coleleavitt/opaque-lattice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dfa968ec7d6e7d7520d18e57996eb7fe8a1300ea
opaque-lattice/papers_txt/Designing-secure-blockchain-based-authentication-and-ke_2025_Journal-of-Syst.txt
Cole Leavitt dfa968ec7d initial
2026-01-06 12:49:26 -07:00

1224 lines
156 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
Journal of Systems Architecture 160 (2025) 103365
Contents lists available at ScienceDirect
Journal of Systems Architecture
journal homepage: www.elsevier.com/locate/sysarc
Designing secure blockchain-based authentication and key management
mechanism for Internet of Drones applications
Mohammad Wazid a , Saksham Mittal a,b , Ashok Kumar Das c,d ,, SK Hafizul Islam e ,,
Mohammed J.F. Alenazi f , Athanasios V. Vasilakos g
a
Department of Computer Science and Engineering, Graphic Era Deemed to be University, Dehradun 248 002, India
b Department of Computer Science and Engineering, Graphic Era Hill University, Dehradun 248 002, India
c Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India
d Department of Computer Science and Engineering, College of Informatics, Korea University, 145 Anam-ro, Seongbuk-gu, Seoul 02841, South Korea
e
Department of Computer Science and Engineering, Indian Institute of Information Technology Kalyani, West Bengal 741 235, India
f
Department of Computer Engineering, College of Computer and Information Sciences (CCIS), King Saud University, Riyadh 11451, Saudi Arabia
g
Center for AI Research (CAIR), University of Agder (UiA), 4879 Grimstad, Norway
ARTICLE INFO ABSTRACT
Keywords: Due to advancement in Information and Communications Technology (ICT) and Internet of Things (IoT), the
Internet of Drones Internet of Drones (IoD) can be employed in numerous applications, facilitating the daily lives of diverse users,
Blockchain including civilians and others. Wireless communication nature leads to an IoD environment to be vulnerable
Authentication
to various potential attack risks, such as data breaches, man-in-the-middle, impersonation, replay, and data
Key agreement
leaking attacks. As a result, the security of the IoD environment becomes crucial. To safeguard the data and
Session key
Security
devices (such as IoT-enabled drones and servers) integral to IoD networks, a security solution is essential.
It is imperative to implement targeted security measures, such as intrusion detection, access control, and
authentication, in order to establish a security scheme that is both reliable and efficient. In this article, we
mainly focus on developing a secure authentication and key management scheme that leverages blockchain
technology. Most existing authentication techniques proposed in IoT and IoD environments are either inefficient
in communication and computation, or they are insecure against various attacks. To mitigate these issues, this
study proposes a secure blockchain-based authentication and key management scheme for IoD applications
(in short BAKMM-IoD). The blockchain is applied here as a secure data storage purpose. After performing
a detailed security analysis and formal security verification with the widely-recognized Scyther tool, the
proposed BAKMM-IoD has exhibited resilience against different potential attacks. BAKMM-IoD also surpasses
other contemporary existing schemes in terms of security and functionality features, including computational
costs, and communication costs. Moreover, the blockchain simulation shows that the influence of the proposed
BAKMM-IoD on critical performance metrics in real-world scenarios.
1. Introduction This is a consequence of the accelerated pace at which technology
is advancing. Drones are employed in various sectors, including en-
Drones refer to unmanned aerial vehicles (UAVs) capable of au- vironmental monitoring, search and rescue operations during natural
tonomous flight without the physical presence of a pilot or aviator. The disasters, and the oversight of ecologically sensitive regions, including
term unmanned aerial vehicles (UAVs) specifically denotes drones. agricultural lands and forest fires [1]. The Internet of Drones (IoD) is a
Drones are commonly battery-operated devices. In addition, their in- novel framework founded on the principles of the Internet of Things
formation processing and storage capabilities are finite. The creation (IoT). Drones serve as replacements for physical objects inside this
of energy-efficient and economical micro-controller designs has accel- framework.
erated the progress of drone-based monitoring and control systems.
Corresponding author at: Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India.
Corresponding author.
E-mail addresses: wazidkec2005@gmail.com (M. Wazid), mittalsaksham07@gmail.com (S. Mittal), iitkgp.akdas@gmail.com, ashok.das@iiit.ac.in (A.K. Das),
hafi786@gmail.com, hafi786@iiitkalyani.ac.in (SKH Islam), mjalenazi@ksu.edu.sa (M.J.F. Alenazi), thanos.vasilakos@uia.no (A.V. Vasilakos).
https://doi.org/10.1016/j.sysarc.2025.103365
Received 13 November 2024; Received in revised form 12 January 2025; Accepted 6 February 2025
Available online 15 February 2025
1383-7621/© 2025 Elsevier B.V. All rights are reserved, including those for text and data mining, AI training, and similar technologies.
M. Wazid et al. Journal of Systems Architecture 160 (2025) 103365
IoT has enhanced communication and interaction among drones, en- 1.3. Research contributions
abling remote control in scenarios where direct optical transmission is
impractical. An additional element of the IoD is the onboard controller, The following list outlines the research contributions made in this
which employs artificial intelligence to make robust decisions [2 article.
4]. IoD has various applications as discussed earlier. Cybersecurity
concerns confronting the IoD. Some of them are as follows. Instances of • A secure blockchain-based authentication and key management
data theft occur when adversaries illicitly intercept conversations and mechanism is proposed for IoD applications (in short, we call it
pilfer data, including control and command signals that are utilized as BAKMM-IoD).
to guide the drone [5]. Further, by exploiting vulnerabilities in drone • The proposed BAKMM-IoD has demonstrated to be secured against
software, adversaries can remotely seize control of drones and hijack a wide range of potential threats after an extensive security
them for their own objectives. Moreover, the faking of GPS signals analysis and formal verification utilizing the widely recognized
by drones is facilitated by malicious software, therefore enabling their Scyther tool.
use for harmful purposes. Apart from that unauthorized access to the • The BAKMM-IoD has been shown to surpass other similar contem-
IoD systems can also be possible. An antagonistic user, such as an porary methods for functionality, security, computational over-
attacker or hacker, can intercept the IoD network, enabling them to heads, and communication overheads.
bypass it and execute man-in-the-middle (MiTM) attacks. Intercepting • A functional illustration of the proposed BAKMM-IoD is sub-
the collected drone data is also feasible [5,6]. sequently shown to demonstrate its applicability to real-world
settings.
1.1. Potential ethical concerns belong to IoD communication
2. Literature review
Here, we discuss the key ethical concerns that belong to the IoD
communication. It includes data sovereignty problems, because drones Authentication is one of the very important security services that
operate across different borders may be from different countries or can be applied in various networking domains [1319].
states of a country, which potentially violates local laws (for exam- The safe authentication mechanism utilizing blockchain technology
ple, the laws on data storage and its processing). Another potential
was proposed by Yazdinejad et al. [20]. Drones were designed to
challenge is General Data Protection Regulation (GDPR). It is the
execute the planned deployment of the strategy in smart cities. At every
European Union (EU) law that regulates how organizations handle
stage of the process, this approach guaranteed the least amount of
personal data [7]. It complies with the risk of unauthorized personal
delays. A zone-based architecture was devised for a drone network, and
data collection and excessive data processing [8]. IoD communication
a decentralized consensus mechanism tailored for remote drone use in
also faces concerns of data privacy, surveillance and accountability.
smart cities was deployed.
To address these issues and challenges, some of the strategies, such
Bera et al. [21] introduced ACSUD-IoD, an innovative access control
as data localization, privacy-by-design, use of strong encryption and
system designed to identify and thwart unwanted unmanned aerial
global regulatory standards, are necessarily needed [9].
vehicles (UAVs) within the IoD. The storing of transactional data within
a private blockchain framework was enabled by the integration of
1.2. Research motivation
a blockchain-based solution with ACSUD-IoD. This encompassed the
While IoD fulfills various functions, enhancing the daily lives of a delivery of secure, standardized data from an UAV to the ground
wide range of users and citizens, its communication framework is also station server. Consequently, the transactional data on the blockchain
vulnerable to numerous risks, including data leakage, impersonation, is verifiable. A formal security verification was performed utilizing the
replay, drone physical capture, stolen verifier attack, credentials/secret Automated Validation of Internet Security Protocols and Applications
keys/session keys leakage, Ephemeral Secret Leakage (ESL), malware (AVISPA) tool, alongside a comprehensive security evaluation. It il-
injection and cross-site scripting attacks. The security of the IoD be- lustrated that their method was adequately protected against several
comes vital, as it safeguards against numerous threats, including data possible threats.
breaches, privacy infringements, and other security issues [10]. Pre- Feng et al. [22] proposed a cross-domain authentication protocol
ventive security measures can be adopted to alleviate these risks. grounded in blockchain technology. This system was designed to use
Drones lacking robust cybersecurity protections are susceptible to nu- 5G technology for diverse IoD applications. The aforementioned limits
merous risks. Therefore, to safeguard information and devices (includ- were duly acknowledged during the formulation of this plan with
ing drones and servers) within IoD networks, a security mechanism the aim of transcending them. Their methodology was based on a
is essential. Establishing a resilient security architecture requires the varied collection of signatures, all produced via threshold sharing. As
deployment of particular security measures, such as authentication, a result, they successfully established a productive identity federation
intrusion detection, and access control [11,12]. Moreover, the adoption for collaborative domains.
of blockchain technology can bolster security against various potential Cho et al. [23] developed an authentication mechanism for un-
threats and attacks [3]. manned aerial vehicles (UAVs) to reduce security threats linked to
The security of blockchain technology stems from its decentral- unauthorized drones utilizing the IoD concept. Although their method-
ized architecture and the application of encryption. Blockchains are ology reduced communication and computational requirements, yet
decentralized networks that utilize a consensus (agreement) mecha- their architecture was vulnerable to the Ephemeral Secret Leakage
nism. Consequently, any effort to alter data can be identified by other (ESL) attack under the CK-adversary model. The method insufficiently
nodes within the network. Blockchains employ cryptographic methods, protected the anonymity and untraceability of the participants. Another
including public-key cryptography (i.e., Elliptic Curve Cryptography element that contributed to this issue was the absence of blockchain
(ECC)), to secure data and enable the generation of digital signatures. technology in their proposed strategy.
This method protects data from unauthorized access and ensures its Gupta et al. [24] presented a GaRuDa system, which might po-
confidentiality and integrity. Each data block in the chain is inher- tentially denoted as the drone-based delivery system that operated
ently connected to the preceding and subsequent blocks to create an on the blockchain technology. The integration of this system into the
immutable record of transactions. It is worth noticing that a block operations of Healthcare 5.0 applications was feasible. The IoT and
is immutable and cannot be modified once it has been integrated blockchain technology were utilized in their approach to enable the
into the chain [3]. In this article, we propose a secure blockchain- swift and accurate distribution of medical supplies, which could be
based authentication and key management scheme that is applicable continuously monitored and recorded by many stakeholders. This was
in various IoD-based real-life applications. achieved by using a 5G-enabled Internet environment.
2
M. Wazid et al. Journal of Systems Architecture 160 (2025) 103365
A pair of unique communication strategies for UAV environments recognized as less secure compared to more robust alternatives like the
were developed by Rodrigues et al. [25]. Their scheme facilitated the Secure Hash Algorithm (SHA-256). Consequently, the overall strength
establishment of a direct exchange of messages between two drones. of their scheme is compromised. Moreover, their approach does not
The presented scheme was derived from the existing scheme proposed incorporate support for blockchain implementation.
in [26]. Nevertheless, the main contractual arrangement has been Research gaps and novelty: Blockchain technology offers powerful
altered within the framework of this strategy. In accordance with solutions to strengthen the security of the IoD environment. By enabling
the CK-adversary concept, their scheme was not impervious to the the creation of unique digital identities for individual drones, which
possibility of an ESL attack. Moreover, their scheme lack support for are securely stored and managed on the blockchain, it helps mitigate
the blockchain technology. the risk of impersonation attacks [37]. In addition, the data coming
Ever [27] proposed an authentication system for IoT applications securely from the drones to the ground station server is used for
that used Elliptic Curve Cryptography (ECC). UAVs were considered to the transactions and later, the blocks formed from the authentic and
be mobile extensions of wireless sensor networks, operating within a hi- genuine data from the drones are stored in the blockchain network
erarchical framework, according to their design. This particular design maintained by the cloud servers. Storing data on semi-trusted cloud
enabled the effective implementation of one-time user authentication servers raises serious concerns about data poisoning attacks, which
for mobile sinks (UAVs), cluster chiefs, and sensor nodes. In contrast, can significantly impact businesses and organizations by corrupting big
their system was vulnerable to ESL attack under the CK-adversary data analytics, leading to financial losses and reputational damage [38].
model. Moreover, their scheme did not ensure the maintenance and Research shows notable improvements in accuracy, recall, precision,
safeguarding of anonymity and untraceability. Another limitation of and F1-score when data is free from poisoning attacks and is directly
their scheme was absence of blockchain technology and it required sourced from the blockchain. In this context, authentication among
more communication and computational costs. drones and other entities in the IoD environment becomes critical to
Singh et al. [28] examined the evolution and potential applications ensure that genuine data is stored on the blockchain.
of the Internet of Drones. The advanced development of this technology The literature review highlights that most existing authentication
has generated several apprehensions, among which the degree of secu- techniques for IoT and IoD environments are either inefficient in terms
rity offered by autonomous robots has always been a prominent issue. of communication and computation or vulnerable to various attacks.
Hence, they emphasized the most urgent security vulnerabilities and This underscores the need for a reliable and secure authenticated key
suggested that the most efficient approach to address these challenges agreement protocol to facilitate secure data aggregation at ground
would be to adopt state-of-the-art blockchain technology. station servers in the IoD environment, with blockchain technology
Xiong et al. [29] introduced a secure collaborative computing sys- providing enhanced secure storage. Therefore, the objective of this
tem that implemented blockchain technology. They initially created a work is to develop a novel and secure blockchain-based authentica-
lightweight blockchain framework that was specifically designed for tion and key management mechanism for IoD applications that is not
Unmanned Aerial Vehicle (UAV) Ad-Hoc Networks (UANET). Fur- only resistant to various attacks but also efficient in communication
ther, they introduced an improved Practical Byzantine Fault Tolerance and computational costs, making it suitable for real-world practical
(PBFT) consensus algorithm that was based on trust assessment. applications.
Wang et al. [30] introduced a mutual authentication method that
was both simple and effective, and it exclusively relied on one-way hash 3. System models
algorithms and bitwise XOR operations. Additionally, the issue of a cen-
tralized trusted authority (TA) was mitigated by blockchain technology. The system models which are related to the BAKMM-IoD are ex-
The Real-or-Random model-based formal security analysis was em- plained below. Moreover, the details of the network model and the
ployed. Further, an informal security proof was provided to prove the threat model are given below.
security of their proposed authentication mechanism. Further, Wang
et al. [31] introduced, BSIF: Blockchain-Based Secure, Interactive, 3.1. Network model
and Fair Mobile Crowdsensing system. It was blockchain-based and
was distinguished by its security, interactivity, and impartiality. These Fig. 1 illustrates the proposed BAKMM-IoDs network model. This
attributes were achieved through the integration of smart contracts scenario involves several users, cloud servers, ground station servers,
and mobile devices. Yu et al. [32] presented a Cross-domain Indus- and several drones. The significant versatility of this architecture al-
trial IoT Based on Consortium Blockchain mechanism (CBDS) for the lows its application across various industries, including smart farming,
security of Industrial Internet of Things (IIoT). Further, they intro- industrial automation and control, intelligent transportation systems
duced consortium blockchain specifically to establish trust across IIoT (ITS), and healthcare, among others. The drones are connected to the
domains. ground station servers, which are in turn connected to the cloud servers
Srinivas et al. [33] developed an innovative authentication tech- through communication channels. The ground station servers can con-
nique that was anonymous, lightweight, and relied on temporal cre- sistently store the necessary data. Drones do not encounter excessive
dentials for Internet of Things (IoT)-based platforms. It was denoted workloads as a substantial portion of computationally expensive tasks
as 𝑇 𝐶 𝐴𝐿𝐴𝑆. To enhance 𝑇 𝐶 𝐴𝐿𝐴𝑆, Ali et al. [34] developed an are managed by the ground station servers. The data gathered by the
improved version of 𝑇 𝐶 𝐴𝐿𝐴𝑆, referred to as 𝑖𝑇 𝐶 𝐴𝐿𝐴𝑆 for the secure drones is relayed to ground station servers for further analysis and
communication of IoD. use. The partial blocks generated by the ground station servers from
Mishra et al. [35] represented a framework for managing authenti- the received data are subsequently transmitted to the corresponding
cation and session keys using blockchain technology. This framework cloud-based servers.
supported the integration of big data analytics capabilities for drones Upon receiving partial data blocks, the cloud servers utilize them
that operate on networks beyond 5G applications. Through a compre- to reconstruct the complete block. The aforementioned blocks may
hensive security examination and scyther tool-based formal security ultimately be incorporated into the blockchain, contingent upon the
verification, they have proven their scheme secured against the wide successful completion of the consensus procedure. The peer-to-peer
range of attacks. cloud server network (P2PCS) is responsible for maintaining the func-
In 2024, Algarni and Jan [36] proposed a robust yet lightweight tionality of the blockchain. Due to the implementation of advanced
security mechanism utilizing a fuzzy extractor and the MD5 (Message technologies and substantial resources, the P2PCS networks cloud
Digest 5) algorithm to authenticate all IoD participants and ensure servers have exceptional processing, communication, and storage ca-
secure communication. However, the MD5 hash algorithm is widely pabilities. The prevailing opinion is that cloud servers are semi-trusted
3
M. Wazid et al. Journal of Systems Architecture 160 (2025) 103365
Fig. 1. Network model of the BAKMM-IoD.
network entities. Cyberattacks may compromise the communication and then secure protocols need to use strong encryption and authentic-
occurring between drones, cloud servers, and ground station servers. ity mechanisms to ensure confidentiality and integrity. Replay attacks
The integrity of these communications may be jeopardized by the must be prevented by the use of current timestamp values, and mutual
potential adversary . To guarantee system security, it is imperative authentication should be done using digital signatures or certificates
to employ security measures such as authentication and key man- which helps in establishing credibility between entities. In the case
agement under the present conditions. Insufficient implementation of of the CK-adversary model, mitigation focuses primarily on ephemeral
this security feature may render the devices and servers suscepti- key exchanges to derive session keys even if the short-term secrets are
ble to hackers. Potential hazards encompass malware injection at- compromised, since it extends the DY-model assumptions and supports
tacks, unauthorized data access, data replay attacks, man-in-the-middle forward secrecy and session independence. Both models call for formal
(MiTM) attacks, impersonation attacks, and unauthorized session key validation of the protocols with the automated validation tools, like
estimation attacks. Scyther, to ensure that security properties are met. Following these
strategies, cryptographic protocols will survive in environments against
3.2. Threat model the DY and CK adversaries.
 may also physically capture a certain number of drones and
The proposed BAKMM-IoD is constructed based on the following extract data from their memory using an advanced power analysis
threat models and assumptions. method [41]. The collected information can be used to launch as-
sociated attacks and formulate additional malevolent acts, including
• The DolevYao (DY) threat model, which is widely acknowledged impersonation efforts. The use of disguised session keys and creden-
as the prevailing de-facto standard [39]. DY model states that two tials, together with privileged insider attacks, may be implemented
unprotected entities can communicate with each other across an in these attacks. Cloud servers are regarded as semi-trusted entities
open network, such as the Internet. Entities at endpoints that are within the network because of their role in maintaining and storing
often deemed untrustworthy comprise drones and ground station system data. The registration authority (RA) of the control room, tasked
servers. Communications transferred across an unsecured network with the registration of network entities, concurrently serves as the
can be accessed, modified, or deleted by an adversary , irrespec-
registration authority for the network. Moreover, it is expected that the
tive of their active or passive status. The BAKMM-IoD is designed
systems security would be compromised if 𝑅𝐴 were compromised, so
to counter many potential attacks. Examples of these attacks
undermining the systems overall integrity.
encompass the physical drone capture attack, the ephemeral
secret leakage (ESL) attack, the secret data leakage attack, the
4. BAKMM-IoD: The proposed BAKMM-IoD
impersonation attack, the replay attack, the man-in-the-middle
(MiTM) attack, among others.
The proposed BAKMM-IoD is comprehensively described in this sec-
• The proposed BAKMM-IoD has been designed with the Canetti
tion. The BAKMM-IoD is a multifaceted process that includes registra-
and Krawczyk (CK) substantial adversary model as a consider-
tion, authentication and key establishment, key management, dynamic
ation [40]. Currently,  possesses comprehensive access to all
device integration, and blockchain implementation.
attributes related to the model DY. Furthermore, session states,
In the proposed BAKMM-IoD, the drones are communicating enti-
encompassing session keys and credentials linked to a particular
ties, which collect various data through their inbuilt units, i.e., sensors.
session, are obtained by .
After this data collection they send their data to the connected ground
The DY threat model and the CK adversary model focus on defending station servers in a secure way with the help of the proposed au-
against those adversaries who possess the ability to alter communica- thentication and key establishment phase. The ground station servers
tion channels while the cryptographic primitives remain intact. In the create partial blocks from this received data and then send it to the
DY model, the adversary can intercept, modify, and inject messages, connected cloud servers in a secure way with the help of the given
4
M. Wazid et al. Journal of Systems Architecture 160 (2025) 103365
Table 1 4.1.2. Registration of ground station server 𝐸 𝑆𝑗
Notations used in BAKMM-IoD.
The registration of ground station server 𝐸 𝑆𝑗 is performed as fol-
Notation Meaning lows.
BAKMM-IoD Short name of the proposed mechanism
 An adversary • RSES1: First 𝑅𝐴 chooses the secret key and secret number of
𝐷𝐸𝑖 , 𝐼 𝐷𝐷𝐸𝑖 , 𝑅𝐼 𝐷𝐷𝐸𝑖 𝑖th deployed drone, its identity 𝐸 𝑆𝑗 as 𝑘𝐸 𝑆𝑗 and 𝑆 𝑁𝐸 𝑆𝑗 . Then 𝑅𝐴 chooses its identity as 𝐼 𝐷𝐸 𝑆𝑗 .
and pseudo-identity, respectively Further, it computes pseudo identity number of 𝐸 𝑆𝑗 as 𝑅𝐼 𝐷𝐸 𝑆𝑗 =
𝐸 𝑆𝑗 , 𝐼 𝐷𝐸 𝑆𝑗 , 𝑅𝐼 𝐷𝐸 𝑆𝑗 𝑗th ground station server, its identity
(𝑅𝐼 𝐷𝑅𝐴 ∥𝐼 𝐷𝐸 𝑆𝑗 ∥𝑘𝑅𝐴 ∥𝑘𝐸 𝑆𝑗 ∥𝑆 𝑁𝐸 𝑆𝑗 ) and temporal credentials
and pseudo-identity, respectively
𝐶 𝑆𝑘 , 𝐼 𝐷𝐶 𝑆𝑘 , 𝑅𝐼 𝐷𝐶 𝑆𝑘 𝑘th cloud server, its identity parameter as 𝑇 𝐶𝐸 𝑆𝑗 = (𝑅𝐼 𝐷𝑅𝐴 ∥𝐼 𝐷𝐸 𝑆𝑗 ∥𝑘𝑅𝐴 ∥𝑘𝐸 𝑆𝑗 ∥𝑆 𝑁𝐸 𝑆𝑗
and pseudo-identity, respectively ∥𝑅𝑇 𝑆𝐸 𝑆𝑗 ), where 𝑅𝑇 𝑆𝐸 𝑆𝑗 is the registration timestamp value of
𝑅𝐴, 𝑘𝑅𝐴 The registration authority 𝐸 𝑆𝑗 . 𝑅𝐴 also generates a provisional temporary identification
(trusted entity), its secret key number for 𝐸 𝑆𝑗 as 𝑇 𝐼 𝑁𝐸 𝑆𝑗 , and a secret primary key for 𝐸 𝑆𝑗 and
and its pseudo-identity, respectively
cloud server 𝐶 𝑆𝑘 as 𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘 . Here, it is important to mention
𝑘𝐷𝐸𝑖 , 𝑘𝐸 𝑆𝑗 Private keys 𝐷𝐸𝑖 and 𝐸 𝑆𝑗
𝑆 𝑁𝑅𝐴 , 𝑆 𝑁𝐷𝐸𝑖 and 𝑆 𝑁𝐸 𝑆𝑗 The secret numbers of
that 𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘 are distinct for different ground station servers
𝑅𝐴, 𝐷𝐸𝑖 and 𝐸 𝑆𝑗 , respectively and cloud server. Then 𝑅𝐴 stores the registration information of
𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗 primary secret key of both 𝐷𝐸𝑖 and 𝐸 𝑆𝑗 registered 𝐷𝐸𝑖 and its own information in its database/memory.
𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘 primary secret key of both 𝐸 𝑆𝑗 and 𝐶 𝑆𝑘 • RSES2: Finally, 𝐸 𝑆𝑗 contains {{(𝑇 𝐼 𝐷𝐷𝐸𝑖 , 𝑅𝐼 𝐷𝐷𝐸𝑖 ) |𝑖 = 1, 2, …,
𝑇𝑥 Different timestamp values used 𝑛𝐷𝐸 }, 𝑇 𝐼 𝑁𝐸 𝑆𝑗 , 𝑅𝐼 𝐷𝐸 𝑆𝑗 , 𝑇 𝐶𝐸 𝑆𝑗 , (𝑀 𝑆𝐷𝐸1 𝐸 𝑆𝑗 , 𝑀 𝑆𝐷𝐸2 𝐸 𝑆𝑗 …,
𝑟𝑠𝑥 Different random secret values used
𝑀 𝑆𝐷𝐸𝑛 𝐸 𝑆𝑗 ), 𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘 , (⋅)} in the region of its secured
𝛥𝑇 The allowed delay value to 𝐷𝐸
mitigate replay attack database, where 𝑛𝐷𝐸 represents the entire quantity of drones
(⋅) Cryptographic one-way hash deployed under ground station server 𝐸 𝑆𝑗 .
function utilized
𝑆 𝐾𝑎𝑖 ,𝑏𝑗 The session key obtained and established The registration phase of ground station server 𝐸 𝑆𝑗 is given in Table 3.
in between entities 𝑎𝑖 and 𝑏𝑗
∥ A concatenation computation
⊕ A bitwise exclusive-OR (𝑋 𝑂𝑅) computation
4.1.3. Registration of 𝐶 𝑆𝑘
The subsequent process is employed to register cloud server 𝐶 𝑆𝑘 .
key management phase. The cloud servers are the part of peer-to- • RSCS1: First 𝑅𝐴 chooses the secret key and secret number of
peer server network and does the task of blockchain implementation. 𝐶 𝑆𝑘 as 𝑘𝐶 𝑆𝑘 and 𝑆 𝑁𝐶 𝑆𝑘 . Then 𝑅𝐴 chooses its identity as 𝐼 𝐷𝐶 𝑆𝑘 .
Some of the cloud servers are also the miner nodes of the network and Further, it calculates the pseudo identity of 𝐶 𝑆𝑘 as 𝑅𝐼 𝐷𝐶 𝑆𝑘 =
(𝑅𝐼 𝐷𝑅𝐴 ∥𝐼 𝐷𝐶 𝑆𝑘 ∥𝑘𝑅𝐴 ∥𝑘𝐶 𝑆𝑘 ∥𝑆 𝑁𝐶 𝑆𝑘 ) and temporal credentials
perform the task of blockchain mining with the help of the consensus
parameter as 𝑇 𝐶𝐶 𝑆𝑘 = (𝑅𝐼 𝐷𝑅𝐴 ∥𝐼 𝐷𝐶 𝑆𝑘 ∥𝑘𝑅𝐴 ∥𝑘𝐶 𝑆𝑘 ∥𝑆 𝑁𝐶 𝑆𝑘
algorithm.
∥𝑅𝑇 𝑆𝐶 𝑆𝑘 ), where 𝑅𝑇 𝑆𝐶 𝑆𝑘 is the registration timestamp value of
The details of the used notations are provided in Table 1 The
𝐶 𝑆𝑘 .
following is a concise overview of the phases.
• RSCS2: Finally, 𝐶 𝑆𝑘 contains {{(𝑇 𝐼 𝑁𝐸 𝑆𝑗 , 𝑅𝐼 𝐷𝐸 𝑆𝑗 ) |𝑗 = 1, 2, …,
𝑛𝐸 𝑆 }, 𝑅𝐼 𝐷𝐶 𝑆𝑘 , 𝑇 𝐶𝐶 𝑆𝑘 , (𝑀 𝑆𝐸 𝑆1 𝐶 𝑆𝑘 , 𝑀 𝑆𝐸 𝑆2 𝐶 𝑆𝑘 , …,
4.1. Registration phase
𝑀 𝑆𝐸 𝑆𝑛 𝐶 𝑆𝑘 ), (⋅)} in its secured database, where 𝑛𝐸 𝑆 is the
𝐸𝑆
total number of ground station servers deployed under cloud
In this phase, the registration authority (𝑅𝐴) is tasked with regis-
server 𝐶 𝑆𝑘 .
tering the entities, which comprise the drone (𝐷𝐸𝑖 ), the ground station
server (𝐸 𝑆𝑗 ), and the cloud server (𝐶 𝑆𝑘 ). Comprehensive information The registration phase of cloud server 𝐶 𝑆𝑘 is provided in Table 4.
is provided here.
4.2. Authentication phase
4.1.1. Registration of drone 𝐷𝐸𝑖
The drone 𝐷𝐸𝑖 s registration is performed as follows. This section provides a detailed description of the mutual authenti-
cation and key establishment mechanism between a drone (𝐷𝐸𝑖 ) and
• RSDI1: Initially, 𝑅𝐴 designates 𝑆 𝑁𝑅𝐴 as its confidential (secret) its associated ground station server (𝐸 𝑆𝑗 ). The following steps need to
number and 𝑘𝑅𝐴 as its confidential key. The pseudo identity is be executed:
subsequently computed as follows: 𝑅𝐼 𝐷𝑅𝐴 = (𝐼 𝐷𝑅𝐴 ∥𝑆 𝑁𝑅𝐴
• AKDDE1: The drone 𝐷𝐸𝑖 produces a new timestamp value repre-
∥𝑘𝑅𝐴 ). Subsequently, it designates 𝐼 𝐷𝐷𝐸𝑖 as the identifier for
sented as 𝑇1 and a random secret value denoted as 𝑟𝑠1 . Further, it
𝐷𝐸𝑖 , 𝑘𝐷𝐸𝑖 as the confidential key, and 𝑆 𝑁𝐷𝐸𝑖 as the confidential
estimates some values as 𝑀1 = (𝑅𝐼 𝐷𝐷𝐸𝑖𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 ) ⊕
number. The pseudo identity of 𝐷𝐸𝑖 is then calculated by 𝑅𝐴 as
(𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 ) and 𝑀2 = ((𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥
𝑅𝐼 𝐷𝐷𝐸𝑖 = (𝑅𝐼 𝐷𝑅𝐴 ∥𝐼 𝐷𝐷𝐸𝑖 ∥𝑘𝑅𝐴 ∥𝑘𝐷𝐸𝑖 ∥𝑆 𝑁𝐷𝐸𝑖 ). It calculates
𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 )∥ 𝑅𝐼 𝐷𝐷𝐸𝑖𝑇1 ). It then sends message 𝑀 𝑆 𝐺1
the temporal credentials parameter of 𝐷𝐸𝑖 using the formula
= {𝑇 𝐼 𝐷𝐷𝐸𝑖 , 𝑀1 , 𝑀2 , 𝑇1 } to 𝐸 𝑆𝑗 through open channel, which
𝑇 𝐶𝐷𝐸𝑖 = (𝑅𝐼 𝐷𝑅𝐴 ∥𝐼 𝐷𝐷𝐸𝑖 ∥𝑘𝑅𝐴 ∥𝑘𝐷𝐸𝑖 ∥𝑆 𝑁𝐷𝐸𝑖 ∥𝑅𝑇 𝑆𝐷𝐸𝑖 ), where
is insecure in nature.
𝑅𝑇 𝑆𝐷𝐸𝑖 is the registration timestamp value of 𝐷𝐸𝑖 . It generates
• AKDDE2: At the arrival of 𝑀 𝑆 𝐺1 , 𝐸 𝑆𝑗 checks condition |𝑇1 𝑇1 |
𝑇 𝐼 𝐷𝐷𝐸𝑖 as a provisional temporary identity for 𝐷𝐸𝑖 . The reg-
≤ 𝛥𝑇 , where the maximum transmission delay is given by
istration data has subsequently been stored in the memory of
𝛥𝑇 and 𝑇1 is receiving time of 𝑀 𝑆 𝐺1 . Here, it is important
𝐷𝐸𝑖 .
to say that 𝛥𝑇 also denotes the expected time interval for the
• RSDI2: Finally, 𝐷𝐸𝑖 stores values {𝑇 𝐼 𝐷𝐷𝐸𝑖 , 𝑅𝐼 𝐷𝐷𝐸𝑖 , 𝑇 𝐶𝐷𝐸𝑖 , transmission delay/preset acceptable delay threshold value. If
𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗 , (.)}. Here, it is important to mention that the condition holds, 𝐸 𝑆𝑗 then fetches the values of 𝑅𝐼 𝐷𝐷𝐸𝑖
𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗 is the primary secret key of both 𝐷𝐸𝑖 and 𝐸 𝑆𝑗 , this and 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗 from its memory which is corresponding to
key distinct for different drones. As we have different deployed the received 𝑇 𝐼 𝐷𝐷𝐸𝑖 . After that 𝐸 𝑆𝑗 computes (𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥
𝐷𝐸𝑖 , where 𝑖 = 1, 2, …, 𝑛𝐷𝐸 , and 𝑛𝐷𝐸 is the number of deployed 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 ) = 𝑀1 ⊕ (𝑅𝐼 𝐷𝐷𝐸𝑖𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 ). After 𝐸 𝑆𝑗
drones. computes 𝑀2 = ((𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 )∥ 𝑅𝐼 𝐷𝐷𝐸𝑖
The above drone registration phase is also given in Table 2. 𝑇1 ). Then it checks if 𝑀2 = 𝑀2 ? If it matches then 𝐷𝐸𝑖 is
5
M. Wazid et al. Journal of Systems Architecture 160 (2025) 103365
Table 2
Registration phase of drone 𝐷𝐸𝑖 .
𝑅𝐴 𝐷 𝐸𝑖
Generate 𝑆 𝑁𝑅𝐴 &𝑘𝑅𝐴 .
Compute 𝑅𝐼 𝐷𝑅𝐴 = (𝐼 𝐷𝑅𝐴 ∥𝑆 𝑁𝑅𝐴 ∥𝑘𝑅𝐴 ).
Generate 𝐼 𝐷𝐷𝐸𝑖 for 𝐷𝐸𝑖 ,
Generate 𝑘𝐷𝐸𝑖 &𝑆 𝑁𝐷𝐸𝑖 for 𝐷𝐸𝑖
Compute 𝑅𝐼 𝐷𝐷𝐸𝑖 = (𝑅𝐼 𝐷𝑅𝐴 ∥𝐼 𝐷𝐷𝐸𝑖 ∥𝑘𝑅𝐴 ∥𝑘𝐷𝐸𝑖 ∥𝑆 𝑁𝐷𝐸𝑖 ),
𝑇 𝐶𝐷𝐸𝑖 = (𝑅𝐼 𝐷𝑅𝐴 ∥𝐼 𝐷𝐷𝐸𝑖 ∥𝑘𝑅𝐴 ∥𝑘𝐷𝐸𝑖 ∥𝑆 𝑁𝐷𝐸𝑖 ∥𝑅𝑇 𝑆𝐷𝐸𝑖 ).
Generate 𝑇 𝐼 𝐷𝐷𝐸𝑖
Store {𝑇 𝐼 𝐷𝐷𝐸𝑖 , 𝑅𝐼 𝐷𝐷𝐸𝑖 , 𝑇 𝐶𝐷𝐸𝑖 , 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗 , (.)}.
Table 3
Registration phase of ground station server 𝐸 𝑆𝑗 .
𝑅𝐴 𝐸 𝑆𝑗
Generate 𝑘𝐸 𝑆𝑗 , 𝑆 𝑁𝐸 𝑆𝑗 &𝐼 𝐷𝐸 𝑆𝑗 for 𝐸 𝑆𝑗 .
Compute 𝑅𝐼 𝐷𝐸 𝑆𝑗 = (𝑅𝐼 𝐷𝑅𝐴 ∥𝐼 𝐷𝐸 𝑆𝑗 ∥𝑘𝑅𝐴 ∥𝑘𝐸 𝑆𝑗 ∥𝑆 𝑁𝐸 𝑆𝑗 ),
𝑇 𝐶𝐸 𝑆𝑗 = (𝑅𝐼 𝐷𝑅𝐴 ∥𝐼 𝐷𝐸 𝑆𝑗 ∥𝑘𝑅𝐴 ∥𝑘𝐸 𝑆𝑗 ∥𝑆 𝑁𝐸 𝑆𝑗 ∥𝑅𝑇 𝑆𝐸 𝑆𝑗 ).
Generate 𝑇 𝐼 𝑁𝐸 𝑆𝑗 &𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘 .
Store {{(𝑇 𝐼 𝐷𝐷𝐸 𝑖 , 𝑅𝐼 𝐷𝐷𝐸 𝑖 )|𝑖 = 1, 2, … , 𝑛𝐷𝐸 }, 𝑇 𝐼 𝑁 𝐸 𝑆 𝑗 , 𝑅𝐼 𝐷𝐸 𝑆 𝑗 ,
𝑇 𝐶 𝐸 𝑆 𝑗 , (𝑀 𝑆 𝐷𝐸 1 𝐸 𝑆 𝑗 , 𝑀 𝑆 𝐷𝐸 2 𝐸 𝑆 𝑗 ⋯ , 𝑀 𝑆 𝐷𝐸 𝑛 𝐸 𝑆 𝑗 ), 𝑀 𝑆 𝐸 𝑆 𝑗 𝐶 𝑆 𝑘 , (⋅)}
𝐷𝐸
Table 4
Registration phase of cloud server 𝐶 𝑆𝑘 .
𝑅𝐴 𝐶 𝑆𝑘
Generate 𝑘𝐶 𝑆𝑘 , 𝑆 𝑁𝐶 𝑆𝑘 &𝐼 𝐷𝐶 𝑆𝑘 for 𝐶 𝑆𝑘 .
Compute 𝑅𝐼 𝐷𝐶 𝑆𝑘 = (𝑅𝐼 𝐷𝑅𝐴 ∥𝐼 𝐷𝐶 𝑆𝑘 ∥𝑘𝑅𝐴 ∥𝑘𝐶 𝑆𝑘 ∥𝑆 𝑁𝐶 𝑆𝑘 ),
𝑇 𝐶𝐶 𝑆𝑘 = (𝑅𝐼 𝐷𝑅𝐴 ∥𝐼 𝐷𝐶 𝑆𝑘 ∥𝑘𝑅𝐴 ∥𝑘𝐶 𝑆𝑘 ∥𝑆 𝑁𝐶 𝑆𝑘 ∥𝑅𝑇 𝑆𝐶 𝑆𝑘 ).
Store {{(𝑇 𝐼 𝑁𝐸 𝑆𝑗 , 𝑅𝐼 𝐷𝐸 𝑆𝑗 )|𝑗 = 1, 2, … , 𝑛𝐸 𝑆 }, 𝑅𝐼 𝐷𝐶 𝑆𝑘 ,
𝑇 𝐶𝐶 𝑆𝑘 , (𝑀 𝑆𝐸 𝑆1 𝐶 𝑆𝑘 , 𝑀 𝑆𝐸 𝑆2 𝐶 𝑆𝑘 , … , 𝑀 𝑆𝐸 𝑆𝑛 𝐶 𝑆𝑘 ), (⋅)}
𝐸𝑆
authenticated with 𝐸 𝑆𝑗 . Further, 𝐸 𝑆𝑗 produces a new timestamp
Table 5 offers a succinct overview of the authentication and key
value represented as 𝑇2 and a random secret value denoted as
establishment mechanism. The above employed method provides the
𝑟𝑠2 . It then computes 𝑀3 = (𝑅𝐼 𝐷𝐷𝐸𝑖𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇2 ) ⊕
protection of the communication channel between drones and ground
(𝑅𝐼 𝐷𝐸 𝑆𝑗𝑇 𝐶𝐸 𝑆𝑗𝑟𝑠2 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇2 ) and a session key
stations from external influences and interception of information. This
𝑆 𝐾𝐸 𝑆𝑗 ,𝐷𝐸𝑖 = ((𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 )∥ (𝑅𝐼 𝐷𝐸 𝑆𝑗
is because the initially the channel between 𝐷𝐸𝑖 and 𝐸 𝑆𝑗 is insecure.
𝑇 𝐶𝐸 𝑆𝑗𝑟𝑠2 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇2 )∥ 𝑇1 ∥ 𝑇2 ∥ 𝑅𝐼 𝐷𝐷𝐸𝑖𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗 ).
However, after the mutual authentication between 𝐷𝐸𝑖 and 𝐸 𝑆𝑗 , both
After that it computes 𝑀4 = (𝑆 𝐾𝐸 𝑆𝑗 ,𝐷𝐸𝑖𝑇1 ∥ 𝑇2 ∥ 𝑅𝐼 𝐷𝐷𝐸𝑖 ).
𝑛𝑒𝑤 and
the entities 𝐷𝐸𝑖 and 𝐸 𝑆𝑗 are able to establish a common session key
It generates a new temporary identity for 𝐸 𝑆𝑗 as 𝑇 𝐼 𝐷𝐷
𝑛𝑒𝑤
𝐸𝑖 𝑆 𝐾𝐷𝐸𝑖 ,𝐸 𝑆𝑗 (= 𝑆 𝐾𝐸 𝑆𝑗 ,𝐷𝐸𝑖 ) which can now be used for encrypting the
computes 𝑀5 = 𝑇 𝐼 𝐷𝐷𝐸((𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 )∥
𝑖 data exchanged between them. In that way, no adversaries will be able
𝑅𝐼 𝐷𝐷𝐸𝑖𝑇2 ). 𝐸 𝑆𝑗 then sends message 𝑀 𝑆 𝐺2 = {𝑀3 , 𝑀4 , 𝑀5 ,
to tamper with the data because the data is already being encrypted
𝑇2 } to 𝐷𝐸𝑖 through open channel.
with the established session key which is unknown to the adversary. For
• AKDDE3: At the arrival of 𝑀 𝑆 𝐺2 , 𝐷𝐸𝑖 checks condition |𝑇2 𝑇2 | protecting a communication channel from unauthorized access, we use
≤ 𝛥𝑇 , where 𝑇2 is receiving time of 𝑀 𝑆 𝐺2 . If it matches the Advanced Encryption Standard (AES-256) symmetric encryption
then 𝐷𝐸𝑖 compute (𝑅𝐼 𝐷𝐸 𝑆𝑗𝑇 𝐶𝐸 𝑆𝑗𝑟𝑠2 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇2 ) for reducing the computational time required for a drone.
= 𝑀3 ⊕ (𝑅𝐼 𝐷𝐷𝐸𝑖 ∥𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇2 ). After that 𝐷𝐸𝑖 calculates
the session key as 𝑆 𝐾𝐷𝐸𝑖 ,𝐸 𝑆𝑗 = ((𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗 ∥ 4.3. Key management phase
𝑇1 )∥ (𝑅𝐼 𝐷𝐸 𝑆𝑗𝑇 𝐶𝐸 𝑆𝑗𝑟𝑠2 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇2 )∥ 𝑅𝐼 𝐷𝐷𝐸𝑖𝑇1 ∥
𝑇2 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗 ) and 𝑀4 = (𝑆 𝐾𝐸 𝑆𝑗 ,𝐷𝐸𝑖𝑇1 ∥ 𝑇2 ∥ 𝑅𝐼 𝐷𝐷𝐸𝑖 ). It This procedure is conducted to manage the keys shared by 𝐸 𝑆𝑗 and
then checks condition 𝑀4 = 𝑀4 ? If it matches, 𝐸 𝑆𝑗 is authen- 𝐶 𝑆𝑘 . Upon the successful conclusion of this process, 𝐸 𝑆𝑗 and 𝐶 𝑆𝑘 will
ticated with 𝐷𝐸𝑖 and computed session key by 𝐷𝐸𝑖 is correct. securely transmit their data using the specifically generated session key
𝐷𝐸𝑖 then computes its new temporary identity as 𝑇 𝐼 𝐷𝐷 𝑛𝑒𝑤 =
𝐸𝑖 𝑆 𝐾𝐸 𝑆𝑗 ,𝐶 𝑆𝑘 .
𝑀5 ⊕ ((𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 )∥ 𝑅𝐼 𝐷𝐷𝐸𝑖𝑇2 ). Further,
it computes a session key verifier by generating another fresh • AKDEC1: 𝐸 𝑆𝑗 starts communication and produces a new times-
timestamp value 𝑇3 , which is 𝑀6 = (𝑆 𝐾𝐷𝐸𝑖 ,𝐸 𝑆𝑗𝑇3 ). Here it is tamp value represented as 𝑇 𝑆1 and a random secret value denoted
important to mention that 𝑀6 is a session key verifier, with the as 𝑅𝑆1 . Then, it computes 𝑚1 = (𝑇 𝐶𝐸 𝑆𝑗𝑅𝑆1 ∥ 𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘
help of 𝑀6 , 𝐸 𝑆𝑗 can check whether 𝐷𝐸𝑖 has computed the correct 𝑇 𝑆1 )⊕ (𝑅𝐼 𝐷𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆1 ) and 𝑚2 = ((𝑅𝑆1 ∥ 𝑇 𝐶𝐸 𝑆𝑗
session key or not. After that 𝐷𝐸𝑖 sends message 𝑀 𝑆 𝐺3 = {𝑀6 , 𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆1 )∥ 𝑅𝐼 𝐷𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆1 ). After these
𝑇3 } to 𝐸 𝑆𝑗 through open channel. many computations 𝐸 𝑆𝑗 sends message 𝑚𝑠𝑔1 = {𝑇 𝐼 𝑁𝐸 𝑆𝑗 , 𝑚1 , 𝑚2 ,
• AKDDE4: At the arrival of 𝑀 𝑆 𝐺3 , 𝐸 𝑆𝑗 checks condition |𝑇3 𝑇3 | 𝑇 𝑆1 } to 𝐶 𝑆𝑘 through the open channel.
≤ 𝛥𝑇 , where 𝑇3 is receiving time of 𝑀 𝑆 𝐺3 . If it holds 𝐸 𝑆𝑗 • AKDEC2: At the arrival of 𝑚𝑠𝑔1 , 𝐶 𝑆𝑘 checks condition
computes 𝑀6 = (𝑆 𝐾𝐸 𝑆𝑗 ,𝐷𝐸𝑖𝑇3 ) and checks a condition 𝑀6 |𝑇 𝑆1 𝑇 𝑆1 | ≤ 𝛥𝑇 , where 𝑇 𝑆1 is receiving time of 𝑚𝑠𝑔1 . If it
= 𝑀6 ? In the event of a match, 𝐸 𝑆𝑗 presumes that the session satisfies, then 𝐶 𝑆𝑘 fetches 𝑅𝐼 𝐷𝐸 𝑆𝑗 , and 𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘 correspond-
key generated by 𝐷𝐸𝑖 is correct. In the following phase, both ing to received 𝑇 𝐼 𝑁𝐸 𝑆𝑗 . Then, 𝐶 𝑆𝑘 computes (𝑅𝑆1 ∥ 𝑇 𝐶𝐸 𝑆𝑗
𝐷𝐸𝑖 and 𝐸 𝑆𝑗 establish the session key 𝑆 𝐾𝐷𝐸𝑖 ,𝐸 𝑆𝑗 (= 𝑆 𝐾𝐸 𝑆𝑗 ,𝐷𝐸𝑖 ) 𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆1 ) = 𝑚1 ⊕ (𝑅𝐼 𝐷𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘 ∥𝑇 𝑆1 ) and 𝑚2
to facilitate the secure transmission of their data. = ((𝑟𝑠1 ∥ 𝑇 𝐶𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆1 )∥ 𝑅𝐼 𝐷𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘
6
M. Wazid et al. Journal of Systems Architecture 160 (2025) 103365
Table 5
Authentication and key establishment between 𝐷𝐸𝑖 and 𝐸 𝑆𝑗 .
𝐷 𝐸𝑖 𝐸 𝑆𝑗
Generate 𝑟𝑠1 &𝑇1 .
Compute
𝑀1 = (𝑅𝐼 𝐷𝐷𝐸𝑖𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 ) ⊕ (𝑇 𝐶𝐷𝐸𝑖
𝑟𝑠1 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 )
𝑀2 = ((𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 )∥ 𝑅𝐼 𝐷𝐷𝐸𝑖𝑇1 ).
𝑀 𝑆 𝐺1 = {𝑇 𝐼 𝐷𝐷𝐸𝑖 , 𝑀1 , 𝑀2 , 𝑇1 }
⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖
(via open channel) ⃗
Check if |𝑇1 𝑇1 | ≤ 𝛥𝑇 ? If so
Fetch 𝑅𝐼 𝐷𝐷𝐸𝑖 &𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗
Compute
(𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 )
= 𝑀1 ⊕ (𝑅𝐼 𝐷𝐷𝐸𝑖𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 ).
𝑀2 = ((𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 )∥ 𝑅𝐼 𝐷𝐷𝐸𝑖𝑇1 ).
Check if 𝑀2 = 𝑀2 ? If so,
generate 𝑇2 &𝑟𝑠2
Compute
𝑀3 = (𝑅𝐼 𝐷𝐷𝐸𝑖𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇2 )
⊕ℎ(𝑅𝐼 𝐷𝐸 𝑆𝑗𝑇 𝐶𝐸 𝑆𝑗𝑟𝑠2 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇2 )
𝑆 𝐾𝐸 𝑆𝑗 ,𝐷𝐸𝑖 = ((𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 )∥
(𝑅𝐼 𝐷𝐸 𝑆𝑗𝑇 𝐶𝐸 𝑆𝑗
𝑟𝑠2 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇2 )∥ 𝑇1 ∥ 𝑇2 ∥ 𝑅𝐼 𝐷𝐷𝐸𝑖𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗 ).
𝑀4 = (𝑆 𝐾𝐸 𝑆𝑗 ,𝐷𝐸𝑖𝑇1 ∥ 𝑇2 ∥ 𝑅𝐼 𝐷𝐷𝐸𝑖 ).
𝑛𝑒𝑤
Generate 𝑇 𝐼 𝐷𝐷 𝐸𝑖
Compute
𝑛𝑒𝑤
𝑀5 = 𝑇 𝐼 𝐷𝐷 𝐸𝑖
((𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥
𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 )∥ 𝑅𝐼 𝐷𝐷𝐸𝑖𝑇2 ).
𝑀 𝑆 𝐺2 = {𝑀3 , 𝑀4 , 𝑀5 , 𝑇2 }
⃖(via
⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖
open channel)
Check |𝑇2 𝑇2 | ≤ 𝛥𝑇 ? If so,compute
(𝑅𝐼 𝐷𝐸 𝑆𝑗𝑇 𝐶𝐸 𝑆𝑗𝑟𝑠2 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇2 )
= 𝑀3 ⊕ (𝑅𝐼 𝐷𝐷𝐸𝑖𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇2 ),
𝑆 𝐾𝐷𝐸𝑖 ,𝐸 𝑆𝑗 = ((𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 )∥ (𝑅𝐼 𝐷𝐸 𝑆𝑗
𝑇 𝐶𝐸 𝑆𝑗𝑟𝑠2 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇2 )∥ 𝑅𝐼 𝐷𝐷𝐸𝑖𝑇1 ∥ 𝑇2 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗 ),
𝑀4 = (𝑆 𝐾𝐸 𝑆𝑗 ,𝐷𝐸𝑖𝑇1 ∥ 𝑇2 ∥ 𝑅𝐼 𝐷𝐷𝐸𝑖 ).
Check if 𝑀4 = 𝑀4 ? If so, compute
𝑛𝑒𝑤
𝑇 𝐼 𝐷𝐷 𝐸𝑖
= 𝑀5 ⊕ ((𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥
𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 )∥ 𝑅𝐼 𝐷𝐷𝐸𝑖𝑇2 ).
Generate 𝑇3 & compute
𝑀6 = (𝑆 𝐾𝐷𝐸𝑖 ,𝐸 𝑆𝑗𝑇3 ).
𝑀 𝑆 𝐺3 = {𝑀6 , 𝑇3 }
⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖⃖
(via open channel) ⃗
Check |𝑇3 𝑇3 | ≤ 𝛥𝑇 ? If so,
compute 𝑀6 = (𝑆 𝐾𝐸 𝑆𝑗 ,𝐷𝐸𝑖𝑇3 )
Check 𝑀6 = 𝑀6 ? If so,
Store session key 𝑆 𝐾𝐷𝐸𝑖 ,𝐸 𝑆𝑗 store session key 𝑆 𝐾𝐸 𝑆𝑗 ,𝐷𝐸𝑖
𝑇 𝑆1 ). Next, it checks 𝑚2 = 𝑚2 ? In case, if it holds, 𝐶 𝑆𝑘 produces 𝑇 𝑆2 ) and updates 𝑇 𝐼 𝑁𝐸𝑛𝑒𝑤 𝑆𝑗
with odd 𝑇 𝐼 𝑁𝐸 𝑆𝑗 in its database for
a new timestamp value represented as 𝑇 𝑆2 and a random secret future use. Then, it generates another fresh timestamp value as
value denoted as 𝑅𝑆2 . After that, it computes 𝑚3 = (𝑅𝑆2 ∥ 𝑇 𝑆3 and computes 𝑚6 = (𝑆 𝐾𝐸 𝑆𝑗 ,𝐶 𝑆𝑘𝑇 𝑆3 ) and sends message
𝑇 𝐶𝐶 𝑆𝑘𝑀 𝑆𝐸 𝑆𝑗 𝐸 𝑆𝑗𝑇 𝑆2 ) ⊕ (𝑅𝐼 𝐷𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆1 ∥𝑇 𝑆2 ) 𝑚𝑠𝑔3 = {𝑚6 , 𝑇 𝑆3 } to 𝐶 𝑆𝑘 via open channel.
and a session key as 𝑆 𝐾𝐶 𝑆𝑘 ,𝐸 𝑆𝑗 = ((𝑅𝑆2 ∥ 𝑇 𝐶𝐶 𝑆𝑘𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘 ∥ • AKDEC4: At the arrival of 𝑚𝑠𝑔3 , 𝐶 𝑆𝑘 checks condition
𝑇 𝑆2 )∥ (𝑅𝑆1 ∥ 𝑇 𝐶𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆1 )∥ 𝑅𝐼 𝐷𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘 ∥ |𝑇 𝑆3 𝑇 𝑆3 | ≤ 𝛥𝑇 , where 𝑇 𝑆3 is receiving time of 𝑚𝑠𝑔3 , if it
𝑇 𝑆1 ∥ 𝑇 𝑆2 ). Again, it computes 𝑚4 = (𝑆 𝐾𝐶 𝑆𝑘 ,𝐸 𝑆𝑗𝑅𝐼 𝐷𝐸 𝑆𝑗 ∥ holds then 𝐶 𝑆𝑘 computes 𝑚6 = (𝑆 𝐾𝐸 𝑆𝑗 ,𝐶 𝑆𝑘𝑇 𝑆3 ) and checks
𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆2 ) and generates a new temporary identifica- 𝑚6 = 𝑚6 ? If it matches 𝐶 𝑆𝑘 assumes that 𝐸 𝑆𝑗 has computed the
tion number for 𝐸 𝑆𝑗 as 𝑇 𝐼 𝑁𝐸𝑛𝑒𝑤 𝑆𝑘
. After that 𝐶 𝑆𝑘 computes 𝑚5 correct session key. After that, both 𝐸 𝑆𝑗 and 𝐶 𝑆𝑘 establish session
= 𝑇 𝐼 𝑁𝐸𝑛𝑒𝑤𝑆𝑗
(𝑅𝐼 𝐷 𝐸 𝑆𝑗
(𝑅𝑆1 ∥ 𝑇 𝐶𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆1 )∥ key 𝑆 𝐾𝐸 𝑆𝑗 ,𝐶 𝑆𝑘 (= 𝑆 𝐾𝐶 𝑆𝑘 ,𝐸 𝑆𝑗 ) for their secure data transmission.
𝑇 𝑆2 ). After these many computations, 𝐶 𝑆𝑘 sends message 𝑚𝑠𝑔2
= {𝑚3 , 𝑚4 , 𝑚5 , 𝑇 𝑆2 } to 𝐸 𝑆𝑗 through the open channel.
4.4. Dynamic device addition phase
• AKDEC3: At the arrival of 𝑚𝑠𝑔2 , 𝐸 𝑆𝑗 checks condition
|𝑇 𝑆2 𝑇 𝑆2 | ≤ 𝛥𝑇 , where 𝑇 𝑆2 is receiving time of 𝑚𝑠𝑔2 , if In this phase, we provide the facility of addition of a new drone to
it holds then 𝐸 𝑆𝑗 compute (𝑅𝑆2 ∥ 𝑇 𝐶𝐶 𝑆𝑘𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆2 ) the network. If we do not provide this phase, a new device (i.e., drone)
= 𝑚3 ⊕ (𝑅𝐼 𝐷𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆1 ∥𝑇 𝑆2 ) and the session cannot be added to the network. However, this procedure is essentially
key 𝑆 𝐾𝐸 𝑆𝑗 ,𝐶 𝑆𝑘 = ((𝑅𝑆2 ∥ 𝑇 𝐶𝐶 𝑆𝑘𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆2 )∥ (𝑅𝑆1 ∥ needed especially when we do the expansion of the network or the
𝑇 𝐶𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆1 )∥ 𝑅𝐼 𝐷𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆1 ∥ 𝑇 𝑆2 ). It requirements of the users increase even in the case of physical drones
again computes 𝑚4 = (𝑆 𝐾𝐸 𝑆𝑗 ,𝐶 𝑆𝑘𝑅𝐼 𝐷𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆2 ). capture attack by an adversary. It can be done using the following steps.
Then, it checks if 𝑚4 = 𝑚4 ? If it matches, the computed session
key by 𝐸 𝑆𝑗 is considered to be correct. Further, 𝐸 𝑆𝑗 computes • DDA1: 𝑅𝐴 chooses identity for 𝐷𝐸𝑖𝜈 as 𝐼 𝐷𝐷𝜈 , its secret key
𝐸𝑖
𝑇 𝐼 𝑁𝐶𝑛𝑒𝑤
𝑆
= 𝑚5 ⊕ (𝑅𝐼 𝐷𝐸 𝑆𝑗(𝑅𝑆2 ∥ 𝑇 𝐶𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆1 )∥ as 𝑘𝜈𝐷𝐸 and its secret number as 𝑆 𝑁𝐷
𝜈 . 𝑅𝐴 further
𝐸
computes
𝑘 𝑖 𝑖
7
M. Wazid et al. Journal of Systems Architecture 160 (2025) 103365
the pseudo identity of 𝐷𝐸𝑖𝜈 as 𝑅𝐼 𝐷𝐷 𝜈
𝐸𝑖
= (𝑅𝐼 𝐷𝑅𝐴 ∥𝐼 𝐷𝐷 𝜈
𝐸𝑖
For the better understanding of the readers, the proposed BAKMM-
∥𝑘𝑅𝐴 ∥𝑘𝜈𝐷𝐸 ∥𝑆 𝑁𝐷 𝜈 ). It again computes the
𝐸𝑖
temporal credentials IoD is also explained through a process flow diagram, which is depicted
𝑖
𝜈 𝜈 𝜈
value of 𝐷𝐸𝑖 as 𝑇 𝐶𝐷𝐸 = (𝑅𝐼 𝐷𝑅𝐴 ∥𝐼 𝐷𝐷𝐸 ∥𝑘𝑅𝐴 ∥𝑘𝐷𝐸 ∥𝑆 𝑁𝐷𝐸 𝜈 𝜈 in Fig. 2. It provides the details of various activities and processes
∥𝑅𝑇 𝑆𝐷 𝜈 ), where 𝑅𝑇 𝑆𝑖 𝜈 𝑖 𝑖
is the registration timestamp value of
𝑖
𝐸𝑖 𝐷𝐸𝑖
of the proposed scheme. The activities like registration of drone, reg-
𝜈
𝐷𝐸𝑖 . It again generates a temporary identity for 𝐷𝐸𝑖 as 𝑇 𝐼 𝐷𝐷𝐸 . 𝜈
istration of ground station server, and registration of cloud server
𝑖
Then, the registration information has been stored in the memory are highlighted. After that, there is the execution of authentication
of 𝐷𝐸𝑖𝜈 . and key establishment between the drone and ground station server.
• DDA2: Finally, 𝐷𝐸𝑖𝜈 stores values {𝑇 𝐼 𝐷𝐷 𝜈 , 𝑅𝐼 𝐷𝜈 , 𝑇 𝐶 𝜈 ,
𝐸𝑖 𝐷𝐸𝑖 𝐷𝐸𝑖
Further, there is the execution of key management between the ground
𝑀 𝑆𝐷 𝜈 , (.)}. Here, it is important to mention that station server and cloud server. After that, there is the execution of the
𝐸𝑖 𝐸 𝑆𝑗
𝑀 𝑆𝐷 𝜈 is the primary secret key of both 𝐷𝐸𝑖𝜈 and 𝐸 𝑆𝑗 , this blockchain formation phase.
𝐸𝑖 𝐸 𝑆𝑗
key distinct for different drones. 𝑅𝐴 also shares the registration
information of 𝐷𝐸𝑖𝜈 with the deployed 𝐸 𝑆𝑗 s in a secure way. Remark 1. Here, we provide the importance of using the blockchain
technology instead of using a strong public-key encryption algorithm,
like RSA-2048 or others, for storing the encrypted data in a semi-trusted
4.5. Blockchain implementation phase cloud environment. In fact, Mitra et al. [38] interestingly investigated
the impact on blockchain-based artificial intelligence (AI)/machine
During this step, we present the specifics of the blockchain. It is a learning (ML)-enabled big data analytics for cognitive IoT environ-
significant phase of the proposed mechanism. Note that Elliptic Curve
ment. They argued that data poisoning attacks are a serious concern
Cryptography (ECC) encryption is used to encrypt a transaction in a
when the data is simply stored in semi-trusted cloud storage in place
block with the help of the public key 𝐾 𝑈𝐸 𝑆𝑗 of the respective ground
of the blockchain, because they can significantly impact businesses
station server (𝐸 𝑆𝑗 ) so that only 𝐸 𝑆𝑗 can decrypt the data using its
and organizations, both financially and in terms of their reputation,
own private key. In this case, since block verification involves the veri-
particularly when the big data analytics rely on corrupted data. Their
fication of signature present in a block using the Elliptic Curve Digital
comprehensive experimental results illustrate the impact of data poi-
Signature Algorithm (ECDSA) for signature verification, we have ap-
soning attacks on an ML model when data is stored in cloud storage
plied the public-key based ECC encryption for protection of transactions
(i.e., outside of blockchain) versus in a blockchain (i.e., without data
(containing the crucial data in case of sensitive applications such as
poisoning). The findings reveal substantial performance improvements
healthcare and military).
in accuracy, recall, precision, and F1-score when the data remain free
The particulars are delineated using the following steps:
from poisoning attacks. This is true because the data residing into the
• BIP1: As discussed earlier, the ground station server 𝐸 𝑆𝑗 receives blockchain cannot be tampered when the transactions are added into
information 𝐼 𝑛𝑓𝐷𝐸𝑖 from a connected drone 𝐷𝐸𝑖 through the the blockchain through the consensus mechanism. Hence, though the
established session key 𝑆 𝐾𝐷𝐸𝑖 ,𝐸 𝑆𝑗 in a secure way. Then 𝐸 𝑆𝑗 blockchain implementation becomes little more costly as compared to
creates a partial block 𝑃 𝐵 𝐾𝐸 𝑆𝑗 from the received information simply putting encrypted data in semi-trusted cloud storage, we cer-
𝐼 𝑛𝑓𝐷𝐸𝑖 . First, 𝐸 𝑆𝑗 creates its public and private key pairs as tainly have various advantages not only for strengthening the security
{𝐾 𝑈𝐸 𝑆𝑗 , 𝐾 𝑆𝐸 𝑆𝑗 } through some public key cryptographic sys- of the system, but also for improving substantial performance in terms
tems, i.e., Elliptic Curve Cryptography (ECC) algorithm. It then of accuracy, recall, precision, and F1-score in big data analytics.
divides 𝐼 𝑛𝑓𝐷𝐸𝑖 into some transactions say 𝑡𝑟𝑥 = {𝑡𝑟1 , 𝑡𝑟2 , …, 𝑡𝑟𝑥 }.
Further, 𝐸 𝑆𝑗 encrypts 𝑡𝑟𝑥 with its public key 𝐾 𝑈𝐸 𝑆𝑗 to convert Remark 2. The identity is the original identity information of an entity
them into encrypted transactions, say 𝑇 𝑅𝑥 = 𝐸𝐾 𝑈𝐸 𝑆 (𝑡𝑟𝑥 ). The (i.e., drone, ground station server and cloud server), whereas to make
𝑗
partial block contains fields as follows 𝑃 𝐵 𝐾𝐸 𝑆𝑗 = {𝑂𝑊 𝐼𝐸 𝑆𝑗 , the communication anonymous we have used pseudo identity, due to
𝐾 𝑈𝐸 𝑆𝑗 , 𝑇 𝑅𝑥 , 𝑀 𝑇𝑟𝑜𝑜𝑡𝐸 𝑆 }, where 𝑂𝑊 𝐼𝐸 𝑆𝑗 is owner 𝐸 𝑆𝑗 s identity this mechanism the original identity of an entity is not revealed to the
𝑗
information and 𝑀 𝑇𝑟𝑜𝑜𝑡𝐸 𝑆 is the Merkle tree root value, which other entities of the network. The temporary identity is used to make
𝑗
is generated from all transactions. 𝐸 𝑆𝑗 then sends partial block the communication anonymous as well as untraceable. The temporary
𝑃 𝐵 𝐾𝐸 𝑆𝑗 to connected cloud server 𝐶 𝑆𝑙 with the help of the identity information is changed in each session, because in each session
established session key 𝑆 𝐾𝐸 𝑆𝑗 ,𝐶 𝑆𝑘 in a secure way. we have the provision of use of a new temporary identity. It helps us
to achieve the untraceability property for the exchanged data in every
• BIP2: After receiving 𝑃 𝐵 𝐾𝐸 𝑆𝑗 , 𝐶 𝑆𝑙 makes full block 𝐹 𝐵 𝐾𝐶 𝑆𝑙
session of the communications.
from it. 𝐹 𝐵 𝐾𝐶 𝑆𝑙 contains fields as 𝐹 𝐵 𝐾𝐶 𝑆𝑙 = {𝐵 𝐼 𝐷𝐹 𝐵 𝐾𝐶 𝑆 ,
𝑙
𝑅𝑁𝐹 𝐵 𝐾𝐶 𝑆 , 𝑇 𝑆 𝑉𝐹 𝐵 𝐾𝐶 𝑆 , 𝐻 𝑎𝑠𝐹 𝐵𝐾𝐶 𝑆 , 𝐻 𝑎𝑠𝐹 𝐵𝐾𝐶 𝑆 , 𝑂𝑊 𝐼𝐸 𝑆𝑗 ,
𝑙 𝑙 𝑙 𝑙1
𝐾 𝑈𝐸 𝑆𝑗 , 𝑇 𝑅𝑥 , 𝑀 𝑇𝑟𝑜𝑜𝑡𝐸 𝑆 , 𝑆 𝑖𝑔 𝑛𝐹 𝐵𝐾𝐶 𝑆 }, where 𝐵 𝐼 𝐷𝐹 𝐵 𝐾𝐶 𝑆 , 5. Security analysis of BAKMM-IoD
𝑗 𝑙 𝑙
𝑅𝑁𝐹 𝐵 𝐾𝐶 𝑆 , 𝑇 𝑆 𝑉𝐹 𝐵 𝐾𝐶 𝑆 , 𝐻 𝑎𝑠𝐹 𝐵𝐾𝐶 𝑆 , 𝐻 𝑎𝑠𝐹 𝐵 𝐾𝐶 𝑆 , and
𝑙 𝑙 𝑙 𝑙1 In this section, a security analysis of the proposed scheme (BAKMM-
𝑆 𝑖𝑔 𝑛𝐹 𝐵 𝐾𝐶 𝑆 are the blocks (𝐹 𝐵 𝐾𝐶 𝑆𝑙 ) identity information, a
𝑙 IoD) is provided. The BAKMM-IoD has been subjected to an infor-
random nonce value, the timestamp, the hash of the current
mal security analysis utilizing mathematical concepts, assumptions and
block, the hash of the preceding block, and the blocks signature
proofs. The BAKMM-IoD has been shown to be secure to replay at-
𝐹 𝐵 𝐾𝐶 𝑆𝑙 .
tacks, man-in-the-middle (MiTM) attacks, impersonation attacks, priv-
• BIP3: Upon the completion of this process, 𝐶 𝑆𝑙 will disseminate ileged insider attacks, stolen verifier attacks, physical drone capture
𝐹 𝐵 𝐾𝐶 𝑆𝑙 via its peer-to-peer cloud server network. At this junc- attacks, ephemeral secret leakage (ESL) attacks, secret data leakage
ture, the appointed leader, referred to as 𝐶 𝑆𝑙 , will initiate a
attacks, and other similar attacks. These findings were obtained after
consensus over the just received block. To achieve this purpose,
performing formal security analysis.
the server (𝐶 𝑆𝑙 ) may employ the procedures of the standard
practical Byzantine Fault Tolerance (pBFT) method [21]. The
Proposition 1. The SBBDA-IoD protocol makes it impossible to execute a
block 𝐹 𝐵 𝐾𝐶 𝑆𝑙 is incorporated into the blockchain 𝐵 𝐶 𝐻𝐼 𝑜𝐷𝑖 at
replay attack.
the successful completion of the consensus process. The formed
blockchain 𝐵 𝐶 𝐻𝐼 𝑜𝐷𝑖 can be considered like a consortium
blockchain. As it contains some private data, however, at the Proof. Different freshly generated timestamp values are used and then
same time some of the data should be available publicly as per verified at the other recipients end. The aforementioned timestamp
the raised requirements. values encompass values like 𝑇1 , 𝑇2 , 𝑇3 , 𝑇 𝑆1 , 𝑇 𝑆2 and 𝑇 𝑆3 . Successful
8
M. Wazid et al. Journal of Systems Architecture 160 (2025) 103365
Fig. 2. Process flow diagram of the proposed BAKMM-IoD.
completion of the timestamp verification process may result in accep- is not permitted to access the database [42]. As a consequence of this,
tance of the message by the recipient. Otherwise, it will be returned as BAKMM-IoD has afforded protection against privileged insider attacks
undeliverable. By employing condition checking, i.e., |𝑇𝑥 𝑇𝑥 | ≤ 𝛥𝑇 , and other threats of a similar nature. These risks include attempts to
and |𝑇 𝑆𝑥 𝑇 𝑆𝑥 | ≤ 𝛥𝑇 , where 𝑥 = 1, 2, 3, the BAKMM-IoD ensures impersonation attempts, and illegal session key computations. There-
the prevention of replay attacks. Consequently, the BAKMM-IoD is fore, due to its capabilities, the proposal BAKMM-IoD has the potential
safeguarded against any replay attacks. □ to reduce the impact of attacks carried out by privileged insiders. □
Proposition 4. The BAKMM-IoD is effectively safeguarded against the
Proposition 2. The primary objective of the BAKMM-IoD is to prevent stolen verifier attack.
man-in-the-middle and impersonation attacks.
Proof. A segment of the cloud servers database, safeguarded from
unauthorized access, contains information related to parameters col-
Proof. The computation of exchanged messages involves the utilization
lected by various entities, including drones and ground station servers.
of several proprietary factors, including 𝑘𝐸 𝑆𝑗 , 𝑆 𝑁𝐸 𝑆𝑗 , 𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘 ,
These traits are said to signify the secret information maintained on
𝑘𝐶 𝑆𝑘 , 𝑆 𝑁𝐶 𝑆𝑘 , 𝑘𝑅𝐴 , 𝑅𝑇 𝑆𝐶 𝑆𝑘 , 𝑅𝑇 𝑆𝐸 𝑆𝑗 , 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗 , 𝑘𝐷𝐸𝑖 , and 𝑆 𝑁𝐷𝐸𝑖 . To
ground station servers and devices. To ensure that fact, numerous layers
the attacker , these discrete values are unknown. Under the present
of protection have been established. Access to the confidential values of
circumstances, it is not feasible for  to make any changes in the
the entities is unattainable for  due to imposed restrictions [43]. Al-
transmitted messages. Another important consideration is that  is
though this mechanism remains functional, executing an attack on the
unable to produce completely fresh messages in the correct way. Hence,
BAKMM-IoD via the stolen verifier method or other related techniques
the BAKMM-IoD offers protection against attacks, like, impersonation
seem unfeasible. Consequently, the BAKMM-IoD is safeguarded against
tries and man-in-the-middle attempts. □
the stolen verifier attack. □
Proposition 3. The BAKMM-IoD demonstrates robustness in the face of Proposition 5. The BAKMM-IoD possesses the capacity to prevent the
privileged insider attacks. stolen drone attack.
Proof. The secret values of the entities from the 𝑅𝐴s database, namely Proof. The suggested implementation of the BAKMM-IoD safeguards
𝑘𝐸 𝑆𝑗 , 𝑆 𝑁𝐸 𝑆𝑗 , 𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘 , 𝑘𝐶 𝑆𝑘 , 𝑆 𝑁𝐶 𝑆𝑘 , 𝑅𝑇 𝑆𝐶 𝑆𝑘 , 𝑅𝑇 𝑆𝐸 𝑆𝑗 , 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗 , sensitive information by ensuring that it is not stored in an unencrypted
𝑘𝐷𝐸𝑖 , and 𝑆 𝑁𝐷𝐸𝑖 have been removed. It may be deduced from this that state within the drones memory. Moreover,  should successfully
the authorized user who possesses insider privileges (i.e., ) and who apprehend a drone and subsequently execute an advanced power anal-
intends to cause harm to the entities (i.e., through a variety of attacks) ysis attack to get critical data from the drones memory, it would
9
M. Wazid et al. Journal of Systems Architecture 160 (2025) 103365
Fig. 3. SPDL snippet for the implemented role of DE in BAKMM-IoD.
constitute one of the most perilous scenarios possible [41]. Assuming persistent information, such as secret keys and identities. In BAKMM-
these conditions were satisfied,  would possess solely the session key IoD, the session keys are computed as 𝑆 𝐾𝐸 𝑆𝑗 ,𝐷𝐸𝑖 = ((𝑇 𝐶𝐷𝐸𝑖𝑟𝑠1 ∥
and registration data of this particular drone, lacking access to any 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇1 )∥ (𝑅𝐼 𝐷𝐸 𝑆𝑗𝑇 𝐶𝐸 𝑆𝑗𝑟𝑠2 ∥ 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗𝑇2 )∥ 𝑇1 ∥ 𝑇2 ∥
other secret information related to the other drones. Each session key 𝑅𝐼 𝐷𝐷𝐸𝑖𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗 ) and 𝑆 𝐾𝐶 𝑆𝑘 ,𝐸 𝑆𝑗 = ((𝑅𝑆2 ∥ 𝑇 𝐶𝐶 𝑆𝑘𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘
within the BAKMM-IoD is unique and exclusive. Every computation is 𝑇 𝑆2 )∥ (𝑅𝑆1 ∥ 𝑇 𝐶𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆1 )∥ 𝑅𝐼 𝐷𝐸 𝑆𝑗𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘𝑇 𝑆1 ∥
executed using a distinct set of parameters. The deduced session key 𝑇 𝑆2 ). These session keys are computed through the long-term secret
cannot be utilized to ascertain the session key for additional drones, as parameters consist of the secret keys (i.e., 𝑅𝐼 𝐷𝐷𝐸𝑖 , 𝑅𝐼 𝐷𝐸 𝑆𝑗 , and
such an action is infeasible. This clearly indicates that unauthorized 𝑅𝐼 𝐷𝐶 𝑆𝑘 , 𝑘𝐸 𝑆𝑗 , 𝑆 𝑁𝐸 𝑆𝑗 , 𝑀 𝑆𝐸 𝑆𝑗 𝐶 𝑆𝑘 , 𝑘𝐶 𝑆𝑘 , 𝑆 𝑁𝐶 𝑆𝑘 , 𝑅𝑇 𝑆𝐶 𝑆𝑘 , 𝑅𝑇 𝑆𝐸 𝑆𝑗 ,
access to the remaining portions of the communication is severely 𝑀 𝑆𝐷𝐸𝑖 𝐸 𝑆𝑗 , 𝑘𝐷𝐸𝑖 , and 𝑆 𝑁𝐷𝐸𝑖 ), and the short-term secret parameter
forbidden. As a result, the BAKMM-IoD is protected against the stolen take the form of random secrets (i.e., 𝑟𝑠1 , 𝑟𝑠2 , 𝑅𝑆1 , 𝑅𝑆2 ). This results
drone attack. □ in the generation of a new session key for a subsequent session.
Furthermore, these concealed values are unknown to . Consequently,
it is impractical for  to precisely ascertain the session key. This
Proposition 6. The BAKMM-IoD is designed to provide anonymity and indicates that a  cannot reliably forecast the session key in any
untraceability for the exchanged communications. measure. Consequently, the BAKMM-IoD demonstrates adequate in-
tegrity to endure the ephemeral secret leaking (ESL) attack within the
CK-adversary model. □
Proof. No personally identifiable information (i.e., identities of the
communicating entities) is sent in plain text within the BAKMM-IoDs
architecture. It ensures the safeguarding of the privacy of every indi- 6. Formal security verification of presented BAKMM-IoD
vidual thus helps us to achieve the anonymity of each entity during the
This section presents the formal security verification of the BAKMM-
communication. Freshly generated timestamp values (i.e., 𝑇1 , 𝑇2 , 𝑇3 ,
IoD. In the context of the BAKMM-IoDs security, the Scyther tool [44,
𝑇 𝑆1 , 𝑇 𝑆2 , 𝑇 𝑆3 , and 𝑟𝑠1 , 𝑟𝑠2 , 𝑅𝑆1 , 𝑅𝑆2 ) and randomly produced secret
45], and [46] has been rigorously employed. The tools, like, ProVerif
values (i.e., 𝑘𝐷𝐸𝑖 , 𝑘𝐸 𝑆𝑗 , 𝑘𝐶 𝑆𝑘 ) constitute the entirety of the information
and AVISPA are somewhat less robust than this one in terms of ver-
that is reciprocally shared. It causes the creation of distinct mes-
ifying and analyzing the security of a recently developed security
sages for different entities in distinct sessions. Due to this mechanism,
protocol. During its operation, the system utilizes the most advanced
the exchanged messages cannot be traced during the communication.
cryptographic assumptions. The secret key ensures that an opponent
Therefore, it can be considered that the proposed BAKMM-IoD achieves
 will be incapable of decrypting the data unless they themselves
anonymity and untraceability properties during the exchange of the
possess it. The language employed throughout the implementation
messages. □
phase is Security Protocol Descriptive Language (SPDL). A unique
role is allocated to each communication party or entity in this particular
Proposition 7. The ephemeral secret leakage (ESL) attack is unable to situation. As a consequence of their roles, the entities undertake several
successfully target the BAKMM-IoD under the CK-adversary model. other functions, such as the transmission of messages and the reception
of replies. The send and recv methods facilitate the attainment of
these objectives. The scyther tool operates on the DY model, with nine
Proof. The proposed BAKMM-IoD calculates the session key by com- other adversarial models, containing the eCK model and the CK model.
bining dynamic information, such as random secret numbers, with The system utilizes tests that facilitate the execution of verifications
10
M. Wazid et al. Journal of Systems Architecture 160 (2025) 103365
Fig. 4. SPDL snippet for the implemented role of ES in BAKMM-IoD.
such as agreement, synchronization, weak agreement, and secrecy. Table 6
In the Scyther implementation of a cryptographic protocol, metrics Execution time (in milliseconds) under a server.
such as agreement, synchronization, and secrecy are crucial. These are Primitive Max. time (ms) Min. time (ms) Average time (ms)
critical attributes for assessing the security and integrity of the newly 𝑇 0.149 0.024 0.055
designed protocol. These can be described as follows. 𝑇𝑚𝑡𝑝 0.199 0.092 0.114
𝑇𝑒𝑐 𝑠𝑖𝑔𝑔 3.147 0.308 0.729
𝑇𝑒𝑐 𝑠𝑖𝑔𝑣 6.147 0.593 1.405
• Agreement: It guarantees that two parties (e.g., drone and ground
𝑇𝑠𝑒𝑛𝑐 0.008 0.002 0.003
station server) recognize their participation in a session for data 𝑇𝑠𝑑 𝑒𝑐 0.005 0.002 0.003
communication. They both concur on significant aspects, such 𝑇𝑒𝑐 𝑚 2.998 0.284 0.674
as keys, identities, and so forth. It mitigates impersonation or 𝑇𝑒𝑐 𝑎 0.002 0.001 0.002
man-in-the-middle (MiTM) attacks by ensuring that both parties 𝑇𝑏𝑝 7.951 4.495 4.716
are authentically communicating as intended. Additionally, it
confirms that the protocol accomplishes mutual authentication. Table 7
• Synchronization: It guarantees that the sequence of message Execution time (in milliseconds) under Raspberry PI 3.
exchanges occurs as anticipated. Messages cannot be replayed, Primitive Max. time (ms) Min. time (ms) Average time (ms)
dropped, or modified. It is crucial for a protocol to attain this 𝑇 0.643 0.274 0.309
property, as it depends on the freshness or sequencing of messages 𝑇𝑚𝑡𝑝 0.406 0.381 0.385
(i.e., for the prevention of replay attacks). Moreover, it confirms 𝑇𝑒𝑐 𝑠𝑖𝑔𝑔 5.175 2.480 2.597
that both parties are operating in the same session context. 𝑇𝑒𝑐 𝑠𝑖𝑔𝑣 9.728 4.701 4.901
𝑇𝑠𝑒𝑛𝑐 0.038 0.017 0.018
• Secrecy: It guarantees that confidential information, such as ses-
𝑇𝑠𝑑 𝑒𝑐 0.054 0.009 0.014
sion keys or random secret nonces/numbers, remains undisclosed. 𝑇𝑒𝑐 𝑚 4.532 2.206 2.288
These values must not be disclosed to any unauthorized individu- 𝑇𝑒𝑐 𝑎 0.021 0.015 0.016
als. It serves to safeguard against eavesdropping and unauthorized 𝑇𝑏𝑝 32.79 27.606 32.084
data breach attempts.
To securely validate the authentication and key establishment
phase of the proposed BAKMM-IoD, we analyze the two critical actions functionality attributes have been conducted. The details are provided
associated with DE (for a drone) and ES (for a ground station server). below. The comparisons of different schemes including Ali et al. [34],
The importance of these roles is substantial. The SPDL code snippets Cho et al. [23], Rodrigues et al. [25], Ever [27], Bera et al. [21] and
required for simulating the functions of a drone (𝐷𝐸𝑖 ) and a ground Mishra et al. [35] and the BAKMM-IoD are given.
station server (𝐸 𝑆𝑗 ) are presented in Figs. 3 and 4. Further, Fig. 5, We have taken the results of MIRACL library [21], in which various
located beneath the claim, status, and comments sections, displays values of execution time (i.e., computation time) are given. The exe-
the outcomes of the BAKMM-IoD implementation. The obtained data cution time (in milliseconds) values for a server are given in Table 6.
confirmed that the BAKMM-IoD corresponds with the stated assertions. Further, the execution time (in milliseconds) values under Raspberry
Thus, the BAKMM-IoD provides protection against numerous possible PI 3 for a device (i.e., smart IoT device, drones) are given in 7. Here
threats. it is important to mention that the donations 𝑇 , 𝑇𝑠𝑒𝑛𝑐 𝑇𝑠𝑑 𝑒𝑐 , 𝑇𝑏𝑝 , 𝑇𝑓 𝑒 ,
𝑇𝑒𝑐 𝑎 , 𝑇𝑒𝑐 𝑚 , 𝑇𝑒𝑐 𝑠𝑖𝑔𝑔 , 𝑇𝑒𝑐 𝑠𝑖𝑔 𝑣 , and 𝑇𝑚𝑡𝑝 are taken for the time needed for
7. Comparative analysis the execution a one-way cryptographic hash function, a symmetric
key encryption/decryption (AES-128), a bilinear pairing, a fuzzy
In this section, the comparisons and analysis have been done for extractor, an elliptic curve point addition, an elliptic curve point
the BAKMM-IoD and other similar schemes of the domain. The compar- multiplication, a ECDSA generation, ECDSA verification, and a
isons of the computation costs, communication costs and security and map to point, respectively. It is considered that 𝑇𝑓 𝑒 (≈ 𝑇𝑒𝑐 𝑚 ) [47].
11
M. Wazid et al. Journal of Systems Architecture 160 (2025) 103365
Fig. 5. Results of security verification using scyther tool.
7.1. Comparison of computation costs Table 8
Comparing different computation costs.
Scheme Smart device/Drone GSS/Server
For computation costs assessment, 𝑇 , 𝑇𝑠𝑒𝑛𝑐 𝑇𝑠𝑑 𝑒𝑐 , 𝑇𝑏𝑝 , 𝑇𝑓 𝑒 , 𝑇𝑒𝑐 𝑎 ,
𝑇𝑒𝑐 𝑚 , 𝑇𝑒𝑐 𝑠𝑖𝑔𝑔 , 𝑇𝑒𝑐 𝑠𝑖𝑔𝑣 , and 𝑇𝑚𝑡𝑝 are used to signify for the time needed Ali et al. [34] 18𝑇 + 𝑇𝑓 𝑒 + 𝑇𝑠𝑒𝑛𝑐 7𝑇 + 3𝑇𝑠𝑒𝑛𝑐 𝑇𝑠𝑑 𝑒𝑐
≈ 7.868 ms ≈ 0.394 ms
to execute a one-way cryptographic hash function, a symmetric
Cho et al. [23] 2𝑇𝑒𝑐 𝑠𝑖𝑔𝑣 + 𝑇𝑠𝑑 𝑒𝑐 2𝑇𝑒𝑐 𝑠𝑖𝑔𝑔 + 𝑇𝑠𝑒𝑛𝑐
key encryption/decryption (AES-128), a bilinear pairing, a fuzzy +10001𝑇 +10001𝑇
extractor, an elliptic curve point addition, an elliptic curve point ≈ 3100.125 ms ≈ 551.516 ms
multiplication, a ECDSA generation, ECDSA verification, and a Rodrigues et al. [25] 9𝑇 + 6𝑇𝑒𝑐 𝑚 9𝑇 + 2𝑇𝑒𝑐 𝑚
≈ 16.509 ms ≈ 1.843 ms
map to point, respectively. It is assumed that 𝑇𝑓 𝑒 (≈ 𝑇𝑒𝑐 𝑚 ) [47].
Ever [27] 9𝑇 + 2𝑇𝑏𝑝 + 6𝑇 + 3𝑇𝑏𝑝 +
The computation cost values are calculated on the basis of values 2𝑇𝑚𝑡𝑝 + 3𝑇𝑒𝑐 𝑚 2𝑇𝑚𝑡𝑝 + 3𝑇𝑒𝑐 𝑚
given in Tables 6 and 7. The computation cost values for the BAKMM- ≈ 74.583 ms ≈ 16.728 ms
IoD are calculated 8𝑇 ≈ 2.47 ms (for drone) and 8𝑇 ≈ 0.44 ms for Bera et al. [21] 9𝑇 + 2𝑇𝑠𝑒𝑛𝑐 𝑇𝑠𝑑 𝑒𝑐 9𝑇 + 2𝑇𝑠𝑒𝑛𝑐 𝑇𝑠𝑑 𝑒𝑐
+2𝑇𝑒𝑐 𝑚 + 𝑇𝑒𝑐 𝑎 2𝑇𝑒𝑐 𝑚 + 𝑇𝑒𝑐 𝑎
(ground satiation server). From Table 8, it is clear that the BAKMM-IoD
≈ 7.405 ms ≈ 1.851 ms
has less computation costs than the other compared schemes, i.e., the Mishra et al. [35] 9𝑇 7𝑇
schemes of Cho et al. [23], Rodrigues et al. [25], Ever [27], and Algarni ≈ 2.78 ms ≈ 0.39 ms
and Jan [36], whereas it is very similar to the scheme of Ali et al. [34] Algarni and Jan [36] 𝑇𝑓 𝑒 + 14𝑇 6𝑇
and Mishra et al. [35]. ≈ 6.614 ms ≈ 0.33 ms
BAKMM-IoD 8𝑇 8𝑇
≈ 2.47 ms ≈ 0.44 ms
7.2. Comparison of communication costs
To compute the communication expenses, we have presumed the
terms identity, random number, and elliptic curve point 𝑃 =
{𝑇 𝐼 𝐷𝐷𝐸𝑖 , 𝑀1 , 𝑀2 , 𝑇1 }, 𝑀 𝑆 𝐺2 = {𝑀3 , 𝑀4 , 𝑀5 , 𝑇2 }, 𝑀 𝑆 𝐺3 = {𝑀6 , 𝑇3 }.
(𝑃𝑥 , 𝑃𝑦 ) ∈ 𝐸𝑞 (𝑎, 𝑏), where the coordinates of 𝑃 are denoted as 𝑃𝑥 and
𝑃𝑦 , hash output, generated using the SHA-256 hashing algorithm, and If we calculate the sizes of these messages, this is estimated as |𝑀 𝑆 𝐺1 |
the timestamp are 160 bits, 160 bits, (160 + 160) = 320 bits, 256 bits, = 160 + 256 + 256 + 32 = 704 bits, |𝑀 𝑆 𝐺2 | = 256 + 256 + 256 + 32 = 800 bits,
and 32 bits, respectively. We subsequently calculate communication and |𝑀 𝑆 𝐺3 | = 256+32 = 2880 bits, as a whole the communication of the
costs in terms of the bit count necessary for transmitting messages BAKMM-IoD becomes 704+ 800+ 288 = 1782 bits. The communication
𝑀 𝑆 𝐺1 , 𝑀 𝑆 𝐺2 , and 𝑀 𝑆 𝐺3 . expenses of different schemes are presented in Table 9. The data in
In the authentication and key establishment process of drone 𝐷𝐸𝑖 Table 9 indicates that the communication cost of the BAKMM-IoD is
and the 𝐸 𝑆𝑗 three messages are exchanged, which are 𝑀 𝑆 𝐺1 = lower than that of the other examined schemes.
12
M. Wazid et al. Journal of Systems Architecture 160 (2025) 103365
Fig. 6. Results of implementation of blockchain for the proposed BAKMM-IoD: effect on computational time.
Fig. 7. Results of implementation of blockchain for the proposed BAKMM-IoD: effect on transactions per second (TPS).
Table 9 distinct scenarios or cases (case-1, case-2 and case-3) were tested and
Comparative study on communication costs. compared. This experiment was conducted on a Windows 64-bit 11 OS
Scheme No. of messages Total cost (in bits) with an Intel(R) Core i5-8250U processor, running at up to 1800 MHz
Ali et al. [34] 3 3424 and 8 GB RAM. Open source Visual Studio Code of version 1.93 with
Cho et al. [23] 3 3968 Java was used for programming environment. For case-1, the drone
Rodrigues et al. [25] 4 3456
Ever [27] 6 5344
deployment was 50, for case-2, drone deployment was 100 and for case-
Bera et al. [21] 3 2368 3, it was 150. The five blocks in case-1, ten blocks in case-2 and fifteen
Mishra et al. [35] 3 1792 blocks in case-3 were computed as well as committed. Four miner nodes
Algarni and Jan [36] 4 2784 (i.e., cloud servers over P2PCS network) were used concurrently. It was
BAKMM-IoD 3 1792 deployed, for 10 ground station servers in case-1, 20 in case-2, and 30
in case-3. The voting-based method is followed for making consensus
in association with the practical byzantine fault tolerance (pBFT) in
7.3. Comparison of security and functionality attributes
blockchain mining work. Such details of the current flow of the trans-
actions are covered under the blanket of the encrypted transaction. For
The juxtaposition of security and functionality attributes is pre-
example, the entity (communicating party) by which the information
sented in Table 10. Based on the comparison, it is evident that the
is transmitted, or the underlying logic. The cipher-text of each such
BAKMM-IoD offers superior security and additional functional features transaction depends on elliptic curve cryptography (ECC) algorithm. It
compared to the other schemes given by Ali et al. [34], Cho et al. [23], could be said that the amount of additional bits necessary to encode
Rodrigues et al. [25], Ever [27], Bera et al. [21], Mishra et al. [35], the data in the way described is equal to 640 bits which is (320 + 320)
and Algarni and Jan [36]. bits. Encryption is done in every block to assess transactions worth 100.
The results following the simulations were determined as such.
8. Practical implementation of BAKMM-IoD: blockchain simula- There are other critical applications, where the data is strictly
tion confidential and private. Consider the healthcare applications using
the drones. Unmanned aerial vehicle (UAV) technology has greatly
The implementation of presented BAKMM-IoD is given here [48]. enriched the healthcare sector, making substantial contributions [49].
The details of the parameters that were used in the experimentation are As a result, drones are emerging as one of the fastest-growing technolo-
described in Table 11. During the experimentation and validation, three gies in the healthcare industry, offering a diverse array of applications.
13
M. Wazid et al. Journal of Systems Architecture 160 (2025) 103365
Table 10
Comparison of security and functionality features.
Feature (𝐹 ) Ali et al. [34] Cho et al. [23] Rodrigues et al. [25] Ever [27] Bera et al. [21] Mishra et al. [35] Algarni and Jan [36] BAKMM-IoD
𝐴𝑆 𝐹 𝐹1 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓
𝐴𝑆 𝐹 𝐹2 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓
𝐴𝑆 𝐹 𝐹3 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓
𝐴𝑆 𝐹 𝐹4 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓
𝐴𝑆 𝐹 𝐹5 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓
𝐴𝑆 𝐹 𝐹6 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓
𝐴𝑆 𝐹 𝐹7 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓
𝐴𝑆 𝐹 𝐹8 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓
𝐴𝑆 𝐹 𝐹9 × × × × ✓ ✓ ✓ ×
𝐴𝑆 𝐹 𝐹10 × × × × ✓ ✓ ×
𝐴𝑆 𝐹 𝐹11 ✓ × × × ✓ ✓ ×
𝐴𝑆 𝐹 𝐹12 × × × ×× ×
𝐴𝑆 𝐹 𝐹13 × ×× ✓ ✓ ×
𝐴𝑆 𝐹 𝐹14 × × × × × × ×
𝐴𝑆 𝐹 𝐹1 : protection for replay attack; 𝐴𝑆 𝐹 𝐹2 : protection for man-in-the-middle attack; 𝐴𝑆 𝐹 𝐹3 : availability of mutual authentication; 𝐴𝑆 𝐹 𝐹4 : availability of
key agreement; 𝐴𝑆 𝐹 𝐹5 : protection for device/drone impersonation attack; 𝐴𝑆 𝐹 𝐹6 : protection for GSS/server impersonation attack; 𝐴𝑆 𝐹 𝐹7 : protection for
malicious device deployment attack; 𝐴𝑆 𝐹 𝐹8 : protection for drone/device physical capture attack; 𝐴𝑆 𝐹 𝐹9 : formal security verification using AVISPA/Scyhter
tool; 𝐴𝑆 𝐹 𝐹10 : protection for ESL attack under the CK-adversary model; 𝐴𝑆 𝐹 𝐹11 : availability of dynamic drone/device addition phase; 𝐴𝑆 𝐹 𝐹12 :
implementation of blockchain; 𝐴𝑆 𝐹 𝐹13 : availability of anonymity and untraceability properties; 𝐴𝑆 𝐹 𝐹14 : availability of mechanism for secure communication
of ground station server and cloud server.
✓: a scheme is secure or it supports an attribute; ×: a scheme is insecure or it does not support an attribute.
Table 11 8.1. Effect on computational time
Simulation parameters and their values used in BAKMM-IoD.
Parameter Value The computation time values (in ms) were assessed to evaluate the
Platform used Windows 11 64 bit OS effect of a rising number of drones and ground station servers in each
Processor Intel (R) core (TM), scenario examined. The estimated computational times for case-1, case-
i5-8250U, 1600 MHz1800 MHz
2, and case-3 are 9.12 ms, 17.88 ms, and 23.43 ms, respectively. The
RAM size 8 GB
Programming platform Visual studio code outcomes are also depicted in Fig. 6. The computational time escalates
v1.93 with Java with the growth in the number of drones and ground station servers
Quantity of deployed drones 50 (case-1), 100 (case-2), from case-1 to case-2 and from case-2 to case-3 due to the rise in the
150 (case-3) number of drones and ground station servers result in the generation
Quantity of ground station server 10 (case-1), 20 (case-2),
and incorporation of additional blocks (creation and mining) in the
30 (case-3)
Quantity of miner nodes 4 in all cases blockchain.
over P2P CS network
8.2. Effect on transactions per second (TPS)
These applications include real-time data collection, patient monitor- The effect of BAKMM-IoD on transactions per second (TPS) in the
ing, improved quality of care, and drug transportation. Hospitals are examined situations is measured. The transactions per second (TPS)
increasingly using drones to deliver medical supplies to remote and values are 54825, 55928 and 64103 for case-1, case-2 and case-3, re-
rural areas. Additionally, medical professionals are finding that drones spectively. The supplementary findings are depicted in Fig. 7. The
can enhance the accuracy of disease diagnoses. This technology has transactions value per second (TPS) on the blockchain escalates with
the potential to tackle some of the most pressing healthcare challenges, the augmentation of drones and ground station servers. This is the
such as providing medical assistance during disasters and transporting result of the production and incorporation (mining) of further blocks
organs for transplantation. entries to the blockchain.
Consider another sensitive application using the drones for battle-
field or military [50], where the data is also private and confidential. 9. Conclusions
The increasing adoption of UAVs in the defense and security sectors
for various purposes including surveying, mapping, transportation, Security solutions are essential for safeguarding the data and de-
combat operations, and monitoring is anticipated to drive demand vices, such as drones and servers, within IoD networks. A reliable
for military UAVs in the coming years. Additionally, the rise in defense blockchain-enabled authentication and key management mechanism
budgets across multiple countries aimed at acquiring modern and tech- for various IoD applications (BAKMM-IoD) was introduced. BAKMM-
nologically advanced military drones is expected to contribute to the IoD has been demonstrated to be secure against numerous potential
growth of the global market. threats through comprehensive security study and formal verification
For the simplicity of the implementation, the information which is with the widely recognized Scyther tool. BAKMM-IoD outperforms
used in the creation of the blocks, i.e., for the transactions field are like, other comparable current mechanisms regarding communication cost,
current temperature value for a particular location of region, current calculation cost, and attributes of security and functionality. At the end,
humidity level for a particular location of a region. Likewise, we have a practical implementation of BAKMM-IoD is subsequently shown to
used various information in the transactions fields of a block. All these illustrate its applicability in real-world scenarios and highlight its effect
information are sent by the drones to the connected ground station on key performance metrics.
servers in a secure way with the help of the deployed authentication In the future, we intend to provide machine learning/deep learning-
and key establishment phase. After that the ground station server based big data analytics phase in the presented scheme for the real-time
creates partial block from this information by putting this information data analysis of the received data. We have plan to provide a testbed
in the transaction field of the partial block. The transactions are en- implementation for the presented scheme. The post-quantum cryptog-
crypted (i.e., via Elliptic Curve Cryptography (ECC)-based encryption raphy (PQC)-based security primitives can also be incorporated in the
algorithm) since we need to provide the secrecy to the data. Please refer design of the presented scheme to make it more secure especially for
to the information given in Section 4.5. the era of quantum cryptography.
14
M. Wazid et al. Journal of Systems Architecture 160 (2025) 103365
CRediT authorship contribution statement [17] Y. Li, An improved lightweight and privacy preserving authentication scheme
for smart grid communication, J. Syst. Archit. 152 (2024) 103176.
[18] G. Thakur, S. Prajapat, P. Kumar, C.-M. Chen, A privacy-preserving three-factor
Mohammad Wazid: Writing original draft, Resources, Methodol-
authentication system for IoT-enabled wireless sensor networks, J. Syst. Archit.
ogy, Formal analysis, Data curation, Conceptualization. Saksham Mit- 154 (2024) 103245.
tal: Visualization, Software, Resources, Data curation. Ashok Kumar [19] Y. Yao, H. Chen, K. Wang, H. Yu, Y. Wang, Q. Wang, Efficient iNTRU-based
Das: Writing review & editing, Validation, Investigation, Conceptu- public key authentication keyword searchable encryption in cloud computing, J.
alization. SK Hafizul Islam: Validation, Methodology, Investigation, Syst. Archit. 154 (2024) 103231.
[20] A. Yazdinejad, R.M. Parizi, A. Dehghantanha, H. Karimipour, G. Srivastava,
Formal analysis. Mohammed J.F. Alenazi: Resources, Project admin-
M. Aledhari, Enabling drones in the Internet of Things with decentralized
istration, Investigation, Funding acquisition. Athanasios V. Vasilakos: blockchain-based security, IEEE Internet Things J. 8 (8) (2021) 64066415.
Visualization, Project administration, Investigation, Funding acquisi- [21] B. Bera, A.K. Das, A.K. Sutrala, Private blockchain-based access control mech-
tion. anism for unauthorized UAV detection and mitigation in internet of drones
environment, Comput. Commun. 166 (2021) 91109.
[22] C. Feng, B. Liu, Z. Guo, K. Yu, Z. Qin, K.-K.R. Choo, Blockchain-based cross-
Declaration of competing interest domain authentication for intelligent 5G-enabled internet of drones, IEEE Internet
Things J. 9 (8) (2022) 62246238.
The authors declare that they have no known competing finan- [23] G. Cho, J. Cho, S. Hyun, H. Kim, SENTINEL: A secure and efficient authentication
cial interests or personal relationships that could have appeared to framework for unmanned aerial vehicles, Appl. Sci. 10 (9) (2020).
[24] R. Gupta, P. Bhattacharya, S. Tanwar, N. Kumar, S. Zeadally, GaRuDa: A
influence the work reported in this paper.
blockchain-based delivery scheme using drones for healthcare 5.0 applications,
IEEE Internet Things Mag. 4 (4) (2021) 6066.
Acknowledgments [25] M. Rodrigues, J. Amaro, F.S. Osorio, B. Kalinka. R. L. J. C., Authentication
methods for UAV communication, in: 2019 IEEE Symposium on Computers
The authors extend their appreciation to Researcher Supporting and Communications, ISCC, 2019, pp. 12101215, http://dx.doi.org/10.1109/
ISCC47284.2019.8969732.
Project number (RSPD2025R582), King Saud University, Riyadh, Saudi
[26] M. Farash, M. Turkanovic, S. Kumari, M. Holbl, An efficient user authentication
Arabia. The authors would also like to thank the anonymous reviewers and key agreement scheme for heterogeneous wireless sensor network tailored
and associate editor for their valuable feedback on the paper. for the Internet of Things environment, Ad Hoc Netw. 36 (2016) 152176.
[27] Y. Kirsal Ever, A secure authentication scheme framework for mobile-sinks used
in the internet of drones applications, Comput. Commun. 155 (2020) 143149.
Data availability
[28] M.P. Singh, G.S. Aujla, R.S. Bali, Blockchain for the internet of drones: Applica-
tions, challenges, and future directions, IEEE Internet Things Mag. 4 (4) (2021)
No data was used for the research described in the article. 4753.
[29] R. Xiong, Q. Xiao, Z. Wang, Z. Xu, F. Shan, Leveraging lightweight blockchain
for secure collaborative computing in UAV Ad-Hoc Networks, Comput. Netw.
References 251 (2024) 110612.
[30] W. Wang, Z. Han, T.R. Gadekallu, S. Raza, J. Tanveer, C. Su, Lightweight
[1] C. Lin, D. He, N. Kumar, K.-K.R. Choo, A. Vinel, X. Huang, Security and privacy blockchain-enhanced mutual authentication protocol for UAVs, IEEE Internet
for the internet of drones: Challenges and solutions, IEEE Commun. Mag. 56 (1) Things J. 11 (6) (2024) 95479557.
(2018) 6469. [31] W. Wang, Y. Yang, Z. Yin, K. Dev, X. Zhou, X. Li, N.M.F. Qureshi, C. Su, BSIF:
[2] C. Singh, R. Mishra, H.P. Gupta, P. Kumari, The internet of drones in precision Blockchain-based secure, interactive, and fair mobile crowdsensing, IEEE J. Sel.
agriculture: Challenges, solutions, and research opportunities, IEEE Internet Areas Commun. 40 (12) (2022) 34523469.
Things Mag. 5 (1) (2022) 180184. [32] X. Yu, Y. Xie, Q. Xu, Z. Xu, R. Xiong, Secure data sharing for cross-domain
[3] M.P. Singh, G.S. Aujla, R.S. Bali, Blockchain for the internet of drones: Applica- industrial IoT based on consortium blockchain, in: 26𝑡 IEEE International
tions, challenges, and future directions, IEEE Internet Things Mag. 4 (4) (2021) Conference on Computer Supported Cooperative Work in Design, CSCWD, Rio de
4753. Janeiro, Brazil, 2023, pp. 15081513, http://dx.doi.org/10.1109/CSCWD57460.
[4] Z. Lv, Y. Li, J. Wu, H. Lv, Securing the internet of drones against cyber-physical 2023.10152584.
attacks, IEEE Internet Things Mag. 4 (4) (2021) 7478. [33] J. Srinivas, A.K. Das, N. Kumar, J.J.P.C. Rodrigues, TCALAS: Temporal credential-
[5] A. Derhab, O. Cheikhrouhou, A. Allouch, A. Koubaa, B. Qureshi, M.A. Ferrag, L. based anonymous lightweight authentication scheme for internet of drones
Maglaras, F.A. Khan, Internet of drones security: Taxonomies, open issues, and environment, IEEE Trans. Veh. Technol. 68 (7) (2019) 69036916.
future directions, Veh. Commun. 39 (2023) 100552. [34] Z. Ali, S.A. Chaudhry, M.S. Ramzan, F. Al-Turjman, Securing smart city surveil-
[6] W. Yang, S. Wang, X. Yin, X. Wang, J. Hu, A review on security issues and lance: A lightweight authentication mechanism for unmanned vehicles, IEEE
solutions of the internet of drones, IEEE Open J. Comput. Soc. 3 (2022) 96110. Access 8 (2020) 4371143724.
[7] C. Badii, P. Bellini, A. Difino, P. Nesi, Smart city IoT platform respecting GDPR [35] A.K. Mishra, M. Wazid, D.P. Singh, A.K. Das, J. Singh, A.V. Vasilakos, Secure
privacy and security aspects, IEEE Access 8 (2020) 2360123623. blockchain-enabled authentication key management framework with big data
[8] N. Azam, L. Michala, S. Ansari, N.B. Truong, Data privacy threat modelling for analytics for drones in networks beyond 5G applications, Drones 7 (8) (2023).
autonomous systems: A survey from the GDPRs perspective, IEEE Trans. Big [36] F. Algarni, S.U. Jan, PSLAPS-IoD: A provable secure and lightweight authentica-
Data 9 (2) (2023) 388414. tion protocol for securing internet-of-drones (IoD) environment, IEEE Access 12
[9] C. Li, B. Palanisamy, Privacy in Internet of Things: From principles to (2024) 4594845960, http://dx.doi.org/10.1109/ACCESS.2024.3382579.
technologies, IEEE Internet Things J. 6 (1) (2019) 488505. [37] K.A. Tychola, K. Voulgaridis, T. Lagkas, Beyond flight: Enhancing the internet
[10] P.-Y. Kong, A survey of cyberattack countermeasures for unmanned aerial of drones with blockchain technologies, Drones 8 (6) (2024) URL https://www.
vehicles, IEEE Access 9 (2021) 148244148263. mdpi.com/2504-446X/8/6/219.
[11] G.N. Nguyen, N.H.L. Viet, M. Elhoseny, K. Shankar, B. Gupta, A.A.A. El-Latif, [38] A. Mitra, B. Bera, A.K. Das, S.S. Jamal, I. You, Impact on blockchain-based
Secure blockchain enabled cyberphysical systems in healthcare using deep belief AI/ML-enabled big data analytics for cognitive Internet of Things environment,
network with ResNet model, J. Parallel Distrib. Comput. 153 (2021) 150160. Comput. Commun. 197 (2023) 173185.
[12] A. Raj, S. Prakash, A privacy-preserving authentic healthcare monitoring system [39] D. Dolev, A. Yao, On the security of public key protocols, IEEE Trans. Inform.
using blockchain, Int. J. Softw. Sci. Comput. Intell. 14 (2022) 123. Theory 29 (2) (1983) 198208.
[13] Y. Xu, Z. Peng, C. Zhang, G. Wang, H. Wang, H. Jiang, Y. Zhang, Enhancing [40] R. Canetti, H. Krawczyk, Universally composable notions of key exchange and
privacy in cyber-physical systems: An efficient blockchain-assisted data-sharing secure channels, in: International Conference on the Theory and Applications
scheme with deniability, J. Syst. Archit. 150 (2024) 103132. of Cryptographic Techniques Advances in Cryptology, EUROCRYPT 2002,
[14] Y. Zhang, L. Xiong, F. Li, X. Niu, H. Wu, A blockchain-based privacy-preserving Amsterdam, The Netherlands, 2002, pp. 337351.
auditable authentication scheme with hierarchical access control for mobile cloud [41] T.S. Messerges, E.A. Dabbish, R.H. Sloan, Examining smart-card security under
computing, J. Syst. Archit. 142 (2023) 102949. the threat of power analysis attacks, IEEE Trans. Comput. 51 (5) (2002) 541552.
[15] C.-M. Chen, S. Liu, X. Li, S.H. Islam, A.K. Das, A provably-secure authenticated [42] M. Wazid, A.K. Das, N. Kumar, M. Alazab, Designing authenticated key man-
key agreement protocol for remote patient monitoring IoMT, J. Syst. Archit. 136 agement scheme in 6G-enabled network in a box deployed for industrial
(2023) 102831. applications, IEEE Trans. Ind. Inf. 17 (10) (2021) 71747184.
[16] A. Shahidinejad, J. Abawajy, S. Huda, Untraceable blockchain-assisted authen- [43] M. Wazid, B. Bera, A.K. Das, S.P. Mohanty, M. Jo, Fortifying smart transportation
tication and key exchange in medical consortiums, J. Syst. Archit. 151 (2024) security through public blockchain, IEEE Internet Things J. 9 (17) (2022)
103143. 1653216545.
15
M. Wazid et al. Journal of Systems Architecture 160 (2025) 103365
[44] B. Khadem, A.M. Suteh, M. Ahmad, A. Alkhayyat, M.S. Farash, H.S. Khalifa, An Systems Journal, Journal of Network and Computer Ap-
improved WBSN key-agreement protocol based on static parameters and hash plications (Elsevier), Computer Communications (Elsevier),
functions, IEEE Access 9 (2021) 7846378473. International Journal of Communication Systems (Wiley),
[45] C.J.F. Cremers, Scyther : Semantics and verification of security protocols, Journal of Cloud Computing (Springer), Cyber Security
2006, https://pure.tue.nl/ws/files/2425555/200612074.pdf (Accessed on August and Applications (Elsevier), Alexandria Engineering Jour-
2024). nal (Elsevier), IET Communications, KSII Transactions on
[46] M. Tanveer, A.H. Zahid, M. Ahmad, A. Baz, H. Alhakami, LAKE-IoD: Lightweight Internet and Information Systems, and International Jour-
authenticated key exchange protocol for the internet of drone environment, IEEE nal of Communication Systems (Wiley). He also served as
Access 8 (2020) 155645155659. one of the Technical Program Committee Chairs of the
[47] D. He, S. Zeadally, B. Xu, X. Huang, An efficient identity-based conditional first International Congress on Blockchain and Applications
privacy-preserving authentication scheme for vehicular ad hoc networks, IEEE (BLOCKCHAIN19), Avila, Spain, June 2019, International
Trans. Inf. Forensics Secur. 10 (12) (2015) 26812691. Conference on Applied Soft Computing and Communica-
[48] M. Fan, X. Zhang, Consortium blockchain based data aggregation and regulation tion Networks (ACN20), October 2020, Chennai, India,
mechanism for smart grid, IEEE Access 7 (2019) 3592935940. second International Congress on Blockchain and Appli-
[49] Drones in healthcare: A lifesaving innovation, 2024, Available at: cations (BLOCKCHAIN20), LAquila, Italy, October 2020,
https://www.indowings.com/blog/5-reasons-why-we-need-to-use-drones-in- and International Conference on Applied Soft Computing
the-hospital-management.php. (Accessed on October 2024). and Communication Networks (ACN23), December 2023,
Bangalore, India. His Google Scholar h-index is 92 and
[50] Military drone market, 2023, https://www.fortunebusinessinsights.com/military-
i10-index is 302 with over 25,200 citations.
drone-market-102181. (Accessed on October 2024).
SK Hafizul Islam received the M.Sc. degree in applied
Mohammad Wazid received his Master of Technology in mathematics from Vidyasagar University, Midnapore, India,
Computer Network Engineering from Graphic Era Univer- in 2006, and the M.Tech. degree in Computer Application
sity, Dehradun, India, and received a Ph.D. in Computer and the Ph.D. degree in Computer Science and Engineering
Science and Engineering from the International Institute of in 2009 and 2013, respectively, from Indian Institute of
Information Technology, Hyderabad, India. He is currently Technology [IIT (ISM)] Dhanbad, Jharkhand, India, un-
working as a Professor in the Department of Computer der the INSPIRE Fellowship Ph.D. Program (funded by
Science and Engineering, Graphic Era University, Dehradun, the Department of Science and Technology, Government
India. He is the head of the cybersecurity and IoT research of India). He is currently an Assistant Professor in the
group at Graphic Era University, Dehradun, India. Prior to Department of Computer Science and Engineering, Indian
this, he was an assistant professor in the Department of Institute of Information Technology Kalyani (IIIT Kalyani),
Computer Science and Engineering at the Manipal Institute West Bengal, India. He has more than ten years of teaching
of Technology, MAHE, Manipal, India. He was also a post- and thirteen years of research experience. He has authored
doctoral researcher in the cyber security and networks lab, or co-authored 150 research papers in journals and con-
Innopolis University, Innopolis, Russia. His current research ference proceedings of international reputes. His research
interests include security, remote user authentication, the interests include Cryptography, Information Security, Neural
Internet of Things (IIoT), and cloud computing. He has Cryptography, Lattice-based Cryptography, IoT & Blockchain
published more than 100 papers in international journals Security, and Deep Learning. He has edited four books for
and conferences in the above areas. He was a recipient of the publishers Scrivener-Wiley, Elsevier, and CRC Press. He
the University Gold Medal and the Young Scientist Award is an Associate Editor for IEEE Transactions on Intelligent
from UCOST, the Department of Science and Technology, Transportation Systems, IEEE Access, International Journal
Government of Uttarakhand, India. He is a senior member of Communication Systems (Wiley), Telecommunication Sys-
of IEEE. tems (Springer), IET Wireless Sensor Systems, Security and
Privacy (Wiley), and Array - Journal (Elsevier). He is a
senior member of IEEE, and a member of ACM.
Saksham Mittal is pursuing Ph.D. CSE in the department
of CSE at Graphic Era Deemed to be University, Dehradun,
India. He is also associated with Graphic Era Hill University, Mohammed J.F. Alenazi earned his B.S., M.S., and Ph.D.
Dehradun, India as the teaching staff. His research inter- degrees in computer engineering from the University of
ests include intrusion detection systems, big data analytics, Kansas, USA, in 2010, 2012, and 2015, respectively. He is
threat analysis, and machine learning. a Professor in computer engineering at King Saud Univer-
sity and a reviewer for several international journals. His
research interests span cybersecurity, focusing on network
security, encryption, and vulnerability analysis, as well as
machine learning, where he applies AI to enhance network
security and performance. He also works on the design and
analysis of resilient networks, network routing, and mobile
Ashok Kumar Das, received a Ph.D. degree in computer
ad hoc network (MANET) protocols. A member of ACM, his
science and engineering, an M.Tech. degree in computer
work contributes to the intersection of cybersecurity and
science and data processing, and an M.Sc. degree in math-
machine learning for developing adaptive, threat-resistant
ematics from IIT Kharagpur, India. He is currently a full
systems.
Professor with the Center for Security, Theory and Algo-
rithmic Research, IIIT, Hyderabad, India. He is an adjunct
professor at the Korea University, Seoul, South Korea. He Athanasios V. Vasilakos is with the Center for AI Research
was also a visiting research professor with the Virginia (CAIR), University of Agder (UiA), Grimstad, Norway. He is
Modeling, Analysis and Simulation Center, Old Dominion WoS Highly Cited Researcher (HC), from 2016 to 2021. He
University, Suffolk, p=VA 23435, USA. His research inter- served or is serving as an Editor for many technical journals,
ests include cryptography, system and network security, such as the IEEE TRANSACTIONS ON NETWORK AND
blockchain, security in the Internet of Things (IoT), In- SERVICE MANAGEMENT, IEEE TRANSACTIONS ON CLOUD
ternet of Vehicles (IoV), Internet of Drones (IoD), smart COMPUTING, IEEE TRANSACTIONS ON INFORMATION
grids, smart city, cloud/fog computing, intrusion detection, FORENSICS AND SECURITY, IEEE TRANSACTIONS ON CY-
AI/ML security, and post-quantum cryptography. He has BERNETICS, IEEE TRANSACTIONS ON NANOBIOSCIENCE,
authored over 465 papers in international journals and IEEE TRANSACTIONS ON INFORMATION TECHNOLOGY
conferences in the above areas, including over 395 re- IN BIOMEDICINE, ACM Transactions on Autonomous and
puted journal papers. He was a recipient of the Institute Adaptive Systems, and the IEEE JOURNAL ON SELECTED
Silver Medal from IIT Kharagpur. He has been listed in AREAS IN COMMUNICATIONS.
the Web of Science (ClarivateTM ) Highly Cited Researcher
2022 and 2023 in recognition of his exceptional research
performance. He is/was on the editorial board of IEEE
Transactions on Information Forensics and Security, IEEE
16
Reference in New Issue View Git Blame Copy Permalink