skip to main content


The NSF Public Access Repository (NSF-PAR) system and access will be unavailable from 11:00 PM ET on Friday, July 12 until 2:00 AM ET on Saturday, July 13 due to maintenance. We apologize for the inconvenience.

Title: Enabling Second Factor Authentication for Drones in 5G using Network Slicing
As 5G systems are starting to be deployed and becoming part of many daily life applications, there is an increasing interest on the security of the overall system as 5G network architecture is significantly different than LTE systems. For instance, through application specific virtual network slices, one can trigger additional security measures depending on the sensitivity of the running application. Drones utilizing 5G could be a perfect example as they pose several safety threats if they are compromised. To this end, we propose a stronger authentication mechanism inspired from the idea of second-factor authentication in IT systems. Specifically, once the primary 5G authentication is executed, a specific slice can be tasked to trigger a second-factor authentication utilizing different factors from the primary one. This trigger mechanism utilizes the re-authentication procedure as specified in the 3GPP 5G standards for easy integration. Our second-factor authentication uses a special challenge-response protocol, which relies on unique drone digital ID as well as a seed and nonce generated from the slice to enable freshness. We implemented the proposed protocol in ns-3 that supports mmWave-based communication in 5G. We demonstrate that the proposed protocol is lightweight and can scale while enabling stronger security for the drones.  more » « less
Award ID(s):
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
2020 IEEE Globecom Workshops (GC Wkshps)
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. null (Ed.)
    Unmanned Aerial Vehicles (UAVs), or drones, are increasingly being utilized for public safety circumstances including post-disaster recovery of destroyed communication infrastructure. For instance, drones are temporarily positioned within an affected area to create a wireless mesh network among public safety personnel. To serve the need for high-rate video-based damage assessment, drone-assisted communication can utilize high- bandwidth millimeter wave (mmWave) technologies such as IEEE 802.11ad. However, short-range mmWave communication makes it hard for optimally- positioned drones to be authenticated with a centralized network control center. Therefore and assuming that there are potential imposters, we propose two lightweight and fast authentication mechanisms that take into account the physical limitations of mmWave communication. First, we propose a drone-to-drone authentication mechanism, which is based on proxy signatures from a control center. Accordingly, any newly joining drone can authenticate itself to an exist one rather than attempting to authenticate to the outof-reach control center. Second, we propose a drone-to- ground authentication mechanism, to enable each drone to authenticate itself to its associated ground users. Such authentication approach is based on challenge-response broadcast type, and it is still utilizing fast proxy signature approach. The evaluation of the proposed authentication mechanisms, conducted using NS-3 implementation of IEEE 802.11ad protocol, show their efficiency and practicality. 
    more » « less
  2. Over the past few years, the synergic usage of unmanned aerial vehicles (later drones) and Internet of Things (IoT) has successfully transformed into the Internet of Drones (IoD) paradigm, where the data of interest is gathered and delivered to the Zone Service Provider (ZSP) by drones for substantial additional analysis. Considering the sensitivity of collected information and the impact of information disclosure, information privacy and security issues should be resolved properly so that the maximum potential of IoD can be realized in the increasingly complex cyber threat environment. Ideally, an authentication and key agreement protocol can be adopted to establish secure communications between drones and the ZSP in an insecure environment. Nevertheless, a large group of drones authenticating with the ZSP simultaneously will lead to a severe authentication signaling congestion, which inevitably degrades the quality of service (QoS) of IoD systems. To properly address the above-mentioned issues, a lightweight group authentication protocol, called liteGAP, is proposed in this paper. liteGAP can achieve the authenticated key establishment between a group of drones and the ZSP concurrently in the IoD environment using lightweight operations such as hash function, bitwise XOR, and physical unclonable function (PUF). We verify liteGAP using AVISPA (a tool for the automatic verification of security protocols) and conduct formal and informal security analysis, proving that liteGAP meets all pre-defined security requirements and withstand various potential cyber attacks. Moreover, we develop an experimental framework and conduct extensive experiments on liteGAP and two benchmark schemes (e.g., GASE and rampIoD). Experimental findings show that liteGAP outperforms its counterparts in terms of computational cost as well as communication overhead. 
    more » « less
  3. null (Ed.)
    Cyber-Physical Systems (CPS) connected in the form of Internet of Things (IoT) are vulnerable to various security threats, due to the infrastructure-less deployment of IoT devices. Device-to-Device (D2D) authentication of these networks ensures the integrity, authenticity, and confidentiality of information in the deployed area. The literature suggests different approaches to address security issues in CPS technologies. However, they are mostly based on centralized techniques or specific system deployments with higher cost of computation and communication. It is therefore necessary to develop an effective scheme that can resolve the security problems in CPS technologies of IoT devices. In this paper, a lightweight Hash-MAC-DSDV (Hash Media Access Control Destination Sequence Distance Vector) routing scheme is proposed to resolve authentication issues in CPS technologies, connected in the form of IoT networks. For this purpose, a CPS of IoT devices (multi-WSNs) is developed from the local-chain and public chain, respectively. The proposed scheme ensures D2D authentication by the Hash-MAC-DSDV mutual scheme, where the MAC addresses of individual devices are registered in the first phase and advertised in the network in the second phase. The proposed scheme allows legitimate devices to modify their routing table and unicast the one-way hash authentication mechanism to transfer their captured data from source towards the destination. Our evaluation results demonstrate that Hash-MAC-DSDV outweighs the existing schemes in terms of attack detection, energy consumption and communication metrics. 
    more » « less
  4. 5G and open radio access networks (Open RANs) will result in vendor-neutral hardware deployment that will require additional diligence towards managing security risks. This new paradigm will allow the same network infrastructure to support virtual network slices for transmit different waveforms, such as 5G New Radio, LTE, WiFi, at different times. In this multi- vendor, multi-protocol/waveform setting, we propose an additional physical layer authentication method that detects a specific emitter through a technique called as RF fingerprinting. Our deep learning approach uses convolutional neural networks augmented with triplet loss, where examples of similar/dissimilar signal samples are shown to the classifier over the training duration. We demonstrate the feasibility of RF fingerprinting base stations over the large-scale over-the-air experimental POWDER platform in Salt Lake City, Utah, USA. Using real world datasets, we show how our approach overcomes the challenges posed by changing channel conditions and protocol choices with 99.86% detection accuracy for different training and testing days. 
    more » « less
  5. null (Ed.)
    Growth of the Internet-of-things has led to complex system-on-chips (SoCs) being used in the edge devices in IoT applications. The increased complexity is demanding designers to consider several critical factors, such as dynamic requirement changes, long application life, mass production, and tight time-to-market deadlines. These requirements lead to more complex security concerns. SoC manufacturers outsource some of the intellectual property cores integrated on the SoC to untrusted third-party vendors. The untrusted intellectual properties can contain malicious implants, which can launch attacks using the resources provided by the on-chip interconnection network, commonly known as the network-on-chip (NoC). Existing efforts on securing NoC have considered lightweight encryption, authentication, and other attack detection mechanisms such as denial-of-service and buffer overflows. Unfortunately, these approaches focus on designing statically optimized security solutions. As a result, they are not suitable for many IoT systems with long application life and dynamic requirement changes. There is a critical need to design reconfigurable security architectures that can be dynamically tuned based on changing requirements. In this article, we propose a tier-based reconfigurable security architecture that can adapt to different use-case scenarios. We explore how to design an efficient reconfigurable architecture that can support three popular NoC security mechanisms (encryption, authentication, and denial-of-service attack detection and localization) and implement suitable dynamic reconfiguration techniques. We evaluate our proposed framework by running standard benchmarks enabling different tiers of security and provide a comprehensive analysis of how different levels of security can affect application performance, energy efficiency, and area overhead. 
    more » « less