED SOLUTION
The Powerful Intelligence Computer System (PICS) registers Airborne Control and Command Platform (AC2P) and each drone (reconnaissance and attacking) before deploying to the area for the tactical task. It is worth mentioning that the bilinear mapping technique is used for calculating the keys (both public and private keys). Suppose G 1 and G 2 are two groups of order q (prime number). Let P be a generator of G 1 and |G 1 | = |G 2 |, then e : G 1 xG 1 → G 2 called bilinear pairing/map that satisfies: e(τ P 1 , pP 2 ) = (P 1 , P 2 )τ p, e(P, P) = 1. If P 1 and P 2 ∈ G 1 , a successful algorithm exists to calculate e(P 1 , P 2 ). And the Computational Diffie-Hellman Problem (CDHP) can be applied for calculating the secret key to make it hard for the adversary when forging some information: The unforgeability can be confirmed subject to the use of Pairing Cryptography, Discrete Logarithmic Problem (DLP) and Computational Diffie-Hellman Problem (CDHP) for key generation and exchanging among each participant by AC2P/PICS, correspondingly.

A. GLOBAL SETUP PHASE
The availability of security parameters λ and secret key s, the algorithm in AC2P/PICS randomly picks a large number P from G 2 , and computes P pub = sP, selects collision free four hash functions i.e. h 1 : { 0, 1} * xG 2 → Zq * , h 2 : q and finally the algorithm output pram = {h 1 , h 2 , h 3 , h 4 , P, G 2 , P pub ).

B. FRAMEWORK FOR ATTACKING DRONE
AC2P and PICS are strong intelligence commuting power, much storage capacity, and no one can compromise their trust. It can investigate, coordinate and process the attacking drones for maritime services. Secondly, without a cluster head in the attacking drones, such a sensitive task cannot perform well, so we must declare one drone as a cluster head with some communication and coordination abilities (synergy) with AC2P/PICS. It signs different individual signatures received from other drones, includes its own signature and sends toward AC2P/PICS for decision. And the last thing is all the remaining drones, which have limited processing capability and less storage capacity and limited battery power, are commanded directly by AC2P/PICS or cluster head to fulfill a tactical task. Generally, we propose the following scenarios for attacking drones.

C. FRAMEWORK FOR RECONNAISSANCE DRONE
We propose the following security mechanism for reconnaissance (investigating) drones in our system model.

V. SECURITY DISCUSSION
In this section of the research, a pragmatic illustration about the security of the proposed scenarios has given in the form of theorems which are described as under:

A. SECURITY ANALYSIS BASED ON THEOREMS
We present the following theorems to prove the security of the proposed suite of protocols. Theorem1: Let suppose an adversary has taken (t/, ε/) for generating a valid signature from n signatures. An adversary has a chance to calculate the secret key in it by using Group Diffie-Hellman Problem (GDHP), Co-Gape Diffie-Hellman Problem (CGDHP), Co-Gape Computational Diffie-Hellman Problem, (CCGDHP) [49] using the equation given as: whereas q s is the signature queries and q H is a hash query in the signature If the output query for a secret key is zero, it means the adversary is forging the valid signature. But the value for the query is ranged from 1 to n. Besides this, if the adversary received some output tuple 1 , tuple 2 . . . . . . . . . tuple n and chooses any tuple from it, suppose tuple 2 ∈ Zq * and imagine tuple 1 =1 with the system public key P, message m 1 , q H . Before sending the given message to the system, the adversary needs to get some output from the PICS/AC2P. He/She must flip a coin for a probable win. In this regard, he/she either get nothing (coin-value = 0) or real identities ( ID d , ID i ) and get a valid output signature [ (M, ) or ( , T )]. For doing so, an adversary needs n exponentiation for oracle to calculates hash queries q s , q 1 , q H and n exponentiation for calculating n signatures ( 1 , 2 , 3 . . . . . . .. n ). But doing such a huge calculation adversary spent much time, later on when sending it towards a drone or AC2P or PICS, should be considered a potential reply or DoS attack because of a timestamp in the aggregate signature. Therefore, both the schemes show resistance to such an attempt of an adversary. Theorem 2: Let H 1 and H 2 denote hash queries taken for random oracle model (ROM), and there exists an attacker A with the possibility ε for calculating a valid signature in time interval t. He has to develop a method for generating at most sign key Ks and chooses l i for the H 1 hash query. Then there exists an algorithm B for the Computational Diffie-Hellman Problem (CDHP) of precedence ε/ ≥ (1/l i ) ≥ ε in t/ ≤ t + (l 1 + l 2 + l key + 4l s ). T SM [whereas T SM represents scalar multiplication]. The attacker can break the signing signature using this method. But as we have designed both the schemes using CDHP by calculating public key P pub = sP and set system parameters pram = {h 1 , h 2 , h 3 , h 4 , P, G 2 , P pub ) for attacking drone; and R= aP and set system parameters pram = {H, R, a, θ , E, R eq , aP) for reconnaissance drone. If B chooses n ∈ [1, l 1 ] specifically for identity and gets n = 1, Z * q , sP query not rP, aP, and bP. He couldn't succeed for practical computation of either hash-query or key-query, identity, or any other tuple. Therefore, the proposed suite of protocols is unconditionally secure against such an attempt.
Theorem 3: Let a is a key for a drone RD i and a ∈ Zq * , an attacker A has the probability of inputting some values to an algorithm and get r is at most 1/[RD i ] is given as Prob[Algorithm( ) = r]. In contrast, is an aggregate signature for RD n of Identity ID n and ID d , let the values input by an attacker are denoted by l and l ∈ G and r, whereas 1 ≤ r ≤ l. The attacker couldn't identify a legitimate drone's identity due to different sessions like public, private, partial private, actual, and so on are defined in a valid oracle R IDd = nP, P pub = sP, R = aP, and c i ∈ RZq * . In contrast, P is a 160-bits considerable number randomly picked from G 2 from the bilinear pair G 1 xG 1 →G 2 , which is impossible for an adversary to calculate. Therefore, the keys in the proposed suite of protocols are highly protected.
Theorem 4: Let their available two types of adversaries, Type-I adversary knows the public key of a drone; Type-II adversary knows the private key of the same drone. We claim with conviction that our suite of protocols will resist if anyone among these or both available. The reason, we have proposed seven (07) phases in our first protocol (setup, partial-privatekey-extractor, actual-key-extractor, actual-key-updating, signer-temporary-key-generating, signature-generating, and signature-verification algorithms) and six(06) steps in the second protocol (configuration, request, challenge, response, aggregation, and verification). The adversary cannot pass to any successive phase of any of our protocols.
Suppose an adversary A chooses a security parameter λ and inputs it to an algorithm B. In that case, A's output is let suppose the public key P pub or R (Type-I adversary). Might he/she can break the protocol subject to the condition that he/she must have maximum access power [50], which is impossible for the proposed protocols. For doing such a massive calculation, an adversary needs at least two to three years. After it, the system is promptly discarded and considered his/her request as a potential reply or by viewing an outdated data transmission attempt. Therefore, such an attempt is a wastage of time. Our scenario is secure for the probabilistic polynomial-time calculation by an adversary of either type -I, type -II, or both.
Theorem 5: Suppose a challenger C uses the setup algorithm and sends the public parameters to an adversary A. And A produces a random number and launches an attack to verify the drone's signature. In this case, the adversary's first attempt consists of concatenating a message M with various identities for different drones and sending it to the PICS/AC2P. He/she does not obtain the correct private keys and identity. Also, if an adversary issues a new set of criteria in his/her second attempt, subject to the condition that he/she is allowed to compute some signatures for different drones, if the signature delivering authority is deterministic, the adversary will never obtain a legitimate signature.
Theorem 6: If there exists no algorithm for an adversary to attempts polynomial times in solving the Computational Diffie-Hellman Problem (CDHP) either the additive group (G 1 , +) or the multiplicative group (G 2 , .), then the proposed mechanism is considered to be secure against Type-I attacks in the random oracle model [49].
Theorem 7: If there exists no algorithm for an adversary to attempts polynomial times for solving the Computational Diffie-Hellman Problem (CDHP) in either additive group (G 1 , +) or multiplicative group (G 2 , .), each participating party sign only one message during synchronous link establishment, then the proposed framework is secure against type-I attack in the random oracle model [49].
Theorem 8: If an aggregate signature is valid in hash values, a unique signature inside the aggregate signature is also valid [49].

B. RANDOM ORACLE MODEL (ROM) ANALYSIS
In ROM [49], if available an attacker A I against protocol ρ with the advantage of δ, then there exists an algorithm to solve the CDHP with the benefit is given as: whereas qH 0 , qH 1 , q ppk , q sk are all queries inclusive for an adversary to check the identity, secret key and partial private key values. The attacker A I might attempt polynomial times to get helpful information to the ROM H1(0 ≤ i ≤ ε). For such polynomial bounded, respond as If A I puts Create(Identity) query to , for such input must select some random integers/numbers of order prime, but couldn't aP, xP, yP, zP, xyP, xzP, yzP etc. private-public key pair due to CDHP. And if the adversary gives some random values to for getting Identity, he/she must picks s and l from two different groups and computes P A = sl whereas P A adversary public key. For such key, he/she cannot match P A to P pub when the adversary submits H 0 , H 1 , H 2 choirs and Identity into if some useful information obtained by the adversary must abort or retry values and return irregular values that cannot satisfy s P = R + H 0 (identity, P, R)P pub . Therefore, the adversary failed to do it for the proposed protocol suite due to not maximum access power [50] and CDHP. Theorem 9: Let ê denoted as bilinear paring on G 1 , G 2 , then CDHP is P, xP, yP, zP can calculate ê(P, P) xyz . This is because xP, xyP, xyP, zP and xP, yzP, then ê(xP, yzP) = ê(P, P) xyz . Similarly, if CDHP can solve these types of pairs, it can also efficiently compute g = ê(P, P), g xy = ê(xP, yP), g z = ê(P, zP) and then g xyz . But it is hard for an adversary to di such calculations. Because CDHP implies hardness to the measures of key pairs tuples in both groups G 1 and G 2 .
Theorem 10: If the cryptographically calculated keys aP, bP, cP, abP, bcP, acP, abcP from groups (G 1 , +), and (G 2 , .) are secure against potential attacker A, who attempts polynomial times [50] over it, then the probability of breaking is negligible for any number k: This means that the cryptographic counter shall be verifiable for each session.
From these theorems, it has been clear that the proposed suite of protocols is efficient and effective for military drone VOLUME 9, 2021 communication using either FANET/UAVN or GPS for information transmission with PICS/AC2P. It ensures the integrity, identity, and compression of several signatures to a single one, reducing the communication cost and computation time complexity.

C. REAL-OR-RANDOM (ROR) MODEL ANALYSIS
We can also test the security of the identity-based aggregate signature-based authentication protocol by another widely used method [51] used by different researchers like [27], [48], [54], which consists of two entities, an adversary A A A and a responder . A A A established communication with AC2P, let E i denotes AC2P, whereas i indicated the i th occurrence of AC2P. Whereas E DS means adversary action to impersonate AC2P or PICS or Drone by forging (M, ), E SD forges s or n, a, r, b, pram = {h 1 , h 2 , h 3 , h 4 , P, G 2 , P pub ) for impersonating any participant and E SC is considered to be an action of the adversary for semantic security of the proposed mechanism is given as under: i. Setup Query in which challenger C return system parameters to A A A. . Also, we put the following reproduction algorithm (R) for polynomial-time attempt of an adversary with which the probability equals to 1.

D. DRONE TRAJECTORY SECURITY
This feature of the security frameworks can be tackled using lemmas, as under; Lemma 1: According to [12]- [14], [52], the duration for transmission of a message through a dedicated path is given at the bottom of the page, for t > 0, and γ = λ 0 , and e − ln(2)tγ (e ln(2)tγ for t > 0, and λ = µ 0 = γ . And can also be written as shown at the bottom of the page.

Reproduction Algorithm
That is the desired result, similarly, for λ = µ, the procedure will go Let t is finite whoes value is greater than 0, then = e − ln(2)ty (e ln(2)ty + ((1 − ln (2)) ty − 1)e ty ) ln 2 (2) − 2 ln (2) + 1)y 2 Put λ = y, we will get: This is the required result Lemma 2: Again, according to [12]- [14], [52]; let the relative speed of a drone is ϑ s , and f t (function of time) can be given to the trajectory being generated by drone, then the Macaulay duration as shown at the bottom of the page, and C is shown to be the drone's coordinates. The specified points in the trajectory of a specific drone can be chosen based on decreasing line accessibility of function-timing control, which is safe to be overlapped/collided.
Proof: As per distance and channel equations, system main equation is: where t / ≤ t and ϑ xvz = velocity at current xy coordinates ϑ / xvz = velocity at expected coordinates, R Avg e,P Macaulay duration at current t / can be solved as: Now in lemma 1, the time complexity for the proposed model can be calculated using: where f (τ R ) = t 1 e λt cos (t) + t 2 e λt sin(t) and t 1 and t 2 are time calculated at a specific point in the trajectory, and time threshold in the above equation can be simplified, and we get: 2tTan( cos 2t sin 2t+1 − t ln (2 sin (2t) + 2) 2 + 2tln(t 1 e λt sin (t) + t 2 e λt cost(t)) 2 The identity and random numbers extracted in different phases are unconditionally secure against any threat. We offer the following proof for key secrecy, random numbers and identity security.
Lemma 3: Let a, b are positive integers, and let P ∈ E(n), whereas E(n) is Miller's algorithm [53] for pairing cryptography and q is several order prime over aP, bP; u is another secret number of same order prime, then f a+b = f a f b (c/u).
Proof: Suppose a challenger has many instances like ((P, G 1 , G 2 , ê), P, P a , P b , P c ) and s. and given one by one to his/her algorithm for finding ê(P, P) abc . An adversary has the following advantage to identify exact values; else, not possible for A.
Let D = ((P, G 1 , G 2 , ê), P, P a , P b , P c ), s, a, b, c ∈ Z * q (Adv A ) CDHP (λ) = |pr[A(D, e(g, g) abc ) = 1] − pr[A(D, s) = 1]|. But such attempt of an adversary is not possible to identify the bilinear pairing over CDHP [47]. Lemma 5: Let H and H 1 are in the random oracle; there exists an adversary A for ID s and ID l to run in a time of advantage ε 0 . And let A runs an algorithm at most ε 0 ≥ 10q 2 H1 (qs + 1)(qs + qH)/q, and they also exist a challenger B that can solve our scheme with some predefined time threshold t 1 ≤ 10qH 1 t 0 /ε 0 .
Proof: Challenger is given some possible tuple (P, sP, q 1 , q 2 , . . . . . . . . . ., q n , (1/q 1 + s)P, . . . . . . .., (1/q n + s)P) of our protocol solution, whereas n ≥ qH, qs. Challenger has a try to solve (1/q 0 + s)P for some q 0 . For accomplishing the said goal, B needs to set some public parameters from two groups of random numbers of order prime (G 1 , G 2 ), (ê, G 1 , G 2 ) and (ê, G 1 , G 2 , g, P pub ) and calculate P pub = sP, and ê(P, P). Then B gives these parameters to A for launching attack(s) on our protocol(s). Initially, A input these public parameters to the Extract A lgorithm, which he/she cannot get matching a hash query, as these are collision-free hash values. This is because of forking lemma proof [49]- [51].

F. ProVerif2.02 SIMULATION
The issue of confidentiality, authorization, accessibility, reachability, credibility, integrity, and most importantly the issue of secrecy of all the credentials (secret keys, identity, random numbers, parameters, and time) have been programmed/simulated by using a world-widely used software toolkit ProVerif2.02 [57]. Specification of the same is very complex and elaborate as it is inappropriate to reveal it here in this analysis. The final result will, however, specifies that these are secure from any threats and untoward happenings as will be shown in the final result generated by the whole protocol simulation code.

G. INFORMAL SECURITY ANALYSIS
This subsection focuses on the analysis of trust; freshness, and robustness provided by the cryptographic protocols and designates a protocol's correctness or constructs attacks from the lack of security properties. Also, it tells the readers why widespread authentication protocol attacks occur, and then it addresses them based on trustworthiness and freshness. Therefore, keeping in view, our protocol suite covers these significant problems: (1) How to stop replay, parallel, and interleaving attacks? (2) What is the efficient way to distinguish whether a message is fresh or not? (3) How to prevent the dependencies of analysis on the idealization of  6) What is the exact identification for guaranteeing authentication protocol security that proves the protocol's correctness, acceptably, and essentiality? (7) How to confirm integrity, confidentiality, authentication, and non-repudiation for a security protocol? And finally, (8) How to confirm that an adversary can break a protocol for known attack(s)? The given issues are the target of this analysis. However, these could not be stated or repeated given the space of this paper.

VI. PERFORMANCE AND COMPARISON ANALYSIS
It is worth mentioning that Flying Ad hoc Network (FANET) or Unmanned Aerial Vehicular Network (UAVN) is a decentralized, self-organized, and infrastructureless network; the storage capacity of the aggregate signature is equal to each drone signature; and the computation cost/time complexity of aggregate signature verification is independent of the number of each individual signature. Suppose, T α is the time required for the execution of multiplication, T β is the time for generating bilinear paring from a map, T γ represents exponentiation execution time in bilinearity, and T , the execution of addition in random number group. So, the performance comparison analysis for the proposed scheme with [41], [45], [46], [55] and [56] as show in table 2. Where I denote the data broadcasting between AC2P/PICS → Reconnaissance Drone, II: AC2P/PICS → Attacking Drone, III: Reconnaissance Drone → AC2P/PICS, and IV: Attacking Drone → AC2P/PICS. Similarly, let suppose for a given number of signatures (n = 1, 2, 3 . . . . . . . . . . n) to the verification function of AC2P. How much time does the verification function take on running these signatures, and how much time will it take to complete? To answer these questions, big-O notation is used subject to the input values. If the value is constant, then running time is O(1), linear task, O(n), while for quadratic values, the time complexity is O(n 2 ). For the   proposed scheme, the aggregate signature has a fixed length; therefore, its time complexity is much less than that of other schemes.
Furthermore, suppose there are N numbers of drones; N / is an active drone involving for some current task. AC2P or PICS is denoted by E, and all other components are said to be C. And let the topology is true mesh Z(Z − 1)/2 where Z = N / + M + |C, L denotes key length, W is the message size, s, t, and x are system param of size smaller than N . Suppose the mesh includes two drones except cluster head, then the evaluation results given are: the data sending rate is 2NW + L + W, the computation overhead is 2O(n), and the storage overhead is L, param. So, by comparing the proposed scenarios with [41], [45], [46], [55] and [56], it is clear that our method is better, whereas I represent data rate, II represents computational overheads, and III for storage overheads; as shown in Table 3.
Likewise, our work refines and further improves upon [58]'s work. As for the execution of time for different cryptographic operations is concerned, the research takes the path of [58] in determining performance in milliseconds. It is significant to indicate that [58], [59] applied three types of STMicroelectronics devices. Of these, one has a 32 bit CPU 96KB SRAM. The second one has the same 32-bit CPU and 20KB of SRAM. The third one is similar to the second one except for the speed, which is 72HMz clock instead of 84. We will consider the first STMicroelectronics for AC2P/PICS, the second STMicroelectronics for attacking drones, and the third is for investigating (reconnaissance) drones. Therefore, the different cryptographic processes take varying amounts of time, as shown in Table 4. By considering these cryptographic values/execution time complexities, the difference indicates that computation cost for attacking drone is slightly greater than reconnaissance drone.

VII. CONCLUSION
The different attacks like collation, forgery, privileged insiders, etc., and privacy, authorization, and information authentication issues and challenges for IoD deployment military drone's open network channel (FANET/UAVNs) are crucial tasks for the researchers to tackle. Also, it's very difficult to trust drone usage in matters of war, espionage, troops movement, etc., and the leading drone manufacturer could not escape third-party allegations about data theft. Besides, when used in war times, all the required apparatuses like attacking drone(s), investigating (reconnaissance) drone(s), certification (peers legality), flying zone and trajectories, etc., shall be in the system of command and control (AC2P/PICS). Therefore, in this research, we have attempted to address these issues and challenges up to a maximum extent by designing two security frameworks; one is based on identity, and the other one is an aggregate signature-based authentication scheme. The robustness of its security has been verifiably protected in the random oracle model/real-or-random model using Computational Diffie-Hellman Problem (CDHP). And the synergy and effectiveness of the attacking and reconnaissance (investigating) drones in IoD have been discussed informally using lemmas and pragmatic illustrations. The performance analysis and comparison result show that the proposed frameworks are fast and secure in terms of computation time complexity or communication and computation costs/overheads. All the efforts show that these schemes are fast and secure and can easily be implemented in warfare battlefield deployment drones for a real-world environment.