An official website of the United States government
Rapid advancements in the fifth generation (5G) communication technology and mobile edge computing (MEC) paradigm have led to the proliferation of unmanned aerial vehicles (UAV) in urban air mobility (UAM) networks, which provide intelligent services for diversified smart city scenarios. Meanwhile, the widely deployed Internet of drones (IoD) in smart cities has also brought up new concerns regarding performance, security, and privacy. The centralized framework adopted by conventional UAM networks is not adequate to handle high mobility and dynamicity. Moreover, it is necessary to ensure device authentication, data integrity, and privacy preservation in UAM networks. Thanks to its characteristics of decentralization, traceability, and unalterability, blockchain is recognized as a promising technology to enhance security and privacy for UAM networks. In this paper, we introduce LightMAN, a lightweight microchained fabric for data assurance and resilience-oriented UAM networks. LightMAN is tailored for small-scale permissioned UAV networks, in which a microchain acts as a lightweight distributed ledger for security guarantees. Thus, participants are enabled to authenticate drones and verify the genuineness of data that are sent to/from drones without relying on a third-party agency. In addition, a hybrid on-chain and off-chain storage strategy is adopted that not only improves performance (e.g., latency and throughput) but also ensures privacy preservation for sensitive information in UAM networks. A proof-of-concept prototype is implemented and tested on a micro-air–vehicle link (MAVLink) simulator. The experimental evaluation validates the feasibility and effectiveness of the proposed LightMAN solution.
more »
« less
liteGAP: Lightweight Group Authentication Protocol for Internet of Drones Systems
Over the past few years, the synergic usage of unmanned aerial vehicles (later drones) and Internet of Things (IoT) has successfully transformed into the Internet of Drones (IoD) paradigm, where the data of interest is gathered and delivered to the Zone Service Provider (ZSP) by drones for substantial additional analysis. Considering the sensitivity of collected information and the impact of information disclosure, information privacy and security issues should be resolved properly so that the maximum potential of IoD can be realized in the increasingly complex cyber threat environment. Ideally, an authentication and key agreement protocol can be adopted to establish secure communications between drones and the ZSP in an insecure environment. Nevertheless, a large group of drones authenticating with the ZSP simultaneously will lead to a severe authentication signaling congestion, which inevitably degrades the quality of service (QoS) of IoD systems. To properly address the above-mentioned issues, a lightweight group authentication protocol, called liteGAP, is proposed in this paper. liteGAP can achieve the authenticated key establishment between a group of drones and the ZSP concurrently in the IoD environment using lightweight operations such as hash function, bitwise XOR, and physical unclonable function (PUF). We verify liteGAP using AVISPA (a tool for the automatic verification of security protocols) and conduct formal and informal security analysis, proving that liteGAP meets all pre-defined security requirements and withstand various potential cyber attacks. Moreover, we develop an experimental framework and conduct extensive experiments on liteGAP and two benchmark schemes (e.g., GASE and rampIoD). Experimental findings show that liteGAP outperforms its counterparts in terms of computational cost as well as communication overhead.
more »
« less
- Award ID(s):
- 2050978
- PAR ID:
- 10515730
- Publisher / Repository:
- IEEE
- Date Published:
- Journal Name:
- IEEE Transactions on Vehicular Technology
- Volume:
- 73
- Issue:
- 4
- ISSN:
- 0018-9545
- Page Range / eLocation ID:
- 5849 to 5860
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Internet of drones (IoD), employing drones as the internet of things (IoT) devices, brings flexibility to IoT networks and has been used to provision several applications (e.g., object tracking and traffic surveillance). The explosive growth of users and IoD applications injects massive traffic into IoD networks, hence causing congestions and reducing the quality of service (QoS). In order to improve the QoS, caching at IoD gateways is a promising solution which stores popular IoD data and sends them directly to the users instead of activating drones to transmit the data; this reduces the traffic in IoD networks. In order to fully utilize the storage-limited caches, appropriate content placement decisions should be made to determine which data should be cached. On the other hand, appropriate drone association strategies, which determine the serving IoD gateway for each drone, help distribute the network traffic properly and hence improve the QoS. In our work, we consider a joint optimization of drone association and content placement problem aimed at maximizing the average data transfer rate. This problem is formulated as an integer linear programming (ILP) problem. We then design the Drone Association and Content Placement (DACP) algorithm to solve this problem with low computational complexity. Extensive simulations demonstrate the performance of DACP.more » « less
-
Internet of Drones (IoD) employs drones as the internet of things (IoT) devices to provision applications such as traffic surveillance and object tracking. Data collection service is a typical application where multiple drones are deployed to collect information from the ground and send them to the IoT gateway for further processing. The performance of IoD networks is constrained by drones’ battery capacities, and hence we utilize both energy harvesting technologies and power control to address this limitation. Specifically, we optimize drones’ wireless transmission power at each time epoch in energy harvesting aided time-varying IoD networks for the data collection service with the objective to minimize the average system energy cost. We then formulate a Markov Decision Process (MDP) model to characterize the power control process in dynamic IoD networks, which is then solved by our proposed model-free deep actor-critic reinforcement learning algorithm. The performance of our algorithm is demonstrated via extensive simulations.more » « less
-
null (Ed.)As 5G systems are starting to be deployed and becoming part of many daily life applications, there is an increasing interest on the security of the overall system as 5G network architecture is significantly different than LTE systems. For instance, through application specific virtual network slices, one can trigger additional security measures depending on the sensitivity of the running application. Drones utilizing 5G could be a perfect example as they pose several safety threats if they are compromised. To this end, we propose a stronger authentication mechanism inspired from the idea of second-factor authentication in IT systems. Specifically, once the primary 5G authentication is executed, a specific slice can be tasked to trigger a second-factor authentication utilizing different factors from the primary one. This trigger mechanism utilizes the re-authentication procedure as specified in the 3GPP 5G standards for easy integration. Our second-factor authentication uses a special challenge-response protocol, which relies on unique drone digital ID as well as a seed and nonce generated from the slice to enable freshness. We implemented the proposed protocol in ns-3 that supports mmWave-based communication in 5G. We demonstrate that the proposed protocol is lightweight and can scale while enabling stronger security for the drones.more » « less
-
null (Ed.)Cyber-Physical Systems (CPS) connected in the form of Internet of Things (IoT) are vulnerable to various security threats, due to the infrastructure-less deployment of IoT devices. Device-to-Device (D2D) authentication of these networks ensures the integrity, authenticity, and confidentiality of information in the deployed area. The literature suggests different approaches to address security issues in CPS technologies. However, they are mostly based on centralized techniques or specific system deployments with higher cost of computation and communication. It is therefore necessary to develop an effective scheme that can resolve the security problems in CPS technologies of IoT devices. In this paper, a lightweight Hash-MAC-DSDV (Hash Media Access Control Destination Sequence Distance Vector) routing scheme is proposed to resolve authentication issues in CPS technologies, connected in the form of IoT networks. For this purpose, a CPS of IoT devices (multi-WSNs) is developed from the local-chain and public chain, respectively. The proposed scheme ensures D2D authentication by the Hash-MAC-DSDV mutual scheme, where the MAC addresses of individual devices are registered in the first phase and advertised in the network in the second phase. The proposed scheme allows legitimate devices to modify their routing table and unicast the one-way hash authentication mechanism to transfer their captured data from source towards the destination. Our evaluation results demonstrate that Hash-MAC-DSDV outweighs the existing schemes in terms of attack detection, energy consumption and communication metrics.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.1109/TVT.2023.3335839
