Bera 2021

This article has been accepted for publication in a future issue of this journal, but has not been
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
1
Access Control Protocol for Battlefield Surveillance

in Drone-Assisted IoT Environment
Basudeb Bera, Ashok Kumar Das, Senior Member, IEEE, Sahil Garg, Member, IEEE,
Md. Jalil Piran, Member, IEEE, and M. Shamim Hossain, Senior Member, IEEE
Abstract—Surveillance drones, called as unmanned aerial vehi- agricultural field, and so on. The IoT smart devices are pro-
cles (UAV), are aircrafts that are utilized to collect video record- vided with unique identifiers and have capability to exchange
ings, still images, or live video of the targets, such as vehicles, information over the network with minimal human-to-human
people or specific areas. Particularly in battlefield surveillance,
there is high possibility of eavesdropping, inserting, modifying or human-to-computer interaction [1]. Since the IoT devices
or deleting the messages during communications among the are attached to the Internet, they can be assigned to Internet
deployed drones and ground station server (GSS). This leads to Protocol (IP) addresses. Due to shortage of IPv4 addresses,
launch several potential attacks by an adversary, such as main- IPv6 addresses can be assigned to them. Recently, Hickman
in-middle, impersonation, drones hijacking, replay attacks, etc. and Wang [2] proposed a variable-length encoding Routing
Moreover, anonymity and untarcebility are two crucial security
properties that need to be maintained in battlefield surveillance Protocol for Low-Power and Lossy Networks (RPL), known
communication environment. To deal with such a crucial se- as VRPL, which is an extension of RPL. It supports the
curity problem, we propose a new access control protocol for addressing scheme efficiently that relies on variable-length
battlefield surveillance in drone-assisted Internet of Things (IoT) encoding technique. Based on the underlying IPv6 over Low -
environment, called ACPBS-IoT. Through the detailed security Power Wireless Personal Area Networks (6LoWPAN) network
analysis using formal and informal (non-mathematical), and
also the formal security verification under automated software topology, their addressing scheme divides the available IPv6
simulation tool, we show the proposed ACPBS-IoT can resist sev- address space hierarchically. Thus, it is possible to assign the
eral potential attacks needed in battlefield surveillance scenario. smart devices with the IPv6 addresses using their addressing
Furthermore, the testbed experiments for various cryptographic scheme [2].
primitives have been performed for measuring the execution time. Unmanned Aerial Vehicle (UAV) (also called a drone) is
Finally, a detailed comparative study on communication and
computational overheads, and security as well as functionality a sub-part of IoT applications, which provides an Internet
features reveals that the proposed ACPBS-IoT provides superior of Drones (IoD) environment. The deployed drones play
security and more functionality features, and better or compa- significant responsibility in several areas depending upon their
rable overheads than other existing competing access control ability and versatility from industry to military in this digital
schemes. world. The integrated devices in a drone are basically IoT
Index Terms—Internet of Things (IoT), drones, battlefield smart devices, such as smart camera for capturing the steal or
surveillance, access control, key agreement, security. video images, Global Positioning System (GPS)-based sensors
with antennas that use a satellite-based navigation system for
tracing the location, speed and distance sensors, and so on
I. I NTRODUCTION [3], [4], [5]. A drone has an ability to make decision for final
Internet of Things (IoT) is an advance technology that execution. Recently, UAVs are also used to satisfy the growing
interacts with various smart computing devices, mechanical requirements of civilian applications, including agricultural
and digital machines or objects among the animals or people. plant protection, search and rescue, environment and natural
Now-a-days, IoT is connected over billions of interconnected disaster monitoring, delivery of goods, aerial base stations,
IoT smart devices in crucial environments, such as military military and traffic surveillance, and so on [3], [6], [7].
(battlefield surveillance), smart transportation in supply chain, In the military application, battlefield surveillance (video
smart home for home automation, healthcare application, surveillance) drone has an outstanding performance for de-
livering sensed real-time information. Since the information
B. Bera, and A. K. Das are with the Center for Security, Theory is mostly confidential and secret for defense purpose, the
and Algorithmic Research, International Institute of Information Technol- designed access control protocol should be secure enough to
ogy, Hyderabad 500 032, India (e-mail: basudeb.bera@research.iiit.ac.in; restrict access of the real-time information. In addition, the
iitkgp.akdas@gmail.com, ashok.das@iiit.ac.in).
S. Garg is with the Electrical Engineering Department, École de technologie drones have limited life time and the storage capacity. Hence,
supérieure, Université du Québec, Montreal, QC H3C 1K3, Canada (e-mail: the designed protocol should be lightweight in nature, and
sahil.garg@ieee.org). support high mobility and dynamic topology. If an access con-
Md. Jalil Piran is with the Department of Computer Science and
Engineering, Sejong University, Seoul 05006, South Korea (e-mail: pi- trol mechanism is absent during the confidential information
ran@sejong.ac.kr). (Corresponding author: Md. Jalil Piran) exchange among the participating network entities, the private
M. Shamim Hossain is with the Chair of Pervasive and Mobile Computing, data may be leaked to an adversary. Therefore, an access
and Department of Software Engineering, College of Computer and Informa-
tion Sciences, King Saud University, Riyadh 11543, Saudi Arabia (e-mail: control scheme should ensure that only the authorized entities
mshossain@ksu.edu.sa). be permitted to access the information through the legitimate
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
2
circumstances. testbed experiments using MIRACL are provided in Section

Since the communicating entities in a battlefield surveil- VII. A detailed comparative analysis of the proposed scheme
lance based drone-assisted IoT environment communicate over and other relevant competing schemes is provided in Section
wireless channels [8], an adversary will have opportunity to IX. The next section gives the conclusion of the work.
intercept the messages, and also modify, delete, or inject
the messages during the communications. Furthermore, the II. R ELATED W ORK
adversary can mount several potential attacks, such as main-
in-middle, impersonation, drones hijacking, replay attacks, etc. Authentication and access control are two primary security
In addition, anonymity and unacceptability are two important services that are extremely necessary for securing different
security services that are extremely essential in a battlefield types of networking environments including IoT and IoD [18]–
surveillance communication environment. To mitigate these [35].
issues, we design a novel access control scheme for battlefield Rodrigues et al. [13] proposed two schemes (first one is on
surveillance purpose using IoT-enabled drones. authentication and second one is on key agreement) for UAV
The main contributions made in the paper are listed below: communication in an IoT environment. In their first scheme,
a drone (UAV) can directly establish a session key to its
• The proposed access control scheme allows a drone to neighbor drone. On the other side, their second strategy allow
be authenticated by the GSS in a particular flying zone a drone to establish a common secret key with another drone
and establishes a session key among them only after along with the Ground Control Station (GCS). While their first
mutual authentication happens. The real-time information protocol is based on only hash functions, the second scheme
accessed by the drones are then securely brought to the applies hash functions and elliptic curve cryptography (ECC)
GSS using their established session keys. techniques. However, both the schemes are vulnerable to the
• The proposed access control scheme also allows the Ephemeral Secret Leakage (ESL) attack under the current de-
facility of new drones addition phase in case a drone facto Canetti and Krawczyk’s model (CK-adversary model)
can be physically compromised by an adversary or it can [36] discussed in the threat model (see Section III-B).
be power exhausted. Cho et al. [14] designed a scheme for authentication suitable
• The testbed experiments for various cryptographic prim- for UAV application in order to withstand various security
itives using Multiprecision Integer and Rational Arith- threats provoked by the unauthorized drones. Though their
metic Cryptographic Library (MIRACL) [9] have been scheme is able to reduce the computational and communi-
performed for measuring the execution time under the cation costs, but their mechanism is still vulnerable to ESL
settings of both server and Raspberry PI 3 [10]. attack under the CK-adversary model and does not preserve
• The formal security verification using the broadly- anonymity and untraceability properties in the context of
accepted Automated Validation of Internet Security Pro- drone-assisted battlefield surveillance.
tocols and Applications (AVISPA) automated software Ever [15] presented an authentication framework using
tool [11] has been conducted to show the robustness ECC for an IoD environment. In their scheme, UAVs are
of the proposed access control scheme against replay considered as the mobile-sinks in the hierarchical wireless
and man-in-the-middle attacks. Moreover, formal secu- sensor networks architecture. Their scheme supports one-time
rity under the widely-accepted Real-Or-Random (ROR) user authentication for sensor nodes, cluster head and mobile
oracle model [12] and informal security analysis exhibit sinks (UAVs). However, a vulnerable of their scheme is the
the robustness of the proposed scheme against various ESL attack under the CK-adversary model and their scheme
potential attacks performed by active/passive adversaries. does not provide anonymity and untraceability features as
• A detailed comparative analysis on communication and in the scheme of Cho et al. [14]. In addition, their scheme
computation overheads and security and functionality requires high communication and computational costs.
attributes shows the superiority of the proposed scheme in Shin and Kwon [16] proposed an ECC-based privacy-
terms of its provided security features, supporting more preserving authentication, authorization, and key agreement
functionality features, such as dynamic drones addition mechanism for wireless sensor networks (WSNs) in 5G-
phase and anonymity and untraceability properties, and integrated IoT application. In this scheme, they provided
comparable or better communication and computational an improvement of an authentication and access control
overheads as compared to those for other existing relevant scheme proposed by Adavoudi-Jolfaei et al. [37]. They
competing schemes in the literature. found Adavoudi-Jolfaei et al.’s protocol had various security
The rest of the paper is arranged as follows. Section II flaws, such as their scheme is insecure against sensor node
provides a brief overview of existing access control and anonymity, and it is also vulnerable to user collusion attacks.
authentication protocols in IoT and IoD related environments. However, Shin and Kwon [16]’s scheme is also vulnerable to
The system models containing both the network and threat ESL attack under the CK-adversary model.
models are discussed in Section III. The detailed phase-wise Fang et al. [17] proposed an authentication mechanism for
description of the proposed scheme has been explained in heterogeneous IoT devices based on the trust model in an
Section IV. While the formal and information security of IoT environment. The network entities in their scheme are
the proposed scheme are discussed in Section V, the formal considered as IoT devices, users, and service provider. The
security verification is also discussed in Section VI. The network entities, say W1 and W2 mutually authenticate each
Things Journal
3
TABLE I
C RYPTOGRAPHIC PRIMITIVES , ADVANTAGES AND LIMITATIONS OF EXISTING SCHEMES IN I OT ENVIRONMENT
Scheme Cryptographic Primitives Advantages Drawbacks/Limitations

Rodrigues et al. * ECC * Mutual authentication * Vulnerable to ephemeral secret leakage (ESL) attack under
[13] * Hash functions * Key Agreement the CK-adversary model
* Lightweight
Cho et al. [14] * ECC * Mutual authentication * Vulnerable to ESL attack under the CK-adversary model
* Public key encryption * Key Agreement * No preservation of anonymity and untraceability properties
* Hash functions * Centificate-based authentication
* Lightweight certificate
Ever [15] * ECC * Mutual authentication * Vulnerable to ESL attack under the CK-adversary model
* Bilinear pairings * Key agreement * No preservation of anonymity and untraceability properties
* Hash functions * Data confidentiality * High communication and computational costs
Shin and Kwon * ECC * Mutual authentication * Vulnerable to ephemeral secret leakage (ESL) attack under
[16] * Hash functions * Key agreement the CK-adversary model
Fang et al. [17] * ECC * Trust model based authentication * Vulnerable to ESL attack under the CK-adversary model
* Hash functions * High communication and computational costs
other and set up a common key for initial session in their B. Threat Model
scheme. However, the initial session key is vulnerable to ESL
In this threat model, we consider the broadly accepted threat
attack under the CK-adversary model and their scheme also
model, known as the Dolev-Yao (DY) threat model [38]. By
requires huge computational and communication costs.
applying the DY model, an adversary A not only can delete,
Table I summarizes various existing competing au-
hijack or modify the exchanged information, but can also
thenticated key agreement schemes with respect to their
insert the harmful data during the communication between
cryptographic techniques used, advantages and limita-
the a drone DRi and its associated GSSj . In addition, we
tions/drawbacks.
also adopt the new de facto model, known as Canetti and
Krawczyk’s model (CK-adversary model) [36] in our proposed
III. S YSTEM M ODELS access control scheme. According to the CK-adversary model,
This section gives the discussion on network and threat “A has an ability to compromise a session state, and reveal the
models to be utilized in the design of the proposed scheme secret credentials including secret keys if these are available in
in this paper. insecure memory of the DRi during session key establishment
process and also intercept the exchanged message that are
A. Network Model transmitted over the public channel”. In the proposed scheme,
we consider that some drones may be physically captured
The network model provided in Fig. 1 displays several
by the adversary A as in the battlefield it is not possible to
entities, such as a group of w drones, say DRi (i = 1, 2,
monitor all the drones in 24 × 7 where the drones can be
· · · , w) associated with their ground station server (GSSj )
tracked by the soldiers because there may be specific areas
that are deployed in a particular battlefield zone, say BLk .
to reach by humans in land vehicles or on foot is difficult or
It is assumed that there are several disjoint battlefield zones
almost impossible. Hence, once a drones is physically captured
where in each zone a group of drones along with their GSSj
by A, all the loaded information from the compromised drone
are deployed. Prior to deployment of various nodes, a fully
can be easily extracted by applying the power analysis attacks
trusted registration authority (in this case, a commanding room
as demonstrated in [39]. Furthermore, we assume that the CR
(CR)) is in-charge of registering them in offline mode (via
is fully trusted entity, whereas GSSj are semi-trusted in the
secure channel) as it is a one-time exercise. After successful
network. Finally, it is also assumed that the credentials in
registration, all the entities will be deployed in their respective
GSSj are stored in its secure database in order to avoid stolen-
zones. The task of a drone DRi deployed in BLk is to capture
verifier attack by the adversary A.
all necessary information (for instance, image or video of the
ground scenario, position or location of any movement of
soldiers and opponents) using pre-installed IoT-based smart IV. T HE P ROPOSED S CHEME
devices embedded in the drone, such as smart camera, GPS
sensor, and so on. The gathered information are then sent to In this section, we describe a novel access control protocol
the associated GSSj after encrypting the data using a session in drone-assisted IoT environment for battlefield surveillance,
key established among them which is described in Section called ACPBS-IoT. It is composed of four phases, namely the
IV-C. The GSSj securely sends the received confidential initialization phase, registration phase, access control phase,
information to the CR. After receiving and analyzing the and dynamic drones addition phase.
information received from the GSSj , the CR may give any 1) In the system initialization phase, the trusted command-
command or instruction to the DRi via GSSj securely. The ing room (CR) picks all the related system parameters.
drones DRi are then responsible for sending an enemy’s 2) In the registration phase, the trusted CR is responsible
position in the battlefield or even provide surveillance in the for registering all the drones deployed in each battlefield
battlefield. zone BLk and also their associated ground station server
Things Journal
4
Fig. 1. Battlefield surveillance in drones-assisted IoT environment
(GSSj ). This phase is performed by the CR via a secure TABLE II

channel (offline mode). N OTATIONS AND THEIR SIGNIFICANCE
3) The access control phase permits a drone DRi to
mutually authenticate with its GSSj prior to establish a
session key among them. The established session key is
then used for the secure communication between DRi
and GSSj in a zone BLk .
4) The dynamic node addition phase allows a new drone
to join into the existing network after initial deployment
of the drones and the GSSs. It is particularly essential
due to one of the reasons: a) a drone can be physically
capture by an adversary through drone hijacking attacks
and b) a drone may be power exhausted.
To achieve the strong replay attack protection in the proposed

ACPBS-IoT, we utilize the clocks of the communicating
entities in the network. This is a typical assumption used
to design the access control and authentication protocols in A. System Initialization Phase
various networking environments [19], [20], [23]–[25], [40],
[41]. Hence, all the communicating entities are assumed to The trusted commanding room (CR) is responsible for
be synchronized with their clocks. We also utilize the list of selecting all the system parameters using the following steps:
symbols with their meanings provided in Table II to describe • Step S1. The CR picks a “non-singular elliptic curve of
and analyze ACPBS-IoT in this paper. the form: y 2 = x3 + mx + n (mod p) over the Galois
Things Journal
5
field GF (p) (= Zp ), where p is a large prime so that process will be executed for registering GSSj by the CR with
the Elliptic Curve Discrete Logarithm Problem (ECDLP) the help of the following steps:
becomes intractable, 4m3 + 27n2 6= 0 (mod p) with O • Step GSSR1: The CR picks a unique real identity
as the point at infinity or zero point” and a base point IDGSSj and a unique random certificate secret key
G ∈ Ep (m, n) whose order be as large as p, say og , that rGSSj ∈ Zp∗ for each GSSj to compute its respective
is, og ·G = O, where og ·G = G+G+· · ·+G (og times) public key by RP ubGSSj = rGSSj · G. The CR then
is called the elliptic curve point (scalar) multiplication, computes a pseudo-identity of GSSj as P IDGSSj =
Zp = {0, 1, 2, · · · , p − 1}. h(pkCR ||RT SGSSj ||IDGSSj ||rGSSj ) where RT SGSSj
• Step S2. The CR then picks its real identity IDCR and is the registration timestamp of GSSj , and creates a cer-
a master private key pkCR ∈ Zp∗ , and computes its tificate for GSSj as CertGSSj = rGSSj + h(RP ubGSSj
corresponding public key as P ubCR = pkCR · G, where ||P ubCR ) ∗ pkCR (mod p).
Zp∗ = {x|0 < x < p, gcd(x, p) = 1} = {1, 2, · · · , p−1}. • Step GSSR2: After that the CR sends the infor-
• Step S3. Next, the CR selects a collision-resistant one- mation {P IDGSSj , CertGSSj , {(T IDDRi , P IDDRi ,
way cryptographic hash function h: {0, 1}∗ → {0, 1}lb mkDRi ,GSSj )|i = 1, 2, · · · , w}, Ep (m, n), h(·), G} to
which produces a fixed length output string of lb bits, the GSSj by secure channel (for instance, in person).
h(x) ∈ {0, 1}lb on an arbitrary length input string x ∈ GSSj then creates its own secret key rsGSSj . The
{0, 1}∗ . For instance, h(·) can be taken as Secure Hash information stored in the GSSj ’s secure memory are
Algorithm (SHA-2) which produces 256-bit hash value {P IDGSSj , CertGSSj , rsGSSj , {(T IDDRi , P IDDRi ,
(message digest) for more security as compared to SHA- mkDRi ,GSSj )|i = 1, 2, · · · , w}, Ep (m, n), h(·), G}.
1 [42]. • Step GSSR3: Finally, the CR deletes the secret credentials
• Step S4. Finally, the CR publishes the parameters IDGSSj , rGSSj and P IDGSSj from its database for
{Ep (m, n), h(·), G, P ubCR } as public and keeps the security reason, and publishes RP ubGSSj as public key.
secret pkCR as its private key. The registration of both drones (DRi ) and ground station
servers (GSSj ) are summarized in Fig. 2.
B. Registration Phase
C. Access Control Phase
Prior to deployment of the drones DRi (i = 1, 2, · · · , w)
In this phase, a drone DRi and a ground server station
and their ground station server (GSSj ), (j = 1, 2, · · · , l) in
(GSSj ) establish a session key prior to exchange of the real-
a particular battlefield zone (BLk ), the registration of drones
time confidential data from their assigned battlefield zone
and GSSs is done by the CR in the following subsections.
BLk . The following steps are executed for establishing the
1) Drone Registration Phase: The following steps are ex-
session key:
ecuted by the CR to register a drone DRi : ∗
• Step ACC1: DRi picks a random number rd ∈ Zp
• Step DRR1: The CR picks a unique real identity IDDRi , and current timestamp T Sd to compute the values of
a unique master symmetric key mkDRi ,GSSj for each Xd and Cert0DRi as Xd = h(P IDDRi ||srDRi ||T Sd
pair of DRi and GSSj , and computes a pseudo-identity ||rd ||mkDRi ,GSSj ) · G, and Cert0DRi = CertDRi
P IDDRi = h(IDDRi ||pkCR ||mkDRi ,GSSj ||RT SDRi ⊕ h(P IDDRi ||mkDRi ,GSSj ||T Sd ||Xd ), respectively.
||IDCR ) for each drone DRi , where RT SDRi is the After that, DRi generates a signature on the ran-
registration timestamp of the drone DRi . The CR selects dom number rd using its own private signature key
a unique random secret rDRi ∈ Zp∗ for each DRi and srDRi as Signd = h(P IDDRi ||srDRi ||T Sd ||rd
enumerates its corresponding public key as RP ubDRi = ||mkDRi ,GSSj ) + h(Cert0DRi ||Xd ||T IDDRi ||T Sd ) ∗
rDRi · G. srDRi (mod p). DRi then composes an access control
• Step DRR2: Next, the CR generates a certificate for each request message as M sg1 = {T IDDRi , Xd , Cert0DRi ,
DRi as CertDRi = pkCR + h(P IDDRi ||mkDRi ,GSSj Signd , T Sd } and dispatches it to its associated GSSj
||P ubCR ||RP ubDRi ) ∗ rDRi (mod p) and picks a tem- via a public channel.
poral identity T IDDRi for each DRi . CR then picks a • Step ACC2: After receiving the message M sg1 at
random signature secret key srDRi ∈ Zp∗ and derives its time T Sd∗ , GSSj checks it freshness by the condition
corresponding public key as SP ubDRi = srDRi ·G. After |T Sd∗ − T Sd | < ∆T . If it is true, GSSj then fetches
that, the CR stores the credentials {(T IDDRi , P IDDRi , P IDDRi and mkDRi ,GSSj corresponding to T IDDRi
mkDRi ,GSSj ), CertDRi , srDRi , Ep (m, n), h(·), G} to from its secure database. GSSj derives DRi ’s certificate
DRi ’s memory. from the received message by CertDRi = Cert0DRi ⊕
• Step DRR3: Finally, CR deletes all the secret credentials h(P IDDRi ||mkDRi ,GSSj ||T Sd ||Xd ), and verifies it
{IDDRi , P IDDRi , mkDRi ,GSSj , rDRi , srDRi } for with the condition: CertDRi · G = P ubCR + h(P IDDRi
DRi from its database, and publishes RP ubDRi and ||mkDRi ,GSSj ||P ubCR ||RP ubDRi ) · RP ubDRi . If it
SP ubDRi as public. is valid, GSSj verifies the signature as Signd · G =
2) Ground Station Server Registration Phase: The CR reg- Xd + h(Cert0DRi ||Xd ||T IDDRi ||T Sd ) · SP ubDRi . If
isters each ground station server (GSSj ) for their respective the condition is verified successfully, GSSj selects a ran-
battlefield zone (BLk ) prior to deployment, and the following dom number rg and current timestamp T Sg to compute
Things Journal
6
Drone Registration Process

Commanding room (CR) Drone (DRi )
Pick real identity IDDRi , master symmetric key mkDRi ,GSSj .
Compute pseudo-identity P IDDRi = h(IDDRi
||pkCR ||mkDRi ,GSSj ||RT SDRi ||IDCR ).
Pick random rDRi ∈ Zp∗ and compute public RP ubDRi = rDRi · G.
Create certificate as CertDRi = pkCR + h(P IDDRi
||mkDRi ,GSSj ||P ubCR ||RP ubDRi ) ∗ rDRi (mod p).
Select temporal identity T IDDRi and signature key srDRi ∈ Zp∗ .
Calculate public key as SP ubDRi = srDRi · G.
Credentials {(T IDDRi , P IDDRi , mkDRi ,GSSj ), CertDRi ,
srDRi , Ep (m, n), h(·), G} are stored in DRi ’s memory.
Erase credentials {IDDRi , P IDDRi , mkDRi ,GSSj , rDRi , srDRi }
corresponding to DRi from its database.
Make RP ubDRi and SP ubDRi as public.
Ground Station Servers Registration Process
Commanding room (CR) Ground station server (GSSj )
Choose real identity IDGSSj and random certificate key rGSSj ∈ Zp∗ .
Compute public key as RP ubGSSj = rGSSj · G,
pseudo-identity of GSSj as P IDGSSj = h(pkCR ||RT SGSSj ||IDGSSj ||rGSSj ),
GSSj ’s certificate as CertGSSj = rGSSj + h(RP ubGSSj ||P ubCR ) ∗ pkCR (mod p).
{P IDGSSj , CertGSSj , {(T IDDRi , P IDDRi ,

mkDRi ,GSSj )|i = 1, 2, · · · , w}, Ep (m, n), h(·), }
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−→
(via secure channel)
Generate own secret key rsGSSj .
Store {P IDGSSj , CertGSSj , rsGSSj , {(T IDDRi , P IDDRi ,
mkDRi ,GSSj )|i = 1, 2, · · · , w}, Ep (m, n), h(·), G}.
Fig. 2. Summary of registration of both drones (DRi ) and ground station servers (GSSj )
Drone (DRi ) Ground Station Server (GSSj )

{(T IDDRi , P IDDRi , mkDRi ,GSSj ), CertDRi , srDRi } {P IDGSSj , CertGSSj , rsGSSj ,
{(T IDDRi , P IDDRi , mkDRi ,GSSj )|(i = 1, 2, · · · , w)}}
Generate random secret rd ∈ Zp∗ , current timestamp T Sd .
Compute Xd = h(P IDDRi ||srDRi ||T Sd ||rd ||mkDRi ,GSSj ) · G,
Cert0DRi = CertDRi ⊕ h(P IDDRi ||mkDRi ,GSSj ||T Sd ||Xd ),
Signd = h(P IDDRi ||srDRi ||T Sd ||rd ||mkDRi ,GSSj ) Check validity of T Sd .
+h(Cert0DRi ||Xd ||T IDDRi ||T Sd ) ∗ srDRi (mod p). If so, fetch P IDDRi and mkDRi ,GSSj corresponding to T IDDRi .
M sg1 = {T IDDRi , Xd , Cert0DRi , Signd , T Sd } Derive CertDRi = Cert0DRi ⊕ h(P IDDRi ||mkDRi ,GSSj ||T Sd ||Xd ).
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−→
(via open channel) Verify certificate by CertDRi · G = P ubCR
+h(P IDDRi ||mkDRi ,GSSj ||P ubCR ||RP ubDRi ) · RP ubDRi .
If so, verify if Signd · G = Xd + h(Cert0DRi ||Xd ||T IDDRi ||T Sd ) · SP ubDRi ?
If valid, generate random secret rg ∈ Zp∗ , current timestamp T Sg .
Compute Xg = h(P IDGSSj ||mkDRi ,GSSj ||rsGSSj ||P IDDRi ||T Sg ||rg ) · G,
Ygd = h(P IDGSSj ||mkDRi ,GSSj ||rsGSSj ||P IDDRi ||T Sg ||rg ) · Xd ,
Cert0GSSj = CertGSSj ⊕ h(P IDDRi ||mkDRi ,GSSj ||Xg ||CertDRi ||T Sg ),
Check validity of T Sg . If valid, SKgd = h(Ygd ||CertGSSj ||CertDRi ||P IDDRi ||mkDRi ,GSSj ||T Sg ||T Sd ).
derive CertGSSj = Cert0GSSj ⊕ h(P IDDRi ||mkDRi ,GSSj Generate new temporary identity T IDDR new
i
.
||Xg ||CertDRi ||T Sg ), and verify certificate by Compute SKVgd = h(SKgd ||Cert0GSSj ||Xg ||T IDDR new
i
||T Sg ),
∗ new
CertGSSj · G = RP ubGSSj + h(RP ubGSSj ||P ubCR ) · P ubCR . T IDDR i
= T ID DRi ⊕ h(SK gd ||P ID DR i
||Cert GSSj
||T Sg ).
∗
If valid, compute Ydg = h(P IDDRi ||srDRi ||T Sd ||rd ||mkDRi ,GSSj ) · Xg , M sg2 = {T IDDR i
, Xg , Cert0GSSj , SKVgd , T Sg }
←−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
SKdg = h(Ydg ||CertGSSj ||CertDRi ||P IDDRi ||mkDRi ,GSSj ||T Sg ||T Sd ), (via open channel)
new ∗
T IDDR i
= T IDDR i
⊕ h(SKdg ||P IDDRi ||CertGSSj ||T Sg ),
Check if h(SKdg ||Cert0GSSj ||Xg ||T IDDRnew
i
||T Sg ) = SKVgd ?
0
If so, create current timestamp T Sd
and compute SKVdg = h(SKdg ||T Sd0 ||T IDDR new
i
). Check validity of T Sd0 .
M sg3 = {SKVdg , T Sd0 } If so, verify if h(SKgd ||T Sd0 ||T IDDR
new
i
) = SKVdg ?
−−−−−−−−−−−−−−−−−→ new
(via open channel) If so, update T IDDRi with new T IDDR i
corresponding to DRi .
new
Update T IDDRi with new T IDDR i
.
Both DRi and GSSj share the common session key SKdg (= SKgd ).
Fig. 3. Summary of access control phase in the propose scheme
Xg = h(P IDGSSj ||mkDRi ,GSSj ||rsGSSj ||P IDDRi properties, GSSj hides it certificate by Cert0GSSj =
||T Sg ||rg ) · G, and the Diffie-Hellman type key Ygd = CertGSSj ⊕ h(P IDDRi ||mkDRi ,GSSj ||Xg ||CertDRi
h(P IDGSSj ||mkDRi ,GSSj ||rsGSSj ||P IDDRi ||T Sg ||T Sg ), and derives the session key shared with DRi
||rg ) · Xd . as SKgd = h(Ygd ||CertGSSj ||CertDRi ||P IDDRi
• Step ACC3: For preserving anonymity and untraceability ||mkDRi ,GSSj ||T Sg ||T Sd ). GSSj then generates a
Things Journal
7
new
new temporary identity T IDDR i
for DRi , calculates ||RP ubnew new
DRi ) ∗ rDRi (mod p) and picks a temporal iden-
∗ new new
T IDDRi = T IDDRi ⊕ h(SKgd ||P IDDRi ||CertGSSj tity T IDDRi . The CR then chooses a random signature
||T Sg ), and constructs the session key verifier as secret key srDR new
i
∈ Zp∗ and derives its public key as
SKVgd = h(SKgd ||Cert0GSSj ||Xg ||T IDDR new
i
||T Sg ). new new
SP ubDRi = srDRi ·G. After that, the CR stores the cre-
new new new
Next, GSSj builds an access control reply message as dentials {(T IDDR i
, P IDDR i
, mkDR i ,GSSj
), Certnew
DRi ,
∗
M sg2 = {T IDDR i
, Xg , Cert0GSSj , SKVgd , T Sg } and new
srDRi , Ep (m, n), h(·), G} in DRi ’s memory prior to its
sends it to the respective drone DRi via a public channel. deployment in a particular zone.
• Step ACC4: Assume that DRi receives the message • Step DNA3: Finally, the CR deletes the secret credentials
M sg2 at time T Sg∗ and validates its freshness by the {IDDRnew
i
, P IDDRnew
i
, mkDR new
i ,GSSj
new
, rDR i
new
, srDR i
} from
condition: |T Sg∗ − T Sg | < ∆T . If the timestamp is its database, and publishes RP ubDRi and SP ubnew
new
DRi as
valid, DRi derives GSSj ’s certificate as CertGSSj = the public. After that, the CR sends the information
Cert0GSSj ⊕ h(P IDDRi ||mkDRi ,GSSj ||Xg ||CertDRi {T IDDRnew
i
, P IDDRnew
i
new
, mkDR i ,GSSj
} to its associated
||T Sg ) and verifies it by CertGSSj · G = RP ubGSSj + GSSj via secure channel.
h(RP ubGSSj ||P ubCR ) · P ubCR . If it is verified, DRi This phase is summarized in Fig. 4.
constructs the Diffie-Hellman type key Ydg = h(P IDDRi
||srDRi ||T Sd ||rd ||mkDRi ,GSSj ) · Xg , and generates Commanding room (CR) Drone (DRinew )
the session key shared with GSSj as SKdg = h(Ydg Pick real identity IDDR new
i
,
new
||CertGSSj ||CertDRi ||P IDDRi ||mkDRi ,GSSj ||T Sg master symmetric key mkDR i ,GSSj
.
new new
new ∗ Derive pseudo-identity P IDDR = h(IDDR
||T Sd ). After that, DRi derives T IDDR i
= T IDDR i
⊕ new new
||pkCR ||mkDRi ,GSSj ||RT SDRi ||IDCR ).
i i
h(SKdg ||P IDDRi ||CertGSSj ||T Sg ) and verifies its Pick certificate random secret rDR new
i
∈ Zp
∗
.
authenticity and session key by h(SKdg ||Cert0GSSj ||Xg Compute public RP ubnew new
DRi = rDRi · G.
new
new Generate certificate as CertDRi = pkCR
||T IDDR i
||T Sg ) = SKVgd . If the condition is satisfied, +h(P IDDR new
i
||mkDRnew
i ,GSSj
||P ubCR
DRi believes that the generated session key is genuine ||RP ubnew
DRi ) ∗ r new
DRi (mod p).
new
Select temporal identity T IDDR ,
and also the received new temporal identity is authentic. random signature secret key srDR new
i
∈ Zp∗ .
Next, DRi selects a current timestamp T Sd0 to compute Calculate public SP ubnew new
DRi = srDRi · G.
i
the session key verifier as SKVdg = h(SKdg ||T Sd0 Credentials {(T IDDR
new
new
i
new
, P IDDRnew
new
i
,
new mkDR ), Cert , srDRi ,
||T IDDR i
) and create an acknowledgment message as i ,GSSj DRi
Ep (m, n), h(·), G} are stored
M sg3 = {SKVdg , T Sd0 }, and sends M sg3 to GSSj via in DRinew ’s memory.
new new
a public channel. Erase credentials {IDDR i
, P IDDR i
,
new new new
mkDR i ,GSSj
, rDR , srDR }
• Step ACC5: After getting the message M sg3 at time
i i
new
corresponding to DRi from its database.
∗
T Sd1 , GSSj checks the timeliness by the condition: Make RP ubnew new
DRi and SP ubDRi as public.
new new new
∗ Send {T IDDR }
|T Sd1 − T Sd0 | < ∆T . If it is valid, GSSj verifies the i
, P IDDR i
, mkDR i ,GSSj
to its associated GSSj via secure channel.
session key by h(SKgd ||T Sd0 ||T IDDR new
i
) = SKVdg . If
Fig. 4. Summary of new drones addition phase
it is successfully verified, GSSj updates T IDDRi with
new
the new T IDDR i
corresponding to DRi into its own
secure database.
At the end, both DRi and GSSj hare the common session V. S ECURITY A NALYSIS
key SKdg (= SKgd ) for their secret communications. The This section lays out a detailed formal security analysis
overall phase is also summarized in Fig. 3. under a random oracle model, known as the “Real-Or-Random
(ROR) model” [12] and non-mathematical/informal security
D. Dynamic Node Addition Phase analysis for showing the robustness of the proposed scheme
(ACPBS-IoT) against various potential attacks.
Due to hostile environment, a drone can be physically
captured or hijacked by an adversary or it may be even power
exhausted. Thus, new drones deployment is some battlefield A. Formal Security under ROR Model
zones may be necessary. To add a new drone, say DRinew In this section, we provide formal proof (mathematically)
(called a node) into the existing battlefield zone, the following for session key security under the widely-accepted ROR oracle
steps are executed by the CR in offline mode: model during the access control phase explained in Section
• Step DNA1: The CR selects a unique real identity IV-C between a drone DRi and its associated ground station
new new server (GSSj ). Theorem 1 proves that the proposed ACPBS-
IDDR i
and a unique master symmetric key mkDR i ,GSSj
new IoT is secure against an adversary A for deriving the session
shared by DRi and its associated GSSj , and de-
new new key between DRi and GSSj . A has access to all the queries
rives a pseudo-identity P IDDR i
= h(IDDR i
||pkCR
new new new
||mkDRi ,GSSj ||RT SDRi ||IDCR ) where RT SDR i
is that are tabulated in Table III. Apart from these queries, all
its registration timestamp. The CR picks a certificate the concerned entities including the adversary A has access to
random secret rDR new
i
∈ Zp∗ for DRinew to calculate the a collision-resistant one-way cryptographic hash function h(·)
corresponding public key as RP ubnew new
DRi = rDRi · G. that is modeled as a random oracle, say Hashow .
• Step DNA2: Next, the CR creates a certificate as The ROR model has various components that are associated
Certnew new new
DRi = pkCR + h(P IDDRi ||mkDRi ,GSSj ||P ubCR together and defined as follows:
Things Journal
8
• Participants: A drone DRi and its associated GSSj are Elliptic Curve Decisional Diffe-Hellman Problem (ECDDHP),
involved in a particular session for establishing a session respectively, then
key during in the access control phase. In addition, a
ACP BS−IoT qh2 ECDDHP
registration authority (CR) is also engaged for registering AdvA (pt ) ≤ + 2AdvA (pt ).
the entities and dynamically adding nodes (drones) in |Hashow |
the offline mode. Therefore, we consider mainly two Proof. We apply the same proof-concept applied here as done
participants: a drone DRi and the GSSj . ΓsDR 1
i
and in [19], [20], [43], [44]. In the proposed ACPBS-IoT, we
s2 th th
ΓGSSj signify the s1 and s2 instances of DRi and design three games, namely GameA j for the adversary A,
GSSj , respectively, which are termed as the random where j = 0, 1, 2. Let SuccA Gamej define an event in which
oracles. A can guess the random bit c in the game GameA j correctly
• Accepted state: An instance Γs is known to be in an and its associate advantage (success probability) be defined by
ACP BS−IoT
accepted state once it goes to an accept state when the last AdvA,Game j
= P r[SuccAGamej ]. We now describe each of
authenticated message is received. The communicated the mentioned games as follows.
messages are then ordered in sequence to form the session GameA 0 : In this game, the adversary A plays an actual
identification sid of Γs for the current session. attack against the proposed ACPBS-IoT with the ROR model
• Partnering: Two instances, say Γs1 and Γs2 are said to and starts the initial game GameA 0 by guessing a randomly
be partners to each other, if they follow three satisfying bit c. Therefore, by utilizing semantic security defined in
criteria: 1) Γs1 and Γs2 need to be in accepted states; Definition 1, we have
2) Γs1 and Γs2 need to exchange the same sid and they
ACP BS−IoT ACP BS−IoT
need to also mutually authenticate each other; and 3) Γs1 AdvA (pt ) = |2AdvA,Game0
− 1|. (1)
and Γs2 need to be mutual partners of each other.
GameA 1 : Under this game, A eavesdrops all the messages
• Freshness: An instance ΓsDR 1
or ΓsGSS
2
is known to be
i j
M sg1 = {T IDDRi , Xd , Cert0DRi , Signd , T Sd }, M sg2 =
fresh if they establish a common session key SKdg (= ∗
{T IDDR , Xg , Cert0GSSj , SKVgd , T Sg }, and M sg3 =
SKgd ) between DRi and GSSj which is not disclosed i
{SKVdg , T Sd0 } by performing the Execute query shown in
by A by executing the Reveal query described in Table
Table III. After that, A tries to derive the established session
III.
key SKdg (= SKgd ) between DRi and GSSj . A needs
to execute the “Reveal and T est queries in order to check
TABLE III
Q UERIES AND THEIR MOTIVES
whether the derived session key is an original one or just a
random key”. The session key is SKdg = h(Ydg ||CertGSSj
Query Motive ||CertDRi ||P IDDRi ||mkDRi ,GSSj ||T Sg ||T Sd ), where
Execute(ΓsDR
1
, ΓsGSS
2
) This query helps A to eavesdrop the messages trans- Ydg = h(P IDDRi ||srDRi ||T Sd ||rd ||mkDRi ,GSSj ) · Xg
i j
mitted between DRi and GSSj
CorruptDevice(ΓsDR
1
)
i
Using this query, A is able to extract the credentials which is composition of both short-term secret (ephemeral)
loaded in a physically captured or hijacked DRi ’s such as random number rd and long-term secrets mkDRi ,GSSj ,
insecure memory
Reveal(Γs ) Under this query, A has access to a disclosed session P IDDRi , and srDRi . Since all the short-term and long-term
key SKdg (= SKgd ) between Γs and its associated secret credentials are protected by h(·), it will not allow
partner
T est(Γs ) By applying this query, A can verify the derived to increase the success probability at all in computing the
session key SKdg (= SKgd ) whether it is real or session key SKdg (= SKgd ) by means of hijacking of the
just a random outcome of a flipped unbiased coin,
say c messages M sgl (l = 1, 2, 3). Hence, we remark that both the
games GameA A
0 and Game1 become indistinguishable under
The semantic security of the proposed ACPBS-IoT is now an eavesdropping attack. Thus, we obtain the following result:
defined prior to prove Theorem 1. ACP BS−IoT
AdvA,Game ACP BS−IoT
= AdvA,Game . (2)
1 0
ACP BS−IoT
Definition 1 (Semantic security). If AdvA (pt )
GameA 2 : A plays an active attack in this game and
refers to the “advantage of an adversary A running in
executes the CorruptDevice query and tries to solve the
polynomial time pt in breaking the semantic security of the
difficulty of solving the computational problem (ECDDHP).
proposed ACPBS-IoT for computing the session key SKdg
We assume that the adversary A having intercepted mes-
(= SKgd ) between a drone DRi and a ground station server
ACP BS−IoT sages M sgl (l = 1, 2, 3) wants to derive the session key.
GSSj ”, then AdvA (pt ) = |2P r[c0 = c] − 1|, where
The session key is derived as SKdg = h(Ydg ||CertGSSj
c and c0 are respectively the correct and guessed bits, and
||CertDRi ||P IDDRi ||mkDRi ,GSSj ||T Sg ||T Sd ), where
P r[E] denotes an event E’s probability.
Ydg = h(P IDDRi ||srDRi ||T Sd ||rd ||mkDRi ,GSSj ) · Xg .
Theorem 1. In the proposed ACPBS-IoT, we assume that The adversary A has only knowledge of Xg , T Sg , and T Sd .
an adversary A executing in polynomial time pt attempts to Therefore, to find the value of Ydg , A needs to solve the
derive the established session key SKdg (= SKgd ) between a computational ECDDHP which helps to derive session key
drone DRi and its associated ground station server GSSj . If SKdg (= SKgd ). The session key for a particular session
ECDDHP
qh , |Hashow |, and AdvA (pt ) symbolize the number is composed of temporal credentials as well as permanent
of Hashow queries, the range space of a one-way collision- secrets which are protected by h(·). In addition, A executes the
resistant hash function h(·), and the advantage of breaking the CorruptDevice query and has the knowledge of the stored
Things Journal
9
credential {(T IDDRi , P IDDRi , mkDRi ,GSSj ), CertDRi , the timestamps attached to the messages. Hence, the proposed
srDRi , Ep (m, n), h(·), G} of a drone DRi . However, by ACPBS-IoT is secure against the replay attack.
utilizing these credentials, A can not derive the session key
for a specific session without having the random secret rg , Proposition 2. ACPBS-IoT is resilient against man-in-the-
and long-term secrets P IDGSSj and rsGSSj of the GSSj . middle (MiTM) attack.
Therefore, both the games GameA A
1 and Game2 are indis- Proof. The access control messages {M sg1 , M sg2 , M sg3 }
tinguishable if the execution of Hash and CorruptDevice are communicated via insecure (public) channel. An adver-
queries and solving ECDDHP are excluded. Hence, consid- sary A can eavesdrop the access control request message
ering the birthday paradox for finding the hash collision and M sg1 = {T IDDRi , Xd , Cert0DRi , Signd , T Sd } on the
the advantage of solving ECDDHP, we obtain the following fly, and seek to set up an authorized message, say M sg1∗ .
relation: To construct an authentic message M sg1∗ , A needs to de-
ACP BS−IoT
|AdvA,Game ACP BS−IoT
− AdvA,Game | rive the values of Xd , Cert0DRi , and Signd . A may then
choose a random number rd∗ , and pick a current timestamp
1 2
qh2
≤ ECDDHP
+ AdvA (pt ). (3) T Sd∗ to calculate Xd∗ = h(P IDDRi ||srDRi ||T Sd∗ ||rd∗
2|Hashow | ||mkDRi ,GSSj ) · G, (Cert0DRi )∗ = CertDRi ⊕ h(P IDDRi
It is worth noting that all the queries are made by A, and ||mkDRi ,GSSj ||T Sd∗ ||Xd∗ ), and Sign∗d = h(P IDDRi ||srDR
∗
i
it is only left for A to correctly guess a bit to win the game ||T Sd ||rd∗ ||mkDRi ,GSSj ) + h((Cert0DRi )∗ ||Xd∗ ||T IDDRi
GameA 2 . Therefore, we have, ||T Sd∗ ) ∗ srDRi (mod p). Since the generation of these values
1 require the private keys {srDRi , mkDRi ,GSSj , P IDDRi ,
ACP BS−IoT
AdvA,Game = . (4) srDRi }, it is very difficult task for A to construct another
2
2
valid message M sg1∗ . Similarly, A cannot build other valid
Eq. (1) gives messages. As a result, the proposed ACPBS-IoT is protected
1 ACP BS−IoT ACP BS−IoT 1 from MiTM attack.
.AdvA (pt ) = |AdvA,Game − |. (5)
2 0
2
Proposition 3. ACPBS-IoT is resilient against impersonation
Applying Eqs. (2), (3) and (4), and the triangular inequality,
attacks.
the following derivation from Eq. (5) is obatined:
1 Proof. In this attack, an adversary A may try to communicate
ACP BS−IoT
.AdvA (pt ) with the access control messages {M sg1 , M sg2 , M sg3 } on
2
ACP BS−IoT ACP BS−IoT behalf of a legitimate drone DRi and a legitimate GSSj .
= |AdvA,Game − AdvA,Game |
0 2
To achieve this goal, A requires to generate the message
ACP BS−IoT ACP BS−IoT
= |AdvA,Game1
− AdvA,Game2
| (6) M sg1 = {T IDDRi , Xd , Cert0DRi , Signd , T Sd }. With-
qh2 ECDDHP
out knowledge of the long-term secret credentials, such as
≤ + AdvA (pt ). {srDRi , mkDRi ,GSSj , P IDDRi , srDRi }, A cannot compute
2|Hashow |
the values of Xd , Cert0DRi and Signd . Similarly, for the other
Finally, if we multiply both sides of Eq. (6) by a factor of 2, messages M sg2 and M sg3 , A is incapable to construct those
we reach to the ending outcome: valid messages on behalf of GSSj and DRi . Therefore, the
ACP BS−IoT qh2 ECDDHP
designed ACPBS-IoT ensures security against drone and GSS
AdvA (pt ) ≤ + 2AdvA (pt ). impersonation attacks.
|Hashow |
Proposition 4. Drone physical capture attack is protected in
ACPBS-IoT.
B. Informal Security Analysis Proof. In the battlefield environment, there is always a high
This section provides an informal (non-mathematical) secu- risk for a device (drone) physical capture or hijacking by ab
rity analysis to show that the proposed ACPBS-IoT is secure adversary A. If a drone DRi can be physically captured or
against distinct potential attacks that are extremely essential hijacked by an adversary A, A can extract all the loaded
to secure battlefield surveillance scenario. information {(T IDDRi , P IDDRi , mkDRi ,GSSj ), CertDRi ,
srDRi , Ep (m, n), h(·), G} from the DRi ’s insecure mem-
Proposition 1. ACPBS-IoT is resilient against replay attack.
ory by employing the power analysis attacks as stated in
Proof. During the access control between a drone DRi and [39]. Since the secret credentials {(P IDDRi , mkDRi ,GSSj ),
its ground station server GSSj , three messages M sg1 = CertDRi , srDRi } are unique and distinct for each deployed
{T IDDRi , Xd , Cert0DRi , Signd , T Sd }, M sg2 = {T IDDR
∗
i
, drone, compromising a drone’s credentials will not help to
Xg , CertGSSj , SKVgd , T Sg }, and M sg3 = {SKVdg , T Sd0 }
0
derive the session key to derive the previous, present of even
have been transmitted over the public channel. Every message future session keys among various non-compromising drones
includes current timestamps and also random secrets for and their GSS. Thus, compromising a drone cannot impact
establishing session key in a particular session. Therefore, to the entire network. As a result, the proposed ACPBS-IoT
replaying past messages by an adversary A will lead to a provides protection against drone physical capture attack.
receiver to quickly identify the old messages with verifying
Things Journal
10
Proposition 5. Privileged insider attack is protected in entities or not. As a result, ACPBS-IoT preserves the device
ACPBS-IoT. untraceability property too.
Proof. After successful registration of all participants, such as
drones DRi and ground server stations GSSj , the registration VI. F ORMAL S ECURITY V ERIFICATION : S IMULATION
authority (CR) deletes all the relevant secret credentials of S TUDY USING AVISPA
the registered entities. If any insider user of the CR acts We simulate the proposed scheme (ACPBS-IoT) under
as malicious behavior and wants to communicate with other the widely-accepted AVISPA tool [11] for formal security
participants present in the network, he/she needs to know about verification to validate if ACPBS-IoT is resistant against active
all the stored credentials. Moreover, the registration process attacks, such as man-in-the-middle and replay attacks. We
is executed in offline mode via secure channel. Without implemented the proposed ACPBS-IoT using the High-Level
knowing the secret credentials, a privileged-insider of the CR Protocol Specification Language (HLPSL) [11] for various
cannot proceed to launch extra attacks, such as impersonation basic roles, such as the roles for the CR, drones (DRi )
attacks (see Proposition 3) and MiTM attack (see Proposition and ground station servers GSSj . Apart from these defined
2). Therefore, the proposed ACPBS-IoT is resilient against basic roles, we also implemented the compulsory composite
privileged-insider attack. roles for the session and goal & environment. It is worth
noticing that HLPSL is a role based language consisting
Proposition 6. Ephemeral secret leakage (ESL) attack is of basic and composition roles. In HLPSL specification, an
resisted in ACPBS-IoT. adversary A is modeled using the “Dolev-Yao (DY) threat
Proof. In the proposed ACPBS-IoT, a drone DRi estab- model” [38]. Thus, the intruder (always defined by the symbol
lishes the session key SKdg = h(Ydg ||CertGSSj ||CertDRi i in HLPSL) acts as a legitimate role during the protocol
||P IDDRi ||mkDRi ,GSSj ||T Sg ||T Sd ) = h(Ygd ||CertGSSj execution. The HLSPL specification is translated to an “in-
||CertDRi ||P IDDRi ||mkDRi ,GSSj ||T Sg ||T Sd ) = SKgd termediate format (IF) using the HLPSL2IF translator”. After
with its respective GSSj for a particular session in a battle- that the IF is then given as input to one of the four available
field zone. To accomplish this task, DRi calculates Ydg = backends of AVISPA, which are: a) “On-the-fly mode-checker
h(P IDDRi ||srDRi ||T Sd ||rd ||mkDRi ,GSSj ) · Xg h = (OFMC)”, b) “Constraint-logic-based Attack Searcher (CL-
(P IDGSSj ||mkDRi ,GSSj ||rsGSSj ||P IDDRi ||T Sg ||rg ) · AtSe)”, c) “SAT-based Model Checker (SATMC)” and d)
Xd = Ygd , which is composition of both short-term secret “Tree Automata based on Automatic Approximations for the
(ephemeral) such as random secrets rd and rg as well as the Analysis of Security Protocols (TA4SP)”. It then produces
long term secrets mkDRi ,GSSj , P IDDRi , P IDGSSj , srDRi “output format (OF)”. Both SATMC and TA4SP backends
and rsGSSj . All these secrets are unique and distinct for each do not presently offer bitwise exclusive OR (XOR) operation.
and every entity in the network. Therefore, the session key The formal security verification-based simulation study is thus
will be disclosed if and only if both the long-term and short- based on two backends, namely OFMC and CL-AtSe.
term secrets are compromised by an adversary A. Though The OF includes the following sections:
a session key revealed by A is for specific session, it will • SUMMARY: This parameter determines whether the pro-
not increase the chance to derive the session keys of the posed ACPBS-IoT is SAFE, UNSAFE or inconclusive.
previous sessions along with the session keys from the future • DETAILS: It provides details for the SUMMARY output,
sessions. This means that ACPBS-IoT supports perfect forward i.e., under what parameters the protocol is shown as
and backward secrecy features. Therefore, ACPBS-IoT is not SAFE, and if the protocol is marked as UNSAFE then
vulnerable to ESL attack. what are the possible attacks in the proposed protocol or
why the protocol is inconclusive for some reasons.
Proposition 7. Device anonymity and untraceability are pre- • PROTOCOL: It specifies the intermediate format.
served in ACPBS-IoT. • GOAL: This parameter indicates the goal of the protocol
Proof. During the access control phase discussed in Section defined using HLPSL specification.
IV-C for the proposed ACPBS-IoT, DRi communicates with • BACKEND: It specifies one of four backends: OFMC,
its GSSj using its temporary identity instead of real identity CL-AtSe, SATMC and TA4SP when we simulate the
so that A cannot connect who is the sender or receiver protocol under HLPSL using AVISPA.
during the communication time. Therefore, “anonymity” goal • STATISTICS: This section indicates some statistics for
for the drones is achieved in ACPBS-IoT. Moreover, all the analyzing the protocol.
parameters involved in the messages M sg1 = {T IDDRi , Xd , We refer to the readers for details of AVISPA and its HPLSL
∗
Cert0DRi , Signd , T Sd }, M sg2 = {T IDDR i
, Xg , Cert0GSSj , specifications in [11].
SKVgd , T Sg }, and M sg3 = {SKVdg , T Sd0 } are purely The proposed ACPBS-IoT is simulated under the OFMC
random and dynamic in nature as the parameters are injected and CL-AtSe backends using the SPAN, the Security Proto-
with current timestamps and random numbers. In addition, col ANimator for AVISPA [45]. The simulation results are
these parameters are not same for any two sessions during demonstrated in Fig. 5. The simulation of ACPBS-IoT is
the access control phase between DRi and GSSj . Therefore, performed for the execution tests and a bounded number
A cannot trace whether the communicated messages between of sessions model checking. In order to verify the replay
the entities over two consecutive sessions belong to the same attack on ACPBS-IoT, both OFMC and CL-AtSe backends
Things Journal
11
SUMMARY SUMMARY “Raspberry PI 3 B+ Rev 1.3, Ubuntu 20.04 LTS, 64- bit
SAFE SAFE
OS, 1.4 GHz Quad-core processor, cores 4, 1 GB RAM”
DETAILS DETAILS [10]. The testbed experimental costs are highlighted in
BOUNDED_NUMBER_OF_SESSIONS BOUNDED_NUMBER_OF_SESSIONS
TYPED_MODEL
Table IV.
PROTOCOL • Scenario 2: Similarly to the first scenario, to find out the
PROTOCOL /home/basudeb/Desktop/span
/home/basudeb/Desktop/span /testsuite/results/access−iot.if
execution costs of the cryptographic primitives used from
/testsuite/results/access−iot.if the server side (here, ground station server GSSj in the
GOAL GOAL
As specified as specified
proposed ACPBS-IoT), the following system environment
BACKEND BACKEND is taken as: “Ubuntu 18.04.4 LTS, with 7.7 GiB memory,
CL−AtSe OFMC
Intel Core i7 processor- 8565U, CPU @ 1.80GHz × 8,
STATISTICS STATISTICS 64-bit OS type and disk size 966.1 GB”. The testbed
Analysed : 15 states TIME 213 ms experimental costs are also highlighted in Table V for
Reachable : 7 states parseTime 0 ms
Translation: 0.09 seconds visitedNodes: 56 nodes this scenario.
Computation: 0.01 seconds depth: 5 plies
TABLE IV
E XECUTION TIME FOR CRYPTOGRAPHIC PRIMITIVES USING MIRACL ON
Fig. 5. Simulation results of ACPBS-IoT under CL-AtSe and OFMC backends R ASPBERRY PI 3 SETTING
Primitive Max. Time Min. Time Average Time

check whether the authorized entities can execute the specified (in ms) (in ms) (in ms)
Th 0.643 0.274 0.309
protocol by performing a search of a passive intruder or not. Tecm 4.532 2.206 2.288
The back-ends provide the intruder (i) about the knowledge Teca 0.021 0.015 0.016
of some normal sessions among legitimate agents. As a result, Tbp 32.79 27.606 32.084
Tmtp 0.406 0.381 0.385
both OFMC and CL-AtSe backends have the ability to check Tecenc 9.085 4.427 4.592
whether any man-in-the-middle attack is possible by i using Tecdec 4.553 2.221 2.304
the DY threat model or not. Under OFMC backend, a total of
56 nodes were visited with a depth of five plies and it takes
213 milliseconds. On the other side, a total of 15 states were TABLE V
E XECUTION TIME FOR CRYPTOGRAPHIC PRIMITIVES USING MIRACL ON
analyzed and oyut of these states seven states were reachable A SERVER SETTING
by taking 0.09 seconds and 0.01 seconds as translation time
Primitive Max. Time Min. Time Average Time
and computation time, respectively. More detailed analysis on (in ms) (in ms) (in ms)
the output formats, one can refer to the documents provided Th 0.149 0.024 0.055
in [45]. In both the cases, it was founded that the proposed Tecm 2.998 0.284 0.674
ACPBS-IoT was safe against man-in-the-middle and replay Teca 0.002 0.001 0.002
Tbp 7.951 4.495 4.716
attacks. Tmtp 0.199 0.092 0.114
Tecenc 5.998 0.569 1.350
VII. T ESTBED E XPERIMENTS USING MIRACL UNDER Tecdec 3.000 0.285 0.676
R ASPBERRY PI 3
In this section, we estimate the execution time of vari- VIII. C OMPARATIVE A NALYSIS
ous cryptographic primitives by using the broadly-recognized This section provides a detailed comparative analysis among
Multiprecision Integer and Rational Arithmetic Cryptographic the proposed scheme (ACPBS-IoT) and other existing compet-
Library (MIRACL) [9]. The MIRACL Crypto SDK is a C/C++ ing schemes of Ever [15], Shin and Kwon [16], and Fang et al.
based programming based software library that has been [17], in terms of their computation and communication costs
approved by the software developers as well as cryptographers as well as functionality and security features.
as the gold standard open source SDK for elliptic curve cryp-
tography (ECC). For evaluation of execution costs of elliptic A. Functionality and Security Attributes Comparison
curve point addition (Teca ), elliptic curve scalar multiplication The comparative analysis on security and functionality
(Tecm ), bilinear pairing (Tbp ), ECC based encryption (Tecenc ), features among the proposed ACPBS-IoT and other com-
ECC based decryption (Tecdec ) and map to point (Tmtp ), peting schemes for the considered twelve important features
we applied a non-singular elliptic curve of the form: y 2 = (SF1 –SF12 ) is provided in Table VI. It is evident that the
x3 + mx + n (mod p) as specified in Table II. proposed ACPBS-IoT provides better security features and
The entire experiment has been done over two scenarios and more functionality features as compared to other schemes.
for each of them, we execute each primitive for 100 times and Most importantly, none of the considered existing schemes
take the average cost (execution time), which are provided in resists ESL attack under the CK-adversary model and supports
Tables IV and V. dynamic drones/devices addition phase after the initial deploy-
• Scenario 1: Under this scenario, we execute crypto- ment. Moreover, device (drone) anonymity and untraceability
graphic primitives by utilizing MIRACL to estimate exe- funationality features are supported in the proposed ACPBS-
cution costs for a drone DRi with the help of Raspberry IoT. Furthermore, the random oracle based formal security
PI 3. The considered system configuration is as follows: analysis is not provided in the considered existing schemes.
Things Journal
12
TABLE VI During the access control phase between a drone and the
C OMPARATIVE STUDY ON FUNCTIONALITY & SECURITY ATTRIBUTES ground station server GSSj as described in Section IV-C,
Attribute Ever [15] Shin and Kwon [16] Fang et al. [17] ACPBS-IoT the proposed ACPBS-IoT involves three messages M sg1 =
SF1 X X X X {T IDDRi , Xd , Cert0DRi , Signd , T Sd }, M sg2 = {T IDDR∗
i
,
SF2 X X X X
SF3 X X X X Xg , CertGSSj , SKVgd , T Sg }, and M sg3 = {SKVdg , T Sd0 },
0
SF4 X X X X respectively. The communication costs for these messages

SF5 X X X X
SF6 × X X X demand (160 + 320 + 256 + 160 + 32) = 928 bits, (256 + 320 +
SF7 X X X X 256 + 256 + 32) = 1120 bits, and (256 + 32) bits, respectively
SF8 × × × X
SF9 × X × X and altogether these need 2336 bits. The comparative analysis
SF10 × × × X in Table VIII shows that the proposed ACPBS-IoT requires
SF11 X X X X
SF12 × × × X
less cost as compared to that for other schemes of Ever
[15], Shin and Kwon [16], and Fang et al. [17] (Case 1),
SF1 : replay attack; SF2 : man-in-the-middle attack; SF3 : mutual authen-
tication; SF4 : key agreement; SF5 : device impersonation attack; SF6 : except Fang et al. [17] (Case 2). However, it is justified
anonymity and untraceability; SF7 : resilience against device physical capture because the proposed ACPBS-IoT provides better security and
attack; SF8 : ESL attack under the CK-adversary model; SF9 : formal security functionality features as compared to other schemes (see Table
verification using AVISPA tool; SF10 : support dynamic node (drone/IoT
device) addition phase; SF11 : insider attack; SF12 : support formal security VI).
analysis under ROR model;
X: a scheme is secure or it supports an attribute; ×: a scheme is insecure or TABLE VII
it does not support an attribute. C OMPARATIVE STUDY ON COMPUTATION COSTS
Scheme IoT device/Drone Server/GSS
Ever [15] 9Th + 2Tbp + 6Th + 3Tbp +
B. Computation Costs Comparison 2Tmtp + 3Tecm 2Tmtp + 3Tecm
≈ 74.583 ms ≈ 16.728 ms
The notations for the cryptographic primitives Th , Tbp ,
Teca , Tecm , Tecenc , Tecdec , and Tmtp are referred to the time Shin and Kwon [16] 14Th + 5Tecm 12Th + Tecm
≈ 15.766 ms ≈ 1.334 ms
required for executing a one-way cryptographic hash function,
a bilinear pairing, an elliptic curve point addition, an elliptic Fang et al. [17] 7Th + 14Tecm + 4Teca −
(Case 1) ≈ 34.259 ms
curve point multiplication, an ECC based encryption, an ECC
based decryption, and a map to point function over ECC, Fang et al. [17] 7Th + 8Tecm + 3Teca −
respectively. The average computational costs are measured (Case 2) +Tecenc + Tecdec
≈ 27.411 ms
with the help of Raspberry PI 3 for a drone DRi or an IoT
smart device and server configuration for a server or GSSj ACPBS-IoT 9Th + 4Tecm + Teca 9Th + 6Tecm + 2Teca
≈ 11.949 ms ≈ 4.543 ms
that are provided in Tables IV and V, respectively.
We consider only the access control phase for measuring Note: Case 1: authentication and session key agreement process between
two network entities W1 and W2 in Fang et al. [17]; Case 2: session key
the computational time required for the proposed ACPBS- establishment process during data transmission and receiving among W1 and
IoT and other existing competing schemes. For the proposed W2 in Fang et al. [17].
ACPBS-IoT, we measure the computation cost for a drone
DRi and a ground station server GSSj as mentioned in
Section IV-C. A drone DRi requires the computational cost TABLE VIII
C OMPARATIVE STUDY ON COMMUNICATION COSTS
of 9Th + 4Tecm + Teca ≈ 11.949 ms, whereas a GSSj needs
the cost of 9Th + 6Tecm + 2Teca ≈ 4.543 ms, respectively.
Scheme No. of messages Total cost (in bits)
The comparative analysis on computational costs among the Ever [15] 6 5344
proposed ACPBS-IoT and other scheme provided in Table VII
shows that the proposed ACPBS-IoT needs less computational Shin and Kwon [16] 4 4480
cost for a smart device/drone point of view as compared Fang et al. [17] 2 2944
to other schemes. Moreover, ACPBS-IoT also needs less (Case 1)
computational cost as compared to that for the scheme of Ever
Fang et al. [17] 1 1536
[15]. (Case 2)
ACPBS-IoT 3 2336
C. Communication Costs Comparison Note: Case 1: authentication and session key agreement process between
two network entities W1 and W2 in Fang et al. [17]; Case 2: session key
For communication costs comparative analysis among the establishment process during data transmission and receiving among W1 and
proposed ACPBS-IoT and other existing competing schemes, W2 in Fang et al. [17].
an identity, a random number (nonce), an elliptic curve point
say, P = (Px , Py ) ∈ Ep (m, n) where x and y coordinates of
P are Px and Py respectively, a hash output (for example, if IX. C ONCLUSION
we apply SHA-256 hashing algorithm), and a timestamp are This paper proposes a new access control mechanism in
considered as 160, 160, (160 + 160) = 320, 256 and 32 bits, drone-assisted IoT environment that is needed to secure battle-
respectively. field surveillance (ACPBS-IoT). Through the access control, a
Things Journal
13
drone and its associated ground station server (GSS) are able [6] J. Brown, “Types of Military Drones: The Best Technology Avail-
to authenticate each other and also establish a session key able Today,” 2017, https://www.mydronelab.com/blog/types-of-military-
drones.html. Accessed on August 2020.
among them for their secure communication. The proposed [7] L. Gupta, R. Jain, and G. Vaszkun, “Survey of Important Issues in UAV
ACPBS-IoT is able to preserve anonymity and untraceability Communication Networks,” IEEE Communications Surveys & Tutorials,
properties that are extremely required for battlefield surveil- vol. 18, no. 2, pp. 1123–1152, 2016.
[8] T. Alladi, V. Chamola, B. Sikdar, and K. R. Choo, “Consumer iot:
lance. We have used ECC-based certificates and signatures Security vulnerability case studies and solutions,” IEEE Consumer
for validation of authorized drones and GSS so that new fake Electronics Magazine, vol. 9, no. 2, pp. 17–25, 2020.
deployment of drones and GSS are avoided. In addition, only [9] “MIRACL Cryptographic SDK: Multiprecision Integer and Rational
Arithmetic Cryptographic Library,” 2020, Accessed on June 2020.
the trusted CR is responsible for creating all the certificates [Online]. Available: https://github.com/miracl/MIRACL
that are loaded in drones and GSS. The proposed ACPBS- [10] “Raspberry Pi 3 Model B+,” 2020, Accessed on June
IoT is designed in such that it is free from potential attacks, 2020. [Online]. Available: https://www.raspberrypi.org/products/
raspberry-pi-3-model-b-plus/
such as privileged-insider, impersonation, MiTM, replay and [11] AVISPA, “Automated Validation of Internet Security Protocols and Ap-
ESL attacks. Furthermore, formal security verification of the plications,” 2019, http://www.avispa-project.org/. Accessed on August
proposed ACPBS-IoT has been carried out through AVISPA 2020.
[12] M. Abdalla, P. A. Fouque, and D. Pointcheval, “Password-based au-
simulation tool to exhibit its robustness against passive and thenticated key exchange in the three-party setting,” in 8th Interna-
active attacks. The testbed experiments are conducted for tional Workshop on Theory and Practice in Public Key Cryptography
measuring computational time of various cryptographic prim- (PKC’05), Lecture Notes in Computer Science, vol. 3386, Les Diablerets,
Switzerland, 2005, pp. 65–84.
itives using MIRACL for both server and Raspberry PI 3 [13] M. Rodrigues, J. Amaro, F. S. Osorio, and B. Kalinka. R. L. J. C.,
settings to check the feasibility study of the proposed ACPBS- “Authentication Methods for UAV Communication,” in IEEE Symposium
IoT. A rigorous comparative analysis also shows that the on Computers and Communications (ISCC), Barcelona, Spain, 2019, pp.
1210–1215.
proposed ACPBS-IoT achieves superior security against var- [14] G. Cho, J. Cho, S. Hyun, and H. Kim, “SENTINEL: A Secure and
ious potential attacks and more functionality features, and Efficient Authentication Framework for Unmanned Aerial Vehicles,”
low communication and computational costs as compared to Applied Sciences, vol. 10, no. 9, pp. 1–19, 2020.
[15] Y. K. Ever, “A secure authentication scheme framework for mobile-sinks
existing competing schemes. used in the internet of drones applications,” Computer Communications,
In future, we would like to incorporate the private vol. 155, pp. 143 – 149, 2020.
blockchain in our designed ACPBS-IoT. The reason for ap- [16] S. Shin and T. Kwon, “A Privacy-Preserving Authentication, Authoriza-
tion, and Key Agreement Scheme for Wireless Sensor Networks in 5G-
plying the private blockchain in this case is due to the fact Integrated Internet of Things,” IEEE Access, vol. 8, pp. 67 555–67 571,
that the information related to battlefield surveillance is strictly 2020.
private and confidential. Since the transactions in the blocks [17] D. Fang, Y. Qian, and R. Q. Hu, “A Flexible and Efficient Authentication
and Secure Data Transmission Scheme for IoT Applications,” IEEE
put in the blockchain will be encrypted, the encrypted search Internet of Things Journal, vol. 7, no. 4, pp. 3474–3484, 2020.
on the blockchain information would be another interesting [18] S. Chatterjee, A. K. Das, and J. K. Sing, “An Enhanced Access Control
future research work related to the proposed ACPBS-IoT. Scheme in Wireless Sensor Networks,” Ad Hoc & Sensor Wireless
Networks, vol. 21, no. 1-2, pp. 121–149, 2014.
[19] A. K. Das, M. Wazid, N. Kumar, A. V. Vasilakos, and J. J. P. C.
ACKNOWLEDGMENTS Rodrigues, “Biometrics-Based Privacy-Preserving User Authentication
Scheme for Cloud-Based Industrial Internet of Things Deployment,”
The authors thank the anonymous reviewers and the asso- IEEE Internet of Things Journal, vol. 5, no. 6, pp. 4900–4913, 2018.
[20] M. Wazid, A. K. Das, V. Odelu, N. Kumar, and W. Susilo, “Secure
ciate editor for their valuable feedback on the paper, which Remote User Authenticated Key Establishment Protocol for Smart
helped us to improve its quality and presentation. The authors Home Environment,” IEEE Transactions on Dependable and Secure
are also grateful to the Deanship of Scientific Research at Computing, vol. 17, no. 2, pp. 391–406, 2020.
[21] V. Odelu, A. K. Das, and A. Goswami, “SEAP: Secure and efficient
King Saud University, Riyadh, Saudi Arabia for funding this authentication protocol for NFC applications using pseudonyms,” IEEE
work through the Vice Deanship of Scientific Research Chairs: Transactions on Consumer Electronics, vol. 62, no. 1, pp. 30–38, 2016.
Chair of Pervasive and Mobile Computing. [22] A. Dua, N. Kumar, A. K. Das, and W. Susilo, “Secure Message Com-
munication Protocol Among Vehicles in Smart City,” IEEE Transactions
on Vehicular Technology, vol. 67, no. 5, pp. 4359–4373, 2018.
R EFERENCES [23] A. K. Das, S. Kumari, V. Odelu, X. Li, F. Wu, and X. Huang, “Provably
secure user authentication and key agreement scheme for wireless sensor
[1] M. Stoyanova, Y. Nikoloudakis, S. Panagiotakis, E. Pallis, and E. K. networks,” Security and Communication Networks, vol. 9, no. 16, pp.
Markakis, “A Survey on the Internet of Things (IoT) Forensics: Chal- 3670–3687, 2016.
lenges, Approaches, and Open Issues,” IEEE Communications Surveys [24] M. Wazid, A. K. Das, N. Kumar, V. Odelu, A. Goutham Reddy, K. Park,
& Tutorials, vol. 22, no. 2, pp. 1191–1221, 2020. and Y. Park, “Design of Lightweight Authentication and Key Agreement
[2] C. Hickman and F. Wang, “A Variable Length Address Assignment Protocol for Vehicular Ad Hoc Networks,” IEEE Access, vol. 5, pp.
Scheme for 6LoWPAN,” in IEEE 20th International Symposium on 14 966–14 980, 2017.
“A World of Wireless, Mobile and Multimedia Networks” (WoWMoM), [25] M. Wazid, A. K. Das, N. Kumar, and J. J. P. C. Rodrigues, “Secure
Washington, DC, USA, 2019, pp. 1–6. Three-Factor User Authentication Scheme for Renewable-Energy-Based
[3] H. Wang, H. Zhao, J. Zhang, D. Ma, J. Li, and J. Wei, “Survey Smart Grid Environment,” IEEE Transactions on Industrial Informatics,
on Unmanned Aerial Vehicle Networks: A Cyber Physical System vol. 13, no. 6, pp. 3144–3153, 2017.
Perspective,” IEEE Communications Surveys & Tutorials, vol. 22, no. 2, [26] S. Roy, S. Chatterjee, A. K. Das, S. Chattopadhyay, N. Kumar, and A. V.
pp. 1027–1070, 2020. Vasilakos, “On the Design of Provably Secure Lightweight Remote User
[4] N. Joshi, “4 sensors that are being used in drones technol- Authentication Scheme for Mobile Cloud Computing Services,” IEEE
ogy,” 2016, https://www.allerin.com/blog/4-sensors-that-are-being-used- Access, vol. 5, pp. 25 808–25 825, 2017.
in-drones-technology. Accessed on August 2020. [27] C. Lin, D. He, X. Huang, K.-K. R. Choo, and A. V. Vasilakos, “BSeIn: A
[5] V. Chamola, P. Kotesh, A. Agarwal, Naren, N. Gupta, and M. Guizani, blockchain-based secure mutual authentication with fine-grained access
“A Comprehensive Review of Unmanned Aerial Vehicle Attacks and control system for industry 4.0,” Journal of Network and Computer
Neutralization Techniques,” Ad Hoc Networks, p. 102324, 2020. Applications, vol. 116, pp. 42 – 52, 2018.
Things Journal
14
[28] H. Wang, D. He, and J. Han, “VOD-ADAC: Anonymous Distributed Basudeb Bera received his M.Sc. degree in mathe-
Fine-Grained Access Control Protocol with Verifiable Outsourced De- matics and computing in 2014 from IIT (ISM) Dhan-
cryption in Public Cloud,” IEEE Transactions on Services Computing, bad, India, and M.Tech. degree in computer science
vol. 13, no. 3, pp. 572–583, 2020. and data processing in 2017 from IIT Kharagpur,
[29] D. He, Y. Zhang, D. Wang, and K. K. R. Choo, “Secure and Efficient India. He is currently pursuing his Ph.D. degree in
Two-Party Signing Protocol for the Identity-Based Signature Scheme computer science and engineering from the Center
in the IEEE P1363 Standard for Public Key Cryptography,” IEEE for Security, Theory and Algorithmic Research, IIIT
Transactions on Dependable and Secure Computing, vol. 17, no. 5, pp. Hyderabad, India. His research interests are cryptog-
1124–1132, 2020. raphy, network security and blockchain technology.
[30] Q. Jiang, N. Zhang, J. Ni, J. Ma, X. Ma, and K. K. R. Choo, “Unified He has published 11 papers in international journals
Biometric Privacy Preserving Three-Factor Authentication and Key and conferences in his research areas.
Agreement for Cloud-Assisted Autonomous Vehicles,” IEEE Transac-
tions on Vehicular Technology, vol. 69, no. 9, pp. 9390–9401, 2020.
[31] D. Wang, W. Li, and P. Wang, “Measuring Two-Factor Authentication
Schemes for Real-Time Data Access in Industrial Wireless Sensor
Networks,” IEEE Transactions on Industrial Informatics, vol. 14, no. 9,
pp. 4081–4092, 2018.
[32] P. Gope, A. K. Das, N. Kumar, and Y. Cheng, “Lightweight and Ashok Kumar Das (M’17–SM’18) received a Ph.D.
Physically Secure Anonymous Mutual Authentication Protocol for Real- degree in computer science and engineering, an
Time Data Access in Industrial Wireless Sensor Networks,” IEEE M.Tech. degree in computer science and data pro-
Transactions on Industrial Informatics, vol. 15, no. 9, pp. 4957–4968, cessing, and an M.Sc. degree in mathematics from
2019. IIT Kharagpur, India. He is currently an Associate
[33] M. Wazid, A. K. Das, R. Hussain, G. Succi, and J. J. Rodrigues, Professor with the Center for Security, Theory and
“Authentication in cloud-driven IoT-based big data environment: Survey Algorithmic Research, IIIT, Hyderabad, India. His
and outlook,” Journal of Systems Architecture, vol. 97, pp. 185 – 196, current research interests include cryptography and
2019. network security including security in smart grid,
[34] T. Alladi, V. Chamola, Naren, and N. Kumar, “PARTH: A two-stage Internet of Things (IoT), Internet of Drones (IoD),
lightweight mutual authentication protocol for UAV surveillance net- Internet of Vehicles (IoV), Cyber-Physical Systems
works,” Computer Communications, vol. 160, pp. 81 – 90, 2020. (CPS) and cloud computing, blockchain and AI/ML security. He has authored
[35] T. Alladi, Naren, G. Bansal, V. Chamola, and M. Guizani, “SecAu- over 245 papers in international journals and conferences in the above
thUAV: A Novel Authentication Scheme for UAV-Ground Station and areas, including over 210 reputed journal papers. He was a recipient of
UAV-UAV Communication,” IEEE Transactions on Vehicular Technol- the Institute Silver Medal from IIT Kharagpur. He is on the editorial board
ogy, 2020. of IEEE Systems Journal, Journal of Network and Computer Applications
[36] R. Canetti and H. Krawczyk, “Universally Composable Notions of Key (Elsevier), Computer Communications (Elsevier), IET Communications, KSII
Exchange and Secure Channels,” in International Conference on the The- Transactions on Internet and Information Systems, and International Journal of
ory and Applications of Cryptographic Techniques (EUROCRYPT’02), Internet Technology and Secured Transactions (Inderscience), and has served
Amsterdam, The Netherlands, 2002, pp. 337–351. as a Program Committee Member in many international conferences. He
[37] A. Adavoudi-Jolfaei, M. Ashouri-Talouki, and S. F. Aghili, “Lightweight also severed as one of the Technical Program Committee Chairs of the first
and anonymous three-factor authentication and access control scheme International Congress on Blockchain and Applications (BLOCKCHAIN’19),
for real-time applications in wireless sensor networks,” Peer-to-Peer Avila, Spain, June 2019, International Conference on Applied Soft Com-
Networking and Applications, vol. 12, no. 1, pp. 43–59, 2019. puting and Communication Networks (ACN’20), October 2020, Chennai,
[38] D. Dolev and A. Yao, “On the security of public key protocols,” IEEE India, and second International Congress on Blockchain and Applications
Transactions on Information Theory, vol. 29, no. 2, pp. 198–208, 1983. (BLOCKCHAIN’20), L’Aquila, Italy, October 2020.
[39] T. S. Messerges, E. A. Dabbish, and R. H. Sloan, “Examining smart-card
security under the threat of power analysis attacks,” IEEE Transactions
on Computers, vol. 51, no. 5, pp. 541–552, 2002.
[40] A. K. Sutrala, A. K. Das, N. Kumar, A. G. Reddy, A. V. Vasilakos, and
J. J. P. C. Rodrigues, “On the design of secure user authenticated key
management scheme for multigateway-based wireless sensor networks Sahil Garg (S’15–M’18) is a postdoctoral research
using ECC,” International Journal of Communication Systems, vol. 31, fellow at École de technologie supérieure, Université
no. 8, p. e3514, 2018. du Québec, Montréal, Canada. He received his Ph.D.
[41] K. Park, Y. Park, A. K. Das, S. Yu, J. Lee, and Y. Park, “A Dynamic degree from the Thapar Institute of Engineering
Privacy-Preserving Key Management Protocol for V2G in Social Internet and Technology, Patiala, India, in 2018. He has
of Things,” IEEE Access, vol. 7, pp. 76 812–76 832, 2019. many research contributions in the area of machine
[42] W. E. May, “Secure Hash Standard,” 2015, FIPS PUB learning, big data analytics, security and privacy, the
180-1, National Institute of Standards and Technology Internet of Things, and cloud computing. He has
(NIST), U.S. Department of Commerce, April 1995. over 50 publications in high ranked journals and con-
http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf. Accessed ferences, including 25+ IEEE transactions/journal
on August 2020. papers. He received the IEEE ICC best paper award
[43] C. C. Chang and H. D. Le, “A provably secure, efficient, and flexible in 2018 in Kansas City, Missouri. He serves as the Managing Editor
authentication scheme for ad hoc wireless sensor networks,” IEEE of Springer’s Human-Centric Computing and Information Sciences journal.
Transactions on Wireless Communications, vol. 15, no. 1, pp. 357–366, He is also an Associate Editor of IEEE Network, IEEE System Journal,
2016. Elsevier’s Applied Soft Computing, Future Generation Computer Systems,
[44] S. Mandal, B. Bera, A. K. Sutrala, A. K. Das, K. R. Choo, and and Wiley’s International Journal of Communication Systems. In addition,
Y. Park, “CertificatelessSigncryptionBased ThreeFactor User Access he also serves as a Workshops and Symposia Officer of the IEEE ComSoc
Control Scheme for IoT Environment,” IEEE Internet of Things Journal, Emerging Technology Initiative on Aerial Communications. He has guest-
vol. 7, no. 4, pp. 3184–3197, 2020. edited a number of Special Issues in top-cited journals, including IEEE T-
[45] AVISPA, “SPAN, the Security Protocol ANimator for AVISPA,” 2019, ITS, IEEE TII, the IEEE IoT Journal, IEEE Network, and Future Generation
http://www.avispa-project.org/. Accessed on August 2020. Computer Systems. He serves/served as the Workshop Chair/Publicity Co-
Chair for several IEEE/ACM conferences, including IEEE INFOCOM, IEEE
GLOBECOM, IEEE ICC, ACM MobiCom, and more. He is a member of
ACM.
Things Journal
15
Md. Jalil Piran received a Ph.D. degree in Elec-

tronics and Information Engineering from Kyung
Hee University, South Korea, in 2016. Then, he
continued his research carrier as a Post-Doctoral
Fellow in Information and Communication Engi-
neering with the Networking Laboratory, Kyung Hee
University. Dr. Jalil Piran is currently an Assistant
Professor with the Department of Computer Science
and Engineering, Sejong University, Seoul, South
Korea. Prof. Piran published a substantial number of
technical papers in well-known international journals
and conferences in the area of Information and Communication Technology
(ICT), specifically in the fields of: Wireless Communications and Networking
e.g. 5G/6G; Internet of Things (IoT); Multimedia Communication, Streaming,
Adaptation, and QoE; Applied Machine Learning; and Security. In the
worldwide communities, he has been a member of IEEE since 2010, an
Active Delegate from South Korea in the Moving Picture Experts Group
(MPEG) since 2013, and an Active Member of the International Association
of Advanced Materials (IAAM) since 2017. Prof. Piran received the IAAM
Scientist Medal of the year 2017 for notable and outstanding research in new
age technology and innovation, Stockholm, Sweden. He has been recognized
as the Outstanding Emerging Researcher by the Iranian Ministry of Science,
Technology, and Research in 2017. Also, his Ph.D. dissertation has been
selected as the "Dissertation of the Year 2016" by the Iranian Academic Center
for Education, Culture, and Research in the Engineering Group.
M. Shamim Hossain (SM’09) is a Professor at

the Department of Software Engineering, College
of Computer and Information Sciences, King Saud
University, Riyadh, Saudi Arabia. He is also an ad-
junct professor at the School of Electrical Engineer-
ing and Computer Science, University of Ottawa,
Canada. He received his Ph.D. in Electrical and
Computer Engineering from the University of Ot-
tawa, Canada in 2009. His research interests include
cloud networking, smart environment (smart city,
smart health), AI, deep learning, edge computing,
Internet of Things (IoT), multimedia for health care, and multimedia big
data. He has authored and co-authored more than 275 publications, including
refereed journals, conference papers, books, and book chapters. Recently,
he co-edited a book on “Connected Health in Smart Cities”, published by
Springer. He has served as co-chair, general chair, workshop chair, publication
chair, and TPC for over 12 IEEE and ACM conferences and workshops.
Currently, he is the co-chair of the 3rd IEEE ICME Workshop on Multimedia
Services and Tools for smart-health (MUST-SH 2020). He is a recipient of
a number of awards, including the Best Conference Paper Award and the
2016 ACM Transactions on Multimedia Computing, Communications and
Applications (TOMM) Nicolas D. Georganas Best Paper Award. He is on the
editorial board of the IEEE Transactions on Multimedia, IEEE Multimedia,
IEEE Network, IEEE Wireless Communications, IEEE Access, Journal of
Network and Computer Applications (Elsevier), and International Journal
of Multimedia Tools and Applications (Springer). He also presently serves
as a lead guest editor of IEEE Network, ACM Transactions on Internet
Technology, ACM Transactions on Multimedia Computing, Communications,
and Applications (TOMM) and Multimedia systems Journal. He serves/served
as a guest editor of IEEE Communications Magazine, IEEE Network, IEEE
Transactions on Information Technology in Biomedicine (currently JBHI),
IEEE Transactions on Cloud Computing, Future Generation Computer Sys-
tems (Elsevier), International Journal of Multimedia Tools and Applications
(Springer), Cluster Computing (Springer). He is a senior member of the ACM.

Bera 2021

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bera 2021

Uploaded by

Copyright:

Available Formats

This article has been accepted for publication in a future issue of this journal, but has not been

Access Control Protocol for Battlefield Surveillance

circumstances. testbed experiments using MIRACL are provided in Section

Scheme Cryptographic Primitives Advantages Drawbacks/Limitations

Fig. 1. Battlefield surveillance in drones-assisted IoT environment

(GSSj ). This phase is performed by the CR via a secure TABLE II

To achieve the strong replay attack protection in the proposed

Drone Registration Process

{P IDGSSj , CertGSSj , {(T IDDRi , P IDDRi ,

Drone (DRi ) Ground Station Server (GSSj )

Primitive Max. Time Min. Time Average Time

SF4 X X X X respectively. The communication costs for these messages

Md. Jalil Piran received a Ph.D. degree in Elec-

M. Shamim Hossain (SM’09) is a Professor at

You might also like