Review of UAV/UAM Authentication Models: A Way Forward

Aminu Abdulkadir Mahmoud a , Sofia Najwa Ramli * a,d , Mohd Aifaa Mohd Ariff b,d , Chuah Chai Wen c , Nordiana Rahim a a Center of Information Security Research, Faculty of Computer Science and Information Technology Universiti Tun Hussein Onn Malaysia, Malaysia b Faculty of Electrical and Electronic Engineering, Universiti Tun Hussein Onn Malaysia, Malaysia c Guangdong University of Science and Technology, China d Etienne Innovation Sdn . Bhd., Malaysia A Review of Unmanned Aerial Vehicles/Urban Air Mobility Potential Cyberattacks and Authentication Models: A Way Forward

PRESENTATION OUTLINE Abstract Introduction Fundamentals of UAV/UAM Cyberattacks Blockchain Review of Related Work Conclusion and Future Direction

INTRODUCTION Unmanned Aerial Vehicle (UAV) or drone is an aircraft without a man onboard, it is either control by the use of remote control, or ground station control (GSC), and or by programmed computer(s) on board ( Altawy & Youssef, 2017) . The level of maturity in the development of UAVs paved the way of thinking of Urban Air Mobility (UAM) that is meant to be the next generation of transportation system in this era becoming a reality. The vulnerabilities of UAVs need to be addressed such as internal communication, integrity storage and management were studied and ananyzed . The cybersecurity concerns of UAV are increasing especially in recent years due to adoption of drones by various sectors, ranging from governments, industries, businesses among others. 3

INTRODUCTION CONT . This research conducts a review of UAV/UAM authentication models proposed by different researchers to evaluate their effectiveness and capabilities. The reviewed models/techniques were categorized as cryptographic, lightweight, and blockchain-based. Furthermore, considering the influence of blockchain, the models were regrouped into blockchain and non-blockchain categories. The study reveals that all the models carry certain limitations, which call for improvement. The review further identifies that an optimal authentication model should consider UAV’s peculiarities, operating environment, communication channels, energy consumption (battery life), and blockchain technology .

FUNDAMENTALS OF UAV/UAM Unmanned Aerial Vehicles (UAVs) UAVs are divided into different classes, with the most common among them being fixed-win and rotary-wing (Alladi et al., 2020) . Fixed-wing employs Horizontal Take-Off and Landing (HTOL), while Rotary-wing utilizes Vertical Take-Off and Landing (VTOL), a feature attributable to their propeller types. Rotary-wing (VTOL) is the widely used UAV because it can lift off from a stationary position without needing extra space, compared to the fixed-wing counterparts, which require a runway for take-off and landing. Urban Air Mobility (UAM) The UAM is envisioned to be the next generation of airborne transportation systems, leveraging unmanned aircraft for urban mobility. With plans for extensive infrastructure development and diversified operations, UAM transportation networks aim to extend their reach to most major cities ( Ertürk et al., 2020) and (McKinsey & Company, 2021).

CYBERATTACKS Cyberattacks are a significant issue that hindered the public acceptance of Unmanned Aerial Systems (UAS). UAS is a cyber-physical system whose digital components, such as sensors, software, communications, and so on, collaborate to control and monitor the physical components, such as actuators and airframes of UAVs, creating vulnerabilities ( Altawy & Youssef, 2016) . These digital components are perpetually exposed to potential cyberattacks, most commonly in the forms of GPS jamming and spoofing, video interception, hijacks via communication sensor spoofing, and so on ( Altawy & Youssef, 2016) . Various robust authentication measures can be employed to counteract many cyberattacks on UAV systems, ranging from two-factor and biometric authentication to encryption, blockchain, and identity-based authentication. The latter utilizes a UAV’s identity for authentication, considering various factors such as UAV's peculiarities, operating environment, communication channels, energy consumption, and location. Such an approach helps verify the UAV’s identity, thereby ensuring that only authorized entities can access the system. Blockchain technology is favored for its added security layer, decentralized structure, and tamper-proof transaction records.

CYBERATTACKS Availability Security Confidentiality Integrity Interception of Information Fabrication/Modification of Information Interception of Communication Disturbance, Denial of Service, Jamming etc Telemetry Telemetry UAV Signal Attack Physical Hacking Physical Hacking Malicious Applic ation Eavesdropping Personal Based Intrusion UAV Controller Telemetry Humans UAS cybersecurity threats can be described in the diagram below: Figure 1: UAS Shortened CIA Model. Source: ( Javed , 2012 as cited in Ináncsi , 2022)

BLOCKCHAIN TECHNOLOGY (BCT) Blockchain has fundamentally six main layers: the data layer, network layer, consensus layer, incentive layer, contract layer, and application layer. Data layer: In this Layer, the data is timestamped and stored within each block. Network Layer: The Network Layer oversees verifying blockchain transactions and distributing the ledger throughout the network. Consensus Layer: This layer uses different consensus algorithms to validate the blocks, order the blocks, and ensure that each node agrees. Incentive Layer: This layer is responsible for giving the miners rewards (economic gain) in return for the processing power they have invested to mine the blocks. Contract Layer : This layer provides programmability to the blockchain and allows for the inclusion of scripts, smart contracts, and algorithms, enabling the execution of complex transactions on the blockchain. Application Layer: This layer is the topmost layer of the blockchain, and it is where the blockchain is applied in various fields such as healthcare, transportation, financial institutions, and IoT, among others (Alladi et al., 2020).

TYPES OF BLOCKCHAIN There are three types of blockchain, and these include public blockchain, private blockchain, and consortium blockchain. Public Blockchain: This type of blockchain is open to the public and accessible to anyone interested in transactions. Any party that is validated will receive the transaction's ledger and reward where it is merited. The public blockchain uses Proof of Stake (PoS) and Proof of Work (PoW) to make the transaction successful (Paul et al., 2021). Private Blockchain: This type of blockchain is restricted, and access can only be granted by the system administrator. Its features include full privacy, better scalability, faster speediness, high efficiency, and faster transaction (Alladi et al., 2020) and (Paul et al., 2021). Consortium Blockchain: This type of blockchain can organize and manage blockchain networks to share information, improve existing workflows, and ensure transparency and accountability (Paul et al., 2021).

REVIEW OF RELATED WORK This research reviews various UAV authentication models and techniques proposed by numerous researchers. These models primarily fall into three categories: lightweight-based, cryptographic-based, and blockchain-based, each to ensure authentication, intrusion detection, and privacy preservation. Given the significant role of blockchain technology in authentication and accountability, the study divides the examined authentication models into non-blockchain-based and blockchain-based authentication models.

NON-BLOCKCHAIN REVIEW PAPERS S/N AUTHOR (YEAR) PROPERTY/SECURITY FEATURE TESTED METHOD/TECHNIQUE CONTRIBUTION/ STRENGTH LIMITATION/WEAKNESS 1. A. Chen et al. (2021) Privacy preservation Privacy preservation, Elliptic Curve Cryptography (ECC), and digital signature. Mutual authentication provides security against DoS, spoofing, and repudiation attacks. Confidentiality and integrity, computational cost. The authentication process needs to be improved. 2. Cho et al. (2020) Level of security of the proposed authentication framework. Message Authentication Code (MAC), Elliptic Curve Digital Signature Algorithm (ECDSA). Password-based Key Derivation Function 2 (PBKDF) and HMAC-SHA256. Security and privacy preservation, mutual authentication, and faster execution time compared with other existing protocols. The authentication process needs to be improved. 3. Jan et al. (2021) Replay attack, impersonation attack, and man-in-the-middle attack. Hash Message Authentication Code/Secure Hash Algorithmic (HMACSHA), FANETs, Random Oracle Model (ROM). Secure communication for UAV, showing some relatively good performance. Security and privacy preservation. The authentication procedure is not adequately defined.

NON-BLOCKCHAIN REVIEW PAPERS (CONT.) S/N AUTHOR (YEAR) PROPERTY/SECURITY FEATURE TESTED METHOD/TECHNIQUE CONTRIBUTION/ STRENGTH LIMITATION/WEAKNESS 4. Kwon et al. (2022) Impersonation attack, man-in-the-middle attack. Elliptic Curve Cryptography (ECC) and Analysis using Real-or-Random (RoR), Burrows-Abadi-Needham (BAN) logic, and Automated Validation of Internet Security and Protocols and Applications (AVISPA). Mutual authentication has a lower computational cost than the initial mutual authentication phase. The system is found to be more efficient for the UAM environment when compared with other related work. The authentication process and the model’s resistance against cyber-attacks need to be improved. 5. Al- Adhami et al. (2022) Confidentiality, integrity, and authenticity. Secure communication pathways, SHA-1 and Advanced encryption method, DES, Geffe Genetics (GG), RNA-RADG-CBC (RRCBC) encryption algorithm. Security of UAV communication channels. The research focused on UAVs' communication channels only. 6. Tian et al. (2022) Reliability and security of mutual authentication mechanism. Physical Unclonable Function (PUF), Fuzzy extractor, Unique key, session key, and secret key Mutual authentication, multi-domain secure communication, and ensures anonymity. High computational cost

NON-BLOCKCHAIN REVIEW PAPERS (CONT.) S/N AUTHOR (YEAR) PROPERTY/SECURITY FEATURE TESTED METHOD/TECHNIQUE CONTRIBUTION/ STRENGTH LIMITATION/WEAKNESS 7. Du et al. (2022) Lightweight design and security of mutual authentication mechanism. A lightweight mutual authentication based on adaptive strategy, Flying Ad-hoc Networks (FANETs), ECC Privacy protection, resistance replays attack, man-in-the-middle attack, and impersonation attack. Relatively low computational cost compared with other schemes. Consideration is not given to the nature of the environment and the entities involved. 8. Rajasekaran et al. (2022) Mutual authentication, anonymous authentication, and location privacy. Mutual authentication scheme for privacy in UAV (FANETs), Session key authentication protocol Privacy preservation and mutual authentication. Resistant against known attacks and relatively low computational cost. The authentication process is not well clear.

Summary of Security Issues Address by the Non-Blockchain Reviewed Papers Contribution/Resistance Against Attacks/Complexity of Non-Blockchain Proposed Models Percentage of Papers that Addressed the Issue Replay 45.5% Man-in-the-middle 45.5% Denial of Service (DoS) 9.1% Eavesdropping 27.3% Modification 45.5% Spoofing 54.6% Impersonation 100%

Summary of Security Issues Address by the Non-Blockchain Reviewed Papers Contribution/Resistance Against Attacks/Complexity of Non-Blockchain Proposed Models Percentage of Papers that Addressed the Issue Intrusion 100% Privacy Preservation 54.6% Communication Channels 18.2% High Computational Cost 27.3% High Computational Time 27.3% Energy Requirement 18.2%

BLOCKCHAIN REVIEW PAPERS S/N AUTHOR (YEAR) PROPERTY/SECURITY FEATURE TESTED METHOD/TECHNIQUE CONTRIBUTION/ STRENGTH LIMITATION/WEAKNESS 1. Khalid et al. (2020) Data confidentiality, data integrity, and authentication. Public blockchain, and Elliptic Curve Digital Signature Algorithm (ECDSA). Provides authentication and security against known attacks and performs relatively well compared to other schemes. Mutual authentication and access control. The authentication procedure needs improvement, and the evaluation procedure is unclear. 2. Aujla et al. (2021) Secure communication (authentication & encryption), secure sharing of information, replay attack, DoS attack, and secure storage. Consortium Blockchain, and PoW consensus mechanism. Provide security against spoofed signal attacks, GPS signal attacks, and device-to-device communication attacks. High computational cost, and energy is not given consideration. 3. Rahman et al. (2021) Blockchain-based policy enforcement, secured data sharing, and authentication & authorization. Mechanism to ensure privacy and restrict unauthorized access and Private Blockchain Authentication and drone flight compliance with a smart contract using blockchain. The performance of the system was not adequately evaluated to ascertain its efficiency.

BLOCKCHAIN REVIEW PAPERS S/N AUTHOR (YEAR) PROPERTY/SECURITY FEATURE TESTED METHOD/TECHNIQUE CONTRIBUTION/ STRENGTH LIMITATION/WEAKNESS 4. Golam et al. (2022) Security, scalability, and efficiency. User authentication mechanism to checkmate unauthorized access. Public Blockchain, and IoMT Provides security in the military network and prevents cyberattacks and reduces data transmission delay and enhances the validation process. The proposed technique considers only device-to-device communication in the military network. 5. Singh et al. (2022) The paper did not specify the tested features. Architecture for distributed access control and identity management for IoD. Blockchain, public key, and compression mechanism. Provides security against GPS spoofing, Hardware trojans, and falsified information. The authentication procedure needs to be improved. It has high computational cost. 6. Han et al. (2022) Identity management, authentication, and security. Consortium blockchain, and consensus mechanism (PBFT). It has advantages in UAV identity management, UAV authentication, scalability, and secure transmission of communication data. Solve a single point of failure problem. High computational cost and high authentication time.

BLOCKCHAIN REVIEW PAPERS S/N AUTHOR (YEAR) PROPERTY/SECURITY FEATURE TESTED METHOD/TECHNIQUE CONTRIBUTION/ STRENGTH LIMITATION/WEAKNESS 7. Javed et al. (2022) Authentication of drones, certification management, secure communication, access control, and non-repudiation. Hyperelliptic Curve Cryptography (HECC), Blockchain concept as a Certificate Authority (CA), and a Transaction as Certificate (TC) to facilitate transactions in blockchain without CA or TTP. Security against replay, device impersonation, man-in-the-middle, malicious deployment, DoS, and de-synchronization attacks. High computational cost, the research did not consider energy consumption and the diversities of the participating entities and their peculiarities. 8. Kong et al. (2022) Mutual authentication between UAV and base station, secure communication, resistance against replay attacks, man-in-the-middle attacks, DoS attacks, security, and computational efficiency. A blockchain-based proof of trust authorization consensus mechanism. Performs well in terms of single-point authentication, latency, and impersonation detection. High computational cost

BLOCKCHAIN REVIEW PAPERS S/N AUTHOR (YEAR) PROPERTY/SECURITY FEATURE TESTED METHOD/TECHNIQUE CONTRIBUTION/ STRENGTH LIMITATION/WEAKNESS 9. Andola et al. (2021) Authentication and authorization of drones, secure communication, and privacy preservation. Non-Interactive Zero Knowledge Proof (NIZKP), Bilinear map, Unforgeability Signature (Un-Sig), Unlikability in Ciphertext (UN-C) Distributed authentication and non-disclosure of the identity of the sender and receiver. High computational cost 10. A. Chen et al. (2021) Task-oriented authentication, blockchain-based authentication, secure data transmission, authentication efficiency, and tamper-proof-authentication. A lightweight authentication protocol for group and intra-group mutual authentication in a UAV environment. ECC, ECDHE, AES, ECDLP The analysis demonstrated that the proposed model offered a lightweight and secured authentication for task-oriented UAV groups. The scheme is not properly evaluated to ascertain its actual performance.

Summary of Security Issues Address by the Blockchain Reviewed Papers Contribution/Resistance Against Attacks/Complexity of Non-Blockchain Proposed Models Percentage of Papers that Addressed the Issue Replay 80% Man-in-the-middle 80% Denial of Service (DoS) 80% Eavesdropping 80% Modification 100% Spoofing 86.7% Impersonation 100%

Summary of Security Issues Address by the Non-Blockchain Reviewed Papers Contribution/Resistance Against Attacks/Complexity of Non-Blockchain Proposed Models Percentage of Papers that Addressed the Issue Intrusion 100% Privacy Preservation 100% Communication Channels 33.3% High Computational Cost 53.3% High Computational Time 53.3% Energy Requirement 26.7%

Comparison of Non-Blockchain and Blockchain Proposed Models

CONCLUSION AND FUTURE DIRECTION This study categorizes the reviewed papers into two main groups: non-blockchain and blockchain-based authentication models. Each proposed model or technique's contributions, limitations, and efficacy were analyzed, focusing on its ability to address or resolve specific problems or issues. Across all papers reviewed, noticeable advancements were achieved in mitigating known cyberattacks (including replay, man-in-the-middle, DoS, impersonation, intrusion, modification, eavesdropping, and more), managing computational complexities, and optimizing energy consumption. Moreover, blockchain-based models were found to be more effective in resisting attacks, preserving privacy, and resisting attacks on communication channels. Therefore, the research recommends using blockchain-based authentication models for UAVs/UAM to ensure secure and authenticated communication, reliability, availability, and confidentiality.

Thank you for Listening

Review of UAV/UAM Authentication Models: A Way Forward

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Review of UAV/UAM Authentication Models: A Way Forward

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx