Lightweight and Security-Enhanced Key Agreement Protocol Using PUF for IoD Environments

With the increasing demand for drones in diverse tasks, the Internet of Drones (IoD) has recently emerged as a significant technology in academia and industry. The IoD environment enables various services, such as traffic and environmental monitoring, disaster situation management, and military operations. However, IoD communication is vulnerable to security threats due to the exchange of sensitive information over insecure public channels. Moreover, public key-based cryptographic schemes are impractical for communication with resource-constrained drones due to their limited computational capability and resource capacity. Therefore, a secure and lightweight key agreement scheme must be developed while considering the characteristics of the IoD environment. In 2024, Alzahrani proposed a secure key agreement protocol for securing the IoD environment. However, Alzahrani’s protocol suffers from high computational overhead due to its reliance on elliptic curve cryptography and is vulnerable to drone and mobile user impersonation attacks and session key disclosure attacks by eavesdropping on public-channel messages. Therefore, this work proposes a lightweight and security-enhanced key agreement scheme for the IoD environment to address the limitations of Alzahrani’s protocol. The proposed protocol employs a physical unclonable function and simple cryptographic operations (XOR and hash functions) to achieve high security and efficiency. This work demonstrates the security of the proposed protocol using informal security analysis. This work also conducted formal security analysis using the Real-or-Random (RoR) model, Burrows–Abadi–Needham (BAN) logic, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation to verify the proposed protocol’s session key security, mutual authentication ability, and resistance to replay and MITM attacks, respectively. Furthermore, this work demonstrates that the proposed protocol offers better performance and security by comparing the computational and communication costs and security features with those of relevant protocols.