Abstract
The unmanned aerial vehicle (UAV) network has attracted much attention in industry and academia. However, a UAV as a vital information carrier and data relay platform is prone to various attacks. In this paper, we propose a secure communication scheme for UAV network. In our scheme, each drone maintains and manages an area in which the authorized devices can obtain a broadcast key without an online centralized authority. By employing the hierarchical identity-based broadcast encryption and pseudonym mechanism, all the devices in this system can broadcast encrypted messages anonymously and decrypt the legal ciphertext. The analysis shows that our scheme satisfies four important security properties of confidentiality, authentication, partial privacy-preservation and resistance to denial of service attacks. Experiments show that our scheme incurs a delay of only a couple of milliseconds.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Arthur, C.: SkyGrabber: the $26 software used by insurgents to hack into US drones (2009). https://www.theguardian.com/technology/2009/dec/17/skygrabber-software-drones-hacked
Asadpour, M., Giustiniano, D., Hummel, K.A., Egli, S.: UAV networks in rescue missions. In: Proceedings of the 8th ACM International Workshop on Wireless Network Testbeds, Experimental Evaluation and Characterization, pp. 91–92. ACM (2013)
Athukoralage, D., Guvenc, I., Saad, W., Bennis, M.: Regret based learning for UAV assisted LTE-U/WiFi public safety networks. In: GLOBECOM 2016, pp. 1–7. IEEE (2016)
Barreto, P.S.L.M., Libert, B., McCullagh, N., Quisquater, J.-J.: Efficient and provably-secure identity-based signatures and signcryption from bilinear maps. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 515–532. Springer, Heidelberg (2005). https://doi.org/10.1007/11593447_28
Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_14
Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_4
Castiglione, A., De Santis, A., Masucci, B., Palmieri, F., Castiglione, A., Huang, X.: Cryptographic hierarchical access control for dynamic structures. IEEE Trans. Inf. Forensics Secur. 11(10), 2349–2364 (2016)
Castiglione, A., De Santis, A., Masucci, B., Palmieri, F., Castiglione, A., Li, J., Huang, X.: Hierarchical and shared access control. IEEE Trans. Inf. Forensics Secur. 11(4), 850–865 (2016)
Erdelj, M., Natalizio, E., Chowdhury, K.R., Akyildiz, I.F.: Help from the sky: leveraging UAVs for disaster management. IEEE Pervasive Comput. 16(1), 24–32 (2017)
Gupta, L., Jain, R., Vaszkun, G.: Survey of important issues in UAV communication networks. IEEE Commun. Surv. Tutor. 18(2), 1123–1152 (2016)
Kong, J., Luo, H., Xu, K., Gu, D.L., Gerla, M., Lu, S.: Adaptive security for multilevel ad hoc networks. Wirel. Commun. Mob. Comput. 2(5), 533–547 (2002)
Lee, J., Kim, K., Yoo, S., Chung, A.Y., Lee, J.Y., Park, S.J., Kim, H.: Constructing a reliable and fast recoverable network for drones. In: ICC 2016, pp. 1–6. IEEE (2016)
Li, J., Zhou, Y., Lamont, L.: Communication architectures and protocols for networking unmanned aerial vehicles. In: GC Wkshps 2013, pp. 1415–1420. IEEE (2013)
Li, X., Zhang, Y.D.: Multi-source cooperative communications using multiple small relay UAVs. In: GC Wkshps, 2010, pp. 1805–1810. IEEE (2010)
Lim, G.J., Kim, S., Cho, J., Gong, Y., Khodaei, A.: Multi-UAV pre-positioning and routing for power network damage assessment. IEEE Trans. Smart Grid (2016)
Liu, W., Liu, J., Wu, Q., Qin, B., Li, Y.: Practical chosen-ciphertext secure hierarchical identity-based broadcast encryption. Int. J. Inf. Secur. 15, 35–50 (2016)
Mark, Z.: The technology behind Aquila (2016). https://www.facebook.com/notes/mark-zuckerberg/the-technology-behind-aquila/10153916136506634
Merwaday, A., Guvenc, I.: UAV assisted heterogeneous networks for public safety communications. In: WCNCW 2015, pp. 329–334. IEEE (2015)
Nodland, D., Zargarzadeh, H., Jagannathan, S.: Neural network-based optimal adaptive output feedback control of a helicopter UAV. IEEE Trans. Neural Netw. Learn. Syst 24(7), 1061–1073 (2013)
Polo, J., Hornero, G., Duijneveld, C., GarcÃa, A., Casas, O.: Design of a low-cost wireless sensor network with UAV mobile node for agricultural applications. Comput. Electron. Agric. 119, 19–32 (2015)
Rodday, N.: Hacking a professional drone (2016). https://www.rsaconference.com/events/us16/agenda/sessions/2273/hacking-a-professional-drone
Rosati, S., Krużelecki, K., Heitz, G., Floreano, D., Rimoldi, B.: Dynamic routing for flying ad hoc networks. IEEE Trans. Veh. Technol. 65(3), 1690–1700 (2016)
Vachtsevanos, G., Tang, L., Reimann, J.: An intelligent approach to coordinated control of multiple unmanned aerial vehicles. In: Proceedings of the American Helicopter Society 60th Annual Forum, Baltimore, MD (2004)
Vanian, J.: Qualcomm and AT&T are joining forces on a new drone project (2016). http://fortune.com/2016/09/06/qualcomm-att-drone-tests/
Won, J., Seo, S.H., Bertino, E.: A secure communication protocol for drones and smart objects. In: ASIA CCS 2015, pp. 249–260. ACM (2015)
Wu, Q., Mu, Y., Susilo, W., Qin, B., Domingo-Ferrer, J.: Asymmetric group key agreement. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 153–170. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_9
Wu, Q., Qin, B., Zhang, L., Domingo-Ferrer, J., Farrà s, O., Manjon, J.A.: Contributory broadcast encryption with efficient encryption and short ciphertexts. IEEE Trans. Comput. 65(2), 466–479 (2016)
Wu, Q., Qin, B., Zhang, L., Domingo-Ferrer, J., Manjón, J.A.: Fast transmission to remote cooperative groups: a new key management paradigm. IEEE/ACM Trans. Netw. 21(2), 621–633 (2013)
Xu, H., Carrillo, L.: Fast reinforcement learning based distributed optimal flocking control and network co-design for uncertain networked multi-UAV system. In: SPIE Defense Security, p. 1019511. International Society for Optics and Photonics (2017)
Yanmaz, E.: Connectivity versus area coverage in unmanned aerial vehicle networks. In: ICC 2012, pp. 719–723. IEEE (2012)
Acknowledgment
Qianhong Wu is the corresponding author. This paper is supported by the National High Technology Research and Development Program of China (863 Program) through project 2015AA017205, the Natural Science Foundation of China through projects 61772538, 61672083 and 61370190, and by the National Cryptography Development Fund through project MMJJ20170106.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Proof of Theorem 2
A Proof of Theorem 2
In each result, we assume that \(\mathcal {A}\) makes \(q_{h_i}\) queries to the hash function \(H_i\) for \(i \in \{0,1\}\). The numbers of queries for \(Q_1\) and \(Q_2\) are denoted by \(q_1\) and \(q_2\), respectively.
Proof
The \(\mathcal {C}\) first obtains a q-BDHIP problem instance, \((g, g^\alpha , g^{\alpha ^2}, \dots , g^{\alpha ^{q-1}})\), to generate some pairs \((c_i,g^{\frac{1}{c_i+\alpha }})\) to use as key pairs. Then, \(\mathcal {C}\) proceeds as follows.
-
1.
\(\mathcal {C}\) first randomly picks \(w_1, w_2, \dots , w_{q-1} \in \mathbb {Z}^*_p\) and expands \(f(z)=\prod ^{q-1}_{i=1}(z+w_i)\) to \(f(z)=\varSigma ^{q-1}_{i=0}a_iw^i\), where \(a_i\) is the coefficient of expansion. Then, \(\mathcal {C}\) randomly chooses an \(\ell \in \{1,\dots , q_{h1}\}\) and let \(I_i = I_{\ell }-w_i\).
-
2.
\(\mathcal {C}\) sets \(\tilde{g}=g^{\prod ^{q-1}_{i=0}c_i\alpha ^i}=g^{f(\alpha )} \in G\) and generates the value \(\tilde{g}^{\alpha } = g^{\prod ^{q}_{i=1}c_i\alpha ^i}\).
-
3.
For any \(1 \le i \le q-1\), \(\mathcal {C}\) defines \(f_i(z)=f(z)/(z+w_i)\); therefore,
$$\begin{aligned} \tilde{g}^{\frac{1}{w_i+\alpha }}=g^{f(\alpha )\frac{1}{w_i+\alpha }}=g^{f_i(\alpha )} \end{aligned}$$And the key pair can be computed as \((w_i,\tilde{g}^{\frac{1}{\alpha +w_i}})\) where \(i \in \{0,1,\dots ,q_{h_1} \ell \}\) in the initial phase. The system public key can be computed as \(\tilde{g}^{-\alpha -I_{\ell }}\). Set x = \(-\alpha - I_{\ell }\) which is also a secret value for \(\mathcal {C}\). For i \(\in \) \([0,q]\setminus \ell \), we have \((I_i,\tilde{g}^{\frac{-1}{w_i+\alpha }})\) = \((I_i, \tilde{g}^{\frac{1}{I_i+x}})\).
Then, \(\mathcal {C}\) prepares for \(\mathcal {A}\)’s queries. For simplicity, we assume that the queries for hash functions are distinct and that any queries involving an ID have been made to the \(H_1\) in advance. The \(\mathcal {C}\) simulates the hash function \(H_1, H_2, H_3\) as follows.
-
\(H_1\) query: \(\mathcal {C}\) maintains a list \(L_1\) for this random oracle. For the \(\iota \)-th query of any user or drone(we denote this identity as \(ID_{\iota }\)), \(\mathcal {C}\) responds with \(I_{\iota }\) and records (ID, \(I_{\iota }\), \(\iota \)) as the \(\iota \)-th entity in \(L_1\).
-
\(H_2\) query: \(\mathcal {C}\) maintains a list \(L_2\) for this random oracle. For an input (M, r) \(, CH\) chooses a random number \(h_2\). For subsequent queries, \(\mathcal {C}\) runs the random oracle \(H_3\) to obtain \(H_3(r) = h_3\) and stores \((M, r, c = M \bigoplus H_3, h_2, \gamma =re(g, g)^{h_2})\) as an entity in \(L_2\).
-
\(H_3\) query: The \(\mathcal {C}\) maintains a list \(L_3\) for this random oracle. For an input \(r \in \mathbb {G}_T\), \(\mathcal {C}\) chooses a random number \(h_3\) and responds. \(\mathcal {C}\) then stores \((h_3,r)\) in \(L_3\).
The Corrupt query for identities is simulated as follows. For a user’s identity, \(\mathcal {C}\) first checks whether the input \(ID_{\iota }\) satisfies the condition that \(\iota \) is equal \(\ell \). If so, it aborts; otherwise, it outputs \(I_{\iota } = H_1(ID_{\iota })\) and \(\tilde{g}^{\frac{1}{I_{\iota }+x}}\), as the user ID’s long-term key pair. For a \(\mathcal {D}\)’s identity, \(\mathcal {C}\) checks whether the input \(ID_{\iota }\) is equal to \(\ell \). If so, it aborts; otherwise, it outputs \(I_{\iota } = H_1(ID_{\iota })\) and \(\tilde{g}^{\frac{1}{I_{\iota }+x}}\) as the \(\mathcal {D}\)’s long-term key pair.
For \(Q_1\) query, the identity is defined as \((ID_u)\), respectively, for any \(u \in [1,q_{h_1}]\). If \(u \ne \ell \), \(\mathcal {C}\) can generate the sign-encrypted messages according to the protocol specification because \(\mathcal {C}\) knows \(ID_u\)’s private key. When \(u = \ell \), \(\mathcal {C}\) knows the \(ID_{\iota }\)’s private key \(\tilde{g}^{\frac{1}{I_{\iota }+x}}\). \(\mathcal {C}\) first picks two random numbers \(t, h \in \mathbb {Z}^*_p\) and computes \(S = g^{t\frac{1}{I_{\iota }+x}}\), \(T = g^{t\alpha -h(I_{\iota }-\alpha -I_{\ell })}\).
It is easy to verify the equality
We should note that, in this step, the value r = \(e(T, \tilde{g}^{\frac{1}{I_i+x}})\) is different in the hash function \(H_2\); consequently, \(\mathcal {C}\) will fail if this message has been queried to \(H_2\) previously. The ciphertext C is defined as (\(M\bigoplus h_3(r), S, T)\).
We describe how to simulate the \(Q_2\) query as follows. We assume that the ciphertext is (c, S, T) and the identities is \((ID_u,ID_{\iota })\). If \(\iota \ne ell\), then \(\mathcal {C}\) can decrypt the messages because it knows \(ID_{D}\)’s private key. Then, \(\mathcal {C}\) can generate the response by following the response phase procedure. If \(\iota = \ell \), because \(u \ne \ell \), \(\mathcal {C}\) has the user’s private key and, for all valid ciphertext, \(h = H_2(M,r)\) and \(ID_{D}\)’s public key is \(\tilde{g}^{\alpha }\). Therefore, the following equation holds:
\(\mathcal {C}\) next computes the value \(\gamma \) = \(e(S,\tilde{g}^{\frac{1}{I_u+x}})\) and then searches the \(L_2\) to find the entities \((M_i,r_i,h_{2,i}, c_i, \gamma )\) where \(i \in [1,\dots ,q_{h_2}]\). If no entity is found, \(\mathcal {C}\) rejects this ciphertext. Then, for any entity satisfying this condition, \(\mathcal {C}\) checks whether the entity satisfies the following equation:
If any unique i is found, then it outputs \((M_i,h_{2,i})\) and generates a response based on the decrypted message \((M_i,h_{2,i})\). We should note that the Reveal query can be responded to with the value \((M_i,h_{2,i})\).
To run a \(Reveal(\pi ^i_U)\) query, \(\mathcal {C}\) returns the session key to \(\mathcal {A}\) invoked in \(\pi ^i_U\).
To run a Test query for some instances \(\pi ^i_{U_i}\) with a \(\mathcal {D}\) identity of \(ID_{D}\), if \(ID_{D} \ne ID_{\ell }\), \(\mathcal {C}\) aborts. Otherwise, \(\mathcal {C}\) pick a random \(\zeta \in \mathbb {Z}^*_p\), \(c \in {0,1}^{n}\), \(S \in G\), \(T = g^{-\zeta }\) and returns the ciphertext (c, S, T). Because \(\zeta \) = \(\rho \alpha \), it is easy to see that T = \(g^{-\alpha \rho }\) = \( g^{(I_{\ell }+x)\rho }\). Consequently, the r corresponding to this T satisfies \(r = e(g,\tilde{g})^{\rho }\). The \(\mathcal {A}\) cannot distinguish whether this ciphertext is valid unless he can query \(H_2\) or \(H_3\) with the value r. Therefore, if \(\mathcal {A}\) can win in the game with a non-negligible probability, he has queried this value (probably from \(H_2\) or \(H_3\)). Therefore, \(\mathcal {C}\) can guess the right r in \(H_2\) or \(H_3\) with probability \(1/(q_{h_2} + q_{h_3})\) and solve the q-BDHIP by computing \(e(g,g)^{\frac{1}{\alpha }}\) = \((r^{\frac{1}{\zeta }}/(\prod ^{q-1}_{i=1}e(g,g^{\alpha ^{i-1}})^{c_i}))^{\frac{1}{c_0}}\) = \((e(g,g)^{\frac{f(\alpha )}{\alpha }}/e(g,g^{\prod ^{q-1}_{i=1}c_i\alpha ^{i-1}}))^{\frac{1}{c_0}}\).
In conclusion, we note that the simulation will fail under the following conditions. Event1: The \(\mathcal {D}\)’s identity for the Test query is not \(ID_{\ell }\), with probability \(1-1/q_{h_1}\). Event2: The \(\mathcal {C}\) aborts because an \(H_2\) collision occurs in a \(Q_1\) query; this probability is \(q_{1}\frac{q_{1}+q_{h_2}}{2^k}\). Event3: The \(\mathcal {C}\) rejects a valid ciphertext because it cannot simulate the corresponding private key; the probability is \(\frac{q_{2}}{2^{\lambda }}\). Consequently, the overall probability that \(\mathcal {A}\)’s advantage will win the game is
   \(\square \)
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
He, S., Wu, Q., Liu, J., Hu, W., Qin, B., Li, YN. (2017). Secure Communications in Unmanned Aerial Vehicle Network. In: Liu, J., Samarati, P. (eds) Information Security Practice and Experience. ISPEC 2017. Lecture Notes in Computer Science(), vol 10701. Springer, Cham. https://doi.org/10.1007/978-3-319-72359-4_37
Download citation
DOI: https://doi.org/10.1007/978-3-319-72359-4_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72358-7
Online ISBN: 978-3-319-72359-4
eBook Packages: Computer ScienceComputer Science (R0)