IEEE Access (Jan 2021)

iGCACS-IoD: An Improved Certificate-Enabled Generic Access Control Scheme for Internet of Drones Deployment

  • Ashok Kumar Das,
  • Basudeb Bera,
  • Mohammad Wazid,
  • Sajjad Shaukat Jamal,
  • Youngho Park

DOI
https://doi.org/10.1109/ACCESS.2021.3089871
Journal volume & issue
Vol. 9
pp. 87024 – 87048

Abstract

Read online

Due to wide-spread use of the Information and Communications Technology (ICT) and Internet of Things (IoT) enabled smart devices, called unmanned aerial vehicles (UAVs) (popularly known as drones), a lot of potential applications of Internet of Drones (IoD) are available ranging from the military to civilian applications. Access control mechanism is an important potential security service that is needed to secure communication among the drones in their respective flying zones, and also among the drones and the Ground Service Station (GSS). In 2021, Chaudhry et al. proposed a certificate based generic access control scheme for IoD environment, called GCACS-IoD. Their claims about the possible security attacks resistant of GCACS-IoD is not justified. In fact, we first prove that GCACS-IoD is unable to protect the disclosure of the private key $r_{CR}$ of the trusted control room $(CR)$ , which is extremely unfortunate careless design flaw and it leads to compromise the entire network. Using the disclosed private key $r_{CR}$ , we further show that GCACS-IoD is completely insecure against other serious attacks, such as malicious drones deployment attack, drone/GSS impersonation attacks and Ephemeral Secret Leakage (ESL) attack, which lead to compromise the session key between any two drones communicating in a particular flying zone. We thus feel that there is a strong need to remedy such serious weaknesses found in Chaudhry et al.’s GCACS-IoD. An improved certificate-enabled generic access control scheme for IoD deployment, called as $i$ GCACS-IoD, has been suggested, which overcomes the weaknesses found in the previous GCACS-IoD. The practical demonstration of $i$ GCACS-IoD has been done through formal security verification and also through NS2 simulation study.

Keywords