A multi-factor user authentication protocol for the internet of drones environment

Due to the popularization of unmanned aerial vehicles (UAVs), many of which are known as drones, the Internet of Drones (IoD) has gained significant importance over the past years in several areas and has been implemented in a wide range of fields (e.g., military, rescue, agriculture, and entertainment). It is enabled by the implementation of several drones in different flight zones for undertaking specific tasks, commonly collecting data in real time and providing them to users who communicate with them through their mobile devices. However, owing to the critical nature of information and the utilization of public communication channels, privacy and security issues must be considered. Authentication protocols can be adopted for reliable and secure communication, enabling data exchange between the user and the drone and resisting attacks such as man-in-the-middle and replay. On the other hand, due to the peculiarities of IoD environments, the development of an efficient protocol in terms of resource consumption that meets security properties is challenging. This article proposes a user authentication scheme based on biometry and elliptic curve cryptography for IoD. Its robustness was evaluated by a security analysis and a semi-automatized verification by AVISPA tool, which confirmed the scheme resists several known attacks against passive/active adversaries and meets security properties such as anonymity, authenticity, and nontraceability. Moreover, it shows better communication and computational performance in comparison to other authentication protocols from the literature.