Provably and Physically Secure UAV-Assisted Authentication Protocol for IoT Devices in Unattended Settings

As the core subject of IoT applications, IoT devices have faced numerous security challenges. Especially for IoT devices deployed in remote or harsh environments, they are often unattended for long periods, making it difficult to share the sensing data and susceptible to potential physical attacks. While aerial assistance methods represented by unmanned aerial vehicles (UAVs) can solve the problem of data sharing at a low cost, it is necessary to establish a secure channel between ground control stations, UAVs, and IoT devices due to the sensitivity of the sensing data. Recently, Physical Unclonable Function (PUF) has been proven to provide unique identity identification for devices using its tamper-proof feature. In this paper, we propose a lightweight UAV-assisted authentication and key agreement protocol for unattended IoT devices, ensuring secure communication and physical tamper-proof requirements. However, our work does not stop there. We noticed that some existing PUF-based authentication schemes misunderstand the ability of PUF, which leads to these schemes cannot actually provide physical protection. We analyzed the security vulnerabilities of these schemes and proposed rules that should be followed when designing authentication protocols using PUF. In addition, for the first time, we put forward the formal definitions and proof methods for PUF in the formal proof of the security protocol, which avoided the unreasonable initial assumptions adopted in the proof of the existing schemes. We extended Mao-Boyd (MB) logic and comprehensively analyzed the proposed protocol. We also evaluate the performance of the proposed scheme, and the results show that the proposed scheme has certain advantages in communication and computation overhead compared with existing schemes.