A group of small UAVs can synergize to form a flying ad hoc network (FANET). The small UAVs are, typically, prone to security lapses because of limited onboard power, restricted computing ability, insufficient bandwidth, etc. Such limitations hinder the applicability of standard cryptographic techniques. Thus, assuring confidentiality and authentication on part of small UAV remains a far-fetched goal. We aim to address such an issue by proposing an identity-based generalized signcryption scheme. The lightweight security scheme employs multiaccess edge computing (MEC) whereby the primary UAV, as a MEC node, provides offloading to the computationally fragile member UAVs. The scheme is based on the concept of the hyperelliptic curve (HEC), which is characterized by a smaller key size and is, therefore, suitable for small UAVs. The scheme is robust since it offers confidentiality and authentication simultaneously as well as singly. Formal as well as informal security analyses and the validation results, using the Automated Validation for Internet Security Validation and Application (AVISPA) tool, second such notion. Comparative analysis with the existing schemes further authenticates the sturdiness of the proposed scheme. As a case study, the scheme is applied for monitoring crops in an agricultural field. It has been found out that the scheme promises higher security and incurs lower computational and communication costs.
Unmanned Aerial Vehicles (UAVs) have earned recognition in multiple domains owing to their versatile applications for surveillance, agriculture, health services, traffic monitoring, inspection, public safety, etc. [
FANETs can either be deployed independently or they can be integrated with the traditional networks via satellite or cellular communication links. The topic allures experts from the industry as well as academia. Most of the relevant research studies propose to integrate multiple-UAV systems with the traditional networks to assure Quality of Service (QoS), unhampered security, and sustained reliability. Therefore, it is imperative to identify loopholes in existing solutions. This can pave the way for solutions that support high throughput and a secure data communication regime. The envisioned Fifth Generation (5G) of wireless cellular communication systems is expected to offer higher capacity, enhanced data rate, and lower latency [
Generally, the small UAVs are not designed with security considerations and are, therefore, prone to security and privacy pitfalls [
However, the stringent constraints associated with a flying ad hoc network (FANET), such as limited onboard energy and limited computing capability, do not permit complex cryptographic operations. Moreover, undertaking computationally intensive tasks may result in slow response time which can, in turn, deteriorate the performance of FANETs. Fortunately, such deficiencies can be resolved by employing an amalgamated scheme, named “signcryption” [
In the public key cryptosystems, two basic approaches, Public Key Infrastructure (PKI) and Identity-Based Cryptography (IBC), are used to authenticate public keys [
The security and efficiency of the aforementioned security schemes are based on computationally hard problems. The RSA cryptography [
To reap the extensive benefits of multi-UAV systems, the underlying technical challenges need to be addressed. For instance, the small UAVs have limited onboard energy, which restricts the flying time to a specified period and the UAV’s limited computational capability does not permit complex cryptographic operations. Therefore, there is a need to harness a state-of-the-art communication architecture with a lightweight security mechanism, which can, significantly, stabilize the battery lifetime, offer limited computation cost, and provide better connectivity.
Motivated by such objectives, for FANETs, the authors, here, suggest an identity-based generalized signcryption scheme. The very scheme makes use of multiaccess edge computing (MEC) and is based on a much advanced version of the elliptic curve, i.e., the hyperelliptic curve (HEC). HEC is characterized by a smaller key size and, at the same time, promises security comparable to that of the counterparts, i.e., elliptic curve, bilinear pairing, and modular exponentiation. Incorporation of HEC reduces power consumption and improves the device’s performance, thereby making it suitable for a wide range of devices, ranging from sensors to UAVs.
Some of the salient features signifying the contribution of our research work, in this paper, are as follows: We introduce a new architecture for flying ad hoc networks (FANETs) leveraging multiaccess edge computing (MEC) facility, where the primary UAV acts as a MEC node in order to provide computational offloading services for the member UAVs having limited local computing capabilities We propose an efficient and provably secure identity-based generalized signcryption scheme for the architecture using the concept of a hyperelliptic curve The proposed scheme is potent enough to thwart attacks, both known and unknown, and the validation results using the Automated Validation for Internet Security Validation and Application (AVISPA) tool second such notion Moreover, upon doing a comparative analysis with the extant schemes, it is revealed that our proposed scheme is superior, particularly, in terms of computational and communication costs
The rest of the paper is organized as follows. In Section
Owing to the promising features of on-demand communication services and flexible deployment, UAV-enabled multiaccess edge computing capabilities have received much attention in recent years. So far, various studies have been conducted to examine the usability of edge computing for UAVs [
In [
The methodology proposed by Christian et al. [
The primary security mechanisms for FANETs emphasize authenticity, confidentiality, and integrity of data via cryptography. A well-designed data protection mechanism can significantly reduce the probability of the data get compromised, irrespective of the devilish technique involved. There are a few studies dedicated to investigating the data protection issues for UAV Networks. In a secure communication scheme proposed by He et al. [
Three communication scenarios have been described by Won et al. [
Lal et al. [
HECC is the advanced form of elliptic curve cryptography (ECC), and it is used to exchange keys and facilitate secure communications between two parties with very small size keys and incur lower computational and communication costs. For instance, an encryption activity done using RSA with a 1024-bit key and ECC with a 160-bit key is equivalent in performance to HECC encryption with an 80-bit key [
Suppose that ℑ
It forms the divisors which are the formal sum of finite integers like
Assume that
To elaborate on the operation and applicability of the proposed scheme, two models are used.
We devise a novel architecture for a flying ad hoc network (FANET), constituted by UAVs, with a multiaccess edge computing (MEC) facility that makes use of the Fifth Generation (5G) wireless communication technology on backhaul and the Wi-Fi technology on fronthaul, as shown in Figure
Multiaccess edge computing empowered FANET architecture of the proposed scheme when applied for monitoring.
The proposed scheme employs the Dolev-Yao (DY) threat model [
A formal model of identity-based generalized signcryption scheme consists of the following four algorithms [
Notations used in the proposed algorithm.
S.NO | Symbol | Definition |
---|---|---|
1 | Hyperelliptic curve | |
2 | Security parameter | |
3 | PKG | Private key generation center |
4 | A large prime number with length equivalents to 80 bits | |
5 | ℑ | A finite field of the order |
6 | Hash functions | |
7 | Master private key of PKG | |
8 | Master public key of PKG | |
9 | Public parameter param | |
10 | Identity sender | |
11 | Identity receiver | |
12 | Private key of the sender | |
13 | Private key of the receiver | |
14 | Public key of the sender | |
15 | Public key of receiver | |
16 | Ciphertext and plain text | |
17 | A fresh nonce | |
18 | Encryption and decryption key | |
19 | Encryption and decryption through | |
20 | Generalized signcryption text for the receiver | |
21 | Used for concatenation | |
22 | ╨ | Used for error |
It includes the following four subphases [ Setup: in this phase, the private key generation (PKG) center performs essential steps. It Selects a security parameter Selects a hyperelliptic curve (HEC) of genus 2 Selects a parameter Selects a finite field Selects a divisor Selects two one-way hash function, i.e., Selects a number uniformly for its private key as Computes its public key as Produces all the public parameter param Key extraction: when each of the participating contestants transmits their identity ( It computes private key for identity ( It computes public key for identity ( It delivers the pair of the public and private keys ( Generalized signcryption: given a message (m), the private key of the sender ( It selects a number in an irregular manner as It calculates It computes It calculates It computes It produces the final generalized signcryption text for the receiver as Generalized unsigncryption: given a generalized signcryption text It computes It decrypts It computes It compares
Note that, in the above algorithm, if
The receiver can compute the decryption key as
This section is dedicated to spotlight the proposed scheme’s contribution in upholding basic security including resistance to replay attack, confidentiality, integrity, and unforgeability. Each of the characteristics is briefly analyzed in the following sections.
The proposed scheme ensures confidentiality. In case an intruder wants to steal the original contents of a message or the secret key, he/she must have beforehand information about the key as
The scheme offers replay attack resistance. Each session implies a fresh key (
The sender takes the “hash value” of the message before sending the message, i.e.,:
In our proposed scheme, if the intruder tries to generate a valid signature, then he/she is, first of all, required to compute
In this phase, we provide the practical deployment of our proposed technique in the UAVs network for precision agriculture that involves monitoring of crop health in a cultivated field. The proposed scheme includes three subphases that are initializations, registration, and data transmission and verification, respectively.
Figure
Initialization phase.
Figure
Registration phase.
Figure
Data transmission and verification phase.
In the above process, if
This section equates the performance of the proposed scheme with the existing counterparts suggested by Yu et al.’s scheme [
For evaluating the effectiveness, the proposed scheme is compared with five existing schemes proposed by Yu et al. [
Computational cost.
Schemes | Generalized signcrypt | Generalized unsigncrypt | Total |
---|---|---|---|
Yu et al.’s scheme [ | 4bpm + 1bp + 1mexp | 1bpm + 3bp + 3mexp | 5bpm + 4bp + 4mexp |
Kushwah et al.’s scheme [ | 5bpm + 2mexp | 4bpm + 2bp + 3mexp | 9bpm + 2bp + 5mexp |
Wei et al.’s scheme [ | 9bpm + 1bp + 7mexp | 2bpm + 4bp | 11bpm + 5bp + 7mexp |
Shen et al.’s scheme [ | 2bpm + 6mxp | 5bpm + 2mexp | 7bpm + 8mexp |
Zhou et al.’s scheme [ | 3bpm + 1bp | 1bpm + 2bp | 4bpm + 3bp |
Proposed | 6 hm | 5 hm | 11 hm |
hm = hyperelliptic curve divisor multiplication, em = elliptic curve scalar multiplication, bp = bilinear pairing, bpm = pairing-based point multiplications, mexp = modular exponentiation.
From the findings in Tables
Computational cost in milliseconds.
Schemes | Generalized signcrypt (ms) | Generalized unsigncrypt (ms) | Total (ms) |
---|---|---|---|
Yu et al.’s scheme [ | 33.39 | 58.38 | 86.23 |
Kushwah et al.’s scheme [ | 24.05 | 50.79 | 74.84 |
Wei et al.’s scheme [ | 62.44 | 68.22 | 130.66 |
Shen et al.’s scheme [ | 16.12 | 24.05 | 40.17 |
Zhou et al.’s scheme [ | 27.83 | 34.11 | 61.94 |
Proposed | 2.88 | 2.40 | 5.28 |
Percentage improvement in computational cost.
Schemes | Total computational cost of extant scheme ( | Total computational cost of proposed scheme ( | |
---|---|---|---|
Yu et al.’s scheme [ | 86.23 | 5.28 | 93.87 |
Kushwah et al.’s scheme [ | 74.84 | 5.28 | 92.94 |
Wei et al.’s scheme [ | 130.66 | 5.28 | 95.95 |
Shen et al.’s scheme [ | 40.17 | 5.28 | 86.85 |
Zhou et al.’s scheme [ | 61.94 | 5.28 | 91.47 |
Computational cost (in ms).
This section is dedicated to discuss the comparison results in the perspective of communication costs. The proposed approach is compared with the existing five schemes presented by Yu et al. [
Variables used for a communication cost comparison.
Variable | Value (bits) |
---|---|
| | 1024 |
| | 160 |
| | 80 |
| | 512 |
| | 1024 |
| | 1024 |
It is assumed that each of the schemes has associated communication costs as shown in Table
Communication cost.
Schemes | Communication cost |
---|---|
Yu et al.’s scheme [ | | |
Kushwah et al.’s scheme [ | | |
Wei et al.’s scheme [ | 7| |
Shen et al.’s scheme [ | 4| |
Zhou et al.’s scheme [ | | |
Proposed scheme | 3| |
From Figure
Total communication cost (in bits).
Percentage reduction in communication cost.
Scheme | Equation for evaluating reduction | Resulting reduction in communication cost (%) |
---|---|---|
Yu et al.’s scheme [ | (| | 38.28 |
Kushwah et al.’s scheme [ | (| | 38.28 |
Wei et al.’s scheme [ | (7| | 84.57 |
Shen et al.’s scheme [ | (4| | 75.31 |
Zhou et al.’s scheme [ | (| | 38.28 |
Here, the proposed scheme is compared with the existing schemes in terms of security functionalities. Table
Comparison with relevant existing schemes.
Schemes | Security functionalities | ||||
---|---|---|---|---|---|
Informal | Formal | ||||
U | I | C | RA | FA | |
Yu et al.’s scheme [ | ✓ | ✓ | ✓ | ✗ | ✗ |
Kushwah et al.’s scheme [ | ✓ | ✓ | ✓ | ✗ | ✗ |
Wei et al.’s scheme [ | ✓ | ✓ | ✓ | ✗ | ✗ |
Shen et al.’s scheme [ | ✓ | ✓ | ✓ | ✗ | ✗ |
Zhou et al.’s scheme [ | ✓ | ✓ | ✓ | ✗ | ✗ |
Proposed | ✓ | ✓ | ✓ | ✓ | ✓ |
U: unforgeability, I: integrity, RA: replay attack, FA: formal analysis. The symbol ✓ satisfies the security functionality; ✗ does not satisfy the security functionality.
To further assess the practicability, the proposed scheme is applied to a precision agriculture case that involves FANETs for monitoring the health of the crops. Small UAVs are used to capture the images, which are, in the next step, processed to extract useful information. Values from the Normalized Difference Vegetation Index (NDVI) are computed to differentiate healthy plants from the nonhealthy ones. This is done by measuring the chlorophyll content. It further helps in the localization of the area under stress. The images captured by the M-UAVs are transferred to the MEC-UAV, which, utilizing the onboard microcontroller, generates the respective tasks to be carried on by the Decision Support Engine (DSE). For value addition and versatility, the M-UAVs can have additional gadgets, such as cameras, IMU, sensors, and GPS units. The web portal contains a variety of services such as visualization of historical/real data, NDVI mapping, and the correlation functionality.
There is an evolving trend of combining multiple small UAVs, as a flying ad hoc network (FANET), to cater to the needs of future applications that demand autonomy and pervasiveness. However, the small UAVs inherent limited onboard energy and restricted computational capability. Such limitations hinder their deployment for longer time-intervals and complex cryptographic operations. Addressing such deficiency, in this article, utilizing the concept of the hyperelliptic curve (HEC), we propose an efficient lightweight security scheme, called identity-based generalized signcryption. The scheme is based on multiaccess edge computing (MEC). The HEC approach is effective in generating small keys and is, therefore, suitable for low-computational devices such as small UAVs. Both formal and informal security analyses, using the AVISPA tool, demonstrate the potency of the proposed scheme in thwarting various known and unknown cyberattacks. Moreover, upon comparative analysis with the major existing counterparts, the scheme has demonstrated to be efficient in terms of computational and communication costs.
For our future work, we aim to complement the research work by including other aspects of formal analysis, such as the Real-Or-Random (ROR) model and Random Oracle Model (ROM). Moreover, we also intend to incorporate a computational offloading and scheduling mechanism, in which the M-UAVs will be able to offload and schedule the computing tasks to the MEC-UAV for improved processing power and faster execution.
High-level protocol specification language (HLPSL) has been consulted to implement the proposed scheme for MEC-UAV and MBS. This has been illustrated in Algorithms
role role_Mecuav(Mecuav:agent, Mbssbs:agent, Bmec:public_key, Bmbs:public_key, SND, RCV:channel(dy)) played_by Mecuav State:nat, Add:hash_func, Phii:text, Idmec:text, Delta:text, Idmbs:text, Nmec:text,M:text, Encrypts:hash_func, Beeta:symmetric_key State := 0 1. State = 0 /\ RCV(start) = |> State': = 1 /\ SND(Mecuav.Mbssbs) 2. State = 1 /\ RCV(Mbssbs.{Nmec'}_Bmbs) = |> State': = 2 /\ Idmbs': = new() /\ Phii': = new() /\ Delta': = new() /\ Idmec': = new() /\ Beeta': = new() /\ M': = new() /\ secret(M',sec_2,{Mecuav}) /\ witness(Mecuav, Mbssbs,auth_1,M') /\ SND(Mecuav.{Encrypts(M'.Nmec'.Idmec'.Idmbs')}_Beeta'.{Add(Idmec'.Phii'.Delta'.Phii'.Idmbs')}_inv(Bmec))
role role_Mbssbs(Mecuav:agent, Mbssbs:agent, Bmec:public_key,Bmbs:public_key,SND,RCV:channel(dy)) played_by Mbssbs State:nat,Add:hash_func, Phii:text, Idmec:text, Delta:text, Idmbs:text, Nmec:text,M:text, Encrypts:hash_func, Beeta:symmetric_key State := 0 1. State = 0 /\ RCV(Mecuav.Mbssbs) = |> State': = 1 /\ Nmec': = new() /\ SND(Mbssbs.{Nmec'}_Bmbs) 6. State = 1 /\ RCV(Mecuav.{Encrypts(M'.Nmec.Idmec'.Idmbs')}_Beeta'.{Add(Idmec'.Phii'.Delta'.Phii'.Idmbs')}_inv(Bmec)) = |> State': = 2 /\ request(Mbssbs, Mecuav, auth_1, M') /\ secret(M',sec_2,{Mecuav})
role session1(Mecuav:agent, Mbssbs:agent, Bmec:public_key, Bmbs:public_key) SND2, RCV2, SND1, RCV1: channel(dy) composition role_Mbssbs(Mecuav, Mbssbs,Bmec, Bmbs,SND2,RCV2) /\ role_Mecuav(Mecuav, Mbssbs, Bmec, Bmbs, SND1, RCV1) end role role session2(Mecuav:agent, Mbssbs:agent, Bmec:public_key, Bmbs:public_key) SND1, RCV1:channel(dy) role_Mecuav(Mecuav, Mbssbs,Bmec, Bmbs, SND1, RCV1) end role
role environment() hash_0:hash_func, bmec:public_key,alice:agent,bob:agent, bmbs:public_key,const_1:agent, const_5:public_key,const_9:public_key,auth_1:protocol_id,sec_2:protocol_id intruder_knowledge = {alice, bob} composition session2(i, const_1,const_5,const_9) /\ session1(alice, bob, bmec, bmbs) end role authentication_on auth_1 secrecy_of sec_2 end goal environment()
Simulation results for on-the-fly model-checker (OFMC).
Simulation results for AtSe.
All data generated or analysed during this study are included in this published article.
The authors declare no conflicts of interest with respect to the research, authorship, and/or publication of this article.