Professional Documents
Culture Documents
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
1
Abstract—Surveillance drones, called as unmanned aerial vehi- agricultural field, and so on. The IoT smart devices are pro-
cles (UAV), are aircrafts that are utilized to collect video record- vided with unique identifiers and have capability to exchange
ings, still images, or live video of the targets, such as vehicles, information over the network with minimal human-to-human
people or specific areas. Particularly in battlefield surveillance,
there is high possibility of eavesdropping, inserting, modifying or human-to-computer interaction [1]. Since the IoT devices
or deleting the messages during communications among the are attached to the Internet, they can be assigned to Internet
deployed drones and ground station server (GSS). This leads to Protocol (IP) addresses. Due to shortage of IPv4 addresses,
launch several potential attacks by an adversary, such as main- IPv6 addresses can be assigned to them. Recently, Hickman
in-middle, impersonation, drones hijacking, replay attacks, etc. and Wang [2] proposed a variable-length encoding Routing
Moreover, anonymity and untarcebility are two crucial security
properties that need to be maintained in battlefield surveillance Protocol for Low-Power and Lossy Networks (RPL), known
communication environment. To deal with such a crucial se- as VRPL, which is an extension of RPL. It supports the
curity problem, we propose a new access control protocol for addressing scheme efficiently that relies on variable-length
battlefield surveillance in drone-assisted Internet of Things (IoT) encoding technique. Based on the underlying IPv6 over Low -
environment, called ACPBS-IoT. Through the detailed security Power Wireless Personal Area Networks (6LoWPAN) network
analysis using formal and informal (non-mathematical), and
also the formal security verification under automated software topology, their addressing scheme divides the available IPv6
simulation tool, we show the proposed ACPBS-IoT can resist sev- address space hierarchically. Thus, it is possible to assign the
eral potential attacks needed in battlefield surveillance scenario. smart devices with the IPv6 addresses using their addressing
Furthermore, the testbed experiments for various cryptographic scheme [2].
primitives have been performed for measuring the execution time. Unmanned Aerial Vehicle (UAV) (also called a drone) is
Finally, a detailed comparative study on communication and
computational overheads, and security as well as functionality a sub-part of IoT applications, which provides an Internet
features reveals that the proposed ACPBS-IoT provides superior of Drones (IoD) environment. The deployed drones play
security and more functionality features, and better or compa- significant responsibility in several areas depending upon their
rable overheads than other existing competing access control ability and versatility from industry to military in this digital
schemes. world. The integrated devices in a drone are basically IoT
Index Terms—Internet of Things (IoT), drones, battlefield smart devices, such as smart camera for capturing the steal or
surveillance, access control, key agreement, security. video images, Global Positioning System (GPS)-based sensors
with antennas that use a satellite-based navigation system for
tracing the location, speed and distance sensors, and so on
I. I NTRODUCTION [3], [4], [5]. A drone has an ability to make decision for final
Internet of Things (IoT) is an advance technology that execution. Recently, UAVs are also used to satisfy the growing
interacts with various smart computing devices, mechanical requirements of civilian applications, including agricultural
and digital machines or objects among the animals or people. plant protection, search and rescue, environment and natural
Now-a-days, IoT is connected over billions of interconnected disaster monitoring, delivery of goods, aerial base stations,
IoT smart devices in crucial environments, such as military military and traffic surveillance, and so on [3], [6], [7].
(battlefield surveillance), smart transportation in supply chain, In the military application, battlefield surveillance (video
smart home for home automation, healthcare application, surveillance) drone has an outstanding performance for de-
livering sensed real-time information. Since the information
B. Bera, and A. K. Das are with the Center for Security, Theory is mostly confidential and secret for defense purpose, the
and Algorithmic Research, International Institute of Information Technol- designed access control protocol should be secure enough to
ogy, Hyderabad 500 032, India (e-mail: basudeb.bera@research.iiit.ac.in; restrict access of the real-time information. In addition, the
iitkgp.akdas@gmail.com, ashok.das@iiit.ac.in).
S. Garg is with the Electrical Engineering Department, École de technologie drones have limited life time and the storage capacity. Hence,
supérieure, Université du Québec, Montreal, QC H3C 1K3, Canada (e-mail: the designed protocol should be lightweight in nature, and
sahil.garg@ieee.org). support high mobility and dynamic topology. If an access con-
Md. Jalil Piran is with the Department of Computer Science and
Engineering, Sejong University, Seoul 05006, South Korea (e-mail: pi- trol mechanism is absent during the confidential information
ran@sejong.ac.kr). (Corresponding author: Md. Jalil Piran) exchange among the participating network entities, the private
M. Shamim Hossain is with the Chair of Pervasive and Mobile Computing, data may be leaked to an adversary. Therefore, an access
and Department of Software Engineering, College of Computer and Informa-
tion Sciences, King Saud University, Riyadh 11543, Saudi Arabia (e-mail: control scheme should ensure that only the authorized entities
mshossain@ksu.edu.sa). be permitted to access the information through the legitimate
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
2
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
3
TABLE I
C RYPTOGRAPHIC PRIMITIVES , ADVANTAGES AND LIMITATIONS OF EXISTING SCHEMES IN I OT ENVIRONMENT
other and set up a common key for initial session in their B. Threat Model
scheme. However, the initial session key is vulnerable to ESL
In this threat model, we consider the broadly accepted threat
attack under the CK-adversary model and their scheme also
model, known as the Dolev-Yao (DY) threat model [38]. By
requires huge computational and communication costs.
applying the DY model, an adversary A not only can delete,
Table I summarizes various existing competing au-
hijack or modify the exchanged information, but can also
thenticated key agreement schemes with respect to their
insert the harmful data during the communication between
cryptographic techniques used, advantages and limita-
the a drone DRi and its associated GSSj . In addition, we
tions/drawbacks.
also adopt the new de facto model, known as Canetti and
Krawczyk’s model (CK-adversary model) [36] in our proposed
III. S YSTEM M ODELS access control scheme. According to the CK-adversary model,
This section gives the discussion on network and threat “A has an ability to compromise a session state, and reveal the
models to be utilized in the design of the proposed scheme secret credentials including secret keys if these are available in
in this paper. insecure memory of the DRi during session key establishment
process and also intercept the exchanged message that are
A. Network Model transmitted over the public channel”. In the proposed scheme,
we consider that some drones may be physically captured
The network model provided in Fig. 1 displays several
by the adversary A as in the battlefield it is not possible to
entities, such as a group of w drones, say DRi (i = 1, 2,
monitor all the drones in 24 × 7 where the drones can be
· · · , w) associated with their ground station server (GSSj )
tracked by the soldiers because there may be specific areas
that are deployed in a particular battlefield zone, say BLk .
to reach by humans in land vehicles or on foot is difficult or
It is assumed that there are several disjoint battlefield zones
almost impossible. Hence, once a drones is physically captured
where in each zone a group of drones along with their GSSj
by A, all the loaded information from the compromised drone
are deployed. Prior to deployment of various nodes, a fully
can be easily extracted by applying the power analysis attacks
trusted registration authority (in this case, a commanding room
as demonstrated in [39]. Furthermore, we assume that the CR
(CR)) is in-charge of registering them in offline mode (via
is fully trusted entity, whereas GSSj are semi-trusted in the
secure channel) as it is a one-time exercise. After successful
network. Finally, it is also assumed that the credentials in
registration, all the entities will be deployed in their respective
GSSj are stored in its secure database in order to avoid stolen-
zones. The task of a drone DRi deployed in BLk is to capture
verifier attack by the adversary A.
all necessary information (for instance, image or video of the
ground scenario, position or location of any movement of
soldiers and opponents) using pre-installed IoT-based smart IV. T HE P ROPOSED S CHEME
devices embedded in the drone, such as smart camera, GPS
sensor, and so on. The gathered information are then sent to In this section, we describe a novel access control protocol
the associated GSSj after encrypting the data using a session in drone-assisted IoT environment for battlefield surveillance,
key established among them which is described in Section called ACPBS-IoT. It is composed of four phases, namely the
IV-C. The GSSj securely sends the received confidential initialization phase, registration phase, access control phase,
information to the CR. After receiving and analyzing the and dynamic drones addition phase.
information received from the GSSj , the CR may give any 1) In the system initialization phase, the trusted command-
command or instruction to the DRi via GSSj securely. The ing room (CR) picks all the related system parameters.
drones DRi are then responsible for sending an enemy’s 2) In the registration phase, the trusted CR is responsible
position in the battlefield or even provide surveillance in the for registering all the drones deployed in each battlefield
battlefield. zone BLk and also their associated ground station server
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
4
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
5
field GF (p) (= Zp ), where p is a large prime so that process will be executed for registering GSSj by the CR with
the Elliptic Curve Discrete Logarithm Problem (ECDLP) the help of the following steps:
becomes intractable, 4m3 + 27n2 6= 0 (mod p) with O • Step GSSR1: The CR picks a unique real identity
as the point at infinity or zero point” and a base point IDGSSj and a unique random certificate secret key
G ∈ Ep (m, n) whose order be as large as p, say og , that rGSSj ∈ Zp∗ for each GSSj to compute its respective
is, og ·G = O, where og ·G = G+G+· · ·+G (og times) public key by RP ubGSSj = rGSSj · G. The CR then
is called the elliptic curve point (scalar) multiplication, computes a pseudo-identity of GSSj as P IDGSSj =
Zp = {0, 1, 2, · · · , p − 1}. h(pkCR ||RT SGSSj ||IDGSSj ||rGSSj ) where RT SGSSj
• Step S2. The CR then picks its real identity IDCR and is the registration timestamp of GSSj , and creates a cer-
a master private key pkCR ∈ Zp∗ , and computes its tificate for GSSj as CertGSSj = rGSSj + h(RP ubGSSj
corresponding public key as P ubCR = pkCR · G, where ||P ubCR ) ∗ pkCR (mod p).
Zp∗ = {x|0 < x < p, gcd(x, p) = 1} = {1, 2, · · · , p−1}. • Step GSSR2: After that the CR sends the infor-
• Step S3. Next, the CR selects a collision-resistant one- mation {P IDGSSj , CertGSSj , {(T IDDRi , P IDDRi ,
way cryptographic hash function h: {0, 1}∗ → {0, 1}lb mkDRi ,GSSj )|i = 1, 2, · · · , w}, Ep (m, n), h(·), G} to
which produces a fixed length output string of lb bits, the GSSj by secure channel (for instance, in person).
h(x) ∈ {0, 1}lb on an arbitrary length input string x ∈ GSSj then creates its own secret key rsGSSj . The
{0, 1}∗ . For instance, h(·) can be taken as Secure Hash information stored in the GSSj ’s secure memory are
Algorithm (SHA-2) which produces 256-bit hash value {P IDGSSj , CertGSSj , rsGSSj , {(T IDDRi , P IDDRi ,
(message digest) for more security as compared to SHA- mkDRi ,GSSj )|i = 1, 2, · · · , w}, Ep (m, n), h(·), G}.
1 [42]. • Step GSSR3: Finally, the CR deletes the secret credentials
• Step S4. Finally, the CR publishes the parameters IDGSSj , rGSSj and P IDGSSj from its database for
{Ep (m, n), h(·), G, P ubCR } as public and keeps the security reason, and publishes RP ubGSSj as public key.
secret pkCR as its private key. The registration of both drones (DRi ) and ground station
servers (GSSj ) are summarized in Fig. 2.
B. Registration Phase
C. Access Control Phase
Prior to deployment of the drones DRi (i = 1, 2, · · · , w)
In this phase, a drone DRi and a ground server station
and their ground station server (GSSj ), (j = 1, 2, · · · , l) in
(GSSj ) establish a session key prior to exchange of the real-
a particular battlefield zone (BLk ), the registration of drones
time confidential data from their assigned battlefield zone
and GSSs is done by the CR in the following subsections.
BLk . The following steps are executed for establishing the
1) Drone Registration Phase: The following steps are ex-
session key:
ecuted by the CR to register a drone DRi : ∗
• Step ACC1: DRi picks a random number rd ∈ Zp
• Step DRR1: The CR picks a unique real identity IDDRi , and current timestamp T Sd to compute the values of
a unique master symmetric key mkDRi ,GSSj for each Xd and Cert0DRi as Xd = h(P IDDRi ||srDRi ||T Sd
pair of DRi and GSSj , and computes a pseudo-identity ||rd ||mkDRi ,GSSj ) · G, and Cert0DRi = CertDRi
P IDDRi = h(IDDRi ||pkCR ||mkDRi ,GSSj ||RT SDRi ⊕ h(P IDDRi ||mkDRi ,GSSj ||T Sd ||Xd ), respectively.
||IDCR ) for each drone DRi , where RT SDRi is the After that, DRi generates a signature on the ran-
registration timestamp of the drone DRi . The CR selects dom number rd using its own private signature key
a unique random secret rDRi ∈ Zp∗ for each DRi and srDRi as Signd = h(P IDDRi ||srDRi ||T Sd ||rd
enumerates its corresponding public key as RP ubDRi = ||mkDRi ,GSSj ) + h(Cert0DRi ||Xd ||T IDDRi ||T Sd ) ∗
rDRi · G. srDRi (mod p). DRi then composes an access control
• Step DRR2: Next, the CR generates a certificate for each request message as M sg1 = {T IDDRi , Xd , Cert0DRi ,
DRi as CertDRi = pkCR + h(P IDDRi ||mkDRi ,GSSj Signd , T Sd } and dispatches it to its associated GSSj
||P ubCR ||RP ubDRi ) ∗ rDRi (mod p) and picks a tem- via a public channel.
poral identity T IDDRi for each DRi . CR then picks a • Step ACC2: After receiving the message M sg1 at
random signature secret key srDRi ∈ Zp∗ and derives its time T Sd∗ , GSSj checks it freshness by the condition
corresponding public key as SP ubDRi = srDRi ·G. After |T Sd∗ − T Sd | < ∆T . If it is true, GSSj then fetches
that, the CR stores the credentials {(T IDDRi , P IDDRi , P IDDRi and mkDRi ,GSSj corresponding to T IDDRi
mkDRi ,GSSj ), CertDRi , srDRi , Ep (m, n), h(·), G} to from its secure database. GSSj derives DRi ’s certificate
DRi ’s memory. from the received message by CertDRi = Cert0DRi ⊕
• Step DRR3: Finally, CR deletes all the secret credentials h(P IDDRi ||mkDRi ,GSSj ||T Sd ||Xd ), and verifies it
{IDDRi , P IDDRi , mkDRi ,GSSj , rDRi , srDRi } for with the condition: CertDRi · G = P ubCR + h(P IDDRi
DRi from its database, and publishes RP ubDRi and ||mkDRi ,GSSj ||P ubCR ||RP ubDRi ) · RP ubDRi . If it
SP ubDRi as public. is valid, GSSj verifies the signature as Signd · G =
2) Ground Station Server Registration Phase: The CR reg- Xd + h(Cert0DRi ||Xd ||T IDDRi ||T Sd ) · SP ubDRi . If
isters each ground station server (GSSj ) for their respective the condition is verified successfully, GSSj selects a ran-
battlefield zone (BLk ) prior to deployment, and the following dom number rg and current timestamp T Sg to compute
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
6
Xg = h(P IDGSSj ||mkDRi ,GSSj ||rsGSSj ||P IDDRi properties, GSSj hides it certificate by Cert0GSSj =
||T Sg ||rg ) · G, and the Diffie-Hellman type key Ygd = CertGSSj ⊕ h(P IDDRi ||mkDRi ,GSSj ||Xg ||CertDRi
h(P IDGSSj ||mkDRi ,GSSj ||rsGSSj ||P IDDRi ||T Sg ||T Sg ), and derives the session key shared with DRi
||rg ) · Xd . as SKgd = h(Ygd ||CertGSSj ||CertDRi ||P IDDRi
• Step ACC3: For preserving anonymity and untraceability ||mkDRi ,GSSj ||T Sg ||T Sd ). GSSj then generates a
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
7
new
new temporary identity T IDDR i
for DRi , calculates ||RP ubnew new
DRi ) ∗ rDRi (mod p) and picks a temporal iden-
∗ new new
T IDDRi = T IDDRi ⊕ h(SKgd ||P IDDRi ||CertGSSj tity T IDDRi . The CR then chooses a random signature
||T Sg ), and constructs the session key verifier as secret key srDR new
i
∈ Zp∗ and derives its public key as
SKVgd = h(SKgd ||Cert0GSSj ||Xg ||T IDDR new
i
||T Sg ). new new
SP ubDRi = srDRi ·G. After that, the CR stores the cre-
new new new
Next, GSSj builds an access control reply message as dentials {(T IDDR i
, P IDDR i
, mkDR i ,GSSj
), Certnew
DRi ,
∗
M sg2 = {T IDDR i
, Xg , Cert0GSSj , SKVgd , T Sg } and new
srDRi , Ep (m, n), h(·), G} in DRi ’s memory prior to its
sends it to the respective drone DRi via a public channel. deployment in a particular zone.
• Step ACC4: Assume that DRi receives the message • Step DNA3: Finally, the CR deletes the secret credentials
M sg2 at time T Sg∗ and validates its freshness by the {IDDRnew
i
, P IDDRnew
i
, mkDR new
i ,GSSj
new
, rDR i
new
, srDR i
} from
condition: |T Sg∗ − T Sg | < ∆T . If the timestamp is its database, and publishes RP ubDRi and SP ubnew
new
DRi as
valid, DRi derives GSSj ’s certificate as CertGSSj = the public. After that, the CR sends the information
Cert0GSSj ⊕ h(P IDDRi ||mkDRi ,GSSj ||Xg ||CertDRi {T IDDRnew
i
, P IDDRnew
i
new
, mkDR i ,GSSj
} to its associated
||T Sg ) and verifies it by CertGSSj · G = RP ubGSSj + GSSj via secure channel.
h(RP ubGSSj ||P ubCR ) · P ubCR . If it is verified, DRi This phase is summarized in Fig. 4.
constructs the Diffie-Hellman type key Ydg = h(P IDDRi
||srDRi ||T Sd ||rd ||mkDRi ,GSSj ) · Xg , and generates Commanding room (CR) Drone (DRinew )
the session key shared with GSSj as SKdg = h(Ydg Pick real identity IDDR new
i
,
new
||CertGSSj ||CertDRi ||P IDDRi ||mkDRi ,GSSj ||T Sg master symmetric key mkDR i ,GSSj
.
new new
new ∗ Derive pseudo-identity P IDDR = h(IDDR
||T Sd ). After that, DRi derives T IDDR i
= T IDDR i
⊕ new new
||pkCR ||mkDRi ,GSSj ||RT SDRi ||IDCR ).
i i
h(SKdg ||P IDDRi ||CertGSSj ||T Sg ) and verifies its Pick certificate random secret rDR new
i
∈ Zp
∗
.
authenticity and session key by h(SKdg ||Cert0GSSj ||Xg Compute public RP ubnew new
DRi = rDRi · G.
new
new Generate certificate as CertDRi = pkCR
||T IDDR i
||T Sg ) = SKVgd . If the condition is satisfied, +h(P IDDR new
i
||mkDRnew
i ,GSSj
||P ubCR
DRi believes that the generated session key is genuine ||RP ubnew
DRi ) ∗ r new
DRi (mod p).
new
Select temporal identity T IDDR ,
and also the received new temporal identity is authentic. random signature secret key srDR new
i
∈ Zp∗ .
Next, DRi selects a current timestamp T Sd0 to compute Calculate public SP ubnew new
DRi = srDRi · G.
i
the session key verifier as SKVdg = h(SKdg ||T Sd0 Credentials {(T IDDR
new
new
i
new
, P IDDRnew
new
i
,
new mkDR ), Cert , srDRi ,
||T IDDR i
) and create an acknowledgment message as i ,GSSj DRi
Ep (m, n), h(·), G} are stored
M sg3 = {SKVdg , T Sd0 }, and sends M sg3 to GSSj via in DRinew ’s memory.
new new
a public channel. Erase credentials {IDDR i
, P IDDR i
,
new new new
mkDR i ,GSSj
, rDR , srDR }
• Step ACC5: After getting the message M sg3 at time
i i
new
corresponding to DRi from its database.
∗
T Sd1 , GSSj checks the timeliness by the condition: Make RP ubnew new
DRi and SP ubDRi as public.
new new new
∗ Send {T IDDR }
|T Sd1 − T Sd0 | < ∆T . If it is valid, GSSj verifies the i
, P IDDR i
, mkDR i ,GSSj
to its associated GSSj via secure channel.
session key by h(SKgd ||T Sd0 ||T IDDR new
i
) = SKVdg . If
Fig. 4. Summary of new drones addition phase
it is successfully verified, GSSj updates T IDDRi with
new
the new T IDDR i
corresponding to DRi into its own
secure database.
At the end, both DRi and GSSj hare the common session V. S ECURITY A NALYSIS
key SKdg (= SKgd ) for their secret communications. The This section lays out a detailed formal security analysis
overall phase is also summarized in Fig. 3. under a random oracle model, known as the “Real-Or-Random
(ROR) model” [12] and non-mathematical/informal security
D. Dynamic Node Addition Phase analysis for showing the robustness of the proposed scheme
(ACPBS-IoT) against various potential attacks.
Due to hostile environment, a drone can be physically
captured or hijacked by an adversary or it may be even power
exhausted. Thus, new drones deployment is some battlefield A. Formal Security under ROR Model
zones may be necessary. To add a new drone, say DRinew In this section, we provide formal proof (mathematically)
(called a node) into the existing battlefield zone, the following for session key security under the widely-accepted ROR oracle
steps are executed by the CR in offline mode: model during the access control phase explained in Section
• Step DNA1: The CR selects a unique real identity IV-C between a drone DRi and its associated ground station
new new server (GSSj ). Theorem 1 proves that the proposed ACPBS-
IDDR i
and a unique master symmetric key mkDR i ,GSSj
new IoT is secure against an adversary A for deriving the session
shared by DRi and its associated GSSj , and de-
new new key between DRi and GSSj . A has access to all the queries
rives a pseudo-identity P IDDR i
= h(IDDR i
||pkCR
new new new
||mkDRi ,GSSj ||RT SDRi ||IDCR ) where RT SDR i
is that are tabulated in Table III. Apart from these queries, all
its registration timestamp. The CR picks a certificate the concerned entities including the adversary A has access to
random secret rDR new
i
∈ Zp∗ for DRinew to calculate the a collision-resistant one-way cryptographic hash function h(·)
corresponding public key as RP ubnew new
DRi = rDRi · G. that is modeled as a random oracle, say Hashow .
• Step DNA2: Next, the CR creates a certificate as The ROR model has various components that are associated
Certnew new new
DRi = pkCR + h(P IDDRi ||mkDRi ,GSSj ||P ubCR together and defined as follows:
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
8
• Participants: A drone DRi and its associated GSSj are Elliptic Curve Decisional Diffe-Hellman Problem (ECDDHP),
involved in a particular session for establishing a session respectively, then
key during in the access control phase. In addition, a
ACP BS−IoT qh2 ECDDHP
registration authority (CR) is also engaged for registering AdvA (pt ) ≤ + 2AdvA (pt ).
the entities and dynamically adding nodes (drones) in |Hashow |
the offline mode. Therefore, we consider mainly two Proof. We apply the same proof-concept applied here as done
participants: a drone DRi and the GSSj . ΓsDR 1
i
and in [19], [20], [43], [44]. In the proposed ACPBS-IoT, we
s2 th th
ΓGSSj signify the s1 and s2 instances of DRi and design three games, namely GameA j for the adversary A,
GSSj , respectively, which are termed as the random where j = 0, 1, 2. Let SuccA Gamej define an event in which
oracles. A can guess the random bit c in the game GameA j correctly
• Accepted state: An instance Γs is known to be in an and its associate advantage (success probability) be defined by
ACP BS−IoT
accepted state once it goes to an accept state when the last AdvA,Game j
= P r[SuccAGamej ]. We now describe each of
authenticated message is received. The communicated the mentioned games as follows.
messages are then ordered in sequence to form the session GameA 0 : In this game, the adversary A plays an actual
identification sid of Γs for the current session. attack against the proposed ACPBS-IoT with the ROR model
• Partnering: Two instances, say Γs1 and Γs2 are said to and starts the initial game GameA 0 by guessing a randomly
be partners to each other, if they follow three satisfying bit c. Therefore, by utilizing semantic security defined in
criteria: 1) Γs1 and Γs2 need to be in accepted states; Definition 1, we have
2) Γs1 and Γs2 need to exchange the same sid and they
ACP BS−IoT ACP BS−IoT
need to also mutually authenticate each other; and 3) Γs1 AdvA (pt ) = |2AdvA,Game0
− 1|. (1)
and Γs2 need to be mutual partners of each other.
GameA 1 : Under this game, A eavesdrops all the messages
• Freshness: An instance ΓsDR 1
or ΓsGSS
2
is known to be
i j
M sg1 = {T IDDRi , Xd , Cert0DRi , Signd , T Sd }, M sg2 =
fresh if they establish a common session key SKdg (= ∗
{T IDDR , Xg , Cert0GSSj , SKVgd , T Sg }, and M sg3 =
SKgd ) between DRi and GSSj which is not disclosed i
{SKVdg , T Sd0 } by performing the Execute query shown in
by A by executing the Reveal query described in Table
Table III. After that, A tries to derive the established session
III.
key SKdg (= SKgd ) between DRi and GSSj . A needs
to execute the “Reveal and T est queries in order to check
TABLE III
Q UERIES AND THEIR MOTIVES
whether the derived session key is an original one or just a
random key”. The session key is SKdg = h(Ydg ||CertGSSj
Query Motive ||CertDRi ||P IDDRi ||mkDRi ,GSSj ||T Sg ||T Sd ), where
Execute(ΓsDR
1
, ΓsGSS
2
) This query helps A to eavesdrop the messages trans- Ydg = h(P IDDRi ||srDRi ||T Sd ||rd ||mkDRi ,GSSj ) · Xg
i j
mitted between DRi and GSSj
CorruptDevice(ΓsDR
1
)
i
Using this query, A is able to extract the credentials which is composition of both short-term secret (ephemeral)
loaded in a physically captured or hijacked DRi ’s such as random number rd and long-term secrets mkDRi ,GSSj ,
insecure memory
Reveal(Γs ) Under this query, A has access to a disclosed session P IDDRi , and srDRi . Since all the short-term and long-term
key SKdg (= SKgd ) between Γs and its associated secret credentials are protected by h(·), it will not allow
partner
T est(Γs ) By applying this query, A can verify the derived to increase the success probability at all in computing the
session key SKdg (= SKgd ) whether it is real or session key SKdg (= SKgd ) by means of hijacking of the
just a random outcome of a flipped unbiased coin,
say c messages M sgl (l = 1, 2, 3). Hence, we remark that both the
games GameA A
0 and Game1 become indistinguishable under
The semantic security of the proposed ACPBS-IoT is now an eavesdropping attack. Thus, we obtain the following result:
defined prior to prove Theorem 1. ACP BS−IoT
AdvA,Game ACP BS−IoT
= AdvA,Game . (2)
1 0
ACP BS−IoT
Definition 1 (Semantic security). If AdvA (pt )
GameA 2 : A plays an active attack in this game and
refers to the “advantage of an adversary A running in
executes the CorruptDevice query and tries to solve the
polynomial time pt in breaking the semantic security of the
difficulty of solving the computational problem (ECDDHP).
proposed ACPBS-IoT for computing the session key SKdg
We assume that the adversary A having intercepted mes-
(= SKgd ) between a drone DRi and a ground station server
ACP BS−IoT sages M sgl (l = 1, 2, 3) wants to derive the session key.
GSSj ”, then AdvA (pt ) = |2P r[c0 = c] − 1|, where
The session key is derived as SKdg = h(Ydg ||CertGSSj
c and c0 are respectively the correct and guessed bits, and
||CertDRi ||P IDDRi ||mkDRi ,GSSj ||T Sg ||T Sd ), where
P r[E] denotes an event E’s probability.
Ydg = h(P IDDRi ||srDRi ||T Sd ||rd ||mkDRi ,GSSj ) · Xg .
Theorem 1. In the proposed ACPBS-IoT, we assume that The adversary A has only knowledge of Xg , T Sg , and T Sd .
an adversary A executing in polynomial time pt attempts to Therefore, to find the value of Ydg , A needs to solve the
derive the established session key SKdg (= SKgd ) between a computational ECDDHP which helps to derive session key
drone DRi and its associated ground station server GSSj . If SKdg (= SKgd ). The session key for a particular session
ECDDHP
qh , |Hashow |, and AdvA (pt ) symbolize the number is composed of temporal credentials as well as permanent
of Hashow queries, the range space of a one-way collision- secrets which are protected by h(·). In addition, A executes the
resistant hash function h(·), and the advantage of breaking the CorruptDevice query and has the knowledge of the stored
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
9
credential {(T IDDRi , P IDDRi , mkDRi ,GSSj ), CertDRi , the timestamps attached to the messages. Hence, the proposed
srDRi , Ep (m, n), h(·), G} of a drone DRi . However, by ACPBS-IoT is secure against the replay attack.
utilizing these credentials, A can not derive the session key
for a specific session without having the random secret rg , Proposition 2. ACPBS-IoT is resilient against man-in-the-
and long-term secrets P IDGSSj and rsGSSj of the GSSj . middle (MiTM) attack.
Therefore, both the games GameA A
1 and Game2 are indis- Proof. The access control messages {M sg1 , M sg2 , M sg3 }
tinguishable if the execution of Hash and CorruptDevice are communicated via insecure (public) channel. An adver-
queries and solving ECDDHP are excluded. Hence, consid- sary A can eavesdrop the access control request message
ering the birthday paradox for finding the hash collision and M sg1 = {T IDDRi , Xd , Cert0DRi , Signd , T Sd } on the
the advantage of solving ECDDHP, we obtain the following fly, and seek to set up an authorized message, say M sg1∗ .
relation: To construct an authentic message M sg1∗ , A needs to de-
ACP BS−IoT
|AdvA,Game ACP BS−IoT
− AdvA,Game | rive the values of Xd , Cert0DRi , and Signd . A may then
choose a random number rd∗ , and pick a current timestamp
1 2
qh2
≤ ECDDHP
+ AdvA (pt ). (3) T Sd∗ to calculate Xd∗ = h(P IDDRi ||srDRi ||T Sd∗ ||rd∗
2|Hashow | ||mkDRi ,GSSj ) · G, (Cert0DRi )∗ = CertDRi ⊕ h(P IDDRi
It is worth noting that all the queries are made by A, and ||mkDRi ,GSSj ||T Sd∗ ||Xd∗ ), and Sign∗d = h(P IDDRi ||srDR
∗
i
it is only left for A to correctly guess a bit to win the game ||T Sd ||rd∗ ||mkDRi ,GSSj ) + h((Cert0DRi )∗ ||Xd∗ ||T IDDRi
GameA 2 . Therefore, we have, ||T Sd∗ ) ∗ srDRi (mod p). Since the generation of these values
1 require the private keys {srDRi , mkDRi ,GSSj , P IDDRi ,
ACP BS−IoT
AdvA,Game = . (4) srDRi }, it is very difficult task for A to construct another
2
2
valid message M sg1∗ . Similarly, A cannot build other valid
Eq. (1) gives messages. As a result, the proposed ACPBS-IoT is protected
1 ACP BS−IoT ACP BS−IoT 1 from MiTM attack.
.AdvA (pt ) = |AdvA,Game − |. (5)
2 0
2
Proposition 3. ACPBS-IoT is resilient against impersonation
Applying Eqs. (2), (3) and (4), and the triangular inequality,
attacks.
the following derivation from Eq. (5) is obatined:
1 Proof. In this attack, an adversary A may try to communicate
ACP BS−IoT
.AdvA (pt ) with the access control messages {M sg1 , M sg2 , M sg3 } on
2
ACP BS−IoT ACP BS−IoT behalf of a legitimate drone DRi and a legitimate GSSj .
= |AdvA,Game − AdvA,Game |
0 2
To achieve this goal, A requires to generate the message
ACP BS−IoT ACP BS−IoT
= |AdvA,Game1
− AdvA,Game2
| (6) M sg1 = {T IDDRi , Xd , Cert0DRi , Signd , T Sd }. With-
qh2 ECDDHP
out knowledge of the long-term secret credentials, such as
≤ + AdvA (pt ). {srDRi , mkDRi ,GSSj , P IDDRi , srDRi }, A cannot compute
2|Hashow |
the values of Xd , Cert0DRi and Signd . Similarly, for the other
Finally, if we multiply both sides of Eq. (6) by a factor of 2, messages M sg2 and M sg3 , A is incapable to construct those
we reach to the ending outcome: valid messages on behalf of GSSj and DRi . Therefore, the
ACP BS−IoT qh2 ECDDHP
designed ACPBS-IoT ensures security against drone and GSS
AdvA (pt ) ≤ + 2AdvA (pt ). impersonation attacks.
|Hashow |
Proposition 4. Drone physical capture attack is protected in
ACPBS-IoT.
B. Informal Security Analysis Proof. In the battlefield environment, there is always a high
This section provides an informal (non-mathematical) secu- risk for a device (drone) physical capture or hijacking by ab
rity analysis to show that the proposed ACPBS-IoT is secure adversary A. If a drone DRi can be physically captured or
against distinct potential attacks that are extremely essential hijacked by an adversary A, A can extract all the loaded
to secure battlefield surveillance scenario. information {(T IDDRi , P IDDRi , mkDRi ,GSSj ), CertDRi ,
srDRi , Ep (m, n), h(·), G} from the DRi ’s insecure mem-
Proposition 1. ACPBS-IoT is resilient against replay attack.
ory by employing the power analysis attacks as stated in
Proof. During the access control between a drone DRi and [39]. Since the secret credentials {(P IDDRi , mkDRi ,GSSj ),
its ground station server GSSj , three messages M sg1 = CertDRi , srDRi } are unique and distinct for each deployed
{T IDDRi , Xd , Cert0DRi , Signd , T Sd }, M sg2 = {T IDDR
∗
i
, drone, compromising a drone’s credentials will not help to
Xg , CertGSSj , SKVgd , T Sg }, and M sg3 = {SKVdg , T Sd0 }
0
derive the session key to derive the previous, present of even
have been transmitted over the public channel. Every message future session keys among various non-compromising drones
includes current timestamps and also random secrets for and their GSS. Thus, compromising a drone cannot impact
establishing session key in a particular session. Therefore, to the entire network. As a result, the proposed ACPBS-IoT
replaying past messages by an adversary A will lead to a provides protection against drone physical capture attack.
receiver to quickly identify the old messages with verifying
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
10
Proposition 5. Privileged insider attack is protected in entities or not. As a result, ACPBS-IoT preserves the device
ACPBS-IoT. untraceability property too.
Proof. After successful registration of all participants, such as
drones DRi and ground server stations GSSj , the registration VI. F ORMAL S ECURITY V ERIFICATION : S IMULATION
authority (CR) deletes all the relevant secret credentials of S TUDY USING AVISPA
the registered entities. If any insider user of the CR acts We simulate the proposed scheme (ACPBS-IoT) under
as malicious behavior and wants to communicate with other the widely-accepted AVISPA tool [11] for formal security
participants present in the network, he/she needs to know about verification to validate if ACPBS-IoT is resistant against active
all the stored credentials. Moreover, the registration process attacks, such as man-in-the-middle and replay attacks. We
is executed in offline mode via secure channel. Without implemented the proposed ACPBS-IoT using the High-Level
knowing the secret credentials, a privileged-insider of the CR Protocol Specification Language (HLPSL) [11] for various
cannot proceed to launch extra attacks, such as impersonation basic roles, such as the roles for the CR, drones (DRi )
attacks (see Proposition 3) and MiTM attack (see Proposition and ground station servers GSSj . Apart from these defined
2). Therefore, the proposed ACPBS-IoT is resilient against basic roles, we also implemented the compulsory composite
privileged-insider attack. roles for the session and goal & environment. It is worth
noticing that HLPSL is a role based language consisting
Proposition 6. Ephemeral secret leakage (ESL) attack is of basic and composition roles. In HLPSL specification, an
resisted in ACPBS-IoT. adversary A is modeled using the “Dolev-Yao (DY) threat
Proof. In the proposed ACPBS-IoT, a drone DRi estab- model” [38]. Thus, the intruder (always defined by the symbol
lishes the session key SKdg = h(Ydg ||CertGSSj ||CertDRi i in HLPSL) acts as a legitimate role during the protocol
||P IDDRi ||mkDRi ,GSSj ||T Sg ||T Sd ) = h(Ygd ||CertGSSj execution. The HLSPL specification is translated to an “in-
||CertDRi ||P IDDRi ||mkDRi ,GSSj ||T Sg ||T Sd ) = SKgd termediate format (IF) using the HLPSL2IF translator”. After
with its respective GSSj for a particular session in a battle- that the IF is then given as input to one of the four available
field zone. To accomplish this task, DRi calculates Ydg = backends of AVISPA, which are: a) “On-the-fly mode-checker
h(P IDDRi ||srDRi ||T Sd ||rd ||mkDRi ,GSSj ) · Xg h = (OFMC)”, b) “Constraint-logic-based Attack Searcher (CL-
(P IDGSSj ||mkDRi ,GSSj ||rsGSSj ||P IDDRi ||T Sg ||rg ) · AtSe)”, c) “SAT-based Model Checker (SATMC)” and d)
Xd = Ygd , which is composition of both short-term secret “Tree Automata based on Automatic Approximations for the
(ephemeral) such as random secrets rd and rg as well as the Analysis of Security Protocols (TA4SP)”. It then produces
long term secrets mkDRi ,GSSj , P IDDRi , P IDGSSj , srDRi “output format (OF)”. Both SATMC and TA4SP backends
and rsGSSj . All these secrets are unique and distinct for each do not presently offer bitwise exclusive OR (XOR) operation.
and every entity in the network. Therefore, the session key The formal security verification-based simulation study is thus
will be disclosed if and only if both the long-term and short- based on two backends, namely OFMC and CL-AtSe.
term secrets are compromised by an adversary A. Though The OF includes the following sections:
a session key revealed by A is for specific session, it will • SUMMARY: This parameter determines whether the pro-
not increase the chance to derive the session keys of the posed ACPBS-IoT is SAFE, UNSAFE or inconclusive.
previous sessions along with the session keys from the future • DETAILS: It provides details for the SUMMARY output,
sessions. This means that ACPBS-IoT supports perfect forward i.e., under what parameters the protocol is shown as
and backward secrecy features. Therefore, ACPBS-IoT is not SAFE, and if the protocol is marked as UNSAFE then
vulnerable to ESL attack. what are the possible attacks in the proposed protocol or
why the protocol is inconclusive for some reasons.
Proposition 7. Device anonymity and untraceability are pre- • PROTOCOL: It specifies the intermediate format.
served in ACPBS-IoT. • GOAL: This parameter indicates the goal of the protocol
Proof. During the access control phase discussed in Section defined using HLPSL specification.
IV-C for the proposed ACPBS-IoT, DRi communicates with • BACKEND: It specifies one of four backends: OFMC,
its GSSj using its temporary identity instead of real identity CL-AtSe, SATMC and TA4SP when we simulate the
so that A cannot connect who is the sender or receiver protocol under HLPSL using AVISPA.
during the communication time. Therefore, “anonymity” goal • STATISTICS: This section indicates some statistics for
for the drones is achieved in ACPBS-IoT. Moreover, all the analyzing the protocol.
parameters involved in the messages M sg1 = {T IDDRi , Xd , We refer to the readers for details of AVISPA and its HPLSL
∗
Cert0DRi , Signd , T Sd }, M sg2 = {T IDDR i
, Xg , Cert0GSSj , specifications in [11].
SKVgd , T Sg }, and M sg3 = {SKVdg , T Sd0 } are purely The proposed ACPBS-IoT is simulated under the OFMC
random and dynamic in nature as the parameters are injected and CL-AtSe backends using the SPAN, the Security Proto-
with current timestamps and random numbers. In addition, col ANimator for AVISPA [45]. The simulation results are
these parameters are not same for any two sessions during demonstrated in Fig. 5. The simulation of ACPBS-IoT is
the access control phase between DRi and GSSj . Therefore, performed for the execution tests and a bounded number
A cannot trace whether the communicated messages between of sessions model checking. In order to verify the replay
the entities over two consecutive sessions belong to the same attack on ACPBS-IoT, both OFMC and CL-AtSe backends
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
11
SUMMARY SUMMARY “Raspberry PI 3 B+ Rev 1.3, Ubuntu 20.04 LTS, 64- bit
SAFE SAFE
OS, 1.4 GHz Quad-core processor, cores 4, 1 GB RAM”
DETAILS DETAILS [10]. The testbed experimental costs are highlighted in
BOUNDED_NUMBER_OF_SESSIONS BOUNDED_NUMBER_OF_SESSIONS
TYPED_MODEL
Table IV.
PROTOCOL • Scenario 2: Similarly to the first scenario, to find out the
PROTOCOL /home/basudeb/Desktop/span
/home/basudeb/Desktop/span /testsuite/results/access−iot.if
execution costs of the cryptographic primitives used from
/testsuite/results/access−iot.if the server side (here, ground station server GSSj in the
GOAL GOAL
As specified as specified
proposed ACPBS-IoT), the following system environment
BACKEND BACKEND is taken as: “Ubuntu 18.04.4 LTS, with 7.7 GiB memory,
CL−AtSe OFMC
Intel Core i7 processor- 8565U, CPU @ 1.80GHz × 8,
STATISTICS STATISTICS 64-bit OS type and disk size 966.1 GB”. The testbed
Analysed : 15 states TIME 213 ms experimental costs are also highlighted in Table V for
Reachable : 7 states parseTime 0 ms
Translation: 0.09 seconds visitedNodes: 56 nodes this scenario.
Computation: 0.01 seconds depth: 5 plies
TABLE IV
E XECUTION TIME FOR CRYPTOGRAPHIC PRIMITIVES USING MIRACL ON
Fig. 5. Simulation results of ACPBS-IoT under CL-AtSe and OFMC backends R ASPBERRY PI 3 SETTING
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
12
TABLE VI During the access control phase between a drone and the
C OMPARATIVE STUDY ON FUNCTIONALITY & SECURITY ATTRIBUTES ground station server GSSj as described in Section IV-C,
Attribute Ever [15] Shin and Kwon [16] Fang et al. [17] ACPBS-IoT the proposed ACPBS-IoT involves three messages M sg1 =
SF1 X X X X {T IDDRi , Xd , Cert0DRi , Signd , T Sd }, M sg2 = {T IDDR∗
i
,
SF2 X X X X
SF3 X X X X Xg , CertGSSj , SKVgd , T Sg }, and M sg3 = {SKVdg , T Sd0 },
0
ACPBS-IoT 3 2336
C. Communication Costs Comparison Note: Case 1: authentication and session key agreement process between
two network entities W1 and W2 in Fang et al. [17]; Case 2: session key
For communication costs comparative analysis among the establishment process during data transmission and receiving among W1 and
proposed ACPBS-IoT and other existing competing schemes, W2 in Fang et al. [17].
an identity, a random number (nonce), an elliptic curve point
say, P = (Px , Py ) ∈ Ep (m, n) where x and y coordinates of
P are Px and Py respectively, a hash output (for example, if IX. C ONCLUSION
we apply SHA-256 hashing algorithm), and a timestamp are This paper proposes a new access control mechanism in
considered as 160, 160, (160 + 160) = 320, 256 and 32 bits, drone-assisted IoT environment that is needed to secure battle-
respectively. field surveillance (ACPBS-IoT). Through the access control, a
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
13
drone and its associated ground station server (GSS) are able [6] J. Brown, “Types of Military Drones: The Best Technology Avail-
to authenticate each other and also establish a session key able Today,” 2017, https://www.mydronelab.com/blog/types-of-military-
drones.html. Accessed on August 2020.
among them for their secure communication. The proposed [7] L. Gupta, R. Jain, and G. Vaszkun, “Survey of Important Issues in UAV
ACPBS-IoT is able to preserve anonymity and untraceability Communication Networks,” IEEE Communications Surveys & Tutorials,
properties that are extremely required for battlefield surveil- vol. 18, no. 2, pp. 1123–1152, 2016.
[8] T. Alladi, V. Chamola, B. Sikdar, and K. R. Choo, “Consumer iot:
lance. We have used ECC-based certificates and signatures Security vulnerability case studies and solutions,” IEEE Consumer
for validation of authorized drones and GSS so that new fake Electronics Magazine, vol. 9, no. 2, pp. 17–25, 2020.
deployment of drones and GSS are avoided. In addition, only [9] “MIRACL Cryptographic SDK: Multiprecision Integer and Rational
Arithmetic Cryptographic Library,” 2020, Accessed on June 2020.
the trusted CR is responsible for creating all the certificates [Online]. Available: https://github.com/miracl/MIRACL
that are loaded in drones and GSS. The proposed ACPBS- [10] “Raspberry Pi 3 Model B+,” 2020, Accessed on June
IoT is designed in such that it is free from potential attacks, 2020. [Online]. Available: https://www.raspberrypi.org/products/
raspberry-pi-3-model-b-plus/
such as privileged-insider, impersonation, MiTM, replay and [11] AVISPA, “Automated Validation of Internet Security Protocols and Ap-
ESL attacks. Furthermore, formal security verification of the plications,” 2019, http://www.avispa-project.org/. Accessed on August
proposed ACPBS-IoT has been carried out through AVISPA 2020.
[12] M. Abdalla, P. A. Fouque, and D. Pointcheval, “Password-based au-
simulation tool to exhibit its robustness against passive and thenticated key exchange in the three-party setting,” in 8th Interna-
active attacks. The testbed experiments are conducted for tional Workshop on Theory and Practice in Public Key Cryptography
measuring computational time of various cryptographic prim- (PKC’05), Lecture Notes in Computer Science, vol. 3386, Les Diablerets,
Switzerland, 2005, pp. 65–84.
itives using MIRACL for both server and Raspberry PI 3 [13] M. Rodrigues, J. Amaro, F. S. Osorio, and B. Kalinka. R. L. J. C.,
settings to check the feasibility study of the proposed ACPBS- “Authentication Methods for UAV Communication,” in IEEE Symposium
IoT. A rigorous comparative analysis also shows that the on Computers and Communications (ISCC), Barcelona, Spain, 2019, pp.
1210–1215.
proposed ACPBS-IoT achieves superior security against var- [14] G. Cho, J. Cho, S. Hyun, and H. Kim, “SENTINEL: A Secure and
ious potential attacks and more functionality features, and Efficient Authentication Framework for Unmanned Aerial Vehicles,”
low communication and computational costs as compared to Applied Sciences, vol. 10, no. 9, pp. 1–19, 2020.
[15] Y. K. Ever, “A secure authentication scheme framework for mobile-sinks
existing competing schemes. used in the internet of drones applications,” Computer Communications,
In future, we would like to incorporate the private vol. 155, pp. 143 – 149, 2020.
blockchain in our designed ACPBS-IoT. The reason for ap- [16] S. Shin and T. Kwon, “A Privacy-Preserving Authentication, Authoriza-
tion, and Key Agreement Scheme for Wireless Sensor Networks in 5G-
plying the private blockchain in this case is due to the fact Integrated Internet of Things,” IEEE Access, vol. 8, pp. 67 555–67 571,
that the information related to battlefield surveillance is strictly 2020.
private and confidential. Since the transactions in the blocks [17] D. Fang, Y. Qian, and R. Q. Hu, “A Flexible and Efficient Authentication
and Secure Data Transmission Scheme for IoT Applications,” IEEE
put in the blockchain will be encrypted, the encrypted search Internet of Things Journal, vol. 7, no. 4, pp. 3474–3484, 2020.
on the blockchain information would be another interesting [18] S. Chatterjee, A. K. Das, and J. K. Sing, “An Enhanced Access Control
future research work related to the proposed ACPBS-IoT. Scheme in Wireless Sensor Networks,” Ad Hoc & Sensor Wireless
Networks, vol. 21, no. 1-2, pp. 121–149, 2014.
[19] A. K. Das, M. Wazid, N. Kumar, A. V. Vasilakos, and J. J. P. C.
ACKNOWLEDGMENTS Rodrigues, “Biometrics-Based Privacy-Preserving User Authentication
Scheme for Cloud-Based Industrial Internet of Things Deployment,”
The authors thank the anonymous reviewers and the asso- IEEE Internet of Things Journal, vol. 5, no. 6, pp. 4900–4913, 2018.
[20] M. Wazid, A. K. Das, V. Odelu, N. Kumar, and W. Susilo, “Secure
ciate editor for their valuable feedback on the paper, which Remote User Authenticated Key Establishment Protocol for Smart
helped us to improve its quality and presentation. The authors Home Environment,” IEEE Transactions on Dependable and Secure
are also grateful to the Deanship of Scientific Research at Computing, vol. 17, no. 2, pp. 391–406, 2020.
[21] V. Odelu, A. K. Das, and A. Goswami, “SEAP: Secure and efficient
King Saud University, Riyadh, Saudi Arabia for funding this authentication protocol for NFC applications using pseudonyms,” IEEE
work through the Vice Deanship of Scientific Research Chairs: Transactions on Consumer Electronics, vol. 62, no. 1, pp. 30–38, 2016.
Chair of Pervasive and Mobile Computing. [22] A. Dua, N. Kumar, A. K. Das, and W. Susilo, “Secure Message Com-
munication Protocol Among Vehicles in Smart City,” IEEE Transactions
on Vehicular Technology, vol. 67, no. 5, pp. 4359–4373, 2018.
R EFERENCES [23] A. K. Das, S. Kumari, V. Odelu, X. Li, F. Wu, and X. Huang, “Provably
secure user authentication and key agreement scheme for wireless sensor
[1] M. Stoyanova, Y. Nikoloudakis, S. Panagiotakis, E. Pallis, and E. K. networks,” Security and Communication Networks, vol. 9, no. 16, pp.
Markakis, “A Survey on the Internet of Things (IoT) Forensics: Chal- 3670–3687, 2016.
lenges, Approaches, and Open Issues,” IEEE Communications Surveys [24] M. Wazid, A. K. Das, N. Kumar, V. Odelu, A. Goutham Reddy, K. Park,
& Tutorials, vol. 22, no. 2, pp. 1191–1221, 2020. and Y. Park, “Design of Lightweight Authentication and Key Agreement
[2] C. Hickman and F. Wang, “A Variable Length Address Assignment Protocol for Vehicular Ad Hoc Networks,” IEEE Access, vol. 5, pp.
Scheme for 6LoWPAN,” in IEEE 20th International Symposium on 14 966–14 980, 2017.
“A World of Wireless, Mobile and Multimedia Networks” (WoWMoM), [25] M. Wazid, A. K. Das, N. Kumar, and J. J. P. C. Rodrigues, “Secure
Washington, DC, USA, 2019, pp. 1–6. Three-Factor User Authentication Scheme for Renewable-Energy-Based
[3] H. Wang, H. Zhao, J. Zhang, D. Ma, J. Li, and J. Wei, “Survey Smart Grid Environment,” IEEE Transactions on Industrial Informatics,
on Unmanned Aerial Vehicle Networks: A Cyber Physical System vol. 13, no. 6, pp. 3144–3153, 2017.
Perspective,” IEEE Communications Surveys & Tutorials, vol. 22, no. 2, [26] S. Roy, S. Chatterjee, A. K. Das, S. Chattopadhyay, N. Kumar, and A. V.
pp. 1027–1070, 2020. Vasilakos, “On the Design of Provably Secure Lightweight Remote User
[4] N. Joshi, “4 sensors that are being used in drones technol- Authentication Scheme for Mobile Cloud Computing Services,” IEEE
ogy,” 2016, https://www.allerin.com/blog/4-sensors-that-are-being-used- Access, vol. 5, pp. 25 808–25 825, 2017.
in-drones-technology. Accessed on August 2020. [27] C. Lin, D. He, X. Huang, K.-K. R. Choo, and A. V. Vasilakos, “BSeIn: A
[5] V. Chamola, P. Kotesh, A. Agarwal, Naren, N. Gupta, and M. Guizani, blockchain-based secure mutual authentication with fine-grained access
“A Comprehensive Review of Unmanned Aerial Vehicle Attacks and control system for industry 4.0,” Journal of Network and Computer
Neutralization Techniques,” Ad Hoc Networks, p. 102324, 2020. Applications, vol. 116, pp. 42 – 52, 2018.
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
14
[28] H. Wang, D. He, and J. Han, “VOD-ADAC: Anonymous Distributed Basudeb Bera received his M.Sc. degree in mathe-
Fine-Grained Access Control Protocol with Verifiable Outsourced De- matics and computing in 2014 from IIT (ISM) Dhan-
cryption in Public Cloud,” IEEE Transactions on Services Computing, bad, India, and M.Tech. degree in computer science
vol. 13, no. 3, pp. 572–583, 2020. and data processing in 2017 from IIT Kharagpur,
[29] D. He, Y. Zhang, D. Wang, and K. K. R. Choo, “Secure and Efficient India. He is currently pursuing his Ph.D. degree in
Two-Party Signing Protocol for the Identity-Based Signature Scheme computer science and engineering from the Center
in the IEEE P1363 Standard for Public Key Cryptography,” IEEE for Security, Theory and Algorithmic Research, IIIT
Transactions on Dependable and Secure Computing, vol. 17, no. 5, pp. Hyderabad, India. His research interests are cryptog-
1124–1132, 2020. raphy, network security and blockchain technology.
[30] Q. Jiang, N. Zhang, J. Ni, J. Ma, X. Ma, and K. K. R. Choo, “Unified He has published 11 papers in international journals
Biometric Privacy Preserving Three-Factor Authentication and Key and conferences in his research areas.
Agreement for Cloud-Assisted Autonomous Vehicles,” IEEE Transac-
tions on Vehicular Technology, vol. 69, no. 9, pp. 9390–9401, 2020.
[31] D. Wang, W. Li, and P. Wang, “Measuring Two-Factor Authentication
Schemes for Real-Time Data Access in Industrial Wireless Sensor
Networks,” IEEE Transactions on Industrial Informatics, vol. 14, no. 9,
pp. 4081–4092, 2018.
[32] P. Gope, A. K. Das, N. Kumar, and Y. Cheng, “Lightweight and Ashok Kumar Das (M’17–SM’18) received a Ph.D.
Physically Secure Anonymous Mutual Authentication Protocol for Real- degree in computer science and engineering, an
Time Data Access in Industrial Wireless Sensor Networks,” IEEE M.Tech. degree in computer science and data pro-
Transactions on Industrial Informatics, vol. 15, no. 9, pp. 4957–4968, cessing, and an M.Sc. degree in mathematics from
2019. IIT Kharagpur, India. He is currently an Associate
[33] M. Wazid, A. K. Das, R. Hussain, G. Succi, and J. J. Rodrigues, Professor with the Center for Security, Theory and
“Authentication in cloud-driven IoT-based big data environment: Survey Algorithmic Research, IIIT, Hyderabad, India. His
and outlook,” Journal of Systems Architecture, vol. 97, pp. 185 – 196, current research interests include cryptography and
2019. network security including security in smart grid,
[34] T. Alladi, V. Chamola, Naren, and N. Kumar, “PARTH: A two-stage Internet of Things (IoT), Internet of Drones (IoD),
lightweight mutual authentication protocol for UAV surveillance net- Internet of Vehicles (IoV), Cyber-Physical Systems
works,” Computer Communications, vol. 160, pp. 81 – 90, 2020. (CPS) and cloud computing, blockchain and AI/ML security. He has authored
[35] T. Alladi, Naren, G. Bansal, V. Chamola, and M. Guizani, “SecAu- over 245 papers in international journals and conferences in the above
thUAV: A Novel Authentication Scheme for UAV-Ground Station and areas, including over 210 reputed journal papers. He was a recipient of
UAV-UAV Communication,” IEEE Transactions on Vehicular Technol- the Institute Silver Medal from IIT Kharagpur. He is on the editorial board
ogy, 2020. of IEEE Systems Journal, Journal of Network and Computer Applications
[36] R. Canetti and H. Krawczyk, “Universally Composable Notions of Key (Elsevier), Computer Communications (Elsevier), IET Communications, KSII
Exchange and Secure Channels,” in International Conference on the The- Transactions on Internet and Information Systems, and International Journal of
ory and Applications of Cryptographic Techniques (EUROCRYPT’02), Internet Technology and Secured Transactions (Inderscience), and has served
Amsterdam, The Netherlands, 2002, pp. 337–351. as a Program Committee Member in many international conferences. He
[37] A. Adavoudi-Jolfaei, M. Ashouri-Talouki, and S. F. Aghili, “Lightweight also severed as one of the Technical Program Committee Chairs of the first
and anonymous three-factor authentication and access control scheme International Congress on Blockchain and Applications (BLOCKCHAIN’19),
for real-time applications in wireless sensor networks,” Peer-to-Peer Avila, Spain, June 2019, International Conference on Applied Soft Com-
Networking and Applications, vol. 12, no. 1, pp. 43–59, 2019. puting and Communication Networks (ACN’20), October 2020, Chennai,
[38] D. Dolev and A. Yao, “On the security of public key protocols,” IEEE India, and second International Congress on Blockchain and Applications
Transactions on Information Theory, vol. 29, no. 2, pp. 198–208, 1983. (BLOCKCHAIN’20), L’Aquila, Italy, October 2020.
[39] T. S. Messerges, E. A. Dabbish, and R. H. Sloan, “Examining smart-card
security under the threat of power analysis attacks,” IEEE Transactions
on Computers, vol. 51, no. 5, pp. 541–552, 2002.
[40] A. K. Sutrala, A. K. Das, N. Kumar, A. G. Reddy, A. V. Vasilakos, and
J. J. P. C. Rodrigues, “On the design of secure user authenticated key
management scheme for multigateway-based wireless sensor networks Sahil Garg (S’15–M’18) is a postdoctoral research
using ECC,” International Journal of Communication Systems, vol. 31, fellow at École de technologie supérieure, Université
no. 8, p. e3514, 2018. du Québec, Montréal, Canada. He received his Ph.D.
[41] K. Park, Y. Park, A. K. Das, S. Yu, J. Lee, and Y. Park, “A Dynamic degree from the Thapar Institute of Engineering
Privacy-Preserving Key Management Protocol for V2G in Social Internet and Technology, Patiala, India, in 2018. He has
of Things,” IEEE Access, vol. 7, pp. 76 812–76 832, 2019. many research contributions in the area of machine
[42] W. E. May, “Secure Hash Standard,” 2015, FIPS PUB learning, big data analytics, security and privacy, the
180-1, National Institute of Standards and Technology Internet of Things, and cloud computing. He has
(NIST), U.S. Department of Commerce, April 1995. over 50 publications in high ranked journals and con-
http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf. Accessed ferences, including 25+ IEEE transactions/journal
on August 2020. papers. He received the IEEE ICC best paper award
[43] C. C. Chang and H. D. Le, “A provably secure, efficient, and flexible in 2018 in Kansas City, Missouri. He serves as the Managing Editor
authentication scheme for ad hoc wireless sensor networks,” IEEE of Springer’s Human-Centric Computing and Information Sciences journal.
Transactions on Wireless Communications, vol. 15, no. 1, pp. 357–366, He is also an Associate Editor of IEEE Network, IEEE System Journal,
2016. Elsevier’s Applied Soft Computing, Future Generation Computer Systems,
[44] S. Mandal, B. Bera, A. K. Sutrala, A. K. Das, K. R. Choo, and and Wiley’s International Journal of Communication Systems. In addition,
Y. Park, “CertificatelessSigncryptionBased ThreeFactor User Access he also serves as a Workshops and Symposia Officer of the IEEE ComSoc
Control Scheme for IoT Environment,” IEEE Internet of Things Journal, Emerging Technology Initiative on Aerial Communications. He has guest-
vol. 7, no. 4, pp. 3184–3197, 2020. edited a number of Special Issues in top-cited journals, including IEEE T-
[45] AVISPA, “SPAN, the Security Protocol ANimator for AVISPA,” 2019, ITS, IEEE TII, the IEEE IoT Journal, IEEE Network, and Future Generation
http://www.avispa-project.org/. Accessed on August 2020. Computer Systems. He serves/served as the Workshop Chair/Publicity Co-
Chair for several IEEE/ACM conferences, including IEEE INFOCOM, IEEE
GLOBECOM, IEEE ICC, ACM MobiCom, and more. He is a member of
ACM.
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2020.3049003, IEEE Internet of
Things Journal
15
2327-4662 (c) 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Authorized licensed use limited to: City, University of London. Downloaded on May 18,2021 at 04:31:33 UTC from IEEE Xplore. Restrictions apply.