Bera 2020

This article has been accepted for publication in a future issue of this journal, but has not been
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TVT.2020.3000576, IEEE
Transactions on Vehicular Technology
1
Blockchain-Envisioned Secure Data Delivery and

Collection Scheme for 5G-Based IoT-Enabled
Internet of Drones Environment
Basudeb Bera, Sourav Saha, Student Member, IEEE, Ashok Kumar Das, Senior Member, IEEE,
Neeraj Kumar, Senior Member, IEEE, Pascal Lorenz, Senior Member, IEEE,
Mamoun Alazab, Senior Member, IEEE
Abstract—The Internet of Drones (IoD) is widely used in a wide the drones are used, such as smart meter, smart agriculture,
range of applications from military to civilian applications from remote manufacturing, remote training, industrial application
the past years. However, during communication either with the and control, smart city, and so on [3].
control room/ground station server(s) or moving access points in
the sky, security and privacy is one the crucial issues which needs The Internet of Things (IoT) consists of several smart
to be tackled efficiently. In this direction, blokchain technology objects (called IoT smart devices) that are connected to the
can be one of the viable solutions due to the immutability and Internet. This is an emerging cutting-edge environment in
traceability of various transactions and decentralized nature. which the smart devices can be utilized and also operated
In this paper, we provide in-depth challenges and issues of [5]. It is expected that around 25 billion smart devices will
applicability of blokchain in 5G-based Internet of Things (IoT)-
enabled IoD environment. We propose and analyze a new be part of this global community by the year 2020 [4]. The
blokchain based secure framework for data management among drones are equipped with various IoT-enabled smart devices,
IoD communication entities. The proposed scheme has ability to such as inbuilt sensors that can sense physical event including
resist several potential attacks that are essential in IoT-enabled concentration of dangerous gases and temperature, and inbuilt
IoD environment. A detailed comparative analysis exhibits that cameras that are capable of taking images or capturing videos
the proposed scheme offers better security and functionality
requirements, and also provides less communication and com- of the target spot. The drones can then transmit the sensed
putation overheads as compared to other related schemes. data to the drone box with the help of wireless technology (for
example, WiFi). In this way, the drones contribute towards the
Index Terms—Internet of Drones (IoD), Internet of Things
(IoT), blockchain, data delivery, data collection, security. creation of the IoT environment.
Fig. 1 and 2 show an overall architecture of 5G-based IoT-
enabled IoD along with the revolution towards 5G technology
I. I NTRODUCTION from 1G technology [6]. In 1980s, the “First Generation (1G)”
The Internet of Drones (IoD) is treated as a “layered of mobile communications was started and with a short span
network control architecture”. It is primarily designed to co- of time it become very popular. However, there were various
relate access of Unmanned Aerial Vehicles (UAVs) (which disadvantages of 1G, such as poor voice quality, battery life,
are also called drones) for controlling airspace and providing and security. In 1990s, the “Second Generation (2G)” was
support to various navigation activities [1]. Due to increase of introduced with a “Global System for Mobile communication
commercial drones applications, recent forecasts indicate that (GSM)”. The key features of 2G include digital switching,
there will be a 100 USD billion market opportunity over the SMS services, encryption in voice transmission. However,
coming years based on the drones [2]. There are several appli- there were various limitations in 2G technology, including low
cations of drones where the drones can be widely used, ranging limited mobility, low data transmission, and limited hardware
from military, newsgathering (for example, videography and capability. Later, in early 2001, the “Third Generation (3G)”
photography), security, agricultural and logistics deployments, was evolved that supports various features, such as multimedia
surveillance, medicine to traffic-monitoring applications [3], message, email, location tracking and maps, and enhanced
[4]. In this connection, 5G plays a very important role in security. However, some limitations were also present in 3G
which drones are supposed to take part of a contributory technology, because of costly equipments and expensiveness
role. For instance, there are several 5G use cases in which to build infrastructure implementation. In 2010, the “Fourth
Generation (4G)” was introduced with the enhancement of
B. Bera, S. Saha, and A. K. Das are with the Center for Security,
Theory and Algorithmic Research, International Institute of Information Tech- 3G technology having some key features like higher data
nology, Hyderabad 500 032, India (e-mail: basudeb.bera@research.iiit.ac.in; rate, reduced latency, HD video streaming and gaming, and
sourav.saha@research.iiit.ac.in; ashok.das@iiit.ac.in). Voice over LTE network (VoLTE). Finally, in 2020, the “Fifth
N. Kumar is with the Department of Computer Science and Engineering,
Thapar University, Patiala 147 004, India (e-mail: neeraj.kumar@thapar.edu). Generation (5G)” comes to provide ultra fast internet and
P. Lorenz is with the University of Haute Alsace, France (e-mail: multimedia experience. The key features of 5G include higher
lorenz@ieee.org). (Corresponding author: Pascal Lorenz) security and reliable network, use beam forming and small
M. Alazab is with the College of Engineering, IT and Environ-
ment, Charles Darwin University, Casuarina NT 0810, Australia (e-mail: cells, cloud infrastructure to improve efficiency, and easy
Alazab.M@ieee.org). maintenance. The 5G-enabled blockchain-envisioned IoD en-
0018-9545 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: University of Exeter. Downloaded on June 17,2020 at 03:00:27 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TVT.2020.3000576, IEEE
2
Fig. 1. Revolution of 5G technology
Fig. 2. Blockchain-envisioned 5G-enabled IoD environment
vironment provided in Fig. 2 illustrates various communicating A. Threat Model

entities involved in the network, such as the drones, the
ground station servers, control rooms, registration authority The drones in an IoD environment communicate over
and the blockchain center. The detailed role of each individual insecure wireless communication medium. In addition, the
entity is explained in Section III (see Fig. 3). It is worth topology of an IoD environment is a kind of adhoc network.
noticing that the use of 5G celluar data helps in three major Therefore, there are opportunities to an adversary A to tamper
roles for connecting the drones: 1) “Managing Drone Traffic with the data delivered to their respective GSS. The Dolev-
(UTM)”, 2) “Beyond Visual Line of Sight (BVLOS)” flights, Yao model (DY model) [9] is a widely used threat model in
and 3) “sensor data transmission” [7]. UTM involves in the which A not only can eavesdrop communication among the
“regulation of the drone traffic itself and also its integration drones and the GSSs, but also can modify, insert or delete
with the manned aviation” [7] because a large number of the messages in between the communication. As a result,
drones are already today deployed ranging from military to various types of attacks are possible in an IoD environment,
civilian applications. On the other side, various capabilities of such as replay, impersonation, man-in-the-middle, privileged-
BVLOS help a drone to make up far longer distances [8]. insider, Ephemeral Secret Leakage (ESL) and so on. The
3
Fig. 3. Overall process in the proposed BSD2C-IoD
current de facto CK-adversary model [10] is considered more recording of all the transactions among the CR, GSS
powerful threat model as compared to the standard DY threat and drones in order to form private blocks by the GSS.
model. Under the CK-adversary model, A has ability to tamper • A consensus-based algorithm is designed to help in
with the data as per the DY model, and in addition, A can verifying and adding the blocks by a leader selected
also compromise the secret credentials, such as session keys, among the GSSs in the peer-to-peer(P2P) GSS network
private keys and session state. Thus, the security of established in the BC.
session keys among the drones and the GSSs should depend • Detailed security analysis along with formal security
on both the temporal and long-term secret credentials so that verification using the widely-applied “Automated Vali-
the session key will be compromised only when both secrets dation of Internet Security Protocols and Applications
are compromised by the A. Since a control room CRj and the (AVISPA)” software tool [12] are carried out on BSD2C-
registration authority RA in an IoD environment (as shown in IoD to show its robustness against various potential
Fig. 3) are responsible for registering CRj , and the GSSj and attacks needed in a blockchain-based 5G-enabled IoD
its drones DRi in each flying zone F Zj , both RA and CRi deployment.
are treated as fully trusted nodes in the IoD environment. The • Various cryptographic primitives using the broadly-
GSSs are responsible for collecting the data securely from the accepted “Multiprecision Integer and Rational Arithmetic
drones and also to deliver the data to the drones, and creating Cryptographic Library (MIRACL)” [13] have been ex-
the blocks of transactions to add them in the private blockchain ecuted for measuring the execution time under both a
in the Blockchain Center (BC). Therefore, the GSSs are also server and a Raspberry PI 3 B+ Rev 1.3 [14].
considered as trusted nodes. However, some drones may be • Finally, performance analysis of BSD2C-IoD has been
physically captured and using the extracted credentials stored carried out to show its effectiveness, specifically for
in those drones with the help of “power analysis attacks” [11], resource-limited drones.
A can launch potentials attacks, such as impersonation attack
on behalf of other non-compromised drones and ESL attack.
C. Paper Outline
In the next section, we discuss the need of secure data
B. Research Contributions
delivery and collection in IoD environment. Section III dis-
The following are the main contributions towards this work: cusses the various phases related to the proposed scheme.
• We first discuss the importance of secure data delivery While Section IV provides both formal and informal security
and collection in 5G-enabled IoD environment. analysis, Section V shows the formal security verification of
• Next, we propose a novel blockchain-based secure data the proposed scheme through simulation under the AVISPA
delivery and collection scheme, called BSD2C-IoD, software automated tool. In Section VI, we discuss the exper-
which permits access control between the drones and their imental results of various cryptographic primitives using the
respective GSS in each flying zone F Zj . The access MIRACL. Section VII gives the performance analysis of the
control helps in establishing session keys among the proposed scheme. A brief discussion on the proposed BSD2C-
drones and the GSSs for secure communication. The data IoD is provided in VIII. The paper is finally concluded in
delivery and collection process in BSD2C-IoD allows Section IX.
4
II. S ECURE DATA D ELIVERY AND C OLLECTION : N EED OF For secure data delivery between source and destination,
THE H OUR the path identification protocol is the most critical component.
Yaar et al. [20] designed a path identifier algorithm, called
The currently deployed drone delivery system uses to deliver Pi, which is a “packet marking approach”. In Pi, since a path
food, packages, medicine, emergency help in flooding areas, fingerprint is included in each packet, it enables a victim to
and so on [15]. Data (images or videos) collection, such as recognize the packets that traverse the same paths through the
collection of traffic monitoring, crowd monitoring, surveil- Internet on a “per packet basis, regardless of source IP address
lance in border, and fireplaces, the drones play a significant spoofing”. Hence, in order to defend “Distributed Denial of
role. Drone delivery system reduces the packages delivery Service (DDoS)” attacks, we apply the Pi algorithm for secure
time, fuel, and energy consumption by using battery power data delivery between source and destination.
as compared to gasoline power system vehicles. The courier
services and delivery service provider(s) also jointly stared TABLE I
online retailer business (for example, Amazon and DHL have S YMBOL AND THEIR SIGNIFICANCE
started delivery of items to their customers). Amazon sets up Symbol Significance
“Amazon Prime Air” to provide deliveries using the drones Ep (u, v) A non-singular elliptic curve of the form:
known as “octocopters”. In recent years, a drone delivery “y 2 = x3 + ux + v (mod p) with
4u3 + 27v 2 6= 0 (mod p)”
service has been established in London due to people demands, G A base point in Ep (u, v) whose order is
which can permit to exchange packages weighing up to 500g. n0 as large as p
In addition, Germany’s express delivery company, Deutsche k·G “Elliptic curve point multiplication”:
k · G = G + G + · · · + G (k times)
Post (DHL) also use the drones, called “parcelcopters” for X +Y “Elliptic curve point addition”; X, Y ∈ Ep (u, v)
the emergency delivery (for instance, high-priority goods like RA Registration authority (a trusted authority)
CRj j th control room (a trusted authority)
medicines to remote areas). GSSj j th ground station server
A delivery system in the IoD environment was built upon DRi ith drone
the trust among the delivery service provider(s) and their cus- IDRA Real identity of RA
rRA Master (private) key of RA
tomers [15]. A service provider believes that their customers P ubRA Public key of RA, where P ubRA = rRA · G
will not repudiate the delivery confirmation after successfully IDCRj Real identity of CRj
rCRj Random private key of CRj
delivered the items in the proper destination. The customers
P ubCRj Public key of CRj , where P ubCRj = rCRj · G
need to also trust that the service provider will not deliver an mkCRj Random master key of CRj
item without presence of them or delivered an item in front P kCRj Public key of CRj , where P kCRj = mkCRj · G
of the door is stolen. In such kind of cases, it is very hard CertCRj Certificates issued by the RA to CRj
RT SCRj Registration timestamps issued by the RA to CRj
to maintain the responsibility. Due to such reasons, security IDGSSj Real identity of GSSj
plays a very important role in the IoD environment. This leads RIDGSSj Pseudo-identity of GSSj
to design a secure data delivery and collection mechanism rGSSj Random private key of GSSj
with the help of deployed drones. However, we need to P ubGSSj Public key of GSSj , where P ubGSSj = rGSSj · G
kGSSj Private key (decryption key) of GSSj
maintain several security requirements, such as confidentiality, P kGSSj Public key (encryption key) of GSSj ,
authentication, access control, non-repudiation, availability, where P kGSSj = kGSSj · G
freshness, etc. Apart from these requirements, we also face CertGSSj Certificates issued by the CRj to GSSj
RT SGSSj Registration timestamps issued by the CRj to GSSj
various security challenges in an IoD environment including IDDRi Real identity of DRi
“remote hijacking of drone”, “privacy”, “replay and man- RIDDRi Pseudo-identity of DRi
in-the middle attacks”, “impersonation attack”, “privileged- rDRi Private certificate key of DRi
P ubDRi Public key of DRi , where P ubDRi = rDRi · G
insider attack”, “physical drone capture attack”, etc. as in other kDRi Private signature key of DRi
networks [16], [17]. Thus, it is crucial to keep in mind that the P kDRi Public signature key of DRi , where P kDRi = kDRi · G
CertDRi Certificates issued by the CRj to DRi
designed security protocol should be resistant to such security RT SDRi Registration timestamps for DRi issued by the CRj
challenges. || Concatenation operation
Wu and Fan [18] discussed various challenges along with TS “Current timestamp”
∆T “Maximum transmission delay associated with a message”
“modeling”, “design”, and “analysis of high mobility com- h(·) “Collision-resistant cryptographic one-way hash function”
munication systems”. They observed that due to high mo- EP kX /DkX Public key encryption/decryption by an entity X
bility of the devices during communication, the following
variants occur: a) “fast channel variation in the physical
layer”, b) “fast link variations in the link layer”, and c) “fast III. BSD2C-I O D: B LOCKCHAIN -BASED S ECURE DATA
topology variation in the network layer”. However, in 5G D ELIVERY AND C OLLECTION S CHEME
communication systems, high mobility communications have In this section, we propose a new “blockchain-based secure
been incorporated as an integral part of the communication data delivery and collection scheme in the 5G-envisioned IoT-
standards. We can also adapt the strategy suggested in [19] as enabled IoD environment (BSD2C-IoD)”. BSD2C-IoD makes
follows. Applying the “mixed integer linear programming”, the utilization of timestamps and random numbers to protect
optimal paths of drones that minimize the fuel consumption replay attack against an adversary. For this reason, all the
can be calculated by considering “collision avoidance”, “no-fly network entities are supposed to be synchronized with their
zones”, and “altitude constraints”. clocks, which is also a typical assumption applied in designing
5
security protocols [21]–[25]. The list of symbols with their 1) CRj Registration: The following steps are required for
significance tabulated in Table I is used to explain and analyze CRj registration by the RA:
the proposed BSD2C-IoD. Step CRR1 : RA picks a unique identity IDCRj for
BSD2C-IoD contains several phases, namely “system ini- each CRj , chooses a random private key rCRj ∈ Zp∗ and
tialization phase”, “registration phase”, “access control phase”, computes its respective public key P ubCRj = rCRj · G,
“secure data delivery and collection phase”, “block creation, where k · G = G+ G+ · · · + G(k times) is known as the
verification and addition in blockchain center phase” and “elliptic curve scalar (point) multiplication” and k ∈ Zp∗ . RA
“dynamic drones addition phase”. The overall process in creates a certificate for each CRj as CertCRj = rCRj +
the proposed BSD2C-IoD involving various phases has been h(IDCRj ||IDRA ||P ubRA ||P ubCRj ||RT SCRj ) ∗ rRA
elaborated in Fig. 3. (mod p), where RT SCRj is registration timestamp of the
The detailed descriptions of the phases related to BSD2C- CRj , and ∗ denotes the ordinary modular multiplication in
IoD are now discussed in the following. Zp∗ . After that, the RA deletes rCRj from its database for
security issue.
A. Phase 1: System Initialization Step CRR2 : Next, the RA pre-loads the following infor-
mation prior to deployment of each CRj : {IDCRj , IDRA ,
In this phase, the trusted registration authority (RA) picks
CertCRj , P ubRA , P ubCRj , Ep (u, v), h(·), G}.
the system parameters as follows.
Step CRR3 : CRj then picks a random master key
The RA first selects a “non-singular elliptic curve of the
mkCRj ∈ Zp∗ and computes its corresponding public key
form Ep (u, v) : y 2 = x3 + ux+ v (mod p) over a Galois
P kCRj = mkCRj · G. Finally, the RA publishes {P kCRj ,
field GF (p)”, where p is a sufficiently large prime, u, v ∈ Zp∗
P ubRA , P ubCRj , Ep (u, v), h(·), G} as public information.
= {1, 2, · · · , p − 1} are two constants such that 4u3 + 27v 2 6=
Note that CRj has the credentials {IDCRj , IDRA , CertCRj ,
0 (mod p) holds, and a “point at infinity or zero point O”.
mkCRj , P kCRj , P ubRA , P ubCRj , Ep (u, v), h(·), G}.
The RA then picks a base point G ∈ Ep (u, v) of order n0
2) GSSj Registration: The registration of each GSSj is
as large as p. The RA also picks a “collision resistant one-
performed by the CRj with the following steps:
way cryptographic hash function” h(·) (for example, SHA-256
Step GR1 : CRj selects a unique identity IDGSSj and com-
hashing algorithm [26]). In addition, the RA picks its its own
putes its pseudo-identity RIDGSSj = h(IDGSSj ||RT SGSSj
identity IDRA , master (private) key rRA ∈ Zp∗ and calculates
||mkCRj ), where RT SGSSj is the registration timestamp of
its corresponding public key P ubRA = rRA · G. The RA
GSSj . CRj then picks a random private key rGSSj ∈ Zp∗ and
then keeps master (private) key rRA as secret, whereas the
calculates its respective public key P ubGSSj = rGSSj · G.
parameters {Ep (u, v), G, h(·), P ubRA } as public.
Also, CRj generates a certificate for GSSj as CertGSSj =
If P = (xP , yP ) and Q = (xQ , yQ ) ∈ Ep (u, v) be two
rGSSj +h(RIDGSSj ||IDCRj ||P ubCRj ||P ubGSSj )∗mkCRj
elliptic curve points, R = (xR , yR ) = P + Q, known as the
(mod p).
“elliptic curve point addition”, is computed as follows [27]:
Step GR2 : CRj then stores RIDGSSj and CertGSSj in
xR = (µ2 − xP − xQ ) (mod p), its database corresponding to GSSj , and makes P ubGSSj
yR = (µ(xP − xR ) − yP ) (mod p), as public; and also deletes IDGSSj and rGSSj for security
( yQ −yP reason. Next, GSSj selects its another private key (decryption
xQ −xP (mod p), if P 6= −Q key) kGSSj ∈ Zp∗ and computes the corresponding public key
where µ = 3xP 2 +u
2yP (mod p), if P = Q. (encryption key) P kGSSj = kGSSj · G.
Step GR3 : After that CRj pre-loads the information
The “elliptic curve scalar (point) multiplication” of an elliptic
{RIDGSSj , IDCRj , CertGSSj , P ubCRj , P ubGSSj , (kGSSj ,
curve point G ∈ Ep (u, v) is denoted by k·G, where k ∈ Zp∗ =
P kGSSj ), P kCRj , Ep (u, v), h(·), G} in GSSj prior to
{1, 2, · · · , p−1} is a scalar. This operation can be further done
its deployment. In addition, CRj also stores P kGSSj for
efficiently using the “repeated point doubling and addition
each GSSj in its database and publishes the information
operations”. For instance if G = (xG , yG ) ∈ Ep (u, v), then
{P ubGSSj , P kGSSj } as public.
17 · G = 2 · (2 · (2 · (2 · G))) + G is calculated with the
3) Drone DRi Registration: Prior to the deployment of the
help of using “one point addition” and “four points doubling
drones DRi in a particular application field, CRj registers
operations”.
them with the following steps:
Step DR1 : CRj selects a unique identity IDDRi and
B. Phase 2: Registration computes respective pseudo-identity RIDDRi = h(IDDRi
In this phase, the registration of the control room CRj ||IDCRj ||mkCRj ||RT SDRi ) for each drone DRi , where
is done securely in offline mode by the trusted registration RT SDRi is the registration timestamp.
authority (RA). In addition, the registration of the ground Step DR2 : CRj picks a private certificate key rDRi ∈ Zp∗
service station GSSj and its associated drones DRi in a flying and compute its corresponding public key P ubDRi = rDRi ·
zone F Zj are also executed in offline mode securely by their G, and also private signature key kDRi ∈ Zp∗ and its public
CRj . The overall registration process in summarized in Fig. signature key P kDRi = kDRi · G for each drone DRi .
4. Step DR3 : CRj creates a certificate for each DRi
Next, the detailed registration process of CRj , GSSj and as CertDRi = rDRi + h(RIDDRi ||P ubCRj ||P ubGSSj
DRi is given below. ||P ubDRi ) ∗ mkCRj (mod p). After that CRj deletes IDDRi
6
(a) Registration of a controller room (CRj ) for an IoT application

Registration Authority (RA) Control room (CRj )
• Select Ep (u, v) over GF (p) with base point G, h(·) • Store in each CRj : {IDCRj , IDRA , CertCRj ,
• Select random private key rCRj ∈ Zp∗ P ubRA , P ubCRj , Ep (u, v), h(·), G}
and compute P ubCRj = rCRj · G for CRj
• Pick its own master (private) key rRA ∈ Zp∗ • Pick random master key mkCRj ∈ Zp∗
and compute public key P ubRA = rRA · G and compute public key P kCRj = mkCRj · G
• Select identity IDRA , and identity IDCRj for each CRj
• Create certificate for each CRj as CertCRj = rCRj + h(IDCRj ||IDRA • Store {mkCRj , P kCRj } in its database
||P ubRA ||P ubCRj ||RT SCRj ) ∗ rRA (mod p) and make P kCRj as public
• Publish {P ubRA , P ubCRj , Ep (u, v), h(·), G} as public
(b) Registration of Ground Station Server GSSj
Control Room CRj Ground Station Server GSSj
• Pick identity IDGSSj and compute its pseudo-identity • Select another private key (decryption key) kGSSj ∈ Zp∗
RIDGSSj = h(IDGSSj ||RT SGSSj ||mkCRj ) and compute public key (encryption key) P kGSSj = kGSSj · G
• Pick random private key rGSSj ∈ Zp∗ • Pre-load {RIDGSSj , IDCRj , CertGSSj , P ubCRj , P ubGSSj ,
and compute public key P ubGSSj = rGSSj · G (kGSSj , P kGSSj ), P kCRj , Ep (u, v), h(·), G} in GSSj
• Create certificate for GSSj as CertGSSj = rGSSj + h(RIDGSSj ||IDCRj
||P ubCRj ||P ubGSSj ) ∗ mkCRj (mod p)
• Store RIDGSSj and CertGSSj in GSSj
• Make P ubGSSj as public; and delete IDGSSj and rGSSj
• Store {P kGSSj } for each GSSj in its database
(c) Registration of drones DRi in a flying zone F Zj
Control Room CRj Drone DRi
• Pick identity IDDRi and pseudo-identity RIDDRi = h(IDDRi ||IDCRj • Store {RIDDRi , CertDRi , (kDRi , P kDRi ),
||mkCRj ||RT SDRi ) for each drone DRi P kCRj , Ep (u, v), h(·), G} in DRi
• Select private certificate key rDRi ∈ Zp∗ and compute public key prior to deployment in flying zone F Zj
P ubDRi = rDRi · G for each drone DRi
• Select private signature key kDRi ∈ Zp∗ and compute public
signature key P kDRi = kDRi · G for each drone DRi
• Generate certificate for each DRi as CertDRi = rDRi + h(RIDDRi
||P ubCRj ||P ubGSSj ||P ubDRi ) ∗ mkCRj (mod p)
• Delete IDDRi and rDRi from its database
Fig. 4. Summary of registration phase for control room, ground station server and drones
and rDRi from its database, and stores the credentials Step ACDG2 : After receiving M sg1 at time T S1∗ , GSSj
{RIDDRi , CertDRi , P ubDRi , (kDRi , P kDRi ), P kCRj , checks validity of T S1 by |T S1∗ − T S1 | < ∆T . If it is valid,
Ep (u, v), h(·), G} prior to its deployment in a particular flying GSSj proceeds to validate the certificate by the condition:
zone F Zj . In addition, CRj also publishes the information CertDRi · G = P ubDRi + h(RIDDRi ||P ubCRj ||P ubGSSj
{P ubDRi , P kDRi } as public. ||P ubDRi ) · P kCRj . If it is not valid, GSSj rejects DRi ’s
request message; otherwise it further verifies the signature
by SigDRi · G = ADRi + h(P kDRi ||RIDDRi ||P kCRj
C. Phase 3: Access Control
||P ubGSSj ||ADRi ||T S1 ) · P kDRi . If the signature validation
This phase is helpful in mutual authentication between a passes, GSSj goes to next step.
drone DRi and its associated GSSj in a flying zone F Zj .
Both DRi and GSSj use the pre-loaded information during Step ACDG3 : GSSj generates a random number r2 ∈
registration phase. This phase utilizes certificate verification, Zp∗ and a current timestamp T S2 , and computes r20 =
signature generation/verification based on “elliptic curve cryp- h(RIDGSSj ||IDCRj ||r2 ||CertGSSj ||kGSSj ||T S2 ),
tography (ECC)” technique and “one-way cryptographic hash BGSSj = r20 · G. Next, GSSj computes the Diffie-
function h(·)”. At the end of mutual authentication, both DRi Hellman type key as DHKGSSj ,DRi = r20 · ADRi (=
and GSSj will agree on a common session key SKDRi ,GSSj (r20 ∗ r10 ) · G), and also the session key shared with
(= SKGSSj ,DRi ) for secret communication. The detailed DRi as SKGSSj ,DRi = h(DHKGSSj ,DRi ||RIDDRi
description of this phase is elaborated as follows. ||RIDGSSj ||P kDRi ||P ubGSSj ) and the session key verifier
Step ACDG1 : DRi selects a random number r1 ∈ Zp∗ as SKVGSSj ,DRi = h(SKGSSj ,DRi ||RIDDRi ||RIDGSSj
and generates a current timestamp T S1 , and computes r10 = ||BGSSj ||CertGSSj ||T S1 ||T S2 ). GSSj constructs the
h(RIDDRi ||r1 ||CertDRi ||kDRi ||T S1 ), ADRi = r10 · G. access control response message as M sg2 = {RIDGSSj ,
Next, DRi generates signature on r10 as SigDRi = r10 + CertGSSj , BGSSj , SKVGSSj ,DRi , T S2 } and sends it to DRi
h(P kDRi ||RIDDRi ||P kCRj ||P ubGSSj ||ADRi ||T S1 ) ∗ via open channel.
kDRi (mod p). After that, DRi prepares access control re- Step ACDG4 : After receiving M sg2 at time T S2∗ ,
quest message M sg1 = {RIDDRi , ADRi , CertDRi , SigDRi , DRi checks validity of T S2 by |T S2∗ − T S2 | < ∆T .
T S1 } and dispatches it to GSSj via public channel. If it is valid, DRi validates the certificate by the condi-
7
tion: CertGSSj · G = P ubGSSj + h(RIDGSSj ||IDCRj signature on the block is generated by GSSj with the help
||P ubCRj ||P ubGSSj ) · P kCRj . If the certificate is vali- of the “elliptic curve digital signature algorithm (ECDSA)”
dated successfully, DRi computes the Diffie-Hellman type [28]. The generated signature, Merkle tree, and current block
key as DHKDRi ,GSSj = r10 · BGSSj (= (r10 ∗ r20 ) · G = hash root assist to achieve “immutability and transparency
DHKGSSj ,DRi ), and derives the session key shared with properties” of the block maintained in the blockchain.
GSSj as SKDRi ,GSSj = h(DHKDRi ,GSSj ||RIDDRi Next, a leader, say L is selected by the leader selection
||RIDGSSj ||P kDRi ||P ubGSSj ) and the session key verifier algorithm in P2P GSS network containing nGSS GSSs as in
as SKVDRi ,GSSj = h(SKDRi ,GSSj ||RIDDRi ||RIDGSSj [29]. The block Blocki is then passed to the leader L for the
||BGSSj ||CertGSSj ||T S1 ||T S2 ). After that DRi verifies if purpose of consensus in order to perform block verification
SKVDRi ,GSSj = SKVGSSj ,DRi , and if it is valid then DRi along with addition in blockchain as shown in Algorithm
generates current timestamp T S3 and computes an acknowl- 1. Note that we have applied the “Practical Byzantine Fault
edgement ACKDRi ,GSSj = h(SKDRi ,GSSj ||T S2 ||T S3 ). Tolerance (PBFT)” consensus algorithm [30]. The steps 11–
Finally, DRi dispatches the acknowledge message M sg3 = 14 in Fig. 3 explain the overall procedure of block creation,
{ACKDRi ,GSSj , T S3 } to GSSj via public channel. verification and addition of a block in the blockchain center.
Step ACDG5 : After receiving M sg3 at time T S3∗ , GSSj Smart contract is considered as a “computer program or
checks validity of T S3 by the condition: |T S3∗ − T S3 | < ∆T . an agreement between two parties” that can be self-executed
If the timestamp is valid, GSSj computes ACKGSSj ,DRi = and self-verified digitally, and it can be also deployed without
h(SKGSSj ,DRi ||T S2 ||T S3 ) and verifies if ACKGSSj ,DRi = any human interventions [31], [32]. It verifies and validates
ACKDRi ,GSSj is satisfied. If it is verified successfully, the the “correct execution of the transactions” in the system, and
session key SKDRi ,GSSj (= SKGSSj ,DRi ) is established be- also meets the “legal contracts”. It is worth noticing that the
tween DRi and GSSj for their secret communications. agreements between the parties are traceable, immutable as
This phase is also briefed in Fig. 5. well as irreversible. It then helps a blockchain system to
be more robust, secure, efficient and cost-effective. In our
proposed BSD2C-IoD, a smart contract can be implemented
D. Phase 4: Secure Data Delivery and Collection
in each GSS in order to verify the collected transactions from
In this section, we discuss various data delivery and collec- various entities and also the blocks formed by the GSS in the
tion related transactions among CRj , GSSj and the drones system. As a result, data modification attack is prevented and
DRi in a flying zone F Zj as shown in Fig. 6. We have the also data integrity is preserved by using smart contracts. Thus,
following types of transactions: the blockchain technology along with smart contracts can be
• The transaction T xCR−GSS−req is between CRj and its used as “potential candidates for organizing secure interaction
GSSj , and it is related to data delivery request from between autonomous agents” [33] in the proposed BSD2C-
CRj to GSSj which is sent securely by encrypting IoD.
T xCR−GSS−req with the public key P kGSSj of the
GSSj . The encrypted T xCR−GSS−req is decrypted by F. Phase 6: Dynamic Drones Addition Phase
GSSj using its own private key kGSSj .
Sometimes, some drones may be malfunctioned or physi-
• The transaction T xGSS−DR−req denotes the data deliv-
cally captured by an adversary. Therefore, some new drones
ery request from GSSj to DRi , which is encrypted with
may be added in the IoD environment.
the established session key SKDRi ,GSSj between GSSj
Suppose a new drone DRinew needs to be added in a flying
and DRi . After decrypting this encrypted transaction
zone F Zj . To perform this task, its control room CRj first
with SKDRi ,GSSj , DRi will deliver the items (for ex- new
selects a unique identity IDDR and calculates respective
amples, goods, medicines, etc.) to the proper destination. new
i
new
pseudo-identity RIDDRi = h(IDDR ||IDCRj ||mkCRj
• The transaction T xDR−GSS−res represents the data de- new new new
i
||RT SDRi ) for DRi , where RT SDR is the registration
livery/collection response from DRi to GSSj (for in- i
new
timestamp. Next, CRj picks a private certificate key rDR ∈
stance, e-receipt) that is encrypted with SKDRi ,GSSj . ∗ new
i
Zp and computes its corresponding public key P ubDRi =
• There may be other instances (for example, smart new
rDR · G, and also selects a private signature key kDR new
∈ Zp∗
agriculture) where the deployed drones DRi need to i i
and its public signature key P kDRi = kDRi · G for DRinew .
new new
send the collected information in form of the transac-
After that CRj creates a certificate for DRinew as Certnew DRi =
tions T xDR−GSS−data to GSSj securely using the key new new new
rDR + h(RID DRi ||P ub CR ||P ub GSS ||P ubDRi )∗mk CRj
SKDRi ,GSSj (see steps 9–10 in Fig. 3). i j j
new
(mod p). Finally, CRj stores the information {RIDDR i
,
CertnewDRi , (k new
DRi , P k new
DRi ), P k CR j
, E p (u, v), h(·), G} prior
E. Phase 5: Block Creation, Verification and Addition in to DRinew ’s deployment in the flying zone F Zj . CRj also
new new
Blockchain Center erases IDDR i
and rDR i
from its database for security reason.
In this phase, the GSSj will form a block, say Blocki using
the transactions (shown in Fig. 6) that are available to GSSj IV. S ECURITY A NALYSIS
(as provided in Fig. 7). In this section, we exhibit that BSD2C-IoD can resist var-
The block Blocki created by GSSj contains several en- ious potential attacks needed in an IoD environment through
crypted transactions using the public key of the GSSj . The the use of both formal and informal security analysis.
8
8
Access control between a ground station server GSSj and its drones (DRi ) in a flying zone F Zj
Drone (DRi ) Ground Station Server (GSSj )
available information: {RI DDRi , C ertDRi , (kDRi , P kDRi ), available information: {RI DGSSj , I D C Rj , C ertGSSj ,
P kC Rj , Ep (u, v), h(·), G} P ubC Rj , P ubGSSj , (kGSSj , P kGSSj ), P kC Rj , Ep (u, v),
h(·), G}
• Select random secret r1 ∈ Zp ∗
& generate current timestamp T S1
• Compute r1 �
= h(RI DDRi ||r1 ||C ertDRi ||kDRi ||T S1 ),
�
ADRi = r1 · G
• Generate signature SigDRi
M sg1 = {RI DDRi , ADRi , C ertDRi , SigDRi , T S1 }

−−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−− →
(via public channel) • Verify timestamp T S1 , and certificate by C ertDRi · G =
P ubDRi + h(RI DDRi ||P ubC Rj ||P ubGSSj ||P ubDRi ) ·
P kC R j .
• If timestamp and certificate are valid, verify signature
by SigDRi · G = ADRi + h(P kDRi ||RI DDRi ||P kC Rj
||P ubGSSj ||ADRi ||T S1 ) · P kDRi
• Generate random number r2 ∈ Zp ∗
and current timestamp
T S2
• Calculate �
r2 = h(RI DGSSj ||I DC Rj ||r2
�
||C ertGSSj ||kGSSj ||T S2 ), BGSSj = r2 · G,
DH KGSSj ,DRi = r2 �
· ADRi (= (r2 � �
∗ r1 ) · G), session
key as SKGSSj ,DRi = h(DH KGSSj ,DRi ||RI DDRi
||RI DGSSj ||P kDRi ||P ubGSSj ), and session key verifier
SK VGSSj ,DRi = h(SKGSSj ,DRi ||RI DDRi ||RI DGSSj
||BGSSj ||C ertGSSj ||T S1 ||T S2 )
M sg2 = {RI DGSSj , C ertGSSj , BGSSj , SK VGSSj ,DRi , T S2 }

←−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −
(via public channel)
• Check validity of T S2 , and certificate as C ertGSSj · G =
P ubGSSj + h(RI DGSSj ||I DC Rj ||P ubC Rj ||P ubGSSj ) · P kC Rj
• If timestamp and certificate are valid, compute DH KDRi ,GSSj =
r1�
· BGSSj (= (r1�
∗ r2�
) · G = DH KGSSj ,DRi ) and session
key as SKDRi ,GSSj = h(DH KDRi ,GSSj ||RI DDRi ||RI DGSSj
||P kDRi ||P ubGSSj ) and session key verifier, SK VDRi ,GSSj =
h(SKDRi ,GSSj ||RI DDRi ||RI DGSSj ||BGSSj ||C ertGSSj ||T S1
||T S2 )
• Check if SK VDRi ,GSSj = SK VGSSj ,DRi . If so, generate current
timestamp T S3 and compute AC KDRi ,GSSj = h(SKDRi ,GSSj
||T S2 ||T S3 )
M sg3 = {AC KDRi ,GSSj , T S3 }

−−−−−−−−−−−−−−−−−−−−−−− →
(via public channel) • Verify the received timestamp. If timestamp is valid, compute
AC KGSSj ,DRi = h(SKGSSj ,DRi ||T S2 ||T S3 )
• Verify if AC KGSSj ,DRi = AC KDRi ,GSSj . If valid, session
key is established
Both DRi and GSSj establish the same session key SKDRi ,GSSj (= SKGSSj ,DRi )
Fig. 5. Summary of access control phase
Fig. 5. Summary of access control phase

Type of Transaction Description secure against an adversary A. We provide below the detailed
It represents a transaction between a control room (C Rj )
T xC R−GSS−req
and its GSSj .
description of the ROR model by semantic security defined
Algorithm 1 Consensus for block verification and addition in blockchain in Definition 1 and session key security in Theorem 1. For
It is the data delivery request from C Rj to GSSj .
T xGSS−DR−req achieving this task, A will execute queries that are tabulated
It means a transaction between GSSj and its drones DRi .
It denotes the data delivery request from GSSj to DRi
Input: A block Blocki as shown in Fig.7 and nf : the number
in a particular flying zone F Zj . of faulty
in Table
GSS
GSS nodes
II. Furthermore, as in the P2P
reported GSSaccess
in [29], networkto a
T xDR−GSS−res “collision-resistant one-way cryptographic hash function h(·)”
It denotes a transaction between DRi and its GSSj .
Output: Commitment and addition of block Blocki into blockchain
from DRi to GSSj .
after itstosuccessful
It is the data delivery/collection response
is supplied validation
all the engaged members including the adversary
T xDR−GSS−data A. In BSD2C-IoD, we model h(·) as a random oracle, say
It means a transaction between GSSj and its drones DRi .
1: Assume L, say GSSl , is selected as the leader and it wantsHto add Blocki into blockchain
It represents the collection message from GSSj to DRi
in a particular flying zone F Zj .
ash.
2: L generates
Fig. 6. current timestamp
Details of various transactions Participants.
T TSxGSSj for each follower ground In BSD2C-IoD,
station server node GSS there and
are four participants,
performs voting process
i
j
namely RA, C R , DR , and GSS . DR and GSS are
j i j i j
3: L encrypts voting request V otReq as EP kGSS (V otReq, T involved S GSS j
)inand sends
the access a message
control containing
phase to the same
establish a session key block, and
j
EP kGSSj (V otReq, T SGSSj ) to each follower node GSSj , (j = 1, 2, · · · , nGSS , ∀j 6= l), where E(·) and D(·) are the
encryption and decryption functions, respectively
∗
4: Assume the message from L is received by each follower GSSj in the P2P GSS network at time T SGSS j
5: for each follower node GSSj do
6: Decrypt the message as (V otReq 0 , T SGSSj ) = DkGSSj [EP kGSSj (V otReq, T SGSSj )]
7: Verify timestamp, Merkle tree root, current block hash, and signature on received block Blocki
8: If all checks are verified successfully, send the voting reply V otRep and block verification status BV Status as
{EP kL (V otReq 0 , V otRep, BV Status)} to L
9: end for
10: If V Cnt denotes the vote counter, initialize V Cnt ← 0
11: for each received response message {EP kL (V otReq 0 , V otRep, BV Status)} from the responded follower GSSj do
12: Compute (V otReq 0 , V otRep, BV Status) = DkL [EP kL (V otReq 0 , V otRep, BV Status)]
13: if ((V otReq 0 = V otReq) and ((V otRep = valid) and (BV Status = valid))) then
14: Set V Cnt = V Cnt + 1
15: end if
16: end for
17: if (V Cnt > 2.nfGSS + 1) then
18: Send the commit response to all follower nodes
19: Add block Blocki to the blockchain
20: end if
A. Formal Security Analysis under ROR Model session key between DRi and GSSj in the access control
phase provided in Fig. 5 for the proposed BSD2C-IoD is
In our formal security analysis, we adopt the broad accepted
secure against an adversary A. We provide below the detailed
“Real-Or-Random (ROR)” oracle model [34] to prove the
9
Type of Transaction Description After receiving all the communicated messages in a particular
T xCR−GSS−req It represents a transaction between a control room (CRj )
and its GSSj .
session, they are arranged in sequence and it will then establish
It is the data delivery request from CRj to GSSj . the “session identification sid of Υl for the running session”.
T xGSS−DR−req It means a transaction between GSSj and its drones DRi . Partnering. Two instances (Υl1 and Υl2 ) are partners to
It denotes the data delivery request from GSSj to DRi
in a particular flying zone F Zj . each other if they satisfy the following conditions:
T xDR−GSS−res It denotes a transaction between DRi and its GSSj . l l
• Υ 1 and Υ 2 are required to be in “accepted states”.
It is the data delivery/collection response l1 l2
from DRi to GSSj . • Υ and Υ are required to share the same sid and they
T xDR−GSS−data It means a transaction between GSSj and its drones DRi . need to “mutually authenticate each other”.
It represents the collection message from GSSj to DRi l l
• Υ 1 and Υ 2 are required to be “mutual partners of each
in a particular flying zone F Zj .
other”.
Fig. 6. Details of various transactions T xi
Freshness. An instance ΥlDR 1
i
or ΥlGSS
2
j
is known to
Block Header be fresh when the established session key SKDRi ,GSSj (=
Block Version BV er SKGSSj ,DRi ) between DRi and GSSj is not disclosed to
Previous Block Hash P BH A by executing the Reveal(Υl ) query described in Table II.
Merkle Tree Root MTR
Timestamp TS
We now define “semantic security” of our proposed BSD2C-
Creator of Block CBID (Identity of one of the GSSs, IoD in Definition 1, which is helpful to prove Theorem 1.
say GSSj in P2P GSS network)
BSD2C−IoD
Public key of Signer GSSj P kGSSj Definition 1 (Semantic security). If AdvA (tpoly )
Block Payload (Encrypted Transactions) denotes the “advantage of an adversary A running in poly-
List of tn Encrypted {EP kGSSj (T xi )|i = 1, 2, · · · , tn } nomial time tpoly ” in breaking the semantic security of the
Transactions #i (T xi ) proposed BSD2C-IoD for computing the established session
Current Block Hash CBHash
key SKDRi ,GSSj (= SKGSSj ,DRi ) among a drone DRi and
Signature on CBHash BSign = ECDSA.SigkGSS (CBHash),
where ECDSA.Sig(·) and ECDSA.V er(·) an GSSj in a particular session. Then,
represent ECDSA signature generation and
verification algorithms, respectively
BSD2C−IoD
AdvA (tpoly ) = |2P r[b0 = b] − 1|,
Fig. 7. Structure of a block Blocki based on various transactions where b and b0 are respectively the “correct” and “guessed”
bits.
description of the ROR model by semantic security defined Theorem 1. Let an adversary A running in polynomial
in Definition 1 and session key security in Theorem 1. For time tpoly attempt to compute the session key SKDRi ,GSSj
achieving this task, A will execute queries that are tabulated (= SKGSSj ,DRi ) shared between a drone DRi and an GSSj
in Table II. Furthermore, as reported in [35], access to a for a particular session in the proposed protocol, BSD2C-IoD.
ECDDHP
“collision-resistant one-way cryptographic hash function h(·)” If qh , |Hash|, and AdvA (tpoly ) denote the number of
is supplied to all the engaged members including the adversary “Hash queries”, the range space of “a one-way collision-
A. In BSD2C-IoD, we model h(·) as a random oracle, say resistant hash function h(·)”, and the advantage of breaking
Hash. the “Elliptic Curve Decisional Diffie-Hellman Problem (ECD-
DHP)” respectively, then
TABLE II
Q UERIES AND THEIR MOTIVES BSD2C−IoD qh2 ECDDHP
AdvA (tpoly ) ≤ + 2AdvA (tpoly ).
|Hash|
Query Motive
Execute(ΥlDR
1
, ΥlGSS
2
) A executes this query to eavesdrop the messages Proof. The proof of this theorem is similar to the proof
i j
communicated between DRi and GSSj that was done in [21], [22], [23], [24], [25], [35], [36]. An
CorruptDrone(ΥlDR
1
) A executes this query to pull out “the secret creden-
i
tials stored in a compromised DRi ” adversary A will play three games, say GameA j (j = 0, 1, 2),
Reveal(Υl ) A executes this query to disclose the session key against the proposed BSD2C-IoD. Let SuccA Gamej denote “an
SKDRi ,GSSj (= SKGSSj ,DRi ) shared between
Υl and its respective partner event that A can guess the random bit b in the game GameA j
T est(Υl ) A executes this query to validate the revealed session correctly”. A’s advantage to win GameA j in BSD2C-IoD is
key SKDRi ,GSSj (= SKGSSj ,DRi ) by utilizing BSD2C−IoD
a “random outcome of a flipped unbiased coin, b” then defined by AdvA,Game j
= P r[SuccAGamej ]. Each of
A
the game Gamej is elaborated below.
Participants. In BSD2C-IoD, there are four participants, GameA 0 : In this game, A plays against the proposed
namely RA, CRj , DRi , and GSSj . DRi and GSSj are BSD2C-IoD by utilizing an “actual attack” with the help of
involved in the access control phase to establish a session key the ROR model. A picks a random bit b prior to beginning of
and apart from that RA only involves during the registration the initial game GameA 0 . The “semantic security” explained
and dynamic node (drone) addition phases. The symbols ΥlDR 1
i
in Definition 1 gives the following:
l2 th th
and ΥGSSj represent the l1 and l2 instances of DRi and BSD2C−IoD
AdvA BSD2C−IoD
(tpoly ) = |2AdvA,Game − 1|. (1)
0
GSSj , respectively. These instances are called the “random
oracles”. GameA 1 : This game corresponds to an eavesdropping
Accepted state. An instance Υl goes to an “accepted game, where A performs Execute query that is defined
state” when the last valid communicated message is received. in Table II. By utilizing this query, A tries to derive
10
the session key SKDRi ,GSSj (= SKGSSj ,DRi ) from all Solving Eqs. (2), (3) and (4), and applying the triangular
intercepted communicated messages M sg1 = {RIDDRi , inequality, the following derivation is produced:
ADRi , CertDRi , SigDRi , T S1 }, M sg2 = {RIDGSSj ,
1 BSD2C−IoD
CertGSSj , BGSSj , SKVGSSj ,DRi , T S2 }, and M sg3 = .AdvA (tpoly )
{ACKDRi ,GSSj , T S3 }. Next, A executes Reveal and T est 2
BSD2C−IoD BSD2C−IoD
queries to validate the derived session key (whether it is = |AdvA,Game0
− AdvA,Game 2
|
a correct one or just a random key). The session key is = |AdvA,Game1
− AdvA,Game2
| (6)
SKDRi ,GSSj = h(DHKDRi ,GSSj ||RIDDRi ||RIDGSSj qh2 ECDDHP
||P kDRi ||P ubGSSj ), where DHKDRi ,GSSj = r10 · BGSSj ≤ + AdvA (tpoly ).
2|Hash|
(= (r10 ∗ r20 ) · G = DHKGSSj ,DRi ). That implies that
SKDRi ,GSSj (= SKGSSj ,DRi ). As all the temporal creden- Finally, if “a factor of 2’ is multiplied on both sides of Eq.
tials and long term secrets are protected by h(·), only hijacking (6), we arrive to the final derivation:
the messages M sgi (i = 1, 2, 3) will not lead to increase the
success probability to derive the session key. Therefore, both BSD2C−IoD qh2 ECDDHP
AdvA (tpoly ) ≤ + 2AdvA (tpoly ).
the games GameA A
0 and Game1 become “indistinguishable
|Hash|
under the eavesdropping attack”. As a result, the following
condition holds:
AdvA,Game = AdvA,Game . (2)
1 0 B. Information Security Analysis
GameA 2 : In this game, A plays an “active attack”, where We show in the following that BSD2C-IoD has potential to
A simulates Hash and CorruptDrone queries. To derive protect various attacks.
the session key SKDRi ,GSSj (= SKGSSj ,DRi ), the adver- 1) Replay Attack: In BSD2C-IoD, the current system times-
sary A needs to derive DHKDRi ,GSSj = r10 · BGSSj (= tamps and the random numbers are applied in the construction
(r10 ∗ r20 ) · G = DHKGSSj ,DRi ). Assume that A has the of messages M sg1 , M sg2 and M sg3 . The old replayed
hijacked messages M sgi (i = 1, 2, 3). Therefore, he/she messages by any adversary A simply can noticed by the
has the knowledge of ADRi = r10 · G = h(RIDDRi ||r1 particular recipients by checking the timestamps attached in
||CertDRi ||kDRi ||T S1 ) · G and BGSSj = r20 · G = the received messages. Thus, BSD2C-IoD is resilient against
h(RIDGSSj ||IDCRj ||r2 ||CertGSSj ||kGSSj ||T S2 ) · G. “replay attack”.
Since DHKDRi ,GSSj = (h(RIDDRi ||r1 ||CertDRi ||kDRi 2) Man-in-the-Middle (MiTM) Attack: In this attack, an
||T S1 ) ∗ h(RIDGSSj ||IDCRj ||r2 ||CertGSSj ||kGSSj adversary A may eavesdrop the access control request message
||T S2 )) · G = DHKGSSj ,DRi ), and all the secret credentials M sg1 between a drone DRi and ground station server GSSj
{kGSSj , kDRi , rGSSj , rDRi , mkCRj } are protected by the from public channel, and try to tamper the request message
hash function h(·), to derive DHKDRi ,GSSj the adversary to generate another valid message, say M sg10 = {RIDDRi ,
A has to solve the ECDDHP. Furthermore, by utilizing the A0DRi , CertDRi , SigDR 0
, T S10 }. For this issue, A can gen-
i
CorruptDrone query, A will get the secret credential kDRi . erate a random number r1 ∈ Zp∗ and current timestamp T S10 ,
∗
Then, without having the knowledge of other secrets, such as and then calculates r10 = h(RIDDRi ||r1∗ ||CertDRi ||kDRi
{r1 , r2 , rGSSj , rDRi , mkCRj }, A will not be able to derive ||T S10 ), A0DRi = r10 · G, signature on r10 as SigDR 0
= r10 +
i
session key SKDRi ,GSSj (= SKGSSj ,DRi ). Therefore, both h(P kDRi ||RIDDRi ||P kCRj ||P ubGSSj ||ADRi ||T S10 ) ∗
the games GameA A
1 and Game2 are indistinguishable if we kDRi (mod p). However, without knowledge of the credential
0
exclude the simulation of Hash and CorruptDrone queries, kDRi , A can not create the valid signature SigDR i
and r10 .
and solving of ECDDHP is not a hard problem. The “hash Similarly, for access control response message M sg2 , without
collision resistant” property and the advantage of “solving knowing the credential kGSSj , A cannot also compute valid
ECDDHP” will lead to the following relation with the help r20 , BGSSj , DHKGSSj ,DRi and SKVGSSj ,DRi . A similar
of the birthday paradox: situation arises for the message M sg3 , because A needs to
generate session key for valid message construction, Hence,
|AdvA,Game1
− AdvA,Game 2
| (3) BSD2C-IoD is secure against MiTM attack.
qh2 ECDDHP 3) Drone Impersonation Attack: In this attack, A tries to
≤ + AdvA (tpoly ).
2|Hash| behave himself/herself as a legitimate entity on behalf of
a registered drone DRi . Next, A attempts to construct an
After executing all the games, A requires to correctly guess authorized access control request message M sg1∗ . To execute
a bit b to win the game GameA 2 . Therefore, we have, this goal, A requires to pick random number r1∗ ∈ Zp∗ and
1 current timestamp T S1∗ . After that A requires computation
BSD2C−IoD
AdvA,Game = . (4) of r10 = h(RIDDRi ||r1∗ ||CertDRi ||kDRi ||T S1∗ ) and
2
2
ADRi = r10 · G. Without knowledge of the master secret key
Eq. (1) gives kDRi , it is quite computationally hard to calculate valid r10 and
1 1 ADRi . Therefore, “drone impersonation attack” is resisted in
.AdvA (tpoly ) = |AdvA,Game − |. (5) BSD2C-IoD.
2 0
2
11
4) GSS Impersonation Attack: Assume an adversary A mismatch with the previously saved values, Ver then discards
behaves like a legalized (GSSj ), and try to build a legitimate the Blocki . Otherwise, Ver further moves to verify the block
access control response message M sg2∗ . To accomplish this signature BSign utilizing the “ECDSA signature verification
task, A can initially picks random number r2∗ ∈ Zp∗ and a algorithm” [28]. Thus, the block verification passes a three-
timestamp T S2∗ . However, computation of r20 = h(RIDGSSj level verification procedure in order to verify a block which
||IDCRj ||r2∗ ||CertGSSj ||kGSSj ||T S2∗ ), BGSSj , and session is added in the blockchain.
key verifier SKVGSSj ,DRi is computationally hard for A,
because without the master secret key kGSSj A can not calcu-
V. F ORMAL S ECURITY V ERIFICATION USING AVISPA:
late valid r20 , BGSSj and SKVGSSj ,DRi . GSS impersonation
S IMULATION S TUDY
attack is then protected in BSD2C-IoD.
5) Privileged-Insider Attack: In the registration phase, nei- AVISPA [12] is a “push-button tool for the automated
ther a drone nor an GSS sends registration details to the validation of Internet security protocols and applications”.
trusted control room (CR). Instead, the CR creates all the It offers a “modular and expressive formal language for
credentials for every GSS along with drones prior to their specifying protocols along with their security goals”. It also
deployment. This restriction provide to the CR being a unites different back-ends that work a heterogeneity of state-
“privileged-insider attacker” to get all the credential which of-the-art automatic analysis mechanisms. The four back-ends
are stored in GSS’s and DR’s memory. Thus, the privileged- are implemented in AVISPA: a) “On-the-fly mode-checker
insider attack is also resisted in BSD2C-IoD. (OFMC)”, b) “Constraint-logic-based Attack Searcher (CL-
6) Physical Drone Capture Attack: Due to an antagonistic AtSe)”, c) “SAT-based Model Checker (SATMC)” and d)
environment, an adversary A may physically capture some “Tree Automata based on Automatic Approximations for the
of the drones. Then, A can extract all the stored credentials Analysis of Security Protocols (TA4SP)”. A security protocol
{RIDDRi , CertDRi , (kDRi , P kDRi ), P kCRj , Ep (u, v), requires to be implemented using the “High-Level Protocol
h(·), G} from a compromised drone DRi utilizing the “power Specification Language (HLPSL)” of AVISPA. The detailed
analysis attacks” [11]. Since the stored secret information descriptions of AVISPA and its HLPSL implementation can
{RIDDRi , CertDRi , (kDRi , P kDRi )} in each DRi are be further found in [12].
distinct and unique from the stored information in other GSSs
and the drones. Hence compromise of these credentials do not SUMMARY SUMMARY
SAFE SAFE
effect in establishing of the session keys between the other
non-compromised GSSs and the drones. This circumstance is DETAILS DETAILS
BOUNDED_NUMBER_OF_SESSIONS
called “unconditionally secure against drone capture attack”. BOUNDED_NUMBER_OF_SESSIONS
TYPED_MODEL
BSD2C-IoD is resisted by “physical drone capture attack”. PROTOCOL
PROTOCOL
7) Ephemeral Secret Leakage (ESL) Attack: During access /home/akdas/Desktop/span/
/home/akdas/Desktop/span/
testsuite/results/IoD−acc.if
control phase between a drone DRi and the GSSj , DRi com- testsuite/results/IoD−acc.if
putes the session key SKDRi ,GSSj shared with its associated GOAL
GOAL
as specified
GSSj , where SKDRi ,GSSj = h(DHKDRi ,GSSj ||RIDDRi As specified
||RIDGSSj ||P kDRi ||P ubGSSj ), where DHKDRi ,GSSj = BACKEND
OFMC BACKEND
DHKGSSj ,DRi . Since to compute DHKDRi ,GSSj , random CL−AtSe
nonces and timestamps are essential, each session key is STATISTICS
STATISTICS
also distinct in every session. It is worth noticing that the TIME 395 ms Analysed : 1 state
constructed session key is the composition of the pair “session- parseTime 0 ms Reachable : 0 state
visitedNodes: 86 nodes Translation: 0.17 seconds
specific (ephemeral) credentials” (known as “short term se- depth: 6 plies Computation: 0.00 seconds
crets”) and the “long-term secrets” (master secret keys). The
session key SKGSSj ,DRi can only be disclosed only when Fig. 8. Simulation results of BSD2C-IoD under OFMC and CL-AtSe
A can compromise both the ephemeral and long-term secrets. backends
Due to distinct session keys, even if a session key is revealed
for a specific session, it will not lead to compromise other The simulation of the proposed BSD2C-IoD scheme under
session keys over previous and future sessions. As a result, the “Security Protocol ANimator for AVISPA (SPAN)” tool
BSD2C-IoD is secure against “session-temporary information [37] has been performed for formal security verification. The
attack” and it also support the “perfect forward and backward detailed simulation results are provided in Fig. 8 under OFMC
secrecy” feature. Therefore, ESL attack is also then protected and CL-AtSe backends only. Since other two backs, namely
in BSD2C-IoD. SATMC and TA4SP, do not currently support “bitwise XOR
8) Block Verification in Blockchain: In BSD2C-IoD, the operations”, we have ignored the simulation results reported
block addition in the blockchain by an GSS in the P2P GSS under these backends as the results were “inconclusive”. It
network is performed by the PBFT consensus algorithm [30]. is worth noticing that AVISPA implements the “Dolev-Yao
Suppose a verifier Ver wish to verify a block Blocki as threat model (DY model)” [9]. Thus, an intruder (i) not
shown in Fig. 7. To reach this goal,Ver requires to calculate only can intercept the communicated messages, but can also
the “Merkle tree root” on the all encrypted transactions in modify, delete, or even insert the malicious message contents
Blocki and current block hash on Blocki . If any one of them in between the communication.
12
For the “replay attack checking”, the back-ends (OFMC and with CPU: 64-bit, Processor: 1.4 GHz Quad-core, 4 cores,
CL-AtSe) verify if the legal agents can execute a specified Memory (RAM): 1GB, and OS: Ubuntu 20.04 LTS, 64-
protocol by means of executing a search of an intruder having bit [14]. The experiments on each cryptographic primitive
passive nature. Next, the back-ends provides the intruder about are also executed for 100 runs. We then calculate the max-
the knowledge of the normal sessions between the authorized imum, minimum and average run-time (in milliseconds)
agents. On the other side, for the “Dolev-Yao (DY) model for each cryptographic primitive from these 100 runs, and
check”, the back-ends verify if any “man-in-the-middle attack” the experimental results are tabulated in Table IV.
may be performed by the intruder or not. Under OFMC back-
end, the total execution time was 395 milliseconds, while TABLE IV
E XECUTION TIME ( IN MILLISECONDS ) ON A R ASPBERRY PI 3 FOR
the number of visited nodes and depth were 86 nodes and CRYPTOGRAPHIC PRIMITIVES USING MIRACL
6 plies, respectively. Under CL-AtSe backend, one state was
analyzed with the translation time of 0.17 seconds. Under Primitive Max. time (ms) Min. time (ms) Average time (ms)
both the OFMC and CL-AtSe backends, the simulation results Th 0.643 0.274 0.309
Te 0.493 0.178 0.228
demonstrated in Fig. 8 clearly show that the proposed BSD2C- Tecm 4.532 2.206 2.288
IoD is safe against both “replay” and “man-in-the-middle” Teca 0.021 0.015 0.016
attacks. Tbp 32.79 27.606 32.084
VI. E XPERIMENTAL R ESULTS USING MIRACL TABLE V

In this section, various cryptographic primitives using the C OMPARATIVE STUDY ON COMMUNICATION COSTS
broadly-accepted “Multiprecision Integer and Rational Arith-
Scheme No. of messages Total cost (in bits) Gain
metic Cryptographic Library (MIRACL)” [13] have been Luo et al. [38] 2 3040 36%
executed for measuring the execution time. MIRACL is a Li et al. [39] 2 3488 56%
“C/C++ based programming software library” that has been Tian et al. [40] 2 384s + 11712 509%
BSD2C-IoD 3 2240 −
already accepted by the cryptographers as the “gold standard
open source SDK for elliptic curve cryptography (ECC)”. Note: s: “no. of pseudonyms of an UAV (drone) in Tian et al.’s scheme” [40]
(s = 5)
Let Te , Tecm , Teca , Th , and Tbp denote the time needed
for “modular exponentiation”, “elliptic curve point multiplica-
tion”, “elliptic curve point addition”, “one-way hash function VII. C OMPARATIVE A NALYSIS
using SHA-256 hashing algorithm”, and “bilinear pairing In this section, we provide a comparative study on security
operation”, respectively. A non-singular elliptic curve of the and functionality features, communication and computation
form: “y 2 = x3 +ux+v (mod p)” (see Table I) is considered overheads among the proposed BSD2C-IoD and other related
for the elliptic curve point addition and multiplication. schemes, such as the schemes of Li et al. [39], Luo et al. [38],
We consider the following two cases for computing the and Tian et al. [40].
execution time needed for various cryptographic primitives
under a server and a drone/smart device: A. Communication Costs Comparison
• Case 1. The first platform considered for MIRACL here We contemplate the computation cost and communication
for a server with the setting as follows: Ubuntu 18.04.4 cost for the access control phase of BSD2C-IoD between
TM
LTS, with memory: 7.7 GiB, processor: Intel R
Core DRi and GSSj as shown in Fig. 5. For communication
i7-8565U CPU @ 1.80GHz × 8, OS type: 64-bit and cost analysis, it is assumed that “identity”, “random number”,
disk: 966.1 GB. The experiments on each cryptographic “elliptic curve point” P = (Px , Py ) ∈ Ep (u, v) where x
primitive are performed for 100 runs. After that we and y coordinates of P are Px and Py respectively, hash
calculate the maximum, minimum and average time (in output (here SHA-256 hashing algorithm), and timestamp are
milliseconds) for each cryptographic primitive from these 160, 160, (160 + 160) = 320, 256 and 32 bits, respectively.
100 runs. The experimental results are reported in Table It is assumed that 160-bit ECC provides the same security
III. level as that for 1024-bit RSA cryptosystem. In BSD2C-IoD,
the three messages M sg1 = {RIDDRi , ADRi , CertDRi ,
TABLE III SigDRi , T S1 }, M sg2 = {RIDGSSj , CertGSSj , BGSSj ,
E XECUTION TIME ( IN MILLISECONDS ) ON A SERVER FOR SKVGSSj ,DRi , T S2 }, and M sg3 = {ACKDRi ,GSSj , T S3 }
CRYPTOGRAPHIC PRIMITIVES USING MIRACL
demand (256 + 320 + 160 + 160 + 32) = 928 bits and (256 +
Primitive Max. time (ms) Min. time (ms) Average time (ms) 160 + 320 + 256 + 32) = 1024 bits, and (256 + 32) = 288 bits,
Th 0.149 0.024 0.055 which altogether need 2240 bits. The comparative study on
Te 0.248 0.046 0.072
Tecm 2.998 0.284 0.674 communication costs among BSD2C-IoD and other schemes
Teca 0.002 0.001 0.002 provided in Table V. Our proposed BSD2C-IoD achieves 36%,
Tbp 7.951 4.495 4.716 56% and 509% gains over the schemes of Luo et al. [38], Li
et al. [39] and Tian et al. [40], respectively. Thus, BSD2C-IoD
• Case 2. The second platform that we have considered requires significantly less communication cost as compared to
for MIRACL is as follows: Raspberry PI 3 B+ Rev 1.3, that for the existing schemes [38], [39], [40].
13
TABLE VI
C OMPARATIVE STUDY ON COMPUTATION COSTS
Scheme Smart device/drone cost Gain for a smart device/drone GSS/server cost Gain for GSS/server
Luo et al. [38] Tbp + Th 3Tecm + 3Tbp + 3Th + Teca + Te
≈ 32.393 ms 194% ≈ 16.409 ms 275%
Li et al. [39] Tbp + Th 3Tecm + 4Tbp + Th + 2Teca
≈ 32.393 ms 194% ≈ 20.945 ms 378%
Tian et al. [40] 8Te + 9Th
≈ 4.605 ms − − −
BSD2C-IoD 6Th +4Tecm +Teca 6Th +6Tecm +2Teca
≈ 11.022 ms − ≈ 4.378 ms −
TABLE VII BSD2C-IoD, better security and more functionality features

C OMPARATIVE STUDY ON FUNCTIONALITY & SECURITY ATTRIBUTES are provided in BSD2C-IoD as compared to the scheme of
Attribute (A) Luo et al. [38] Li et al. [39] Tian et al. [40] BACS-IoD Tian et al. [40].
F SA1 X X X X
F SA2 X X X X
F SA3 × × × X C. Security and Functionality Features Comparison
F SA4 X X X X
F SA5 X X X X A comparative study on the “functionality and security
F SA6 X X N/A X
F SA7 X X X X attributes” (F SA1 –F SA12 ) among BSD2C-IoD and other
F SA8 × × X X schemes is provided in Table VI. It exhibits that BSD2C-IoD
F SA9 X X × X
F SA10 × × × X has superiority over security and also offers more functionality
F SA11 × × X X features as compared to the existing schemes [38], [39], [40].
F SA12 × × × X
F SA1 : “replay attack”; F SA2 : “man-in-the-middle attack”; F SA3 : “mutual
authentication”; F SA4 : “key agreement”; F SA5 : “device/drone imperson-
VIII. D ISCUSSION
ation attack”; F SA6 : “GSS/server impersonation attack”; F SA7 : “malicious A new blockchain-based secure data delivery and collection
device deployment attack”; F SA8 : “resilience against drone/device physical
capture attack”; F SA9 : “formal security verification using AVISPA tool”; scheme (BSD2C-IoD) has been put forward in this paper
F SA10 : “ESL attack under the CK-adversary model”; F SA11 : “support to secure the IoD environment. In BSD2C-IoD, the RA is
dynamic drone/device addition phase”; F SA12 : “support blockchain-based responsible for registering/enrolling the control rooms (CR)
solution”
X: “a scheme is secure or it supports an attribute”; ×: “a scheme is insecure and selecting the system parameters during the system initial-
or it does not support an attribute”; N/A: means “not applicable” in a scheme. ization phase. A control room (CRj ) only involves during the
registration of GSSj and drones DRi . Since the registration
process in one-time procedure, it is worth noting that BSD2C-
B. Computation Costs Comparison IoD is not a centralized scheme here. The access control
proposed in the paper helps in establishing session keys among
We assume that Th , Tecm , Teca , Tbp and Te denote for the
the drones DRi and the GSSs for their secure communication.
time required to execute a “one-way cryptographic hash func-
Furthermore, the data delivery and collection mechanism in
tion”, an “elliptic curve point multiplication” and an “elliptic
BSD2C-IoD permits recording of all the transactions com-
curve point addition”, a “bilinear pairing” and a “modular
municated among CR, GSS and drones for creating private
exponentiation”, respectively. In the proposed BSD2C-IoD, a
blocks by the GSS, and then verifying and adding the blocks
drone DRi needs the computation cost of 6Th +4Tecm +Teca ,
by a GSSj being the leader in the P2P GSS network in
where an GSSj needs computation cost of 6Th +6Tecm
the BC. As a result, BSD2C-IoD is a decentralized scheme
+2Teca . We apply our experimental results reported in Section
in this sense. However, we require a detailed blockchain
VI for various cryptographic primitives using MIRACL. For a
simulation (for example, Hyperledger, which is a “multi-
drone (IoT smart device), we consider the execution time of
project open source collaborative effort hosted by The Linux
various cryptographic primitives on a Raspberry PI 3 provided
Foundation for the purpose of creating advance cross-industry
in Table IV. On the other side, for the GSS (server), we
blockchain technologies” [41]) for practical deployment in the
consider the execution time of various cryptographic primitives
IoD environment. In the future, we plan to do such kind of
provided in Table III. Based on these results, a comparative
blockchain-based simulation study.
analysis on computation costs among BSD2C-IoD and other
schemes are provided in Table VI using the average execution
time of cryptographic primitives. It is observed that BSD2C- IX. C ONCLUSION
IoD has 194% and 194% gains over the schemes of Luo et al. This paper proposed a novel blockchain-envisioned secure
[38] and Li et al. [39] for drones (smart devices) computation data delivery and collection scheme for 5G-enabled IoD envi-
costs point of view, where as BSD2C-IoD has also 275% and ronment (BSD2C-IoD). BSD2C-IoD not only provides access
378% gains over the schemes of Luo et al. [38] and Li et al. control mechanism among the drones and the GSS in the
[39] for GSS (server) computation cost. Although Tian et al.’s flying zones, it also provides secure transactions among the
scheme [40] requires less computation costs as compared to drones, the GSSs and the CRs in the IoD environment, which
14
are then used to form various blocks by the respective GSS. [15] S. Seo, J. Won, E. Bertino, Y. S. Kang, and D. Choi, “A security
The formed blocks are then forwarded to a leader chosen framework for a drone delivery service,” in 2nd Workshop on Micro
Aerial Vehicle Networks, Systems, and Applications for Civilian Use
among a set of the GSSs available in the P2P GSS network (DroNet’16), Singapore, 2016, pp. 29–34.
and the leader take cares of the block for verification and [16] N. Kumar, R. Iqbal, S. Misra, and J. J. Rodrigues, “An intelligent
addition of the blocks in the blockchain maintained by the BC approach for building a secure decentralized public key infrastructure
in vanet,” Journal of Computer and System Sciences, vol. 81, no. 6, pp.
using the PBFT consensus algorithm. BSD2C-IoD is shown 1042–1058, 2015.
to be robust against a number of potential attacks needed in [17] D. He, N. Kumar, and J. Lee, “Privacy-preserving data aggregation
the blockchain. The performance analysis of BSD2C-IoD is scheme against internal attackers in smart grids,” Wireless Networks,
vol. 22, no. 2, pp. 491–502, 2016.
also performed. [18] J. Wu and P. Fan, “A Survey on High Mobility Wireless Communica-
tions: Challenges, Opportunities and Solutions,” IEEE Access, vol. 4,
pp. 450–476, 2016.
ACKNOWLEDGMENTS [19] M. Mozaffari, W. Saad, M. Bennis, Y. Nam, and M. Debbah, “A Tutorial
The authors would like to thank the anonymous reviewers on UAVs for Wireless Networks: Applications, Challenges, and Open
Problems,” IEEE Communications Surveys Tutorials, vol. 21, no. 3, pp.
and the Associate Editor for their valuable comments and 2334–2360, 2019.
suggestions which helped us to improve the presentation [20] A. Yaar, A. Perrig, and D. Song, “Pi: a path identification mechanism to
and quality of the paper. This work was supported by the defend against DDoS attacks,” in Symposium on Security and Privacy
(SECPRI’03), Berkeley, CA, USA, 2003, pp. 93–107.
Ripple Centre of Excellence Scheme, CoE in Blockchain [21] B. Bera, D. Chattaraj, and A. K. Das, “Designing secure blockchain-
(Sanction No. IIIT/R&D Office/Internal Projects/001/2019), based access control scheme in IoT-enabled Internet of Drones deploy-
IIIT Hyderabad, India. ment,” Computer Communications, vol. 153, pp. 229 – 249, 2020.
[22] A. K. Das, M. Wazid, N. Kumar, A. V. Vasilakos, and J. J. P. C.
Rodrigues, “Biometrics-Based Privacy-Preserving User Authentication
R EFERENCES Scheme for Cloud-Based Industrial Internet of Things Deployment,”
IEEE Internet of Things Journal, vol. 5, no. 6, pp. 4900–4913, 2018.
[1] B. Li, Z. Fei, and Y. Zhang, “UAV Communications for 5G and Beyond: [23] S. Malani, J. Srinivas, A. K. Das, K. Srinathan, and M. Jo, “Certificate-
Recent Advances and Future Trends,” IEEE Internet of Things Journal, Based Anonymous Device Access Control Scheme for IoT Environ-
vol. 6, no. 2, pp. 2241–2263, 2019. ment,” IEEE Internet of Things Journal, vol. 6, no. 6, pp. 9762–9773,
[2] “Drones reporting for work,” Goldman Sachs Research, Accessed 2019.
on January 2020. [Online]. Available: https://www.goldmansachs.com/ [24] M. Wazid, A. K. Das, V. Odelu, N. Kumar, and W. Susilo, “Secure
our-thinking/technology-driving-innovation/drones/ Remote User Authenticated Key Establishment Protocol for Smart
[3] A. Takacs, X. Lin, S. Hayes, and E. Tejedor, “Drones and Home Environment,” IEEE Transactions on Dependable and Secure
networks: Ensuring safe and secure operations,” 2018, Ericsson Computing, vol. 17, no. 2, pp. 391–406, 2020.
white paper, GFMC-18:000526, Accessed on January 2020. [Online]. [25] S. Mandal, B. Bera, A. K. Sutrala, A. K. Das, K. R. Choo, and Y. Park,
Available: https://www.ericsson.com/4adfc0/assets/local/reports-papers/ “Certificateless Signcryption-Based Three-Factor User Access Control
white-papers/10201110_wp_dronesandmobilenetworks_nov18.pdf Scheme for IoT Environment,” IEEE Internet of Things Journal, vol. 7,
[4] T. Lagkas, V. Argyriou, S. Bibi, and P. Sarigiannidis, “UAV IoT no. 4, pp. 3184–3197, 2020.
Framework Views and Challenges: Towards Protecting Drones as [26] W. E. May, “Secure Hash Standard,” 2015, FIPS PUB 180-1, National
“Things”,” Sensors, vol. 18, no. 11, 2018. [Online]. Available: Institute of Standards and Technology (NIST), U.S. Department of
https://www.mdpi.com/1424-8220/18/11/4015 Commerce, April 1995. Accessed on January 2020. [Online]. Available:
[5] S. Kumari, M. Karuppiah, A. K. Das, X. Li, F. Wu, and N. Kumar, “A http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
secure authentication scheme based on elliptic curve cryptography for [27] N. Koblitz, A. Menezes, and S. A. Vanstone, “The state of elliptic curve
IoT and cloud servers,” The Journal of Supercomputing, vol. 74, no. 12, cryptography,” Designs, Codes and Cryptography, vol. 19, no. 2-3, pp.
pp. 6428–6453, 2018. 173–193, 2000.
[6] “Evolution of wireless technologies 1G to 5G in [28] D. Johnson, A. Menezes, and S. Vanstone, “The Elliptic Curve Digital
mobile communication,” 2018, Accessed on January Signature Algorithm (ECDSA),” International Journal of Information
2020. [Online]. Available: https://www.rfpage.com/ Security, vol. 1, no. 1, pp. 36–63, 2001.
evolution-of-wireless-technologies-1g-to-5g-in-mobile-communication/ [29] H. Zhang, J. Wang, and Y. Ding, “Blockchain-based decentralized and
[7] L. Schroth, “5G and Drones: Improving Drone Connectivity for secure keyless signature scheme for smart grid,” Energy, vol. 180, pp.
UTM, BVLOS Flights and Sensor Data Transmission,” 2020, 955–967, 2019.
Accessed on May 2020. [Online]. Available: https://www.droneii.com/ [30] M. Castro and B. Liskov, “Practical Byzantine fault tolerance and
drones-and-5g-improving-drone-connectivity proactive recovery,” ACM Transactions on Computer Systems, vol. 20,
[8] M. Choudhary, “What is BVLOS and why is it no. 4, pp. 398–461, 2002.
important for drone industry?” 2019, Accessed on May [31] D. Magazzeni, P. McBurney, and W. Nash, “Validation and Verification
2020. [Online]. Available: https://www.geospatialworld.net/blogs/ of Smart Contracts: A Research Agenda,” IEEE Computer, vol. 50, no. 9,
what-is-bvlos-and-why-is-it-important-for-drone-industry/ pp. 50–57, 2017.
[9] D. Dolev and A. Yao, “On the security of public key protocols,” IEEE [32] Y. Zhang, S. Kasahara, Y. Shen, X. Jiang, and J. Wan, “Smart contract-
Transactions on Information Theory, vol. 29, no. 2, pp. 198–208, 1983. based access control for the internet of things,” IEEE Internet of Things
[10] R. Canetti and H. Krawczyk, “Universally Composable Notions of Key Journal, vol. 6, no. 2, pp. 1594–1605, 2019.
Exchange and Secure Channels,” in International Conference on the The- [33] A. Kapitonov, I. Berman, S. Lonshakov, and A. Krupenkin, “Blockchain
ory and Applications of Cryptographic Techniques (EUROCRYPT’02), based protocol for economical communication in industry 4.0,” in
Amsterdam, The Netherlands, 2002, pp. 337–351. Crypto Valley Conference on Blockchain Technology (CVCBT), Zug,
[11] T. S. Messerges, E. A. Dabbish, and R. H. Sloan, “Examining smart-card Switzerland, 2018, pp. 41–44.
security under the threat of power analysis attacks,” IEEE Transactions [34] M. Abdalla, P. A. Fouque, and D. Pointcheval, “Password-based au-
on Computers, vol. 51, no. 5, pp. 541–552, 2002. thenticated key exchange in the three-party setting,” in 8th Interna-
[12] AVISPA, “Automated Validation of Internet Security Protocols and Ap- tional Workshop on Theory and Practice in Public Key Cryptography
plications,” 2019, http://www.avispa-project.org/. Accessed on October (PKC’05), Lecture Notes in Computer Science, vol. 3386, Les Diablerets,
2019. Switzerland, 2005, pp. 65–84.
[13] “MIRACL Cryptographic SDK: Multiprecision Integer and Rational [35] C. C. Chang and H. D. Le, “A provably secure, efficient, and flexible
Arithmetic Cryptographic Library,” 2020, Accessed on April 2020. authentication scheme for ad hoc wireless sensor networks,” IEEE
[Online]. Available: https://github.com/miracl/MIRACL Transactions on Wireless Communications, vol. 15, no. 1, pp. 357–366,
[14] “Raspberry Pi 3 Model B+,” 2020, Accessed on April 2016.
2020. [Online]. Available: https://www.raspberrypi.org/products/ [36] J. Srinivas, A. K. Das, N. Kumar, and J. J. P. C. Rodrigues, “TCALAS:
raspberry-pi-3-model-b-plus/ Temporal Credential-Based Anonymous Lightweight Authentication
15
Scheme for Internet of Drones Environment,” IEEE Transactions on Neeraj Kumar (M’16, SM’17) received his Ph.D.
Vehicular Technology, vol. 68, no. 7, pp. 6903–6916, 2019. in CSE from Shri Mata Vaishno Devi University,
[37] AVISPA, “SPAN, the Security Protocol ANimator for AVISPA,” 2019, Katra (J & K), India, and was a postdoctoral research
http://www.avispa-project.org/. Accessed on October 2019. fellow in Coventry University, Coventry, UK. He is
[38] M. Luo, Y. Luo, Y. Wan, and Z. Wang, “Secure and efficient access working as an Associate Professor in the Department
control scheme for wireless sensor networks in the cross-domain context of Computer Science and Engineering, Thapar Insti-
of the IoT,” Security and Communication Networks, vol. 2018, pp. tute of Engineering and Technology (Deemed to be
1–10, 2018. [Online]. Available: https://doi.org/10.1155/2018/6140978 University), Patiala (Pb.), India. He has published
[39] F. Li, Y. Han, and C. Jin, “Practical access control for sensor networks more than 350 technical research papers in lead-
in the context of the Internet of Things,” Computer Communications, ing journals and conferences from IEEE, Elsevier,
vol. 89-90, pp. 154–164, 2016. Springer, John Wiley etc. Some of his research
[40] Y. Tian, J. Yuan, and H. Song, “Efficient privacy-preserving authen- findings are published in top cited journals such as IEEE TKDE, IEEE TIE,
tication framework for edge-assisted Internet of Drones,” Journal of IEEE TDSC, IEEE TITS, IEEE TCE, IEEE TII, IEEE TVT, IEEE ITS,
Information Security and Applications, vol. 48, p. 102354, 2019. IEEE Netw., IEEE Comm., IEEE WC, IEEE IoTJ, IEEE SJ, FGCS, JNCA,
[41] “Hyperledger: Advancing business blockchain adoption through global and ComCom. He is on the editorial board of ACM Computing Survey,
open source collaboration,” Accessed on May 2020. [Online]. Available: IEEE Transactions on Sustainable Computing, IEEE Network Magazine, IEEE
https://www.hyperledger.org/ Communication Magazine, Journal of Networks and Computer Applications
(Elsevier), Computer Communications (Elsevier), International Journal of
Communication Systems (Wiley), and Security and Privacy (Wiley).
Basudeb Bera received his M.Sc. degree in mathe-

matics and computing in 2014 from IIT (ISM) Dhan-
bad, India, and M.Tech. degree in computer science
and data processing in 2017 from IIT Kharagpur,
India. He is currently pursuing his Ph.D. degree in Pascal Lorenz received his M.Sc. (1990) and Ph.D.
computer science and engineering from the Center (1994) from the University of Nancy, France. Be-
for Security, Theory and Algorithmic Research, IIIT tween 1990 and 1995 he was a research engineer
Hyderabad, India. His research interests are cryptog- at WorldFIP Europe and at Alcatel-Alsthom. He
raphy, network security and blockchain technology. is a professor at the University of Haute-Alsace,
He has published five papers in international journals France, since 1995. His research interests include
and conferences in his research areas. QoS, wireless networks and high-speed networks.
He is the author/co-author of 3 books, 3 patents and
200 international publications in refereed journals
and conferences. He was Technical Editor of the
IEEE Communications Magazine Editorial Board
Sourav Saha (S’20) is currently a Ph.D. student (2000-2006), IEEE Networks Magazine since 2015, IEEE Transactions on
in Computer Science and Engineering at the Cen- Vehicular Technology since 2017, Chair of IEEE ComSoc France (2014-
ter for Security, Theory and Algorithmic Research, 2018), Financial chair of IEEE France (2017-2019), Chair of Vertical Issues in
International Institute of Information Technology, Communication Systems Technical Committee Cluster (2008-2009), Chair of
Hyderabad, India. He received his Master of Science the Communications Systems Integration and Modeling Technical Committee
(MS) by Research degree in Computer Science and (2003-2009), Chair of the Communications Software Technical Committee
Engineering from Indian Institute of Information (2008-2010) and Chair of the Technical Committee on Information Infras-
Technology, Sri City, Chittoor, India and Bachelor tructure and Networking (2016-2017). He is associate Editor for International
of Technology (B.Tech) in Computer Science and Journal of Communication Systems (IJCS-Wiley), Journal on Security and
Engineering from Central Institute of Technology, Communication Networks (SCN-Wiley) and International Journal of Business
Kokrajhar, India. His research interests include net- Data Communications and Networking, Journal of Network and Computer
work security and blockchain technology. He has published seven papers in Applications (JNCA-Elsevier). He is senior member of the IEEE, IARIA
international journals and conferences in his research areas. fellow and member of many international program committees.
Ashok Kumar Das (M’17–SM’18) received a Ph.D.

degree in computer science and engineering, an
M.Tech. degree in computer science and data pro- Mamoun Alazab received the Ph.D. degree in
cessing, and an M.Sc. degree in mathematics from computer science from the School of Science, In-
IIT Kharagpur, India. He is currently an Associate formation Technology and Engineering, Federation
Professor with the Center for Security, Theory and University of Australia. He is currently an Associate
Algorithmic Research, IIIT, Hyderabad, India. His Professor with the College of Engineering, IT and
current research interests include cryptography and Environment, Charles Darwin University, Australia.
network security including security in smart grid, He is also a Cyber Security Researcher and a Prac-
Internet of Things (IoT), Internet of Drones (IoD), titioner with industry and academic experience. His
Internet of Vehicles (IoV), Cyber-Physical Systems research is multidisciplinary that focuses on cyber
(CPS) and cloud computing, and blockchain. He has authored over 220 papers security and digital forensics of computer systems
in international journals and conferences in the above areas, including over with a focus on cybercrime detection and preven-
190 reputed journal papers. He was a recipient of the Institute Silver Medal tion, including cyber terrorism and cyber warfare. He works closely with
from IIT Kharagpur. He is on the editorial board of KSII Transactions on government and industry on many projects, including the Northern Territory
Internet and Information Systems, International Journal of Internet Technology (NT) Department of Information and Corporate Services, IBM, Trend Micro,
and Secured Transactions (Inderscience), and IET Communications, is a the Australian Federal Police (AFP), etc. He is the Founder and the Chair of
Guest Editor for Computers & Electrical Engineering (Elsevier) for the the IEEE Northern Territory (NT) Subsection Detection and Prevention.
special issue on Big data and IoT in e-healthcare and for ICT Express
(Elsevier) for the special issue on Blockchain Technologies and Applications
for 5G Enabled IoT, and has served as a Program Committee Member in
many international conferences. He also severed as one of the Technical
Program Committee Chairs of the International Congress on Blockchain and
Applications (BLOCKCHAIN’19), Avila, Spain, June 2019.

Bera 2020

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bera 2020

Uploaded by

Copyright:

Available Formats

This article has been accepted for publication in a future issue of this journal, but has not been

Blockchain-Envisioned Secure Data Delivery and

Fig. 1. Revolution of 5G technology

Fig. 2. Blockchain-envisioned 5G-enabled IoD environment

vironment provided in Fig. 2 illustrates various communicating A. Threat Model

Fig. 3. Overall process in the proposed BSD2C-IoD

(a) Registration of a controller room (CRj ) for an IoT application

M sg1 = {RI DDRi , ADRi , C ertDRi , SigDRi , T S1 }

M sg2 = {RI DGSSj , C ertGSSj , BGSSj , SK VGSSj ,DRi , T S2 }

M sg3 = {AC KDRi ,GSSj , T S3 }

Fig. 5. Summary of access control phase

Fig. 5. Summary of access control phase

VI. E XPERIMENTAL R ESULTS USING MIRACL TABLE V

TABLE VII BSD2C-IoD, better security and more functionality features

Basudeb Bera received his M.Sc. degree in mathe-

Ashok Kumar Das (M’17–SM’18) received a Ph.D.

You might also like