In recent years, due to the rapid development of Internet of things (IoTs), various physical things (objects) in IoTs are smart enough to make their own decisions without the involvement of humans. The smart devices embedded in a drone can sense, collect, and transmit real-time data back to the controller from a designated environment via wireless communication technologies. The mobility, flexibility, reliability and energy efficiency of drones makes them more widely used in IoT environments such as commercial, military, entertainment applications, traffic surveillance and aerial photography. In a generalized IoD architecture, we have communications among the drones in a flying zone, among the drones and the control server, and also among the drones and authorized user. IoD still has many critical issues that need to be addressed, such as data access being carried out through a public channel and battery operated drones. To address these concerns in IoD communications, in this paper, an efficient authentication and secure communication scheme with privacy preservation is proposed and it only uses secure one-way hash function and bitwise XOR operations when control server, drone and user mutually authenticate each other. After the successful authentication, both IoD-based participants can agree on a common session key to secure the subsequent communication messages. The widely accepted ProVerif and BAN logic analysis have been used to assure that the proposed scheme is provably secure against existing well-known security attacks and ensures privacy. Finally, a comparative analysis is presented to demonstrate the proposed scheme preserves efficiency when compared to existing competitive schemes.
Keywords: Internet of Drones; authentication; privacy preservation; security; session key agreement.