A Key Agreement Scheme for IoD Deployment Civilian Drone

Drones are of different shapes, sizes, characteristics, and configurations. It can be classified for the purpose of its deployment, either in the civilian or military domain. The earliest usage of drones was totally for military purposes, but manufacturers promptly tested it for civilian fields like border surveillance, disaster relief, pipeline relief, and security. Drone’s manufacturing, equipment installation, power supply, multi-rotor system, and embedded sensors are not the pressing issues for researchers of drone technologies. What is required is to utilize a drone for a complex operation and ensure secured data broadcasting among drones with the ground control station via a self-organized, resourceless, and infrastructureless network (Flying Ad Hoc Networks (FANET)). These operations are no less important in areas like emergency, search and rescue operations, border surveillance, and physical phenomenon sensing for the end-user. However, it is not without some challenges for the researchers keeping in view the threats these operations are exposed to concerning security issues and challenges. To overcome these challenges, the designers have to strive towards a secured drone operation by developing a robust and lightweight key agreement protocol for IoD deployment civilian drone. Consequently, the researchers in this study have attempted to design a verifiably secure and lightweight authentication scheme for IoD deployment civilian drones. The proposed security protocol has been verified by ProVerif2.02 and Real-Or-Random (ROR) model, while its performance scenario has been tackled by considering storage, computation, and communication overheads analysis. In comparing the proposed framework with prior protocols, it has been demonstrated that the scheme is quite efficient and may be recommended for operations in a given IoD environment.


I. INTRODUCTION
Internet-of-Drones (IoD) environment is operationalized for providing secure flying services to drones within the jurisdiction of the ground control station. It also monitors, supervises, manages, controls, and coordinates the overall drone activities for generic purposes. The rapid development of technology in the past decades has led to the successful adoption of IoD in the civilian domains. It is implemented for infrastructural inspection, searching rescue activities, smart city traffic monitoring, troops' movement, package delivery, cinematography, wild-life surveillance, and agricultural-land tracking [1].
The drone is remotely commanded by an operator from a powerful intelligence computer system. It can communicate with itself and with the GCS through wireless, infrastructureless, and self-organizing networks called FANETs, a sub-type of Mobile Ad Hoc Networks (MANET) but with limited transmission latency. However, the different applications/security protocols designed for MANET cannot be substituted for FANET. Usually, the drone has a set of micro-electromechanical systems, low-capacity batteries, airframes, microprocessors, and a limited capacity and volume of payload. Due to these meager capabilities, drone technology is not yet qualified for complex tactical tasks. Though, multi-drone systems that can operate across IoD using FANET allow drones and GCS to work collaboratively for completing such an arduous mission [2]. For further improvement in operations, synergy among all the participants is necessary. FANET, a self-organizing network, can cause networking problems in preventing a drone from effectively communicating with the ground control station (GCS). Considering all the basic features of FANET, message authentication and identification authentication are challenging for researchers to efficiently provide path discovery, data transmission, and route maintenance services to all IoD participants [3]. Identification authentication can ensure cross-conversation among peers legitimately, while information authentication can be confirmed only by focusing on the design of a robust authentication scheme. However, this research is focused mainly on information authentication instead of identification authentication. The later, i.e., identification authentication falls outside the scope of this study.

A. MOTIVATION AND CONTRIBUTIONS
Different researchers have come up by designing different message authentication protocols is given in the second part of this research paper. However, some of these prior protocols have design issues, and others are either completed in three to four round trips or have the risk for different vulnerabilities. Due to modular exponentiation, these protocols have been observed for maximum communication and computation costs unable to resist privileged insider, impersonation, and GCS spoofing attacks, loss of anonymity and privacy, and do not preserve the balance of security with performance. Similarly, some inherent features of FANET like de-centralization, infrastructure-less, self-organizing, and clustering [4] cannot make it feasible for IoD deployment civilian drones. Therefore, in this paper, the researchers propose a simple cryptographic authentication scheme for FANET based on public key infrastructure (PKI). In PKI, there is no need to exchange keys privately as it is in conventional public-key cryptography but must be appropriately managed each time. During the whole process, the public-private key pair can be handled securely and efficiently [5][6][7]; firstly, the key pair is created and efficiently utilized, and secondly, the key pair is invalidated. The invalidation phase happens when the life cycle of the key pair becomes wind off or compromised. If the session of one key becomes expired and declared invalid, PKI can manage the null key. The key exchange is necessary because the publicprivate-key pair for encryption/decryption needs to be dynamically updated for the upcoming session, which is probably an appropriate choice. Because it allows IoD's participants to generate a mutually computed session key through a public network channel. Given the shortcomings of the available schemes, merits of PKI, and the need for a more efficient one motivated us to design a verifiably secure, lightweight, and robust authentication scheme for IoD deployment civilian drone.

B. SYSTEM ARCHITECTURE
The architecture presented in this research paper consists of Ground-Control-Station (GCS), Drone (D), and External User (U) or simply a user. Each participant first registers with GCS and then deploys for a practical task. Let suppose GCS is a fully trusted participant, while drone and user being considered partially trusted. The drone (D) is the key participant in the whole architecture. External users, when required, can access a designated drone from anywhere, like checking the infrastructure of a big city, traffic surveillance, sidewalk monitoring, etc. GCS can fully control the flying zone, drone legitimacy, and data access by an external user. Similarly, the GCS can also be responsible for "Who access whom," and the entry of illegitimate drone (D) or user (U) at any time is the sole responsibility of GCS along with trajectory, waypoint, and data communication-related phenomenon, as shown in Fig. 2.

C. ADVERSARY AND THREAT MODELS
It is worth mentioning that modeling the role of attackers is an important topic in cyber defense since it helps to guarantee that security assessments are scientifically sound, especially for conceptual contributions that are difficult to test or where comprehensive testing is impossible. In a computer or networked system, an adversary model is a formalization of an attacker. Depending on how comprehensive this formalization is, the opponent might be an algorithm or a collection of assertions about skills and intentions. This umbrella encompasses a variety of techniques in many domains of computer security [8]. Therefore, keeping in view the adversary model, an adversary interacts with our IoD architecture by representing themselves as a malicious drone with GCS, D, or U, in the following manner.
i. An adversary may extract stored data from GCS's memory and use it to verify secret credentials. ii. An adversary may alter, erase, upgrade, corrupt, or insert false information into a public network channel. iii. Adversaries may replay, alter, or erase beneficial information exchanged between participants over a private channel. iv. An adversary may acquire the internal sensitive credential from a stolen mobile device from a user (U) or shape the memory of a crashed/physically captured drone (D) using reverse engineering techniques or vital tags in offline mode, but not both simultaneously. Similarly, threat modeling is another method for improving the security of an application, system, or business process by identifying objectives and vulnerabilities and design countermeasures to avoid or minimize the impacts of threats to the system. It also aids in identifying a system security requirement, i.e., anything that is mission-critical, sensitive, or made up of valuable data; identifying possible threats and vulnerabilities to decrease the risk to the system. It also assists system administrators in comprehending the effect of risks, quantifying their severity, and putting controls on time [9]. Therefore, keeping in view the threat model, all possible threats to our IoD architecture is given as under:  Privacy and Signal Jamming Threat

D. SECURITY REQUIREMENTS
Some security and functionalities are required for securing the IoD environment using the self-organizing and resourceless wireless network. These are as under: 1. Before accessing confidential information, all participants, including U, D, and GCS, should mutually authenticate each other. 2. IoD's participants (e.g., U, D, and GCS), after completing mutual authentication, create a session key between them to be used in subsequent communications. The session key cannot be obtained by anyone other than the participants in the session. 3. An adversary should be unaware of any connections among IoD's participants. The adversary should not follow the individuals' eavesdropped messages back to any participants. 4. U, D, and GCS should ensure that their identities are kept secret. In other words, only trusted parties are informed of the uniqueness of these. 5. Authorized organizations should be able to access network resources anytime they need them. The networks should avoid Denial-of-service (DoS) attacks. 6. The proposed scheme should be resistant to various known attacks, including drone capture, man-in-themiddle, stolen verifier, replay, user impersonation, server impersonation, privileged insider attacks, etc. 7. The authentication protocol should have provable protection in a statistical model (e.g., a real or random (RoR) model) that can be used to estimate the probability of an adversary breaching the protocol's security. 8. The proposed protocol's protection should be formally tested using formal verification methods like ProVerif2.02. ProVerif2.02, in particular, is a commonly used authentication method that can ensure the proposed scheme's private information is not exposed during execution. 9. The scheme should be effective in terms of low computation and communication costs.

II. RELATED WORKS
Sun et al. [10] demonstrated that a robust authentication mechanism is needed if unmanned aerial vehicles are operationalized in a cluster, and each UAV sends data security to the cluster head. In this regard, they used a double watermarking authentication strategy. The cluster head, first authenticates the integrity of data received from other UAVs and then aggregates it by applying the chaotic map method. However, the said technique is not operational for such a low latency network like FANET and UAVN. Li et al. [11] stated that the UAV could be used for diverse purposes, but the wireless communication of information is unsafe; with limited hardware and short battery life, severe damage is expected to occur for the sensitive task. So, they proposed an identity and ECC-based authentication protocol in which they claimed that their scheme guarantees for secure UAV mission. Unfortunately, stolen verifiers and insider threats still exist in their algorithms. Alladi et al. [12] developed a Physical Unclonable Function (PUF) based security mechanism for UAV deployment civilian domain using 5G network.
Gope et al. [13] proposed an anonymous security mechanism for radio frequency identification (RFID)enabled unmanned aerial vehicles. Instead of software, they used a circuit for authentication using the concept of physical Unclonable function (PUF), in which they claimed that PUF-enabled RFID equipment in the tag of UAV could execute the receiving signals in a fast and secure manner. According to Chaudhry et al. [14], the IoD can apply to acquired real-time data for interpretation by different participants, as many drones flying in various zones to carry out the assigned tasks; in this regard, the IoD can be beneficial to gather real-time data for interpretation by users. The data is accessed through an open network channel and less battery-powered of drones; as a result, the security and privacy of drones are essential for missioncritical, safety-critical, or surveillance activities. Therefore, they created a generic certificate-based access control method to allow inter-drone and drone to ground station access control/authentication (GCACS-IoD) framework to address the above-mentioned tactical task. However, anyone can quickly launch a man-in-the-middle attack because the nonce exchange is performed open via a public network channel, in [14] constructed identity and ECCbased triple authentication scenario consisting of initiation of certification, identity authentication, and consistent essential verification. Nevertheless, the scheme is difficult to implement in the real-world environment due to scalar multiplication and key escrow problem. Also, the security features being utilized for the Internet of Things (IoT) can be implemented in an IoD environment to communicate securely with each other and with the GSC. But network topology development is incorporated for drones in IoD because it is used for consumer conveniences like entertainment, toys, agricultural-land monitoring, highvalue industries, and wide applications in the defense field shooter product [15].
Seo et al. [16] said that if someone can improve UAV's battery power, sensing systems, security, and other technologies and incorporating them into it, it will be considered a top-rated product in the market for advancing various fields and activities. In such cases, very small UAVs can be utilized for enormous tasks and significant application versatility, like personal aerial photography, entertainment, commercial markets, etc. It can also be used in a range of surveillance activities, such as disaster relief, in diverse environments involving animals and plants, coasts and borders, transport goods, military and police enforcement tasks, and agricultural and industrial applications. The smart city features like traffic monitoring and management, merchandise distribution, health and emergency services, and air taxi services can increase the efficiency, effectiveness, timeliness, reliability, and performance of these services and may help reduce the cost of delivering these services. Tian et al. [17] also proposed a security framework for edge-assisted IoD using the securely computed authenticated key in online and offline mode for efficient open-access communication. Ever [18] demonstrated that the key features of drone-like mobility, energy consumption, reliability, and efficiency for an open network are fundamental because all the IoD participants are not designed with an integrated security phenomenon. Therefore, they proposed a security framework for IoD using WSN. They used the elliptic curve discrete logarithmic function for secure computing keys between the participants. However, it still suffered from a key-escrow problem.
Abualigah et al. [19] provided a thorough investigation of the literature regarding the Internet of Drones (IoD), including its applications, installations, and integration. They concentrated on two main areas: the practical implications of IoD, like for smart city surveillance, cloud and fog frameworks, WSN, mobile computing, and business paradigms; and IoD integration, which includes privacy protection, security authentication, neural networks, blockchain, and optimization-based methods. This is an interesting paper for the researchers who are looking for research in IoD. Internet of Vehicles (IoV) is defined as the use of the Internet of Things (IoT) in transportation, according to Meng et al. [20]. On the Internet of Vehicles, each car will function as a separate node with the capacity to gather data and transfer it to the network. A lightweight anonymous mutual authentication and key agreement scheme are required for this purpose. As a result, they provided a blockchain-based method for obtaining the session key. To tackle the mutual authentication problem in an Autonomous Internet of Vehicles (AIoV) network, Adil et al. [21] proposed a three-byte-based Media Access Control (MAC) protocol. Interestingly, they claimed that their scenario is supervisor over state of the art in terms of detection rate, latency, throughput, and packet loss ratio. At the same time, Kumar et al. [22] worked on the security frameworks based on elliptic curve cryptography (ECC) for radio frequency identification (RFID).
Moreover, the traditional communications networks may be fully or partially disrupted, IoT-based technologies and their use in post-disaster management is much need in the era. However, because enabling IoT-based technologies have limited authentication rights for mobile users, Al-Tarjman et al. [23] developed a security mechanism based on bilinear pairing and elliptic-curve cryptosystems. Their system meets security requirements and is resistant to node capture attempts. Chen et al. [24] came up with a new authentication mechanism. They chose message authentication over identity instead of the user. Because unmanned aerial vehicles (UAVs) are operated without humans, their method was appealing because it seemed an accurate platform between authentication and anonymity. Their security approach was based on symmetric paring, which consisted of bunches of identities and made malicious module-altering attacks challenging for an adversary. The scheme has achieved credential randomization, batch proof, cross-verification, and mutual authentication. Chen et al. [25] found flaws in previous protocols, including an offline identity guessing attack, location spoofing attack, replay attack, and longer to authenticate. They proposed an improved mechanism based on the Computational Diffie-Hellman Problem (CDHP) and discrete logarithms Problem (DLP).
Cho et al. [26] devised the SENTINEL protocol to reduce the computational and traffic overheads associated with certificate exchanges and asymmetric cryptography calculations, standard in previous authentication methods. Their scenario first creates a flight session key for a drone, flight plan, records the flight session key, and the drone's flight plan in a centralized database that ground stations may access. While the drone is flying, the registered flight session key is the message authentication code to authenticate the drone by the ground station.
Therefore, keeping in view the literature study mentioned above, it has been concluded that some of these prior protocols have design issues, and others are either completed in three to four round trips or have the risk for different vulnerabilities. Due to modular exponentiation, these protocols have been observed for maximum communication and computation costs unable to resist privileged insider, impersonation, and GCS spoofing attacks, loss of anonymity and privacy, and do not preserve the balance of security with performance. Similarly, some inherent features of FANET like de-centralization, infrastructure-less, self-organizing and clustering cannot make it feasible for IoD deployment civilian drones.

III. PROPOSED SCHEME
This simple hash cryptographic function and PKI-based protocol are lightweight and robust because the powerful, intelligent computer system generates the key. The scheme consists of the setup/initialization phase, user's registration phase, drones registration phase, authentication& keyagreement phase, dynamic drone addition phase, and drone revocation phase. The different notations used are described in Table I.

B. USER'S (U) REGISTRATION PHASE
In this phase of the protocol, the Ground-Control-Station (GCS) selects the identity for the user (U), which is ID U and secret key k i . The record of a user (ID U , k i ) is stored in the database of Ground-Control-Station (GCS) and also sends it to a user (U) through a secure channel.

User (U) Ground-Control-Station (GCS)
Selects Identity ID U Extract k i Store {ID U , k i } {ID U , k i } Stores {ID U , k i } in user side

C. DRONE'S (D) REGISTRATION PHASE
The Ground-Control-Station (GCS) defines another identity for Drone (D), which is ID D and pseudo-identity PID D , computes Z 1 =H(X GCS ||PID D ), Z 2 =H(ID D ||X GCS ), injects ID D in the database, and transmits {ID D , Z 1 , Z 2 , PID D } to Drone through a secure channel.

E. DYNAMIC DRONE ADDITION PHASE
Suppose the GCS needs to dynamically add a newer drone for some other task or enhance existing drone capabilities (s). In that case, our protocol can provide the facility of adding a new drone to the system. Let

F. DRONE REVOCATION PHASE
If the drone falls/fails, is caught by attackers, or is controlled by an undesirable entity while its data is present in the GCS, it poses a threat. The threat emanates its usage for nefarious purposes. Therefore, if its connection with the system is lost, the data needs to be secured by washing it out to keep the central system in order. The suggestions are made for the purpose as let a list reserved for saving the unique identity of takedown, captured, crashed, or compromised drone, add a private key sk to the list and then delete it from the record like Z 1 del =h(ID del ||sk), Z 2 del =h(ID del ||X GCS ) and remove the tuple { Z 1 del , Z 2 del , ID del , sk}. The GCS then matches Z 1 del with Z 1 and Z 2 del with Z 2 , and if matched, it means the record of a compromised drone is still available in the system; otherwise, the deletion process has successfully been accomplished.

VI. SECURITY ANALYSIS
The key secrecy, reachability, authenticity, and confidentiality were verified by simulating the proposed protocol using a well-known programming toolkit, ProVerif2.02. Its code has been given in appendix -A of the paper. In contrast, the security of the PKI-based authentication protocol has been conducted on worldwidely used method [27] called ROR (Real-Or-Random) model. Using RoR, our authentication protocol consists of two main entities, an adversary , and a responder ꭆ. established communication with GCS, let E i denotes GCS, whereas i indicated the i th occurrence of GCS; E DS means adversary action to impersonate GCS or user/(Drone) by forging {ID U , k i }. E SD can also forge s or l, R U , for impersonating any participant; E SC is considered to be an action of the adversary for semantic security of the proposed mechanism, which is given as under: i. Setup Query in which challenger C returns system parameters to . ii. Hash Query in which C can store a list of parameters, apply one-way hash function h(S 1 , S 2 , S 3 ) and h(L 1 , L 2 , L 3 , L 4 , L 5 , L 6 ), and generates a random nonce N A of order prime and stored with any of the given hash messages and return it to . iii. MAC(M i ): Next, C authenticates the message; if succeeded, return M i to . iv. Send(E i , M i ): Now, C sends it towards GCS, acts as a legitimate user or drone, the response received also return to , but in our framework, we have added an extra steps S / 2 ?=S 2 , S / 3 ?=S 3 , during the computation of GCS. Before going to the next step, GCS must confirm S / 2 ?=S 2 and S / 3 ?=S 3, which in turn C cannot verify. Let suppose anything received by C can return to .

V. PERFORMANCE ANALYSIS
The performance can be evaluated by analyzing the computation, storage, and communication costs. Each is described as under:

A. COMPUTATION COST ANALYSIS
The computation cost based on the total computation cost of the proposed authentication scheme is 4.0198ms. The work done by [30] Table II. In the registration phase of the proposed authentication scheme, the total computation cost is 2t h +0t⊕. In the key agreement phase, D takes 6t h +5t⊕, DR 4t h +5t⊕, and GCS 14t h +7t⊕, so the total cost in the key-agreement phase equals 24t h +17t⊕. Now, hash-function takes 0.0552ms = cost 24x0.0552 = 1.3248ms, the computation cost for XOR is negligible equal to zero. And random numbers/Pseudo-Identity/Timestamp generation takes 0.539ms = 5 x 0.539 = 2.695ms.

B. STORAGE OVERHEADS ANALYSIS
As per experiment done by [30], ID U , ID D , pseudoidentity PID D and PID GCS2 each one takes 64 bits space = 5 x 64 = 320 bits occupy memory, k j , X GCS each one stored in 160 bits space = 2 x 160 = 320 bits store in memory and T D , T U , T GCS each takes 56 bits space = 3 x 56 = 168 bits in memory space. Therefore, total storage overheads for the proposed authentication scheme are 808 bits memory space.

C. COMMUNICATION COST ANALYSIS
Here in this section, the space taken by each one message transmitted over public network channel. In this regard,

D. COMPARISON ANALYSIS
By comparing the proposed protocol with Wu et al. [28], Zhang et al. [29], Nikooghadam et al. [30], and Li et al. [31] in terms of storage overheads analysis, communication, and computation time complexity, it has been demonstrated that the proposed key agreement protocol for IoD deployment civilian drone is better as shown in Table III. The communication cost of the proposed scheme is slightly different from that of [29] and [30], but accurately satisfies the necessary needs of drones in IoD, but its computation cost and storage overheads are much better than that of other protocols; graphically, it can be represented as in Fig. 2.

IV. CONCLUSION
As seen in the literature, the operations of drones were not without attendant problems in an age that is dominated by technology, as seen in drones, AI, and robots, etc. however, these latest technologies are not without some loopholes. This study identified some loopholes causing security hazards to the researchers. As discussed, drone technology still suffers from security-related problems despite its efficacy and potential economic benefits. The IoD architecture is mainly experienced by security (e.g., confidentiality, integrity, access, authentication, authorization, and data breaches) and issues of data management (e.g., dynamisms, data segregation, backup, and virtualization). To countermeasure these, the researchers have designed a security protocol based on Public Key Infrastructure (PKI) in which public-private key pair is computed on ground control station (GCS) for a single session only and then going to null after completion of secure communication. The security analysis section has been solved using the ROR model. At the same time, the performance result shows that the proposed key-agreement scheme is lightweight, secure, and ensures mutual VOLUME XX, 2017 9 authentication and cross-verification during data broadcasting.