Security Analysis of Authentication and Key Agreement for Internet of Drones

Drones in the Internet of Drones (IoD) have been widely used in various fields, such as military reconnaissance, climate and environmental detection, logistics and transportation, and disaster relief and so on. There are many challenges related to security, privacy and energy consumption when collecting and transferring data between sensors embedded in drones. Recently, Zhang et al. developed a lightweight authentication and key agreement scheme for IoD to address these issues. Their developed scheme realized mutual authentication and key agreement of drones and users by adopting lightweight hash and bitwise XOR operations. The authors demonstrate that their proposed scheme provides better security requirements and more efficient than related schemes. However, this study shows the limitations of Zhang et al.'s scheme, which leads to their scheme may be subject to some potential attacks and cannot satisfy the session key security and untraceability properties.