*Article* **A Traceable and Privacy-Preserving Authentication for UAV Communication Control System**

#### **Chin-Ling Chen 1,2,3, Yong-Yuan Deng 3,\*, Wei Weng 1,\*, Chi-Hua Chen 4,\*, Yi-Jui Chiu <sup>5</sup> and Chih-Ming Wu <sup>6</sup>**


Received: 15 November 2019; Accepted: 20 December 2019; Published: 1 January 2020

**Abstract:** In recent years, the concept of the Internet of Things has been introduced. Information, communication, and network technology can be integrated, so that the unmanned aerial vehicle (UAV) from consumer leisure and entertainment toys can be utilized in high value commercial, agricultural, and defense field applications, and become a killer product. In this paper, a traceable and privacy-preserving authentication is proposed to integrate the elliptic curve cryptography (ECC), digital signature, hash function, and other cryptography mechanisms for UAV application. For sensitive areas, players must obtain flight approval from the ground control station before they can control the UAV in these areas. The traditional cryptography services such as integrity, confidentiality, anonymity, availability, privacy, non-repudiation, defense against DoS (Denial-of-Service) attack, and spoofing attack can be ensured. The feasibility of mutual authentication was proved by BAN logic. In addition, the computation cost and the communication cost of the proposed scheme were analyzed. The proposed scheme provides a novel application field.

**Keywords:** UAV; Mutual authentication; Privacy; Traceable; BAN logic

#### **1. Introduction**

With the development of battery power, sensing systems, artificial intelligence and other technologies, small commercial unmanned aerial vehicles (UAVs) combining these technologies have, in recent years, become a very popular product. Small UAVs have tremendous potential in different fields and tasks, and have great flexibility in application. In addition to personal aerial photography, entertainment, and commercial markets, they can be used in various monitoring work such as disaster relief [1], in various environments involving animals and plants, coasts and borders [2,3], in freight transportation, military and police law enforcement tasks, and even agricultural and industrial applications [4–8]. Nader et al. [9] pointed out that UAVs could be employed in different ways to achieve smart city services. For example, using UAVs for traffic monitoring and management, merchandise delivery, health and emergency services, and air taxi services can enhance these services in terms of quality, productivity, timeliness, reliability, and performance and could help reduce the

costs of offering these services. However, small UAVs also can pose a variety of security threats under improper use.

Although every case of an unmanned aerial vehicle being improperly used has complex security implications, it is difficult to sum this up as a single security threat; for example, in the protection of important persons, unmanned aerial vehicles may violate their privacy, launch attacks, threaten their lives, or destroy their facilities. Different threats in several different cases are examined below.


To sum up, in spite of UAVs being widely used in civilian, commercial, and military applications in recent years, because they use wireless networks for information exchange, there are many security issues that are faced.

Firstly, "privacy" refers to the part of an individual that he does not want to be known by others, and that he has the right to protect. In English, "to be let alone" means to "not be disturbed by others", which is the basic spirit of privacy. Privacy also means "secret". In general, what we call privacy refers to information privacy. Privacy and freedom are related to individual behavior rather than inappropriate observation and interference by others. The interests of privacy include sexual activities, religious practices, and political activities. What is the importance of privacy? Privacy is about human

dignity, personal subjectivity, and personality development. If some of a person's own information is exposed, he will feel uncomfortable, embarrassed, or harassed by others, and it will be difficult to live comfortably. Compared with personal privacy, sensitive information of the state or government has a greater impact.

Secondly, the malicious attacker can perform passive eavesdropping, active interfering, leaking of secret information, data tampering, denial of service, message misuse, message replay, and impersonation attack between sender and receiver. This will cause the resource collapse attack, and even disturb the operations of routing protocol for UAVs [10]. UAVs are conducted in flying ad hoc networks (FANETs) which should provide defense against various known attacks under wireless environment.

Thirdly, because of the specific properties of FANET (wireless links, collaborative characteristics, uncontrollable environment, and lack of a fixed infrastructure) securing the network is difficult. The traditional security issues are availability, authentication, integrity, and confidentiality, which have become targets that the attacker wants to break. [11]. Legitimate UAVs suffer from malicious UAVs by implanting the incorrect information into their sensors. Therefore, it causes these compromised UAVs to transmit the wrong messages for the base station, and thereby endangering the data integrity [10].

In order to legalize and guarantee the privacy of the broadcasted messages, much literature is focused on this issues. For example, Strohmeier et al. [12] surveyed an automatic dependent surveillance-broadcast protocol (ADS-B), and that is an on-board component part of the UAV system, and discussed and listed the vulnerabilities in ADS-B protocol. Wesson et al. [13] further analyzed and evaluated the cryptographic strategies of ADS-B based on their effectiveness and practicality in the cost-averse, technologically-complex, and interoperability-focused aviation community. The purpose of these works was to find a suitable mechanism to ensure the security of the UAVs system for sensitive control areas.

In past literature, some articles [10,14–16] refer to malicious attacks on UAV applications, such as intrusion detection, enhancing security against the lethal cyber-attacks for UAV networks. Therefore, a Q-learning-based UAV power allocation strategy combining Q-learning and deep learning to accelerate the learning speed for attack modes was proposed by Xiao et al. [17]. García-Magariño et al. [16] used a secure asymmetric encryption with a pre-shared list of official UAVs and an agent-based approach to detect if an official UAV is physically hijacked. However, these articles only focus on the intrusion detection or the problem of UAVs being physical hijacked. It is a fact that to prevent all intrusions from being attacked by hackers, the fundamental solution is to propose an effective and comprehensive security protocol. Such a secure mechanism should comprehensively detect and provide information and identity authentication to achieve the purposes of availability, privacy, and non-repudiation and to defend against known attacks for the UAV's environment.

Recently, some literature [18–21] has used specific cryptographic algorithms to implement security mechanisms in UAVs. In 2017, Yoon et al. [18] used the Raspberry Pi to present a design of a second channel security system that can regain control of a UAV when there is an attack on the UAV. In this scheme, the authors only used flow charts to describe the scenario. The authors claimed that they can provide authentication with the ground station and defense against the DoS attack. However, this scheme does not present the detail cryptography scenario and no performance analysis.

Later, Chen et al. [19] proposed a mutual authentication improvement in security. In order to achieve higher efficiency and reduce the computational cost, thus the proposed scheme conformed to the network-connected UAV communication systems, and that satisfied the requirements of the limited bandwidth and computation resources. However, the authors used the asymmetric bilinear pairings mechanism and the cost of this was high and it was not supported by formal proof. Wazid et al. [20] also presented a lightweight remote user authentication and key agreement scheme to solve security issues between the user and the accessed drone in Internet of Drones (IoD) applications.

Recently, Tian et al. [21] proposed an efficient privacy-preserving authentication framework for the edge-assisted Internet of Drones. They followed a predictive UAV authentication approach. The authors considered that location, identity, and flying routes of each legitimate UAV are sensitive information in the IoD network. Therefore, they proposed a secure authentication and privacy protection for an efficient MEC-assisted (mobile edge computing) framework. But this scheme did not consider mutual authentication for ensuring the communication entity.

In fact, due to the UAV's characteristics, it is hard to prevent a privacy leak. Therefore, this study aims to focus on sensitive areas (for example: airports and military areas) to set up this management system and use ECC (elliptic curve cryptography) technology [22,23] to ensure data integrity and nonrepudiation. It is a fact that any intruders can break through the defense function of the system if the security mechanism of the system is not perfect and the user's identity is not authenticated accurately. This study also intends to employ the proof mode of BAN logic mechanism for mutual authentication to eliminate the intrusive chances of malicious attackers.

The paper is organized as follows. The applied mechanisms and security mechanisms are reviewed and discussed in Section 2. The designs and flows of the proposed scheme are presented in Section 3. Security analyses and comparisons are discussed in Section 4. Finally, in Section 5, conclusions are offered.

#### **2. Preliminary and Security Requirements**

This section includes two subsections: (1) the elliptic curve cryptography and Diffie–Hellman key exchange are presented in Section 2.1 and (2) security requirements are defined in Section 2.2.

#### *2.1. Elliptic Curve Cryptography and Di*ffi*e–Hellman Key Exchange*

Elliptic curve cryptography [22,23] was proposed in 1995. Digital signature schemes can be used to provide the following basic cryptographic services: data integrity, data origin authentication, and non-repudiation.

The Diffie–Hellman key exchange [24] is a method for securely exchanging cryptographic keys over a public channel. It is one of the earliest practical examples of public key exchange implemented within the field of cryptography. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications by using a symmetric key cipher.

The following problems exist for the Elliptic Curve Diffie-Hellman method:

Computational Diffie–Hellman (CDH) Problem: Given *aP* and *bP*, where *a*, *b* ∈ *R*, *Z* ∗ *q*, and *P* are the generator of *G*, compute *abP*.

Decisional Diffie–Hellman (DDH) Problem: Given *aP*, *bP*, and *cP*, where *a*, *b*, *c* ∈ *R*, *Z* ∗ *q*, and *P* are the generators of *G*, confirm whether or not *cP* = *abP*, which is equal to confirming whether or not *c* = *ab*mod*q*.

#### *2.2. Security Requirements*

A UAV communication control system has the following main security requirements and known attacks [11,13–15,19,20,25]:


#### **3. The Proposed Scheme**

This section includes nine subsections: (1) system architecture is designed and described in Section 3.1, (2) the used notations in this study are defined in Section 3.2, (3) the manufacturer (UAV) registration phase of the proposed scheme is illustrated in Section 3.3, (4) the player (mobile device) registration phase of the proposed scheme is presented in Section 3.4, (5) the ground control station registration phase of the proposed scheme is described in Section 3.5, (6) the player and manufacturer authentication and communication phase of the proposed scheme is shown in Section 3.6, (7) the player and ground control station authentication and communication phase of the proposed scheme is designed in Section 3.7, (8) the player, UAV, and ground control station authentication and communication phase of the proposed scheme is discussed in Section 3.8, and (9) the ground control station and UAV authentication and communication phase of the proposed scheme is illustrated in Section 3.9.

#### *3.1. System Architecture*

Figure 1 is the system framework of the proposed scheme in this study.

**Figure 1.** The framework of a traceable and privacy-preserving authentication for UAV ad hoc communication.

There are four parties in the scheme:


#### *3.2. Notations*



#### *3.3. Manufacturer (UAV) Registration Phase*

The manufacturer must take the UAV to register with the trusted authority center. The manufacturer (UAV) registration phase of the proposed scheme is shown in Figure 2.

Step 1: The manufacturer selects an identity *IDUAV*, and transmits it to the trusted authority center. Step 2: The trusted authority center selects a random number *rUAV*, calculates

$$\begin{array}{c} \mathcal{R}\_{ULAV} = r\_{ULAV} P\_{\prime} \\ h\_{ULV} = H\_1 (ID\_{ULAV\prime} R\_{ULAV})\_{\prime} \\ S\_{ULAV} = r\_{ULV} + h\_{ULAV\prime} \end{array}$$

and then sends (*RUAV*, *SUAV*, *PKUAV*, *SKUAV*) to the manufacturer.

Step 3: The manufacturer verifies

$$S\_{ULAV}P \stackrel{?}{=} R\_{ULAV} + H\_1(ID\_{ULAV}R\_{ULAV})PK\_{TAC}.$$

If the verification is passed, the manufacturer stores (*RUAV*, *SUAV*, *PKUAV*, *SKUAV*) to the UAV.

**Figure 2.** Manufacturer (UAV) registration phase of the proposed scheme.

#### *3.4. Player (Mobile Device) Registration Phase*

The player must take the mobile device to register with the trusted authority center. The scenarios of player (mobile device) registration phase is shown in Figure 3.

Step 1: The player selects an identity *IDPMD*, and transmits it to the trusted authority center. Step 2: The trusted authority center selects a random number *rPMD*, calculates

> *RPMD* = *rPMDP*, *hPMD* = *H*1(*IDPMD*,*RPMD*), *SPMD* = *rPMD* + *hPMDs*,

and then sends (*RPMD*, *SPMD*, *PKPMD*, *SKPMD*) to the player. Step 3: The player verifies

$$S\_{PMD}P \stackrel{?}{=} R\_{PMD} + H\_1(ID\_{PMD}, R\_{PMD})PK\_{TAC} \dots$$

If the verification is passed, the player stores (*RPMD*, *SPMD*, *PKPMD*, *SKPMD*) to the mobile device.


#### *3.5. Ground Control Station Registration Phase*

The ground control station must also register with the trusted authority center. The ground control station registration phase of the proposed scheme is shown in Figure 4.

Step 1: The ground control station selects an identity *IDGCS*, and transmits it to the trusted authority center.

Step 2: The trusted authority center selects a random number *rGCS*, calculates

$$\begin{array}{c} R\_{\rm GCS} = r\_{\rm GCS} P\_{\prime} \\ h\_{\rm GCS} = H\_1 (ID\_{\rm GCS}, R\_{\rm GCS})\_{\prime} \\ S\_{\rm GCS} = r\_{\rm GCS} + h\_{\rm GCS} s\_{\prime} \end{array}$$

and then sends (*RGCS*, *SGCS*, *PKGCS*, *SKGCS*) to the ground control station.

Step 3: The ground control station verifies

$$S\_{\rm GCS}P \stackrel{?}{=} R\_{\rm GCS} + H\_1(ID\_{\rm GCS}, R\_{\rm GCS})PK\_{\rm TAC}.$$

If the verification is passed, the ground control station stores (*RGCS*, *SGCS*, *PKGCS*, *SKGCS*).

**Figure 4.** Ground control station registration phase of the proposed scheme.

#### *3.6. Player and Manufacturer Authentication and Communication Phase*

When a player wants to control UAVs, the player carries his/her mobile device to buy or rent a UAV from the manufacturer. After mutual authentication between the player and the manufacturer, the manufacturer will transfer the purchase or rental certificate of the UAV to the player, and store the certificate of the UAV. The player and manufacturer authentication and communication phase is shown in Figure 5.

Step 1: The player selects a random number *a*, computes

$$T\_{PMD} = aP\_{\prime \prime}$$

and then transmits (*IDPMD*,*RPMD*, *TPMD*) to the manufacturer.

Step 2: The manufacturer selects a random number *b*, calculates

$$\begin{aligned} T\_{ULAV} &= bP\_\prime\\ PK\_{PMD} &= R\_{PMD} + H\_1(ID\_{PMD}, R\_{PMD})PK\_{TAC} \\ K\_{IP1} &= S\_{ULAV}T\_{PMD} + bPK\_{PMD} \\ K\_{IP2} &= bT\_{PMD} \end{aligned}$$

and the session key

$$SEK\_{UP} = H\_2(K\_{UP1}, K\_{UP2})\dots$$

The manufacturer then calculates

$$\text{CHK}\_{\text{PL}} = H\_3(\text{SEK}\_{\text{LIP}}, T\_{\text{PMD}})$$

and transmits (*IDUAV*,*RUAV*, *TUAV*,*CHKPU*) to the player. Step 3: The player calculates

$$\begin{aligned} PK\_{lLAV} &= R\_{lLAV} + H\_1(ID\_{lLAV}, R\_{lLAV}) PK\_{TACV} \\ K\_{PLI1} &= S\_{PMD} T\_{lLAV} + aPK\_{lIAV} \\ K\_{PL2} &= aT\_{lLAV} \end{aligned}$$

and the session key

$$SEK\_{UP} = H\_2(K\_{PL1}, K\_{PL2})\_{\prime\prime}$$

*Electronics* **2020**, *9*, 62

The player verifies

$$CHK\_{PUI} \overset{?}{=} H\_3(SEK\_{UP}, T\_{PMD})$$

to check the legality of the manufacturer. If the verification is passed, the player computes

$$\begin{array}{c} \text{cpMD} = E\_{SEK\_{UP}}(M\_{\text{payment}})\_{\prime} \\ \text{CHK}\_{UP} = H\_{\text{3}}(SEK\_{UP}, T\_{ULAV})\_{\prime} \end{array}$$

and transmits (*IDPMD*, *cPMD*,*CHKUP*) to the manufacturer.

Step 4: The manufacturer verifies

$$\text{CHK}\_{\text{UP}} \stackrel{?}{=} H\_3(\text{SEK}\_{\text{UP}}, T\_{\text{ULAV}})$$

to check the legality of the player. If the verification is passed, the session key *SEKUP* between the player and the manufacturer is established successfully. The manufacturer calculates

$$M\_{\text{payment}} = D\_{SE\mathcal{K}\_{\text{LIP}}}(c\_{\text{PMD}}),$$

to get the payment information of the player. After the payment, the manufacturer generates the encrypted purchase or rental certificate of the UAV

$$\begin{array}{l} \mathcal{C}\_{\mathit{LLV}} = \mathcal{E}\_{\mathit{SEK}\_{\mathit{lIP}}} (\mathcal{M}\_{\mathit{paryment}} \mathit{Cert}\_{\mathit{LLAV}}),\\ \mathcal{S} \mathcal{g}\_{\mathit{LLV}} = \mathcal{S}\_{\mathit{SK}\_{\mathit{LAV}}} (\mathcal{M}\_{\mathit{pryment}} \mathit{Cert}\_{\mathit{LLAV}}),\end{array}$$

and transmits (*IDUAV*, *cUAV*, *SigUAV*) to the player.

Step 5: The player decrypts the received message

$$(\mathcal{M}\_{\text{pyruvate}}, \mathcal{C}ert\_{\text{LAV}}) = D\_{\text{SEK}\_{\text{LIP}}}(c\_{\text{LAV}})\_{\prime \prime}$$

verifies the signature

$$(M\_{\text{payment}}, \text{Cert}\_{\text{ULAV}}) \stackrel{?}{=} V\_{PK\_{\text{ULAV}}}(\text{Si}\_{\text{SULAV}})\_{\text{-}\text{}}$$

and obtains the purchase or rental certificate of the UAV from the manufacturer.

#### *3.7. Player and Ground Control Station Authentication and Communication Phase*

After the player has the right to use the UAV, then he/she must submit a flight path and purpose to the ground control station for review. After mutual authentication between the player and the ground control station, the ground control station will transfer the decision of the flight plan to the player, and keeps the relevant flight information. The player and ground control station authentication and communication phase of the proposed scheme is shown in Figure 6.

Step 1: The player selects a random number *c*, computes

$$T\_{PMD2} = cP\_{\prime}$$

and then transmits (*IDPMD*,*RPMD*, *TPMD*2) to the ground control station. Step 2: The ground control station selects a random number *d*, calculates

$$\begin{array}{c} T\_{\text{GCS}} = dP\_{\prime} \\ PK\_{\text{PMD}} = R\_{\text{PMD}} + H\_1 (ID\_{\text{PMD}}, R\_{\text{PMD}}) PK\_{\text{TAC}} \\ K\_{\text{GP1}} = S\_{\text{GCS}} T\_{\text{PMD2}} + dP K\_{\text{PMD}} \\ K\_{\text{GP2}} = dT\_{\text{PMD2}} \end{array}$$

and the session key

$$SEK\_{GP} = H\_2(K\_{GP1}, K\_{GP2})\dots$$

The ground control station then calculates

$$CHK\_{PG} = H\_3(SEK\_{GP\prime}T\_{PMD2})^{-1}$$

and transmits (*IDGCS*,*RGCS*, *TGCS*,*CHKPG*) to the player. Step 3: The player calculates

$$\begin{aligned} PK\_{GCS} &= R\_{GCS} + H\_1(ID\_{GCS}, R\_{GCS})PK\_{TAC\prime}, \\ K\_{PG1} &= S\_{PMD}T\_{GCS} + cPK\_{GCS\prime}, \\ K\_{PG2} &= cT\_{GCS\prime} \end{aligned}$$

and the session key

$$SEK\_{GP} = H\_2(K\_{PG1}, K\_{PG2})\dots$$

The player verifies

$$\text{CHK}\_{\text{PG}} \overset{?}{=} H\_{\text{3}}(\text{SEK}\_{\text{GP}}, \text{T}\_{\text{PMD2}}),$$

to check the legality of the ground control station. If the verification is passed, the player calculates

$$\begin{array}{c} \mathcal{C}\_{\text{PMD2}} = E\_{SEK\_{\text{GP}}} (\mathcal{M}\_{\text{raquest}}, \text{Cert}\_{\text{LIAV}})\_{\prime} \\ \mathcal{C}HK\_{\text{GP}} = H\_{\text{3}} (SEK\_{\text{GP}}, T\_{\text{GCS}})\_{\prime} \end{array}$$

and transmits (*IDPMD*, *cPMD*2,*CHKGP*) to the ground control station.

Step 4: The ground control station verifies

$$\text{CHK}\_{\text{GP}} \overset{?}{=} H\_3(\text{SEK}\_{\text{GP}}, T\_{\text{GCS}}),$$

to check the legality of the player. If the verification is passed, the session key *SEKGP* between the player and the ground control station is established successfully. The ground control station calculates

$$(\mathcal{M}\_{\text{request}}, \mathcal{C}ert\_{\text{ULAV}}) = D\_{\text{SE}\mathcal{K}\_{\text{GP}}}(\mathbf{c}\_{\text{PMD2}}),$$

to get the flight path information of the player. After the review, the ground control station generates the encrypted decision of the flight plan

$$\begin{aligned} \mathfrak{c}\_{\text{GCS}} &= E\_{\text{SEK}\_{\text{GP}}} (ID\_{\text{PMD}}, M\_{\text{request}}, \text{Cert}\_{\text{LLAV}}),\\ \mathfrak{S}\_{\text{GCS}} &= \mathcal{S}\_{\text{SK}\_{\text{GCS}}} (ID\_{\text{PMD}}, M\_{\text{request}}, \text{Cert}\_{\text{LLAV}}), \end{aligned}$$

and transmits (*IDGCS*, *cGCS*, *SigGCS*) to the player.

Step 5: The player decrypts the received message

$$(ID\_{\text{PMD}}, M\_{\text{request}}, \text{Cert}\_{\text{LAV}}) = D\_{\text{SEK}\_{\text{GP}}}(\text{c}\_{\text{GCS}})\_{\text{V}}$$

verifies the signature

$$(ID\_{PMD\prime}M\_{\text{request}\prime} \text{Cort}\_{ULAV}) \stackrel{?}{=} V\_{PK\_{GCS}}(Sig\_{GCS})\_{\prime\prime}$$

and obtains the decision of the flight plan from the ground control station.

**Figure 6.** Player and ground control station authentication and communication phase of the proposed scheme.

#### *3.8. Player, UAV and Ground Control Station Authentication and Communication Phase*

The player transfers the purchase or rental certificate of the UAV, and the flight path agreed by the ground control station to the UAV. After mutual authentication between the player and the UAV, and mutual authentication between the UAV and the ground control station, the UAV will confirm the legality of the flight path again from the ground control station. After confirming the legality of the relevant identity and flight path, the player can control the UAV through his/her mobile device. The player, UAV and ground control station authentication and communication phase of the proposed scheme is shown in Figure 7.

Step 1: The player calculates

*cPMD*<sup>3</sup> = *ESEKUP* (*Mrequest*,*CertUAV*), *SigPMD*<sup>3</sup> = *SSKPMD* (*Mrequest*,*CertUAV*),

and transmits (*IDPMD*, *cPMD*3, *SigPMD*3) to the UAV. Step 2: The UAV decrypts the received message

$$(\mathcal{M}\_{request}, \mathcal{C}ert\_{\mathcal{U}IAV}) = D\_{SE\mathcal{K}\_{\mathcal{U}\mathcal{P}}}(c\_{\mathcal{P}\mathcal{U}\mathcal{D}})\_{\prime\prime}$$

verifies the signature

$$(M\_{\text{request}}, \text{Cort}\_{\text{ULAV}}) \stackrel{?}{=} V\_{\text{PKMD}}(\text{Sig}\_{\text{PMD3}})\_{\text{//}}$$

and obtains the purchase or rental certificate of the UAV, and the flight path agreed by the ground control station.

The UAV then chooses a random number *e*, calculates

$$T\_{UAV2} = \epsilon P\_{\prime}$$

and then transmits (*IDUAV*,*RUAV*, *TUAV*2) to the ground control station. Step 3: The ground control station chooses a random number *f*, computes

$$\begin{aligned} T\_{\text{GCS2}} &= f \text{P}\_{\prime} \\ \text{PK}\_{\text{LIAV}} &= \text{R}\_{\text{LIAV}} + \text{H}\_{1} (\text{ID}\_{\text{LIAV}}, \text{R}\_{\text{LIAV}}) \text{PK}\_{\text{TACV}} \\ \text{K}\_{\text{GLI}} &= \text{S}\_{\text{GCS}} T\_{\text{LIAV2}} + f \text{PK}\_{\text{LIAV}} \\ \text{K}\_{\text{GLI2}} &= f T\_{\text{LIAV2}} \end{aligned}$$

and the session key

$$SEK\_{GL} = H\_2(K\_{GL1}, K\_{GL2})\dots$$

The ground control station then calculates

$$CHK\_{UG} = H\_3(SEK\_{GL}, T\_{LAV2})\_\*)$$

and transmits (*IDGCS*,*RGCS*, *TGCS*2,*CHKUG*) to the UAV. Step 4: The UAV calculates

$$\begin{aligned} PK\_{\text{GCS}} &= R\_{\text{GCS}} + H\_1 (ID\_{\text{GCS}} \, R\_{\text{GCS}}) PK\_{\text{TAC}}, \\ K\_{\text{UG1}} &= S\_{\text{LLAV}} T\_{\text{GCS2}} + \epsilon PK\_{\text{GCS}}, \\ K\_{\text{UG2}} &= \epsilon T\_{\text{GCS2}}. \end{aligned}$$

and the session key

$$SEK\_{GL} = H\_2(K\_{LG1\prime}K\_{LG2})\dots$$

The UAV verifies

*CHKUG* ? = *H*3(*SEKGU*, *TUAV*2) to check the legality of the ground control station. If the verification is passed, the UAV calculates

$$\begin{array}{c} \mathcal{C}\_{ILV2} = E\_{SEK\_{GL}} (ID\_{PMD}, \mathcal{M}\_{\text{request}}, \text{Cort}\_{LLAV})\_{\prime} \\ \mathcal{CHK}\_{GL} = H\_3 (SEK\_{GL}, T\_{CCS2})\_{\prime} \end{array}$$

and transmits (*IDUAV*, *cUAV*2,*CHKGU*) to the ground control station. Step 5: The ground control station verifies

$$\text{CHK}\_{UG} \overset{?}{=} H\_{\mathfrak{Z}}(\text{SEK}\_{GUI}, T\_{\text{GCS2}})$$

to check the legality of the UAV. If the verification is passed, the session key *SEKGU* between the UAV and the ground control station is established successfully. The ground control station calculates

$$(ID\_{PMD}, \mathcal{M}\_{\text{request}}, \mathcal{C}rt\_{UAV}) = D\_{SEK\_{GI}}(\mathbf{c}\_{UAV2})$$

to get the flight path information of the UAV. After the review, the ground control station generates the encrypted confirm message of the flight plan

*cGCS*<sup>2</sup> = *ESEKGU* (*IDPMD*, *Mcon firm*,*CertUAV*), *SigGCS*<sup>2</sup> = *SSKGCS* (*IDPMD*, *Mcon firm*,*CertUAV*),

and transmits (*IDGCS*, *cGCS*2, *SigGCS*2) to the UAV. Step 6: The UAV decrypts the received message

$$(ID\_{PMD}M\_{\text{confirm}\prime}Cert\_{LAV}) = D\_{SEK\_{GL}}(c\_{GCS2})\_{\prime\prime}$$

verifies the signature

$$(ID\_{PMD}M\_{confirm} \operatorname{Cort}\_{ULAV}) \stackrel{?}{=} V\_{PK\_{GCS}}(\operatorname{Sign}\_{GCS2})\_V$$

and obtains the confirm message of the flight plan from the ground control station. Then, the UAV generates the encrypted confirm message of the flight plan and GPS information

> *cUAV*<sup>3</sup> = *ESEKUP* (*IDPMD*, *Mcon firm*, *MGPS*,*CertUAV*), *SigUAV*<sup>3</sup> = *SSKUAV* (*IDPMD*, *Mcon firm*, *MGPS*,*CertUAV*),

and transmits (*IDUAV*, *cUAV*3, *SigUAV*3) to the player. Step 7: The player decrypts the received message

$$(ID\_{\text{PMD}}, M\_{\text{request}}, M\_{\text{GPS}}, \text{Cert}\_{\text{lLAV}}) = D\_{\text{SEK}\_{\text{lIP}}}(c\_{\text{lLAV3}})\_{\text{r}}$$

verifies the signature

$$(ID\_{PMD}M\_{confirm}, M\_{GPS}, \mathcal{Cert}\_{ULAV}) \stackrel{?}{=} V\_{PK\_{ULAV}}(\mathcal{Sig}\_{LAV3})\_{.} $$

then obtains the confirm message of the flight plan and GPS information.

 *PMD PMD PMD ID c Sig GCS GCS GCS UG ID R T CHK UAV UAV GU ID c CHK* " *GU GCS GCS GCS GCS TAC UG UAV GCS GCS UG GCS GU UG UG UG GU UAV UAV SEK PMD request UAV GU GU GCS PK R H ID R PK K S T ePK K eT SEK H K K CHK H SEK T c E ID M Cert CHK H SEK T* = + = + = = = = = " *GU GU GCS GU GU GCS PMD request UAV SEK UAV GCS SEK PMD confirm UAV GCS SK PMD confirm UAV CHK H SEK T ID M Cert D c c E ID M Cert Sig S ID M Cert* = = = = " &KRRVHDUDQGRPQXPEHU *UP PMD request UAV SEK PMD request UAV PK PMD UAV M Cert D c M Cert V Sig e T eP* = = = &KRRVHDUDQGRPQXPEHU *GCS UAV UAV UAV UAV TAC GU GCS UAV UAV GU UAV GU GU GU UG GU UAV f T fP PK R H ID R PK K S T fPK K fT SEK H K K CHK H SEK T* = = + = + = = = *GCS GCS GCS ID c Sig* " *GU GCS UP UAV PMD confirm UAV SEK GCS PMD confirm UAV PK GCS UAV SEK PMD confirm GPS UAV UAV SK PMD confirm GPS UAV ID M Cert D c ID M Cert V Sig c E ID M M Cert Sig S ID M M Cert* = = = = *UP PMD PMD SEK request UAV PMD SK request UAV c E M Cert Sig S M Cert* = = *UAV UAV UAV ID R T UAV UAV UAV ID c Sig* **3OD\HUPRELOHGHYLFH** " *UP UAV PMD confirm GPS UAV SEK UAV PMD confirm GPS UAV PK UAV ID M M Cert D c ID M M Cert V Sig* = = **\*URXQGFRQWUROVWDWLRQ**

**Figure 7.** Player, UAV, and ground control station authentication and communication phase of the proposed scheme.

#### *3.9. Ground Control Station and UAV Authentication and Communication Phase*

When the ground control station wants to know whether the scope of the regulation has been applied to the UAV, the ground control station can ask the UAV to provide relevant proof. After mutual authentication between the ground control station and the UAV, the UAV will respond and confirm the message of the flight plan from the ground control station and GPS information to the ground control station. The ground control station and UAV authentication and communication phase of the proposed scheme is shown in Figure 8.

Step 1: The ground control station calculates

*cGCS*<sup>3</sup> = *ESEKGU* (*IDUAV*, *Mrequest*), *SigGCS*<sup>3</sup> = *SSKGCS* (*IDUAV*, *Mrequest*),

and transmits (*IDUAV*, *Mrequest*) = *DSEKGU* (*cGCS*3) to the UAV. Step 2: The UAV decrypts the received message

(*IDUAV*, *Mrequest*) = *DSEKGU* (*cGCS*3),

verifies the signature

$$(ID\_{lIAV}, \mathcal{M}\_{\text{request}}) \stackrel{?}{=} V\_{PK\_{\text{CCS}}}(\text{Sig}\_{\text{CCS3}})\_{.4}$$

and obtains the legality check request from the ground control station. Then, the UAV generates the encrypted confirmation message of the flight plan and GPS information

> *CUAV*<sup>4</sup> = *ESEKGU* (*IDPMD*, *Mcon firm*, *MGPS*,*CertUAV*), *SigUAV*<sup>4</sup> = *SSKUAV* (*IDPMD*, *Mcon firm*, *MGPS*,*CertUAV*),

and transmits (*IDUAV*, *cUAV*4, *SigUAV*4) to the ground control station. Step 3: The ground control station decrypts the received message

(*IDPMD*, *Mcon firm*, *MGPS*,*CertUAV*) = *DSEKGU* (*cUAV*4),

verifies the signature

(*IDPMD*, *Mcon firm*, *MGPS*,*CertUAV*) ? = *VPKUAV* (*SigUAV*4),

then obtains the response of the UAV and GPS information.

 *GCS GCS GCS ID c Sig* " *GU GCS GU UAV UAV request SEK GCS UAV request PK GCS UAV SEK PMD confirm GPS UAV UAV SK PMD confirm GPS UAV ID M D c ID M V Sig c E ID M M Cert Sig S ID M M Cert* = = = = *GU GCS GCS SEK UAV request GCS SK UAV request c E ID M Sig S ID M* = = *UAV UAV UAV ID c Sig* " *GU UAV PMD confirm GPS UAV SEK UAV PMD confirm GPS UAV PK UAV ID M M Cert D c ID M M Cert V Sig* = = **\*URXQGFRQWUROVWDWLRQ 8\$9**

**Figure 8.** Ground control station and UAV authentication and communication phase of the proposed scheme.

#### **4. Security Analysis**

This section includes nine subsections: (1) the mutual authentication of the proposed scheme is analyzed in Section 4.1, (2) the integrity and confidentiality of the proposed scheme are evaluated in Section 4.2, (3) the identity anonymity and privacy of the proposed scheme are proved in Section 4.3, (4) availability and prevention of DoS attack are discussed in Section 4.4, (5) prevention of spoofing attack is discussed in Section 4.5, (6) the non-repudiation of the proposed scheme is analyzed in Section 4.6, (7) security issues are compared in Section 4.7, (8) the computation cost of the proposed scheme is compared with other schemes in Section 4.8, and (9) the communication cost of the proposed scheme is compared with other schemes in Section 4.9.

#### *4.1. Mutual Authentication*

BAN logic [26] is used to prove that the proposed scheme achieves mutual authentication between different parties in each phase.

In the player and manufacturer authentication and communication phase, the main goal of the scheme is to make sure whether the legality is authenticated by the player *P* and the manufacturer *M*.

$$\begin{aligned} G1: \quad & P| \equiv P \stackrel{SEK\_{\tiny{}} \atop \Theta}{\leftrightarrow} M\\ G2: \quad & P| \equiv M| \equiv P \stackrel{SEK\_{\tiny{}} \atop \Theta}{\leftrightarrow} M\\ G3: \quad & M| \equiv P \stackrel{SEK\_{\tiny{}} \atop \Theta}{\leftrightarrow} M\\ G4: \quad & P| \equiv P| \equiv P \stackrel{SEK\_{\tiny{}} \atop \Theta}{\leftrightarrow} M\\ G5: \quad & P| \equiv ID\_{\tiny{}}\\ G6: \quad & P| \equiv M| \equiv ID\_{\tiny{}}\\ G7: \quad & M| \equiv ID\_{\tiny{}PMD}\\ G8: \quad & M| \equiv P| \equiv ID\_{\tiny{}PMD} \end{aligned}$$

According to the player and manufacturer authentication and communication phase, BAN logic is used to produce an idealized form as follows.

*M1* : (< *IDPMD*,*RPMD*, *TPMD* >*PKUAV* ,< *H*(*SEKUP*, *TUAV*) >*CHKUP* ) *M2* : (< *IDUAV*,*RUAV*, *TUAV* >*PKPMD* ,< *H*(*SEKUP*, *TPMD*) >*CHKPU* )

To analyze the proposed scheme, the following assumptions are made.

*A1* : *P*| ≡ #(*TPMD*) *A2* : *M*| ≡ #(*TPMD*) *A3* : *P*| ≡ #(*TUAV*) *A4* : *M*| ≡ #(*TUAV*) *A5* : *<sup>P</sup>*| ≡ *<sup>M</sup>*| ⇒ *<sup>P</sup> SEKUP* <sup>↔</sup> *<sup>M</sup> A6* : *<sup>M</sup>*| ≡ *<sup>P</sup>*| ⇒ *<sup>P</sup> SEKUP* <sup>↔</sup> *<sup>M</sup> A7* : *P*| ≡ *M*| ⇒ *IDUAV A8* : *M*| ≡ *P*| ⇒ *IDPMD*

According to these assumptions and goals of BAN logic, the main proof of the player and manufacturer authentication and communication phase is as follows.

a. The manufacturer *M* authenticates the player *P*.


By (*Statement 10*), (*Statement 11*), and the *nonce verification rule*, *Statement 12* can be derived. *P*| ≡ *M*| ≡ (< *IDUAV*,*RUAV*, *TUAV* >*PKPMD* ,< *<sup>H</sup>*(*SEKUP*, *TPMD*) <sup>&</sup>gt;*CHKPU* ). (*Statement 12*) By (*Statement 12*) and the *belief rule*, *Statement 13* can be derived. *<sup>P</sup>*| ≡ *<sup>M</sup>*| ≡ *<sup>P</sup> SEKUP* <sup>↔</sup> *<sup>M</sup>*. (*Statement 13*) By (*Statement 13*), *A5*, and the *jurisdiction rule*, *Statement 14* can be derived. *<sup>P</sup>*| ≡ *<sup>P</sup> SEKUP* <sup>↔</sup> *<sup>M</sup>*. (*Statement 14*) By (*Statement 14*) and the *belief rule*, *Statement 15* can be derived. *P*| ≡ *M*| ≡ *IDUAV*. (*Statement 15*) By (*Statement 15*), A7, and the *jurisdiction rule*, *Statement 16* can be derived. *P*| ≡ *IDUAV*. (*Statement 16*)

By (*Statement 6*), (*Statement 8*), (*Statement 14*), and (*Statement 16*), it can be proved that the player *P* and the manufacturer *M* authenticate each other in the proposed scheme. Moreover, it can also be proved that the proposed scheme can establish a session key between the player *P* and the manufacturer *M*.

In the proposed scheme, the manufacturer authenticates the player by

$$\text{CHK}\_{\text{UP}} \overset{?}{=} H\_3(\text{SEK}\_{\text{UP}}, T\_{\text{ULAV}}) .$$

If it passes the verification, the manufacturer authenticates the legality of the player. The player authenticates the manufacturer by

$$\text{CHK}\_{\text{Pul}} \overset{?}{=} H\_3(\text{SEK}\_{\text{UP}}, T\_{\text{PMD}}) .$$

If it passes the verification, the player authenticates the legality of the manufacturer. The player and manufacturer authentication and communication phase of the proposed scheme thus guarantees mutual authentication between the player and the manufacturer.

In the player and ground control station authentication and communication phase, the main goal of the scheme is to make sure whether the legality is authenticated by the player *P* and the ground control station *G*.

$$\begin{aligned} G\mathcal{G}: \quad &P|\equiv P \stackrel{SEK\_{GP}}{\leftrightarrow} G\\ G10: \, \mathcal{P}|\equiv G|\equiv P \stackrel{SEK\_{GP}}{\leftrightarrow} G\\ G11: \, \mathcal{G}|\equiv P \stackrel{SEK\_{GP}}{\leftrightarrow} G\\ G12: \, \mathcal{G}|\equiv P|\equiv P \stackrel{SEK\_{GP}}{\leftrightarrow} G\\ G13: \, \mathcal{P}|\equiv ID\_{GCS}\\ G14: \, \mathcal{P}|\equiv G|\equiv ID\_{GCS}\\ G15: \, \mathcal{G}|\equiv ID\_{PMD}\\ G16: \, \mathcal{G}|\equiv P|\equiv ID\_{PMD}\end{aligned}$$

According to the player and ground control station authentication and communication phase, BAN logic is used to produce an idealized form as follows.

*M3* : (< *IDPMD*,*RPMD*, *TPMD*<sup>2</sup> >*PKGCS* ,< *H*(*SEKGP*, *TGCS*) >*CHKGP* ) *M4* : (< *IDGCS*,*RGCS*, *TGCS* >*PKPMD* ,< *H*(*SEKGP*, *TPMD*2) >*CHKPG* )

To analyze the proposed scheme, the following assumptions are made.

*A9* : *P*| ≡ #(*TPMD*2) *A10* : *G*| ≡ #(*TPMD*2) *A11* : *P*| ≡ #(*TGCS*)

*A12* : *G*| ≡ #(*TGCS*) *A13* : *<sup>P</sup>*| ≡ *<sup>G</sup>*| ⇒ *<sup>P</sup> SEKGP* <sup>↔</sup> *<sup>G</sup> A14* : *<sup>G</sup>*| ≡ *<sup>P</sup>*| ⇒ *<sup>P</sup> SEKGP* <sup>↔</sup> *<sup>G</sup> A15* : *P*| ≡ *G*| ⇒ *IDGCS A16* : *G*| ≡ *P*| ⇒ *IDPMD*

According to these assumptions and goals of BAN logic, the main proof of the player and ground control station authentication and communication phase is as follows.

#### c. The ground control station *G* authenticates the player *P*.


By (*Statement 22*), (*Statement 24*), (*Statement 30*), and (*Statement 32*), it can be proved that the player *P* and the ground control station *G* authenticate each other in the proposed scheme. Moreover, it can also be proved that the proposed scheme can establish a session key between the player *P* and the ground control station *G*.

In the proposed scheme, the ground control station authenticates the player by

$$\text{CHK}\_{\text{GP}} \overset{?}{=} H\_{\text{3}}(\text{SEK}\_{\text{GP}}, T\_{\text{GCS}}) . .$$

If it passes the verification, the manufacturer authenticates the legality of the player. The player authenticates the ground control station by

> *CHKPG* ? = *H*3(*SEKGP*, *TPMD*2).

If it passes the verification, the player authenticates the legality of the ground control station. The player and ground control station authentication and communication phase of the proposed scheme thus guarantees mutual authentication between the player and the ground control station.

In the player, UAV, and ground control station authentication and communication phase, the main goal of the scheme is to make sure whether the legality is authenticated by the UAV *U* and the ground control station *G*.

$$\begin{aligned} G17: \vert U \vert &\equiv \vert U \stackrel{SEK\_{GL}}{\leftrightarrow} G\\ G18: \vert U \vert &\equiv \vert G \vert \equiv \vert U \stackrel{SEK\_{GL}}{\leftrightarrow} G\\ G19: \vert G \vert &\equiv \vert U \stackrel{SEK\_{GL}}{\leftrightarrow} G\\ G20: \vert G \vert &\equiv \vert U \stackrel{SEK\_{GL}}{\leftrightarrow} G\\ G21: \vert U \vert &\equiv \vert D\_{GCS}\\ G22: \vert U \vert &\equiv G \vert \equiv \vert D\_{GCS}\\ G23: \vert G \vert &\equiv \vert D\_{LIAV}\\ G24: \vert G \vert &\equiv \vert U \vert \equiv \vert \vert D\_{LIAV} \end{aligned}$$

According to the player, UAV, and ground control station authentication and communication phase, BAN logic is used to produce an idealized form as follows:

*M5* : (< *IDUAV*,*RUAV*, *TUAV*<sup>2</sup> >*PKGCS* ,< *H*(*SEKGU*, *TGCS*2) >*CHKGU* ) *M6* : (< *IDGCS*,*RGCS*, *TGCS*<sup>2</sup> >*PKUAV* ,< *H*(*SEKGU*, *TUAV*2) >*CHKUG* )

To analyze the proposed scheme, the following assumptions are made.

*A17* : *U*| ≡ #(*TUAV*2) *A18* : *G*| ≡ #(*TUAV*2) *A19* : *U*| ≡ #(*TGCS*2) *A20* : *G*| ≡ #(*TGCS*2) *A21* : *<sup>U</sup>*| ≡ *<sup>G</sup>*| ⇒ *<sup>U</sup> SEKGU* <sup>↔</sup> *<sup>G</sup> A22* : *<sup>G</sup>*| ≡ *<sup>U</sup>*| ⇒ *<sup>U</sup> SEKGU* <sup>↔</sup> *<sup>G</sup> A23* : *U*| ≡ *G*| ⇒ *IDGCS A24* : *G*| ≡ *U*| ⇒ *IDUAV*

According to these assumptions and goals of BAN logic, the main proof of the player, UAV, and ground control station authentication and communication phase is as follows.

e The ground control station *G* authenticates the UAV *U*.


By (*Statement 38*), (*Statement 40*), (*Statement 46*), and (*Statement 48*), it can be proved that the UAV *U* and the ground control station *G* authenticate each other in the proposed scheme. Moreover, it can also be proved that the proposed scheme can establish a session key between the UAV *U* and the ground control station *G*.

In the proposed scheme, the ground control station authenticates the UAV by

$$\text{CHK}\_{\text{G}\,\text{U}} \overset{?}{=} H\_{\text{3}}(\text{SEK}\_{\text{G}\,\text{U}\,\text{U}} \, T\_{\text{GCS2}}) . \text{-}$$

If it passes the verification, the ground control station authenticates the legality of the UAV. The UAV authenticates the ground control station by

$$CHK\_{UG} \overset{?}{=} H\_3(SEK\_{GII}, T\_{ULAV2}).$$

If it passes the verification, the UAV authenticates the legality of the ground control station. The player, UAV, and ground control station authentication and communication phase of the proposed scheme thus guarantees mutual authentication between the UAV and the ground control station.

Scenario: A malicious attacker uses an illegal mobile reader to control an UAV.

Analysis: The attacker will not succeed because the illegal mobile reader has not been registered to the trusted authority center and thus cannot calculate the correct session key *SEKUP*. Thus, the attack will fail when the legal UAV attempts to authenticate the illegal mobile device. In the proposed scheme, the attacker cannot achieve their purpose using an illegal mobile device. In the same scenario, the proposed scheme can also defend against a malicious attack using an illegal ground control station to send a fake message to a legal UAV, because the illegal ground control station has not been registered to the trusted authority center and thus cannot calculate the correct session key *SEKGU*. Thus, the attack will fail when the legal UAV attempts to authenticate the illegal ground control station.

#### *4.2. Integrity and Confidentiality*

To ensure the integrity and confidentiality of the transaction data, this study uses elliptic curve cryptography and Diffie–Hellman key exchange algorithm to calculate the session key *SEKUP*, *SEKGP* and *SEKGU*, and also to protect the integrity and confidentiality. The malicious attacker cannot use the signatures (*KUP*1,*KUP*2), (*KPU*1,*KPU*2), (*KGP*1,*KGP*2), (*KPG*1,*KPG*2), (*KGU*1,*KGU*2), and (*KUG*1,*KUG*2) to calculate the correct session key *SEKUP*, *SEKGP*, and *SEKGU*.

Only a legal mobile device or UAV can calculate the correct session key *SEKUP*. The legal UAV calculates the session key

$$SEK\_{UP} = H\_2(K\_{UP1}, K\_{UP2})$$

and the legal mobile device calculates the session key

$$\begin{aligned} EK\_{UP} &= H\_2(K\_{PU1}, K\_{PU2}). \\ K\_{PIL1} &= S\_{PMD}T\_{LAV} + aPK\_{LIAV} \\ &= S\_{PMD}bP + aS\_{LIAV}P \\ &= bS\_{PMD}P + S\_{LIAV}aP \\ &= bPK\_{PMD} + S\_{LAV}T\_{PMD} = K\_{IP1} \\ K\_{PIL2} &= aT\_{LAV} = abP = bP = bT\_{PMD} = K\_{IP2} \end{aligned}$$

Only a legal mobile device or ground control station can calculate the correct session key *SEKGP*. The legal ground control station calculates the session key

$$SEK\_{GP} = H\_2(K\_{GP1}, K\_{GP2})$$

and the legal mobile device calculates the session key

$$\begin{array}{rcl} SEK\_{UP} = H\_2(K\_{PL1}, K\_{PL2}). \\ K\_{PG1} &= S\_{PMD}T\_{GCS} + cPK\_{GCS} \\ &= S\_{PMD}dP + cS\_{GCS}P \\ &= dS\_{PMD}P + S\_{GCS}cP \\ &= dPK\_{PMD} + S\_{GCS}T\_{PMD2} = K\_{GP1} \\ K\_{PG2} = cT\_{GCS} = cdP = dcP = dT\_{PMD2} = K\_{GP2} \end{array}$$

Only a legal UAV or ground control station can compute the correct session key *SEKGU*. The legal ground control station computes the session key

$$SEK\_{GL} = H\_2(K\_{GL1}, K\_{GL2})$$

and the legal UAV calculates the session key

$$\begin{array}{c} \mathit{SEK}\_{\mathit{GII}} = H\_2(K\_{\mathit{IIG1}}, K\_{\mathit{IIG2}}). \\ K\_{\mathit{IIG1}} &= S\_{\mathit{ILAV}} T\_{\mathit{CCS2}} + \varepsilon P K\_{\mathit{CCS}} \\ &= S\_{\mathit{ILAV}} fP + \varepsilon S\_{\mathit{CCS}} P \\ &= fS\_{\mathit{ILAV}} P + S\_{\mathit{CCS}} \varepsilon P \\ &= fP \mathcal{K}\_{\mathit{ILAV}} + S\_{\mathit{CCS}} T\_{\mathit{ILAV2}} = K\_{\mathit{GII1}} \\ K\_{\mathit{IIG2}} = \varepsilon T\_{\mathit{CCS2}} = \varepsilon fP = f\varepsilon P = fT\_{\mathit{ILAV2}} = K\_{\mathit{GII2}} \end{array}$$

Only the correct session key will allow successful communication. Thus, attackers cannot decrypt or modify the transmitted message. Therefore, the proposed scheme achieves the integrity and confidentiality.

Scenario: A malicious attacker intercepts the transmitted message from the ground control station to the player and decrypts the message or sends a modified message to the player. Analysis: The attacker will not succeed because the legal player will use

$$\text{CHK}\_{\text{PG}} \overset{?}{=} H\_3(\text{SEK}\_{\text{GP}} \| T\_{\text{PMD2}}),$$

to check the integrity. The attacker cannot calculate the correct session key *SEKGP*. Thus, the attack will fail when the legal player authenticates the received message. In the proposed scheme, the attacker cannot achieve his/her purpose by sending a modified message to the player, and he/she also cannot decrypt the intercepted message. For the same reason, the attack will fail when the legal ground control station uses

$$\text{CHK}\_{\text{GP}} \overset{?}{=} H\_3(SEK\_{\text{GP}} \| T\_{\text{GCS}}))$$

to check the integrity. Therefore, attackers cannot achieve their purpose by sending a modified message to the ground control station or decrypt the intercepted message.

#### *4.3. Identity Anonymity and Privacy*

Another form of privacy attack involves attempting to obtain a player's real name or physical location by tracing his/her mobile device. If the mobile device sends the same message continuously, an attacker can trace its location. In the proposed scheme, the session key *SEKUP* and *SEKGP* is changed for every communication round in order to avoid location tracing. Besides, the pseudonym identity is used instead of real name in the proposed scheme. Thus, location privacy is protected and identity anonymity is achieved.

#### *4.4. Availability and Prevention of DoS Attack*

An attacker may impersonate a legal sender and then send the same message again to the intended receiver, trying to make the system unable to provide services properly. However, this attack will fail in the proposed scheme, as all messages between the sender and the receiver are protected with the session key *SEKUP*, *SEKGP*, and *SEKGU*, and the attacker cannot calculate the correct session key. Because the transmitted messages are changed every round, the same message cannot be sent twice. Thus, the DoS attack is prevented and system availability is achieved.

#### *4.5. Prevention of Spoofing Attack*

In the proposed scheme, the GPS message is obtained by the UAV then transmitted to the ground control station or the player. The GPS message *MGPS* is protected by the session key *SEKUP* and *SEKGU*. The attacker cannot compute the correct session key *SEKUP* or *SEKGU* and he/she cannot impersonate a legal UAV and send a fake message. Therefore, the spoofing attack is prevented.

Scenario: A malicious attacker pretends a legal UAV and sends a fake message to the legal ground control station.

Analysis: The attacker will not succeed because the illegal UAV has not been registered to the trusted authority center and thus cannot calculate the correct session key *SEKGU*. Thus, the attack will fail when the legal ground control station attempts to authenticate the illegal UAV. In the proposed scheme, the attacker cannot achieve the purpose of pretending to be a legal UAV and sending a fake message. In the same scenario, the proposed scheme can also defend against a malicious attacker pretending to be a legal UAV and sending a fake message to the legal player, because the illegal UAV has not been registered to the trusted authority center and thus cannot calculate the correct session key *SEKUP*. Thus, the attack will fail when the legal player attempts to authenticate the illegal UAV.

#### *4.6. Non-Repudiation*

In the proposed scheme, the digital signature is used to achieve non-repudiation between the parties in each phase. The sender uses his/her private key to sign the transmitted message, and the receiver uses the public key of the sender to verify the received message. Thus, the non-repudiation is achieved. Table 1 shows the non-repudiation of the proposed scheme.


**Table 1.** Non-repudiation of the proposed scheme.

#### *4.7. Comparison of Security Issues*

Table 2 shows a comparison of security issues of related works.


**Table 2.** Comparison of security issues.

#### *4.8. Computation Cost*

Table 3 shows the computation cost of the proposed scheme and Wazid et al.'s scheme [20].


#### **Table 3.** Computation cost of the proposed scheme and Wazid et al.'s scheme [21].


In Table 3, computation costs of the proposed scheme and Wazid et al.'s for the trusted authority center, manufacturer (UAV), player (mobile device), and ground control station in each phase are analyzed. For the highest computation cost in the player, UAV, and ground control station authentication and communication phase, a UAV needs five multiplication operations, four hash function operations, three comparison operations, four symmetric encryption operations, and three signature operations. A player needs one comparison operation, two symmetric encryption operations, and two signature operations. A ground control station needs five multiplication operations, four hash function operations, one comparison operation, two symmetric encryption operations, and one signature operation. The computation cost is acceptable in the proposed scheme.

#### *4.9. Communication Cost*

The communication cost of the proposed scheme and Wazid et al.'s scheme [20] is shown in Table 4.


The communication efficiency of the proposed scheme and Wazid et al.'s scheme during the transaction process of each phase was also analyzed. It was assumed that an elliptic curve modular operation required 160 bits, a hash operation required 160 bits, an AES operation required 256 bits, a signature operation required 1024 bits, and other messages, such as id, pid, and random number, required 80 bits. For example, the player, UAV and ground control station authentication and communication phase of the proposed scheme requires four elliptic curve modular messages, two hash messages, four AES messages, three signature operation messages, and six other messages. It thus requires 160 × 4 + 160 × 2 + 256 × 4 + 1024 × 3 + 80 × 6 = 5536 bits. In a 3.5G environment, the maximum transmission speed is 14 Mbps. This study also considered the player, UAV, and ground control station authentication and communication phase of the proposed scheme, which only takes 0.395 ms to transfer all messages. In a 4G environment, the maximum transmission speed is 100 Mbps and the transmission time is reduced to 0.055 ms.

Basically, Wazid et al.'s scheme provides a lightweight user authentication scheme in which a user in the IoD environment needs to access data. This appeals as it aims at providing a fast authorization mechanism. However, the integrity, non-reputation, and availability issues are excluded. However, compared to Wazid et al.'s scheme, the proposed scheme used the public key cryptography to design a UAV application field which was applied in a sensitive field such that the integrity, non-reputation and availability issues needed to be considered and should be ensured [20]. The proposed scheme is a different application field to Wazid et al.'s scheme. The players must pass necessary procedures to obtain the flight authority in a sensitive area. It needs more scenarios and overloads. As shown in Table 4, the communication cost sounds good. The proposed scheme provides a novel solution in the UAV application field.

Compared to the Wazid et al.'s scheme, the proposed scheme achieves the following advantages: firstly, the proposed scheme uses a signature mechanism, thus it can ensure data integrity and achieve non-repudiation and secondly, the proposed architecture involves the role of the ground control station to effectively grasp the UAVs' flying status in a sensitive area. The ground control station can also confirm whether the flying UAV is authorized. Although the proposed architecture has higher computing and communication costs than the Wazid et al.'s scheme, it also achieves higher security and availability.

#### **5. Conclusions**

At present, UAVs are mainly used for small package delivery and leisure entertainment. In the future, they will have thousands of uses that could even be widely extended to agricultural, land protection surveillance, emergency relief, military reconnaissance, space exploration, and other applications. UAVs will also create new jobs, while also addressing population ageing and manpower shortages. Advanced technology can bring a better and convenient living environment for mankind, but UAVs can also be maliciously used, and even endanger national security.

In this paper, a traceable and privacy protection protocol was designed to conduct the UAVs' application in sensitive control area. The proposed scheme creates a feasible and secure management platform in a sensitive area surveillance for UAVs' application. For sensitive military areas, players must obtain flight approval from a ground control station before they can control the UAV in these sensitive areas. The proposed scheme achieves mutual authentication, integrity and confidentiality, anonymity and privacy, non-repudiation, availability and protection against DoS attack, while also preventing spoofing attack. This study also analyzed the computation cost and the communication cost in the proposed scheme to prove the proposed scheme is practical in the real world.

**Author Contributions:** Conceptualization, Y.-Y.D. and C.-L.C.; methodology, Y.-Y.D. and C.-L.C.; validation, W.W., C.-H.C., Y.-J.C., and C.-M.W.; investigation, W.W. and C.-H.C.; data analysis, C.-H.C., Y.-J.C., and C.-M.W.; writing—original draft preparation, Y.-Y.D.; writing—review and editing, C.-L.C.; supervision, C.-L.C. and C.-H.C. All authors have read and agreed to the published version of the manuscript.

**Funding:** This work was supported in part by the National Natural Science Foundation of China under Grant 61906043, Grant 61877010, Grant 11501114, and Grant 11901100, in part by the Fujian Natural Science Funds under Grant 2019J01243, and in part by Fuzhou University under Grant 510730/XRC-18075, Grant 510809/GXRC-19037, Grant 510649/XRC-18049, and Grant 510650/XRC-18050.

**Conflicts of Interest:** The authors declare no conflict of interest.

#### **References**


© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
