To Kill a Mockingbird: Cryptanalysis of an Authenticated Key Exchange Scheme for Drones
Abstract
Drones have evolved into sophisticated autonomous systems with a multitude of applications, including military operations, environmental monitoring, traffic oversight, data transmission, package delivery, fire targeting, and film production. As the Internet of Drones (IoD) ecosystem expands, ensuring secure and real-time access for authorized users becomes increasingly vital. User and drone authentication is crucial for this reason. In response to these challenges, Srinivas et al. proposed a lightweight three-factor authentication protocol designed for the IoD. While the authors assert that their protocol is resilient against known cyber threats, our research identifies critical vulnerabilities that challenge this claim. Although this scheme has already been cryptanalyzed in previous studies, in this paper we propose two new attacks on this scheme. Firstly, we present a concrete attack against the perfect forward secrecy of this scheme, and then we show that it is vulnerable to unauthorized access attack by a valid user to an unauthorized area's information. These weaknesses highlight the pressing need for the development of more secure authentication mechanisms in the IoD environment. Moving forward, addressing these vulnerabilities will be essential for fostering trust and ensuring the safe integration of drones into various applications, ultimately contributing to the advancement of IoD technology. © 2024 IEEE.