Practical key recovery attack on authentication and key agreement protocol SecAuthUAV in a network of drones and provide animproved protocol

The Internet of Drones (IoD) refers to the use of unmanned aerial vehicles (UAVs) connected to the Internet. This concept is a specific application of IoT. The IoD may offer opportunities, but it also poses security vulnerabilities. It is necessary to use authentication and key agreement protocols in drone communications to prevent these vulnerabilities. In 2020, Alladi et al presented an authentication and key agreement protocol based on physical unclonable functions called SecAutUAV. They analyzed the security of their scheme through both formal and informal methods. In this paper, we demonstrate the vulnerability of the SecAuthUAV protocol to a key recovery attack. An adversary can obtain a session key between a drone and a ground station by intercepting and analyzing the session data. In addition, we present a secret value recovery attack with complexity , which is lower than the complexity of brute force attacks. An adversary could spoof and track the drone by using these values. In order to improve the security and efficiency of SecAuthUAV, we present a new version and compare it to the original. We utilize both the informal method and formal-based ProVerif to analyze the.security of the latest protocol. To compare the efficiency of the new protocol and SecAuthUAV, we counted their number of operators and functions. The new protocol is more secure and efficient than SecAutUAV.