skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Enabling Second Factor Authentication for Drones in 5G using Network Slicing
As 5G systems are starting to be deployed and becoming part of many daily life applications, there is an increasing interest on the security of the overall system as 5G network architecture is significantly different than LTE systems. For instance, through application specific virtual network slices, one can trigger additional security measures depending on the sensitivity of the running application. Drones utilizing 5G could be a perfect example as they pose several safety threats if they are compromised. To this end, we propose a stronger authentication mechanism inspired from the idea of second-factor authentication in IT systems. Specifically, once the primary 5G authentication is executed, a specific slice can be tasked to trigger a second-factor authentication utilizing different factors from the primary one. This trigger mechanism utilizes the re-authentication procedure as specified in the 3GPP 5G standards for easy integration. Our second-factor authentication uses a special challenge-response protocol, which relies on unique drone digital ID as well as a seed and nonce generated from the slice to enable freshness. We implemented the proposed protocol in ns-3 that supports mmWave-based communication in 5G. We demonstrate that the proposed protocol is lightweight and can scale while enabling stronger security for the drones.  more » « less
Award ID(s):
1618692
PAR ID:
10219641
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
2020 IEEE Globecom Workshops (GC Wkshps)
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, GLOBECOM 2020 - 2020 IEEE Global Communications Conference)
    null (Ed.)
    Unmanned Aerial Vehicles (UAVs), or drones, are increasingly being utilized for public safety circumstances including post-disaster recovery of destroyed communication infrastructure. For instance, drones are temporarily positioned within an affected area to create a wireless mesh network among public safety personnel. To serve the need for high-rate video-based damage assessment, drone-assisted communication can utilize high- bandwidth millimeter wave (mmWave) technologies such as IEEE 802.11ad. However, short-range mmWave communication makes it hard for optimally- positioned drones to be authenticated with a centralized network control center. Therefore and assuming that there are potential imposters, we propose two lightweight and fast authentication mechanisms that take into account the physical limitations of mmWave communication. First, we propose a drone-to-drone authentication mechanism, which is based on proxy signatures from a control center. Accordingly, any newly joining drone can authenticate itself to an exist one rather than attempting to authenticate to the outof-reach control center. Second, we propose a drone-to- ground authentication mechanism, to enable each drone to authenticate itself to its associated ground users. Such authentication approach is based on challenge-response broadcast type, and it is still utilizing fast proxy signature approach. The evaluation of the proposed authentication mechanisms, conducted using NS-3 implementation of IEEE 802.11ad protocol, show their efficiency and practicality. 
    more » « less
  2. ; ; ; ; (, IEEE Transactions on Vehicular Technology)
    Over the past few years, the synergic usage of unmanned aerial vehicles (later drones) and Internet of Things (IoT) has successfully transformed into the Internet of Drones (IoD) paradigm, where the data of interest is gathered and delivered to the Zone Service Provider (ZSP) by drones for substantial additional analysis. Considering the sensitivity of collected information and the impact of information disclosure, information privacy and security issues should be resolved properly so that the maximum potential of IoD can be realized in the increasingly complex cyber threat environment. Ideally, an authentication and key agreement protocol can be adopted to establish secure communications between drones and the ZSP in an insecure environment. Nevertheless, a large group of drones authenticating with the ZSP simultaneously will lead to a severe authentication signaling congestion, which inevitably degrades the quality of service (QoS) of IoD systems. To properly address the above-mentioned issues, a lightweight group authentication protocol, called liteGAP, is proposed in this paper. liteGAP can achieve the authenticated key establishment between a group of drones and the ZSP concurrently in the IoD environment using lightweight operations such as hash function, bitwise XOR, and physical unclonable function (PUF). We verify liteGAP using AVISPA (a tool for the automatic verification of security protocols) and conduct formal and informal security analysis, proving that liteGAP meets all pre-defined security requirements and withstand various potential cyber attacks. Moreover, we develop an experimental framework and conduct extensive experiments on liteGAP and two benchmark schemes (e.g., GASE and rampIoD). Experimental findings show that liteGAP outperforms its counterparts in terms of computational cost as well as communication overhead. 
    more » « less
  3. ; ; ; ; ; ; (, IEEE Internet of Things Journal)
    null (Ed.)
    Cyber-Physical Systems (CPS) connected in the form of Internet of Things (IoT) are vulnerable to various security threats, due to the infrastructure-less deployment of IoT devices. Device-to-Device (D2D) authentication of these networks ensures the integrity, authenticity, and confidentiality of information in the deployed area. The literature suggests different approaches to address security issues in CPS technologies. However, they are mostly based on centralized techniques or specific system deployments with higher cost of computation and communication. It is therefore necessary to develop an effective scheme that can resolve the security problems in CPS technologies of IoT devices. In this paper, a lightweight Hash-MAC-DSDV (Hash Media Access Control Destination Sequence Distance Vector) routing scheme is proposed to resolve authentication issues in CPS technologies, connected in the form of IoT networks. For this purpose, a CPS of IoT devices (multi-WSNs) is developed from the local-chain and public chain, respectively. The proposed scheme ensures D2D authentication by the Hash-MAC-DSDV mutual scheme, where the MAC addresses of individual devices are registered in the first phase and advertised in the network in the second phase. The proposed scheme allows legitimate devices to modify their routing table and unicast the one-way hash authentication mechanism to transfer their captured data from source towards the destination. Our evaluation results demonstrate that Hash-MAC-DSDV outweighs the existing schemes in terms of attack detection, energy consumption and communication metrics. 
    more » « less
  4. (, CSIAC journal)
    This article presents a novel network protocol that incorporates a quantum photonic channel for symmetric key distribution, a Dilithium signature to replace factor-based public key cryptography for enhanced authentication, security, and privacy. The protocol uses strong hash functions to hash original messages and verify heightened data integrity at the destination. This Quantum good authentication protocol (QGP) provides high-level security provided by the theory of quantum mechanics. QGP also has the advantage of quantum-resistant data protection that prevents current digital computer and future quantum computer attacks. QGP transforms the transmission control protocol/internet protocol (TCP/IP) by adding a quantum layer at the bottom of the Open Systems Interconnection (OSI) model (layer 0) and modifying the top layer (layer 7) with Dilithium signatures, thus improving the security of the original OSI model. In addition, QGP incorporates strong encryption, hardware-based quantum channels, post-quantum signatures, and secure hash algorithms over a platform of decryptors, switches, routers, and network controllers to form a testbed of the next-generation, secure quantum internet. The experiments presented here show that QGP provides secure authentication and improved security and privacy and can be adopted as a new protocol for the next-generation quantum internet. 
    more » « less
  5. ; ; ; (, IEEE Global Communications Conference)
    5G and open radio access networks (Open RANs) will result in vendor-neutral hardware deployment that will require additional diligence towards managing security risks. This new paradigm will allow the same network infrastructure to support virtual network slices for transmit different waveforms, such as 5G New Radio, LTE, WiFi, at different times. In this multi- vendor, multi-protocol/waveform setting, we propose an additional physical layer authentication method that detects a specific emitter through a technique called as RF fingerprinting. Our deep learning approach uses convolutional neural networks augmented with triplet loss, where examples of similar/dissimilar signal samples are shown to the classifier over the training duration. We demonstrate the feasibility of RF fingerprinting base stations over the large-scale over-the-air experimental POWDER platform in Salt Lake City, Utah, USA. Using real world datasets, we show how our approach overcomes the challenges posed by changing channel conditions and protocol choices with 99.86% detection accuracy for different training and testing days. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email