Abstract
•This paper proves that the user access to drone scheme of Wazid et al. is vulnerable to several attacks including stolen verifier, traceability attacks.•In Wazid et al.s scheme, the attacker with access to the verifier, can impersonate any user, drone or server of the system. Moreover, the access to verifier enhances the attacker’s capability to disclose the session key computed between a user and a drone.•An enhanced scheme is then proposed to cope with these weaknesses.•The security claims of proposed scheme are proved by formal and informal security analysis.•The performance and security comparisons show that proposed scheme has slight overhead in performance, while maintaining the security.
The Internet of drones (IoD) is a very useful application of the Internet of things (IoT) and it can help the daily life comfort through various functions including the smart city surveillance. The IoD can enhance the comfort to reach inaccessible and hard to access sites and can save lot of effort, time and cost. However, in addition to traditional threats, the IoD may suffer from new threats and requires customized methods to combat the security weaknesses. Very recently, Wazid et al. proposed a security solution for securing IoD application scenario and claimed its security. However, in this paper we show that their scheme cannot resist stolen verifier and traceability attacks. Moreover, an attacker with access to the verifier, can impersonate any user, drone or server of the system. An enhanced scheme is then proposed to cope with these weaknesses. The security claims of proposed scheme are endorsed by formal and informal security analysis. Moreover, the performance and security comparisons show that proposed scheme completes a cycle of authentication with a slight increase in computation time, but it offers all the required security features as compared with the scheme of Wazid et al.