A Proxy Signature-Based Swarm Drone Authentication With Leader Selection in 5G Networks

Drones are imperative for the 5G architecture as a mobile source to expand network coverage and support seamless services, particularly through enabling device-to-device (D2D) communication. Such deployment of drones in D2D settings raises various security threats in drone communication. While the existing D2D communication security standard within the 4G cellular architecture may address some of these issues, the standard includes heavy traffic toward the network core servers. If this security standard is to be adopted in the 5G D2D security services with the same traffic load, it may negatively impact the 5G network performance. Therefore, this paper proposes a lightweight proxy signature-based authentication mechanism for a swarm of drones compatible with the 5G D2D standard mechanisms. This paper proposes a distributed delegation-based authentication mechanism to reduce the traffic overhead toward the 5G core network. In this scheme, the legitimate drones are authorized as proxy delegated signers to perform authentication on behalf of the core network. Furthermore, we propose a mechanism to elect and relocate a new leader relay drone from the existing drone swarm. We implemented the proposed authentication algorithm in the 5G D2D-based communication package over NS-3 while performing the computational calculations on a RaspberryPi3 device to mimic the drone calculation process and delays. The performance of the proposed authentication shows a promising reduction in the authentication time and shows lightweight and reliable compatibility.

mechanisms that can adequately eliminate suspicious drones. Recent research works tackle drone security aspects that are merely designed for ad hoc mesh networks [2], [3], which, if applied to the cellular network structure, will add to the cellular network overhead burden. Fortunately, the newly added D2D ProSe services have a designated security mechanism with a full key exchange protocol [1]. Nevertheless, the ProSe security extension for the 5G standard remains undergoing development, which unfolds enormous research opportunities. Moreover, the existing 4G ProSe security solution involves extensive communication toward the core network, which is not desirable with the 5G network dynamicity.
In this work, we propose a lightweight, stand-alone security mechanism for IoT devices represented by drones to be deployed along with the 5G ProSe standard with no extra overhead to the core network. We assume a swarm of drones within the 5G cellular network, where a leader drone from the swarm is responsible for the communication between the rest of the swarm drones and the 5G core network by acting as a UE-to-Network Relay. We further assume a co-leader drone to temporarily perform the leader drone's responsibilities in case of an unresponsive leader drone and until assigning a new leader drone. Given the resource limitations of drones, we propose a lightweight, reliable, and efficient mechanism that serves scalability purposes.
We propose an authentication mechanism that opts for a delegation solution that maintains a minimum communication overhead toward the core network. We further tackle drone communication reliability by providing a replacement procedure for leader drone failure. The proposed authentication mechanism is based on proxy signature delegation, where the core network delegates the leader drone as its proxy signer to execute authentication between drones. A proxy signature enables an original signer (i.e., Core network) to delegate its authentication credentials to a proxy signer (i.e., drones) to provide services on its behalf [4], [5].
We propose adding a delegation phase right after the 5G registration phase. The delegation warrant and related keys are prepared and assigned to the drones to derive their unique proxy signature. The next step follows the ProSe device discovery stage, where drones detect each other and form a D2D network. The ProSe discovery has two models, A and B. In Model A, a drone announces its existence in the network, wherein in Model B, each drone sends a discovery message to the nearest drones. Our proposed proxy signature authentication process is integrated into the ProSe discovery phase, compatible with Models A and B.
Moreover, we propose a distributed election-based leader drone selection mechanism for updating and relocating a new leader drone if failed or compromised. The swarm drones select the most eligible drone in the swarm to replace the failed leader drone based on its location and power consumption pattern. We assessed our scheme through both security and performance analysis. We present a security analysis and a revocation mechanism for the proposed proxy signature authentication mechanism if they are compromised. We then demonstrate our authentication scheme efficiency by implementing it on the NS-3 5G network simulator with the cellular D2D library [6]. The computations calculations are performed on a Raspberry-Pi3 IoT device for realistic drone processing assessment. Moreover, we select the 4G ProSe security standard for comparison purposes as a comparison baseline. Our proposed authentication scheme shows an overall better performance with a low authentication delay and better scalability than the baseline.
Our contributions in this paper can be summarized as follows, • We propose a drones' D2D authentication mechanism that can be integrated within the 5G D2D ProSe discovery phase.
• We propose a new distributed mechanism to update and relocate a new leader drone in case of failure or compromise without interrupting the swarm drone communication.
• We implemented and tested in a realistic 5G architecture environment. It is worth noting that our work here is a continuation of our previous work in [7], where we proposed a proxy signature-based authentication for drones' secure D2D communication compatible with the 5G D2D ProSe standard mechanisms. In our previous work, we only assumed Model A for ProSe discovery for our experiments, and there was no procedure for replacing a compromised leader drone.
The rest of the paper is organized as follows. The related works are summarized in Section II. Then, the system and attack models are described in Section IV. The proposed authentication scheme is introduced in Section V. The evaluation and the security analysis are in Section VII. Finally, concluding remarks are provided in Section VIII.

II. RELATED WORK
This section summarizes the literature for drone and cellular D2D authentication.

III. DRONES AUTHENTICATION A. DEVICE AUTHENTICATION
Since drone deployment increases security risks, recent research aims to design lightweight authentication protocols that do not burden the drones. For instance, in [3], the authors proposed an Elliptic Curve Cryptography (ECC)based device identity proofing mechanism for drone authentication. In [8], an authentication mechanism based on Machine Learning (ML) algorithms for autonomous IoT systems. In [9], the authors proposed a lightweight key-based mutual authentication between anonymous UAVs through the shared ground station. The authors in [10] presented an adaptation of 2 authentication strategies for wireless sensor networks (WSN), one is a key agreement authentication, and the second is an ECC-based privacy-aware two-factor authentication protocol. Those aforementioned approaches can add undesirable traffic toward the 5G core network traffic. For a 5G-UAV enabled system, a cross-domain block chain-assisted authentication using a multi-signature contract is proposed in [11].
Therefore, some new direction in drone authentication is delegation-based digital signature algorithms, such as the proxy signature algorithm. There have been multiple works that recite different proxy signature approaches for various purposes [12]- [14]. For instance, in [15], the authors proposed a blind ID-based partial delegation with warrant proxy signature is proposed to provide the anonymity of users. Also, in [16], the authors proposed an ECC-based proxy blind signature for drone networks. The blind-IDbased proxy signature does not have any information about the drone ID as a delegated signer to maintain anonymity. Nevertheless, this algorithm does not fit our authentication purposes and can lead to malicious drone attacks. Moreover, a robust proxy signature algorithm should have information about the proxy signer as much as it has for the original signer. Thus, in [17], a short certificate-based proxy signature is proposed with a low computational cost to overcome the integrity attacks on vehicular networks. Also, in [18], the authors proposed a new scheme to mitigate partial attacks not considered by the identity-based proxy signature. Our proposed authentication here utilizes the certificate-based proxy signature in Kim, Park, and Won's proxy signature scheme [19]. In our proposed model, we propose employing the proxy signature concept for a unique Drone-enabled 5G network scenario as a lightweight solution for required mutual authentication. In particular, we propose a drones' D2D authentication mechanism that can be integrated within the 5G D2D ProSe discovery phase. Our contribution in this work arises from the Drone-enabled 5G network setup and the integration of the concept within the current 5G ProSe standard. This work is also related to our previous work in [20], we proposed a proxy signature-based device authentication for drones in post-disaster situations.

B. D2D AUTHENTICATION
A survey on variant state-of-the-art solutions to tackle security and privacy challenges in D2D communication spanning a variety of D2D prospects is provided in [21]. An overview of the benefits of intelligent D2D communication in the IoT ecosystem is presented in [22], where the authors focused on the routing state-of-the-art. Algorithms can achieve intelligent D2D communication in the IoT. In [23], the authors proposed a new blockchain-based secure framework for data management among a group of drones. In [24], the authors proposed a Body Area Network Device-todevice Authentication using Natural gAit (BANDANA). The BANDANA algorithm enables secure spontaneous pairing of devices worn on the same body. In [25], the authors proposed propose new D2D authentication protocols with a secure initial key establishment using ciphertext-policy attributebased encryption(CP-ABE). In [26], the authors proposed a secure and robust ECC-based multi-server authentication framework using a Physically Unclonable Function (PUF) for D2D communication. A novel multichannel authentication for the autonomous D2D using optical camera communication (OCC) was proposed in [27] to leverage the limited reachability of OCC for ensuring security. The proposed scheme in [27] executes the Diffie-Hellman key exchange in an OCC channel, which is an optical link between a light source such as an LED light and a camera. Moreover, the recent D2D authentication research direction is based on blockchain smart contracts. Blockchains allow data to be stored based on integrity checks using various cryptographic techniques and achieving a consensus and tempering-proof data content. In [28], the authors designed a smart contractbased blockchain-envisioned authenticated key agreement mechanism for IoT-enabled devices. Most of those works aforementioned are general-purpose drone authentication for any network and do not apply to our case of D2D communication in 5G. The authors in [29] proposed a lightweight elliptic-ElGamal-based authentication scheme using PKI (FHEEP) in D2D communication. In [30], the authors investigated the direct D2D communications between user equipments in the LTE-advanced cellular networks. A quick and safe handover authentication scheme to D2D out-band controlled communication mobility situations in the 5G-WLAN heterogeneous networks were presented in [31]. Also, [32] introduced a blockchain-based architecture for 5G-enabled drone communications.

C. LEADER NODE SELECTION
Many wireless communication applications require a leader node selection process to help with the communication hierarchy [33]- [35]. In [34], [35] the election algorithms depend on extrema finding algorithms that elect a node with the maximum identifier from among a set of candidate nodes. In [36], the authors proposed a population protocol for leader election using polylogarithmic memory states per node. In [37], the authors proposed a low complexity message optimal algorithm for the problem of leader election in the presence of intermittent link failures. In [38], the authors present a framework for selecting a set of leader agents to minimize the system's convergence time. Also, in [39] and [40], the authors presented an optimization problem for finding the set of leaders that maximizes network coherence and enhances coverage for a leader-follower consensus system. Moreover, to minimize the mean-square deviation from consensus, the authors in [41] developed an efficient algorithm for selecting leaders in large, stochastically forced consensus networks. To address the leader selection algorithm for routing protocols in WSN, the authors in [42] proposed a leader selection algorithm to enhance the network lifetime to a greater extent. A systematic communication model to control the UAV-swarm using a master-slave network architecture and select the UAV leader dynamically is proposed in [43]. direct communication purposes. The current D2D standards for 4G and 5G are 3GPP ProSe standards (TS 33.303) [1] and (TR 23.752) [44], respectively. ProSe standard allows 4G/5G devices to detect each other and communicate directly. Moreover, the ProSe standard involves ProSe discovery and ProSe direct communication modes for two or more ProSeenabled UEs. The 5G (TR 23.752) ProSe [44] defines the following functions for D2D communication: • 5G ProSe Direct Discovery: A procedure employed by a ProSe-enabled UE to discover other ProSe-enabled UEs in its vicinity by using only the capabilities of the two UEs with New Radio (NR) technology. The ProSe standard has two models of discovery: Model A and Model B. In Fig. 1(a) Model A, the UE-network relay announces its presence, while in Fig. 1(b) Model B, the UE/drone sends a discovery message to the nearest nodes.
• 5G ProSe UE-to-Network Relay: A UE that provides functionality to support connectivity to the network for Remote UEs. Based on our network model, we focus on this case, where the leader drone represents the UE-to-Network relay (shown in Fig. 2). However, our approach can also work for the Direct Discovery mode. The current 4G ProSe security standard [1] allows the ProSe-enabled UEs to create the D2D communication with one or more UE functioning as a UE-network relay for other ProSe-e UEs. Any UE desires to use the ProSe services have to be registered to the ProSe Function and then acquire a Key Request to ProSe Key Management Function (PKMF) residing within the 4G core, which issues a symmetric key with an ID (i.e., PKUK ID). Therefore, all ProSe-enabled UE will agree on the same symmetric key and can move on to authenticate each other. Although the security mechanism for the ProSe is well defined for 4G, there is still no finalized security standard for the 5G standard yet [44].

B. PROXY SIGNATURES
In this work, we rely on Kim, Park, and Won's (KPW) proxy signature scheme [19]. The KPW model is a warrant-based proxy signature where the proxy key pair depends on the proxy signer's private key. Therefore, the proxy signer's identity is protected using the node's authentic key pair (x i , y i ). The KPW is considered a robust proxy signature model since it identifies both the original signer's identity through awarrant w i signed by its private key and the proxy signer's identity through its private key. Once a proxy signer creates its unique proxy signature, it can never repudiate his/her signature as no other node can replicate it.
The proxy signature mechanism allows a Node B to authenticate itself to other nodes on behalf of the original signer A using the proxy signature keys x p and y p . To further elaborate on this scheme, let the 5G core network (i.e., the original signer) be node A and the under authentication drone (i.e., the proxy signer) be node B. First, node A generates a random number K A from a g generator of multiplicative subgroup Z * q with order of large prime q, and hence, Then, node A computes two proxy parameters r A = g K A and   [45]. We further assume that drones communicate directly through D2D communication by activating the ProSe services. We further assume that one of the drones is recognized as a leader drone, which will perform as a UE-to-Network relay. The described communication model for the proposed 5G D2D drone communication is presented in Fig. 3, where each drone i is assumed to have a pair of public and private asymmetric keys: y i and x i respectively.

D. ATTACK MODEL
We assume the following threats to the drones: 1) Malicious Leader/swarm Drone: We consider a malicious drone that broadcasts messages to other drones claiming to be a UE-network relay for them to collect private data. 2) Replay Attack: We consider a malicious drone spoofing the communication between legitimate drones to maliciously transmit a repeated or delayed signature to verify itself to the leader drone.

3) Message Integrity and Modification Attack:
We consider a MiTM node attempts to alter the authentication message or compromise its content.

V. DRONE AUTHENTICATION PROTOCOL IN 5G PROSE
The 4G ProSe security standard procedure can be time-consuming and introduce additional message overhead, especially with the massive number of devices expected with the 5G network. Therefore, we propose a new lightweight security model for drone authentication over the 5G ProSe services that will not add additional message exchange load. Our proposed authentication procedure minimizes the number of exchange messages with the 5G core network. Specifically, we propose a proxy signature-based device authentication where the drones are authorized from the core network by delegation to identify each other. The leader drone first broadcasts its unique proxy signature, then other drones, who wish to join the swarm, reply with their proxy signature, as shown in Fig. 4. In all those authentication messages, the original signer is the 5G core network (i.e., the elements that will replace PKMF in 4G) without the actual need to exchange messages upon each new drone attachment. We provide the details of this process in the following subsections.

A. REGISTRATION AND DELEGATION PHASE
The drones, as a part of the 5G network, are registered and then authenticated through the 5G-AKA authentication [46]. Then, the drones' digital IDs are validated, and the proposed delegation phase is initiated for the D2D communication. A specific slice function designated for drone authentication is triggered when a device with a drone ID is registered to the network function operator. The delegation phase in our proposed authentication algorithm is where all the authorized drones are provided with the delegation parameters for creating the proxy signature keys. The delegation parameters are acquired from the Authentication Authorization and Access Server (AAA-S) in the 5G core network, as shown in Fig. 5.
As described in Section IV-B, the AAA-S prepares the delegation warrant and its delegation keys for a drone D i , then signs it with its private key x c . The delegation keys are generated as follows, where, h() is a collision resistant hash function. Then, the AAA-S creates a unique warrant w i for each drone D i signed VOLUME 10, 2022   by the delegation keys (r i , s i ), as follows: where S() is a digital signature function. Note that this warrant is specific to drone D i as it uses the (r i , s i ).
The delegation tuple of (w i , r i , s i , y c ), where y c is the AAA-S public key, is sent securely to the drone D i . Moreover, the leader drone D l as a UE-to-Network relay receives a similar delegation tuple of (w l , r l , s l , y c ), where w l is a special warrant indicating the leader duties.

B. DISCOVERY AND DEVICE AUTHENTICATION PHASE
The next phase is the drone discovery phase to find other ProSe enabled drones and the leader drone (i.e., UE-to-Network relay) for D2D connection. The second part of Fig. 5(a) and Fig. 5(b) show the 5G ProSe D2D discovery process for Model A and Model B, respectively. Each drone (leader or not) attaches its proxy signature message within the discovery messages for both Model A and Model B. Any ProSe enabled drone receiving the discovery message replies by attaching its own proxy signature. The detailed proxy signature authentication mechanism is explained in the following subsections.

1) LEADER DRONE AUTHENTICATION
The leader drone authentication phase in Fig. 5 shows the detailed message exchange protocol for our proposed proxy signature authentication.
• Based on the delegation tuple, the proxy signature keys for the leader drone are generated as follows, • The leader timestamped proxy signature message is created as follows, where t l is a timestamp nonce using its private key xp l .
• The leader drone D l broadcasts this proxy signature (blue doted message in Fig. 5) that contains the following tuple: (t l , σ l , w l , yp l , y l ).
• Then, each drone D i in the swarm receives the proxy signature and verifies the leader's proxy signature as follows: where V() is a digital signature verification algorithm.

2) SWARM DRONES PROXY SIGNATURE-BASED AUTHENTICATION
In response to the leader's broadcasted proxy signature, each ProSe enabled drone in the vicinity replies with its proxy signature message to be authenticated to the leader drone. The swarm drone authentication phase in Fig. 5 shows the authentication message details for any drone in the swarm.
• Any drone D i generates its proxy signature keys, as follows, Note that the proxy keys are based on asymmetric keys. There is no shared symmetric key used in this proposed authentication model. • Next, each drone prepares a signed nonce with its timestamped proxy private key, xp i , as follows: • After receiving the leaders broadcast signature message, D i then sends its proxy signature message that contains the following tuple: (t i , σ i , w i , yp i , y i ) in its reply.
• Then, the leader drone D l verifies this proxy signature, as follows: where V() is a digital signature verification algorithm. After both the leader drone and the swarm drones validate each other proxy signature authenticity, the authenticated drones are ready to start the ProSe D2D communication.

3) SECURE COMMUNICATION SETUP
In order to start a secure D2D communication, a shared symmetric key K s is used. The symmetric key is used to encrypt communication between the drones in the swarm. Then, K s will be shared between the drones after the authentication process is done. The symmetric key K s is updated periodically to ensure integrity. This key is used for message encryption, authentication, and integrity. We do not discuss these details as message authentication is beyond our scope.

C. LEADER DRONE REPLACEMENT PROCESS
We propose a backup process to select a new leader drone if the leader drone is compromised or has communication instability, as shown in Fig. 6. The drone compromisation detection is based on the received signal strength indicator (RSSI) level for jamming detection, the message delivery time for Man-in-The-Middle (MiTM) attack, and the number of lost messages for Denial-of-Service (DoS) attack [47]. We assume that once all the drones are authenticated, they are trusted. Thus, there will not be any suspicious activity from any of the drones, and therefore, the leader election is only triggered based on unresponsive behavior. The leader drone re-selection process is triggered after a swarm drone fails to connect to the leader drone for a specific period. Then, the detection of the unresponsive behavior is by all swarm drones within the neighborhood. The swarm drone then announces the leader drone's unresponsive behavior to other drones in the swarm to release the leader drone from leadership responsibilities. Then, for the new leader drone selection, we propose a distributed selection-based replacement process between the drones in the swarm where all the drones participate in the leader drone selection decision. Each swarm drone i that fits leader drone aspects based on a stability score will announce itself to other swarm drones as a possible leader drone candidate by reusing the ProSe broadcasting discovery message. The stability score (SS) is based on the distance from the leader drone position, proximity, stability, and authenticity record. The SS value is calculated as follows, where α and γ are selection percentage parameters depending on network preference. Also, BL and D i,l are the candidate drone battery level and the distance between the candidate drone i and the existing leader drone. Also, SS L is the stability score threshold for a drone to be a leader drone candidate. Each drone updates this stability value through communication with its neighbors. Once received a broadcast copy from all the C candidates, each drone processes and compares the SS value for each candidate drone and chooses the drone with the highest score to be the next leader drone k. All the exchange messages between the authenticated drones are encrypted using K s for integrity purposes. Finally, the next selected leader drone k announces itself as the next leader drone based on the selection operation and then relocates to the leader drone position to resume communication. The detailed exchange message of the proposed model is shown in Fig. 7.
After the leader drone selection process, the authentication process is triggered again for the leader drone to start its rule. The new leader drone is assumed to buffer any packets from other drones in the swarm until reaching the assigned leader position.

VI. SECURITY ANALYSIS
This section discusses the proposed scheme security analysis to demonstrate our proposed scheme's effectiveness.

A. PROXY KEY REVOCATION
A key revocation procedure exists for any key-based cryptosystem or authentication mechanism to terminate the keys in case of expiration or compromisation. Proxy revocation is the declaration of the proxy signature and the attached warrant to be obsolete and not valid anymore. We propose that the AAA-S in the core network can revoke y p , which is the public proxy key of any proxy drone or a leader drone. Upon the signature validation step, each drone will also check whether the received proxy signature is in a proxy revocation list. This revocation check applies to every drone in the network; hence, both the leader drone and other drones need to check whether the key is revoked or not. This revocation process is similar to the case of certificate revocation lists (CRLs) [48] in usual public-key systems. We propose that the AAA-S in the 5G core network have the authority to request revocation of any drone's proxy signature key. Then, the certificate authority generating the initial proxy keys can announce this information to AAA-S and periodically forward this to all other drones. The AAA-S can report the revoked drone's delegation warrant, w i , and private keys to the Certificate Authority (CA) to add it to the CRL list. Then, the certificate ID is designated to report the revoked public-private keys for the compromised drones and append the corresponding delegation warrant to the end of the Certificate ID, CertificateID||w i . However, in this case, the drone cannot communicate in any other network again until obtaining new private keys from the CA.

B. FORMAL SECURITY ANALYSIS
To formally prove the effectiveness of our proposed mutual authentication, we use Burrows, Abadi, and Needham (BAN) logic [49]. The BAN logic is a formal security proof based on the evolution of beliefs of the trusted parties involved in the authentication protocols following the exchanges between the different engaged entities. BAN logic proof provides accurate security analysis and excludes possible attacks for newly introduced authentication protocols based on exchanged messages during the authentication process. In the following subsections, we provide the detailed notations and terms for BAN logic and then provide our proposed authentication formal proof based on BAN logic.

1) BAN LOGIC TERMS AND NOTATIONS
BAN logic defines authentication protocols based on three entities, participants (A and B), keys (K), and messages (X). Based on those terms, the protocol is translated using the following notations and formulas in Table 1. Based on notations in Table 1, the BAN logic defines the following BAN logic postulate rules for authentication schemes' security reliability proofing.

2) DRONE AUTHENTICATION PROTOCOL FORMAL SECURITY PROOF
We start the formal security analysis of our proposed security mechanism by declaring the security goals (SG) of our mechanism as follows, Moreover, we assume the following BAN logic-based initial assumption, Then, we can write our proposed authentication messages in the BAN logic form as follows, • We first start by the leader drone authentication analysis, BLM 1 : D i (t l , σ l , yp l ), σ l = S(t l , xp l ) (Eq. 5). Then, based on the initial assumption IA 1 , IA 2 , and the BAN message meaning rule, we get the following: By applying the BAN freshness rule, we get BLM 3 .
• BLM 4 :D i | ≡ σ l . Next, we apply the Nonce verification rule to get BLM 5 .
←→ D i . Based on BLM 5 , then the SG 3 is achieved. Similarly, for the swarm drone authentication analysis, based on the initial assumption IA 3 , IA 4 , and the BAN message meaning rule,, we get the following: By applying the BAN freshness rule, we get BLM 8 .
• BLM 9 :D l | ≡ σ i . Next, we apply the Nonce verification rule to get BLM 10 .
• BLM 10 : D l | ≡ D i yp i ←→ D l . Based on BLM 10 , then the SG 4 is achieved. Finally, based on IA 1 , IA 3 , BLM 5 , and BLM 10 , security goals SG 1 and SG 2 are achieved. Hence, all our proposed authentication security goals are achieved.

C. INFORMAL SECURITY ANALYSIS
The security analysis of our proposed authentication model is qualified to sustain the following security issues, 1) Authentication of Source: During the delegation phase, the drones are assigned with the network core (original signer) warrant and delegation parameter. Therefore, during the drone authentication stage, the verifier drone can verify the delegation source. Thus, the proposed scheme proves the authentication of the source. 2) Identifiable: The construction of the proposed authentication scheme is warrant and private key-based. Therefore, any drone can identify both the original signer and the proxy signer. Thus, identifiability is satisfied. 3) Message Integrity: The authentication message alteration can result in a rejected authentication in the verification stage in Eq. (9) and Eq. (6). Any malicious drone D m attempts to create its own proxy signature message can not obtain the core network delegation tuple required for legitimate proxy signature keys. Therefore, the proxy signature message integrity is achieved.

4) Prevention of Misuse:
The scope of the message is only comprised of the warrant, and therefore, the drone (proxy signer) can not sign an illegal document. Our proposed D2D drone authentication utilizes delegation parameters provided only by the core network. An authorized drone provides a unique proxy signature message based on the core network delegation parameters to be a part of the drone swarm. Therefore, the proposed scheme prevents the misuse of proxy signing. 5) Strongness: During the verification process, the verifier's secret key is needed. Thus, any entity other than the designated verifier (the drone) is incapable of verifying the validity of the message signature pair. Thus, any entity other than the designated verifier (drone) is incapable of verifying the validity of the message signature pair. Hence, the proposed scheme is strong enough against the resilience of various types of attacks. 6) Modification Attack: The warrant comprises the message scope, and verification needs the secret key of the core network. Thus, during verification, message alteration will not be successful. Thus, the proposed scheme prevents modification attacks. 7) Replay Attack: Any illegitimate node attempting to catch and redirect a legitimate drone D i proxy signature, (t i , σ i , w i , yp i , y i ), the signature will not pass the verification at Eq. (6). Similarly, for any attempt of a replay attack of the leader drone broadcast message, the signature will not pass the verification at Eq. (6). Therefore, our proposed authentication mechanism is resilient against any replay attacks. 8) Impersonation Attack: Due to the correctness of verification and that it is based on several parameters from both the signer drone (proxy signer) and the core network (original signer), the impersonation attack can not be successful. 9) MiTM Attack: To prevent MiTM attacks, authentication of source, identifiability, and unforgeability should be satisfied. Since the proposed authentication scheme satisfies all these aforementioned properties, an eavesdropper can not alter the message signature pair. Hence, the proposed scheme prevents the MiTM attack.

VII. PERFORMANCE ANALYSIS
This section presents the evaluation results to demonstrate our proposed scheme's effectiveness.

A. EXPERIMENT SETUP
Our implementation setup is done using the NS-3 5G network simulator, which has recently implemented a 5G RAN module [50] with the ProSe D2D library in [6]. In this setup, we created 2 UE nodes representing a leader drone and a swarm drone to test our proposed authentication mechanism. We used a Raspberry-Pi3 IoT device (Raspberry Pi OS Lite, an 8GB microSD card) for the authentication calculation and proxy signature keys generation. We also added a server node representing the AAA-S as the core network delegation authority. We repeated the experiment for the ProSe discovery modes for both Model A and Model B, where there was a negligible change between the two models. The system parameters for the NS-3 simulation used in the experiments are listed in Table 2.

B. METRICS AND BASELINES
We assess the efficiency of our proposed authentication mechanism using the total authentication time as an evaluation parameter. The total authentication time includes all the communication and computation delays during the authentication message exchange process. Moreover, we consider the 4G ProSe D2D security standard as a centralized baseline for comparison. Table 3 shows the computational processing delays that drones experience during our proposed proxy signature authentication exchange messages. Our proposed authentication mechanism's total computational processing delay, including all parameters and signature calculations, is 2.012 msec. Therefore, the computational processing complexity is lightweight and drone processing friendly. Table 4 displays the communication delays experienced during the proposed authentication mechanism, which sums to a total of 6.35 msec. After adding the total computation processing delay, our proposed authentication mechanism's total authentication time is 8.362 msec. However, the ProSe security standard total authentication time is 1.5 times   higher than our proposed delegated-based authentication mechanism.

3) AUTHENTICATION SCALABILITY
We investigate the scalability of our proxy signature authentication mechanism over the current ProSe security standard. Table 5 shows the total number of messages sent and received for each approach. As can be seen, our proposed proxy-based approach is much more energy-efficient compared to the ProSe security standard.

4) IMPACT OF DRONES DISTANCE
We explore the variation in total authentication time depending on physical layer aspects. In Fig. 8, we investigate the effect of the distance between the drones on the total required authentication time. We compare the 4G-ProSe authentication mechanism if to be used in the 5G network and our proposed Proxy Signature authentication. Longer distance means higher path loss, especially with the 5G mmWave communication (28 GHz); the path loss drops faster than the 4G traditional 2.4 GHz communication, making the communication time more noticeable. We notice that our VOLUME 10, 2022   Proxy Signature authentication is more efficient and scalable than the existing 4G-based ProSe authentication model.

5) IMPACT OF BACKGROUND TRAFFIC DELAY
We implemented an uplink and downlink background traffic through the leader drone while simultaneously starting our proxy authentication mechanism. We set the background traffic's packet transmissions frequency parameter at 1 msec. Table 6 shows a maximum total communication delay of 0.8 µsec at 40 background nodes. Therefore, the impact of high background traffic is negligible with no extra delay overhead.

6) LEADER DRONE SELECTION OVERHEAD
The delays experienced during the new leader drone selection process between the swarm drones depend on 2 factors; one is the number of candidate drones, and the second is the time to relocate the selected leader drone physically. The number of exchanged messages between the swarm drone equals the number of candidates C, as each drone broadcasts its announcing message. The drone relocation time depends on the distance between the newly selected leader drone and the assigned location and the drone speed to the new position.
Assuming an average drone speed of 50 mph, ≈ 81 km/h, and an average distance between the new leader drone and its assigned location of 150 m, the average relocation time is 6.71 sec. The dominating delay for the new leader drone selection is from the drone's physical relocation. However, due to the buffering capabilities offered by the new leader until reaching its assigned position, there was no packet lost during this drone relocation process.

VIII. CONCLUSION
We proposed a reliable authentication mechanism compatible with the 5G D2D ProSe standard mechanisms for the communication within the drones' swarm. The proposed authentication is distributed-based authentication with a delegation-based scheme instead of the repeated access to the 5G core network. We proposed a delegation-based proxy signature authentication mechanism that reduces the drones' communication overhead toward the core network. The drones are proposed to get authenticated to each other and toward a UE-to-Network relay leader drone through delegation digital signature. Moreover, we proposed a leader drone replacement process to overcome the unresponsive leader drone situations. Moreover, we introduced a revocation mechanism for the proposed proxy signature keys and the delegation warrants if expired or compromised. We evaluated our proposed authentication scheme through the NS-3 5G D2D communication module for communication delay and a Raspberry Pi 3 for computational processing. Our results evaluation indicated a lightweight, efficient, and, more importantly, scalable compared to the 4G ProSe security standard. He was a recipient of the NSF CAREER Award, in 2022. His research interests include wireless systems, including drone-assisted millimeter wave communications, vehicular communications, and rethinking wireless networks through the lens of Riemannian geometry.