With accelerated advances in various technologies, drones, better known as unmanned aerial vehicles (UAVs), are increasingly commonplace and consequently have a more pronounced impact on society. For example, Internet of Drones (IoD), a new communication paradigm offering fundamental navigation assistance and access to information, has widespread applications ranging from agricultural drones in farming to surveillance drones in the COVID-19 pandemic. The increasingly prominent role of IoD in our society also reinforces the importance of securing such systems against various data privacy and security threats. Operationally, it can be challenging to adopt conventional off-the-shelf security products in an IoD system due to the underpinning characteristics of drones (e.g., dynamic and open communication channel). Therefore in this article, we propose a lightweight and privacy-preserving mutual authentication and key agreement protocol, hereafter referred to as PMAP. The latter uses a physical unclonable function (PUF) and chaotic system to support mutual authentication and establish a secure session key between communication entities in the IoD system. To be specific, PMAP consists of two schemes, namely: 1) ${\mathrm{ PMAP}}^{D2Z}$ (that mutually authenticates drone and zone service provider (ZSP) and establishes secure session keys) and 2) ${\mathrm{ PMAP}}^{D2D}$ (that mutually authenticates drones and establishes secure session keys). In addition, PMAP supports conditional privacy preserving so that the genuine identity of drones can only be revealed by trusted ZSPs. We evaluate the security of PMAP using automated validation of Internet security protocols and application (AVISPA), as well as provide formal and informal security analysis to show the resilience of PMAP against various security attacks. We also evaluate the performance of PMAP through extensive experiments and compare its performance with existing AKA and IBE-Lite schemes, whose findings show that PMAP achieves better performance in terms of computation cost, energy consumption, and communication overhead.

中文翻译：

---

一种用于无人机互联网环境的轻量级且保护隐私的相互认证和密钥协商协议


随着各种技术的加速进步，无人机（俗称无人机）变得越来越普遍，对社会的影响也越来越明显。例如，无人机互联网 (IoD) 是一种提供基本导航辅助和信息访问的新通信范式，具有广泛的应用，从农业中的农业无人机到 COVID-19 大流行中的监控无人机。 IoD 在我们社会中日益突出的作用也强化了保护此类系统免受各种数据隐私和安全威胁的重要性。在操作上，由于无人机的基础特性（例如动态和开放的通信通道），在 IoD 系统中采用传统的现成安全产品可能具有挑战性。因此，在本文中，我们提出了一种轻量级且保护隐私的相互认证和密钥协商协议，以下简称PMAP。后者使用物理不可克隆功能（PUF）和混沌系统来支持相互认证并在IoD系统中的通信实体之间建立安全会话密钥。具体来说，PMAP 由两种方案组成，即： 1) ${\mathrm{ PMAP}}^{D2Z}$ （相互验证无人机和区域服务提供商 (ZSP) 并建立安全会话密钥）和 2) ${ \mathrm{ PMAP}}^{D2D}$ （相互验证无人机并建立安全会话密钥）。此外，PMAP 支持有条件的隐私保护，这样无人机的真实身份只能由受信任的 ZSP 来揭示。 我们使用互联网安全协议和应用程序的自动验证 (AVISPA) 来评估 PMAP 的安全性，并提供正式和非正式的安全分析，以显示 PMAP 针对各种安全攻击的弹性。我们还通过大量的实验评估了 PMAP 的性能，并将其性能与现有的 AKA 和 IBE-Lite 方案进行了比较，结果表明 PMAP 在计算成本、能耗和通信开销方面取得了更好的性能。