Professional Documents
Culture Documents
Soco D 23 07015
Soco D 23 07015
Soco D 23 07015
The Security Scheme and Assessment System Deployment of The Internet of Drones
Based on Hybrid-Mode Inverse Time Domain Algorithm
--Manuscript Draft--
Full Title: The Security Scheme and Assessment System Deployment of The Internet of Drones
Based on Hybrid-Mode Inverse Time Domain Algorithm
Keywords: Internet of Drones (IoD); Hybrid-Mode Inverse Time Domain (HMITD) Algorithm;
Identity Authentication; vulnerability detection; Anti-Interference
Powered by Editorial Manager® and ProduXion Manager® from Aries Systems Corporation
Section/Category: Application of soft computing
Powered by Editorial Manager® and ProduXion Manager® from Aries Systems Corporation
manuscript Click here to access/download;Manuscript;DRONS_SC.pdf
T HE relentless advancement of drones has led to their comprehensive investigations into HMITD authentication
59 schemes and exhaustive security assessments within the
pervasive integration across diverse domains, posing
60 IoD environment remain somewhat limited. The subsequent
61
62
63
64
65
1
2 section will meticulously survey relevant literature to the security infrastructure of the Internet of Drones (IoD).
3 address this scholarly void. Notwithstanding the commendable strides witnessed in
4 the domain of IoD security, scrupulous analysis of the
5
II. RELATED WORK literature reveals conspicuous limitations that warrant
6
In the realm of drones and the Internet of Drones (IoD), discerning consideration. Foremost among these is the
7
8 the issue of security assumes paramount significance. This imperative to reinforce extant research in the realm of IoD
9 literature review systematically dissects prevailing research, identity authentication, with a view to amplifying credibility,
10 employing terminologies such as Internet of Drones (IoD), mitigating computational overhead, and fortifying
11 drone, UAV, security assessment, security detection, robustness. Additionally, the extant body of scholarship
12 password authentication, identity authentication, tends to afford only cursory scrutiny to the nuanced domain
13 vulnerability detection, and Encryption algorithms, pertinent of automated vulnerability detection within the IoD.
14 to our investigation. A meticulous exploration across diverse Furthermore, select research endeavors exhibit Encryption
15 databases was executed to procure pertinent literature, Algorithms characterized by suboptimal timeliness, thereby
16 meticulously categorizing it into four pivotal thematic engendering plausible security vulnerabilities.
17 domains: security authentication, lightweight authentication,
18 C. Articulation of Problems
vulnerability detection, and Encryption Algorithm. The focal points of this research revolve around mitigating
19
Exemplary works were judiciously selected and interference challenges, enhancing authentication security,
20
encapsulated. and addressing security vulnerabilities prevalent in
21
22 A. Definition of Research Challenges unmanned drones navigating within the Internet of Drones
23 Within the realm of industrial automation, the Internet of (IoD) milieu. The research aims to fortify drone systems
24 Drones (IoD)[4] confronts formidable challenges, against diverse signal interferences through anti-interference
25 technology. Simultaneously, the formulation of a hybrid
encompassing anti-interference[5] strategies, robust
26 inverse-time domain authentication scheme seeks to ensure
authentication[6] methodologies, and vigilant security
27 robust identity verification and is resilient against threats
28 vulnerability[7] management. To unlock the full potential of
IoD networks, this study rigorously formulates critical such as identity forgery. Furthermore, the research is
29 attentive to a holistic evaluation of system security, inclusive
30 inquiries: How can the anti-interference resilience of IoD
networks be augmented? What methodologies can be of vulnerability detection and remediation.
31
devised to architect authentication systems that are not only The core objective of this paper is to propose a
32
impervious but also reliable? Moreover, how can effective comprehensive solution that accommodates the security
33
34 protocols for security vulnerability detection be established considerations inherent in IoD networks. This entails
35 to preempt potential threats? innovating anti-interference technologies to heighten the
36 stability of IoD networks concerning wireless
37 B. Positioning of the Gap communication and navigation. Additionally, through
38 In recent years, significant strides have been made in hybrid inverse-time domain authentication and automated
39 researching drone security, particularly in the domains of vulnerability detection, potential security vulnerabilities
40 signal interference and authentication. However, within the IoD network can be identified and rectified,
41 comprehensive investigations into HMITD authentication thereby fortifying the overall system robustness.
42 schemes and exhaustive security assessments within the IoD
43 environment remain somewhat limited. The subsequent D. Impetus, Truth, and Objectives
44 section will meticulously survey relevant literature to The impetus for this research emanates from a profound
45 address this scholarly void. concern for security issues within IoD networks, with the
46 Considerable scholarly discourse has been devoted to overarching aim of ensuring trustworthy safety in drone
47 deliberating security authentication[8-24] challenges systems during automated operations. The research
48 intrinsic to the Internet of Drones (IoD), each endeavoring to endeavors to address pivotal security issues within IoD
49 proffer bespoke security protocols or solutions in alignment networks through innovative technological methodologies.
50 Specific objectives include enhancing the anti-interference
with its unique investigational milieu. Notably, a
51 capabilities of IoD networks, designing more secure
preponderance of researchers has converged upon adopting
52 authentication systems, and formulating effective protocols
53 lightweight security paradigms[8] [11] [14] [16] [17] [18]
[19] [20] [21] [22] [24]as the de facto modus operandi. for vulnerability detection.
54
55 Furthermore, our survey of the extant literature underscores
56 a pervasive inclination among scholars to engage with the
57 intricacies of defending against attacks[8] [9] [11] [13] [14]
58 [15] [16] [18] [19] [20] [21] [22], yielding commendable
59 outcomes that fortify IoD's resilience against malicious
60 incursions. A nuanced analysis of the corpus reveals
61 instances where researchers have proffered Encryption
62 Algorithms [11] [13] [15] [17] [19], efficaciously bolstering
63
64
65
1
2 TABLE 1.
3 LITERATURE TABLE
4
5 Authors Security Lightweight Defend against Encryption Descriptions
6 Authentication Authenticated Attacks Algorithm
7
8 (Wazid, M., et al.)[8] ✔ ✔ ✔ ✘ The literature proposes an IoD lightweight user authentication scheme to resist several
9 known attacks.
10 (Tanveer, M., et al.)[9] ✔ ✘ ✔ ✘ The literature proposes a privacy protection scheme for IoD.
11 (Jan, S.U., I.A. Abbasi ✔ ✘ ✘ ✘ The literature proposes a robust public key-based authentication IoD environment scheme.
12 and F. Algarni)[10]
13 (Jan, S.U., F. Qayum ✔ ✔ ✔ ✔ The literature proposes a lightweight authentication protocol based on the Hash Message
and H.U. Khan)[11] Authentication Code/Secure Hash Algorithm (HMACSHA1) for protecting IoD.
14
15
(Jan, S.U. and H.U. ✔ ✘ ✘ ✘ The literature proposes IoD security verification of designs using 2 models.
Khan,)[12]
16
17
(Tanveer, M., et ✔ ✘ ✔ ✔ The literature uses elliptic curve cryptography, symmetric encryption, and hash functions to
al.)[13] propose an IoD user authentication mechanism.
18 (Srinivas, J., et al.)[14] ✔ ✔ ✔ ✘ proposes a novel anonymous lightweight user authentication mechanism for IoD,
19
20
(Tanveer, M., et al)[15] ✔ ✘ ✔ ✔ The literature proposes an authentication framework for IoD that uses chaotic mapping in
combination functions.
21 (Yu, S., et al.)[16] ✔ ✔ ✔ ✘ proposes a secure and lightweight authentication protocol for IoD.
22
23
(Tanveer, M., N. ✔ ✔ ✘ ✔ The literature proposes a protocol (RAMP-IoD) based on authenticated encryption
Kumar and M.M. primitives elliptic curve encryption and hash function lightweight encryption.
24 Hassan)[17]
25 (Tanveer, M., et ✔ ✔ ✔ ✘ The literature proposes a lightweight AKE protocol for the IoD environment (LAKE-IoD).
26 al.)[18]
27 (Tanveer, M., et ✔ ✔ ✔ ✔ The literature proposes an IoD authentication scheme utilizing lightweight hash functions
28 al.)[19] and authenticated cryptographic primitives.
29 (Lei, Y., et al.)[20] ✔ ✔ ✔ ✘ The literature proposes a lightweight identity security authentication protocol (ODIAP).
30 (Zhang, Y., et al.) ✔ ✔ ✔ ✘ The literature proposes a lightweight AKA scheme with only a secure one-way hash function
31 [21] and bitwise XOR operation and resists various known attacks.
32 (Pu, C., et al.)[22] ✔ ✔ ✔ ✘ The literature proposes a lightweight and privacy-preserving mutual authentication and key
33 agreement protocol PMAP and shows resilience against various security attacks.
34 (Selvi, P.T., et al.) ✔ ✘ ✘ ✘ The literature proposes a Chebyshev polynomial source authentication scheme based on
[23] elliptic curve encryption.
35
36 (Yu, S., et al.)[24] ✔ ✔ ✘ ✘ The literature proposes a secure and lightweight authentication protocol SLAP-IoD.
11
function
recursively
parameters and
program starting
vulnerability
detection module
Program
architecture
32/64-bit register
feature detection
symbolic execution approach articulated in this research.
traverses judgment
12
address
The assessment of the terminal constraints of the symbolic
13 Symbolic Symbolic
vector discerns the characteristics of vulnerabilities. This
Initialize
simulation simulation
14 analysis status
execution execution characteristic emanates from the necessity to allocate
15 Symbolic stack Desired path appropriate system resources for the execution of various
traversal detection traversal probe
16 functionalities within the application system. The
Symbolized
17 register walk
Symbolic memory
traversal detection
Unconstrained state
judgment
foundational tenet in computer operating system principles
detection
18 underscores that allocating an appropriately sized stack
19 Solve constraints space to an executing functional module provides a requisite
20 data operating space. Inadequate space allocation gives rise
Protection Stack overflow
21 status
Encryption
reliability
vulnerability
to unconstrained states in program segments, constituting a
detection detection
test results
22 results results
pivotal condition for triggering overflow vulnerabilities.
23 Real-time acquisition of overflow vulnerability detection
End
24 information mandates the construction of stack pointer status
25 Fig. 2. Proposed Comprehensive Design Workflow
storage, traversal of different entry functions, and
26 In this design workflow, the symbolic execution entity is
synchronous realization of symbolic vector traversal
27 abstractly described as a symbolic vector imbued with variable
constraint states.
28 states. Throughout the system's operation, this variable
29 traverses the program path, with the traversal process The specific approach unfolds as follows: Set the stack
30 revealing anomalous states in the sequence of language space allocation status for the functional function, detect its
31 constructs. The traversal is governed by the program's control assembly instructions for characteristic requests, and capture
32 transfer within the branching statement structure. By features such as 'push ebp; mov esp, ebp;' to assess the
33 introducing different command parameters, distinct execution opening of a stack space segment. Filter characteristic
34 flows and feedback states can be discerned. This facilitates the instructions such as 'leave; ret;' to ascertain the conclusion
35 achievement of three primary functions: protection status of the execution function. The programming implementation
36 assessment, stack overflow vulnerability detection, and for detecting the aforementioned features involves the
37 encryption vulnerability detection. The primary criteria for following method to collect the status of program flow
38 judgment involve analyzing the simulated states of symbolic assembly instructions:
39 constraints and determining whether the constraints can be state.project.factory.block(state.addr).capstone.insns. To
40 resolved to achieve a congruent implementation. implement multiple-path traversal, the following conditional
41 judgment needs to be added: if regs0=="push" and
42 V.DEVELOPMENT OF SYMBOLIC EXECUTION DETECTION regs1=="ebp" and ress2=="mov" and regs3=="ebp" and
43 ALGORITHM regs4=="esp"; The primary criteria for assessing stack
44 overflow vulnerabilities include whether the values stored in
45 This section expounds upon the algorithmic formulation
within our automated detection system, elucidating critical the pop ebp and pop eip registers can be symbolically
46
principles and implementation strategies. The schematic modified. If modification is feasible, it indicates an
47
48 depiction of the program's design logic is presented in Figure inconsistency in the stack structure. During traversal, the
49 3, providing a comprehensive visualization of the method involves storing the content of the ebp pointer each
50 concretization of symbolic execution design intricacies: time: state.globals['ebp_list']={}; Subsequently, detect and
51 traverse all paths' unconstrained states. In the x64
52 architecture, ebp, esp, eip, and other pointers need to be
53 converted to register names such as rbp, rsp, rip, and
54 differentiate register passing differences.
55 To determine whether the target firmware path has been
56 symbolically modified, the specific method is: state.regs.ebp
57 is used to capture the validation value target register
58 parameter. Using a bitwise feature comparison scheme,
59 obtain end-of-program information parameters and use
60 Endness.LE to match whether it is little-endian. The method
61 is as follows: state.memory.load(ebp,
62 Fig. 3. Schematic Representation of Program Design Logic
endness=angr.archinfo.Endness.LE), finally, distinguish the
63
64
65
1
2 unconstrained state resolved in the symbolic execution target program's execution flow, an enhanced
3 simulation process, where the activation state simulation detection method has been introduced with the aim of
4 method is: simgr.active, concluding with simgr.step(). augmenting the coverage of this automated detection
5
tool and subsequently enhancing detection accuracy.
6 B. Implementation Principle of the Program Encryption 3) Symbolic Stack: This expanded detection capability
7 Vulnerability Detection
8 focuses on programs where algorithmic functions
This paper introduces an innovative encryption reliability directly process parameters in the stack during
9 detection algorithm based on symbolic execution. The
10 program flow. In scenarios where angr cannot directly
design principle addresses the restoration of parameters for handle function calls, this method can be employed to
11 authentication parameter verification during the execution of
12 initialize stack registers symbolically. Simulated
program encryption algorithms. The specific method parameters are then injected into the program's
13
formulates a simulated symbolic vector traversing the execution flow for detection within the symbolic stack.
14
15 program's branching structure paths. The simulation of the This detection method, aside from introducing
16 symbolic vector ultimately results in only two symbolic stack registers, mirrors the anticipated path
17 distinguishable outcomes in the branching structure: the exploration method mentioned in section (2). The
18 expected path and the unexpected path. The construction of approach to utilizing symbolic stack registers involves:
19 logical constraints in the path logic during the execution of state = p.factory.blank_state() and state.regs.ebp =
20 the symbolic vector involves if the constraints on the state.regs.esp. Symbolic parameters are instantiated
21 expected path can be solved. If so, the verification using the functionality provided by the Claripy library,
22 parameters of the encryption algorithm can be solved, thus implemented as follows: pass0 = claripy.BVS('pass0',
23 deeming the tested program's encryption scheme unreliable; 32/64).
24 otherwise, it is considered reliable. The specific 4) Symbolic Registers: Similar to the conceptual
25 implementation of this design principle is outlined below:
26 framework of the symbolic stacks outlined above,
1) Initialization Setting: The objective of this setting is to
27 symbolic registers are applicable in scenarios
load the target program, detect program entry point
28 involving multiple parameters. In accordance with the
information, present it in an initialized state, and
29 calling conventions of parameters in the stack,
transform this state into an object parameter. The
30 symbolic registers can be instantiated to facilitate the
purpose of these schemes is to facilitate the analysis of
31 detection of input symbolic vectors. The method for
planned route realization. The implementation method
32 symbolic registers is: state.regs.eax (register name) =
for creating the initialization is provided below:
33 claripy.BVS('pass0', 32/64).
34 p = angr.Project(filename,auto_load_libs=False)
5) Symbolic Memory: Symbolizing memory involves
35 state=p.factory.entry_state()
symbolically addressing memory locations used for
36 simgr =
parameter transmission. In the implementation process,
37 p.factory.simulation_manager(state,save_unconstrained=T
employing a scheme that statically analyzes to
38 rue)
determine the program's start address enhances the
39 2) Detection of Anticipated Pathways: This subsection
efficiency of the detection program. The start address
40 elucidates the exploration of expected paths by
needs to precede the symbolization of memory
41 distinctively defining functions for unexpected and
addresses to ensure that the corresponding parameters
42 expected path returns. The initialization object is
can be read before symbolic simulation execution. To
43 utilized as an input parameter to traverse the program's
44 create the symbolic vector required here, symbolic
execution flow. Employing the simgr.explore method
45 parameters for memory need to be set first, with the
resolves the expected constraint conditions, and
46 creation method as follows: p0 =
subsequently, the posix.dumps(0) method is employed
47 state.memory.store(address0, size0). Here, address0
to output the echo content of the resolved path,
48 represents the address of the symbolized memory, and
denoted as simgr.found[0]. This signifies that, within
49 size0 denotes the size of a program's memory space in
programs featuring encryption algorithms, the content
50 bits. For instance, in a 32-bit program, where one word
correctly output by the program through static analysis
51 is 8 bytes in size, and one byte is 8 bits, the size
is transmitted as the expected address string output
52 parameter here would be 8 * 8. Subsequently,
53 into the function responsible for expected path returns.
outputting the simulated execution detection results
54 The program's ability to traverse the expected address
for the expected path is performed after symbolic
55 during the traversal process indicates that, after
execution detection. The output method is:
56 solving symbolic constraints, it can output the
solution_state.se.eval(p0, cast_to=str). It is
57 encryption parameters verified by the encryption
imperative to note the conversion of data in memory
58 algorithm. Failure to traverse the expected address
to a string type for output.
59 implies that the tested program can evade symbolic
60 execution detection, thus demonstrating commendable C. Design Principle for Detection of Enabled Protection
61 security. Recognizing that the constraint detection Vulnerability mitigation is a pivotal component of
62 capability in this detection segment is ill-suited to the fortifying programs and stands as the primary means to
63
64
65
1
2 address security issues. The protection mechanism initiates a connection with the server, effecting data
3 validation scheme designed in this study achieves the interaction over the Internet. Subsequently, the state flag
4 verification of the target program's protection-enabled status. parameter is scrutinized. This parameter, generated by the
5
The specific approach utilizes the ELF file interpreter for micro-control unit, verifies alterations in the drone's
6
parsing, with parsing conducted through the checksec communication status log, determining whether the drone is
7
8 method within the pwntools library. This method can in a stable flight control state. If anomalous, the flag is set to
9 recognize attributes such as got, nx, pie, aslr, arch, canary, 1, initiating the program flow into the exceptional state
10 plt, and relro. The states of the traversed results are detection phase. Under normal conditions, the flag is set to
11 sequentially stored in a dictionary for recursive validation 0, leading the program into a loop. The loop body process
12 output. Consequently, potential security vulnerabilities in repeats at three-second intervals. On the server side, stable
13 the tested program can be assessed based on its protection condition verification engenders state parameters. If the flag
14 status, allowing for targeted reinforcement measures and is set to 1 under abnormal conditions, the program transitions
15 effectively enhancing the security of firmware programs. to the exceptional state detection phase. If the flag is set to 0
16 under normal conditions, the program enters the loop body.
17 VI. THE EXPERIMENTAL TESTING AND DATA ANALYSIS In the loop structure, the client generates a random number
18 The investigational inquiry into the HMITD drone featured to offer an effective message authentication scheme,
19 ensuring a unique verification value for each interaction,
a comprehensive tripartite evaluation. This assessment
20 authenticating the interaction, and elevating the system's
encompassed the delineation of the drone's operational
21 efficacy.
22 equipment system, the formulation of a safety-oriented
situational awareness framework, and the establishment of Moreover, the client dispatches a heartbeat packet with
23 state information, including the latest duration of connection
24 an automated safety assessment system for operational
equipment. Following this meticulous evaluative process, an to the server. Simultaneously, upon initialization, the server
25
exhaustive analysis of the acquired data was undertaken, receives the heartbeat packet message from the client and
26
ultimately yielding an objectively formulated feasibility outputs it, thereby disseminating state information to the
27
28 assessment. control end. Subsequently, the client transmits a random
29 number to the server. Upon receiving the random number,
30 A. drone Operational Situational Awareness Defense Testing the server performs a conditional check. If no random
31 1) drone Anti-Interference Attack Experimental Design number is received, it enters the exceptional state detection
32 To appraise the real-time status of drone flight, the phase. If the state is normal, the server disseminates the
33 proposed state monitoring system in this study is random number to the control end after verification and
34 compartmentalized into client and server components. The returns it to the client. The client receives and verifies the
35 client, situated within the drone's body, houses a micro- returned random number against the sent random number. If
36 control unit that interfaces through a wireless network the verification result is incorrect, it enters the exceptional
37 module linked to the mobile network. The system is state detection phase. The aforementioned exceptional state
38 instantiated within a Linux environment. The micro-control detection, both on the client-side and the server-side,
39 unit establishes a connection with the drone's flight control includes Internet connectivity checks and drone API
40 system API, facilitating real-time access to the drone's interface connection log state checks on the client-side, and
41 connection status and activating the drone's protective mode Internet connectivity checks and client access state checks
42 in exceptional circumstances. On the server side, deployed on the server-side. If the random number verification is
43 on a cloud server to ensure stable network access, the client correct on the client-side, a complete client-server
44
establishes a connection through the Internet for heartbeat interaction process is concluded.
45
packet communication, thereby enabling real-time message 2) Robustness Evaluation and Interference Resilience
46
interaction. The interactional sequence between the server Analysis
47
48 and client is elucidated in Figure 4. Employing the real-time state detection paradigm
49 delineated in this investigation, we conducted a
50 comprehensive robustness assessment at ten predefined
51 geographical coordinates. This endeavor aimed to scrutinize
52 the stability of the model against the dynamic states
53 encountered during drone flights. The testing protocol
54 encompassed both static and mobile assessments, effectively
55 simulating the diverse operational states of drones. The
56 resultant dataset, reflective of the model's application
57 performance, was derived from meticulous data collection at
58 each test point, involving the execution times of both the
59 system client and server across 100 iterations.
60
61 Fig. 4. Interaction Flow between System Client and Server
62 In this interactional flow, the client domiciled on the drone
63
64
65
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31 Fig. 6. Simulated Dynamics of Mobile Testing
32 The outcomes of the testing phase, predicated on the
33 devised state detection model, are depicted in Figure 5.
34 During the normal operation of the client-server dyad, a
35 periodic heartbeat packet interaction was conducted at three-
Fig. 5. Laboratory Simulation Test Outcomes
36
second intervals. The response times for each of these
37
interactions are delineated in Figure 5(a). Over sustained
38
39 testing periods exceeding 300 seconds, the response times
40 consistently fell within the range of 1 to 2 milliseconds.
41 Some instances exhibited response times within the bracket
42 of 2 to 3 milliseconds, and below 1 millisecond. The
43 maximum delay observed was 2.732 milliseconds, while the
44 minimum delay was 0.956 milliseconds, resulting in a
45 differential of 1.776 milliseconds. This collectively signifies
46 a commendable level of stability. The controlled laboratory
47 conditions, characterized by a stable network infrastructure
48 and high-performance testing equipment, significantly
49 mitigated the impact of network quality and hardware
50 performance on the observed outcomes.
51 To gauge the variability of the interaction model, the
52 coefficient of variation for response times of heartbeat
53 packet interactions in the controlled laboratory environment
54 was computed, as portrayed in Figure 5(b). The outcomes
55 exhibit a coefficient of variation primarily distributed
56
between 0.1 and 0.4, presenting a pattern akin to a sinusoidal
57
function curve. The diminutive numerical value of the
58
59 coefficient of variation suggests that, within the controlled
60 laboratory environment, the interaction system maintains
61 commendable stability, largely alleviating influences
62 stemming from network stability and hardware performance.
63
64
65
1
2 Employing a microprocessor unit as the hardware substrate, triggering position of the vulnerability, and offset
3 application testing ensued to assess the collaborative information. The left side of Figure 7 presents the detection
4 mobility of drones based on this state detection model. The outcomes for two sets of vulnerabilities, affirming the
5
response outcomes, as depicted in Figure 6(a), reveal that, precise identification of pertinent information and
6
during the sustained interaction process lasting 300 seconds, underscoring the commendable accuracy of the detection
7
8 heartbeat packet durations predominantly ranged from 1.5 to algorithm.
9 2.5 milliseconds. In comparison to laboratory data, an 2) Detection of Encryption Vulnerabilities
10 increase of approximately 0.5 milliseconds in response time The algorithm designed for detecting encryption
11 was observed, signifying heightened response times in actual reliability in this study achieved the desired path tracing and
12 environments due to hardware limitations and network symbolic exploration of stacks, registers, and memory
13 stability disparities. segments. This encompassed critical scenarios involving
14 Comparing data from two locations, primarily distributed fundamental data interactions during program execution. In
15 between 0.1 and 0.4, and showing similarity to laboratory the path tracing phase, functions returning expected and
16 testing data, the two sets of data exhibited minimal unexpected paths were expressly defined. The detection
17 differences in fluctuation, indicating the robust stability of process entailed the static analysis of content branching
18 the state detection model. The relatively small variations in along expected paths, serving as the expected address input
19 the numerical values of the coefficient of variation, reflected into path-returning functions. Successful traversal of the
20 in Figure 6(b), signify that the state detection model expected path address prompted the matching output,
21 maintains good usability during practical application testing. validated by the encryption algorithm and employed as the
22 Additionally, Figure 6(b) provides a comparison of the encryption key. Should the program's encryption strategy
23 average, median, and maximum values of data for mobile evade symbolic execution detection, it indicates robust
24 testing over a distance of up to 3.6 km. All three data sets security against such scrutiny. Experimental testing on an
25
fall within the range of 1.6 milliseconds to 2.6 milliseconds, illustrative encrypted program is showcased on the right side
26
displaying minimal differences and affirming the reliable of Figure 7. The results affirm the algorithm's ability to
27
28 performance of the state detection system under normal retrieve encrypted ciphertext by traversing the expected path,
29 drone mobile flight conditions. highlighting the unreliability of the encryption method
30 employed by the target program. Consequently, measures to
B. Automated Security Evaluation Testing fortify security are recommended.
31
In order to ascertain the effectiveness and resilience of the 3) Robustness Testing of Program Execution
32
symbolically executed testing algorithm propounded herein, This section delves into the robustness analysis of the
33
34 a suite of C language programs manifesting vulnerabilities symbolically executed detection algorithm proffered in this
35 was meticulously crafted. Subsequently, these programs, study, incorporating two sets of target programs with diverse
36 serving as subjects for empirical investigation, underwent characteristics. The testing scenarios encompass expected
37 compilation into ELF executable files using the GCC path detection, multi-parameter detection, and symbolic
38 compiler. Figure 7 articulates the outcomes of the tests, memory scenarios. The methodology involved the analysis
39 delineating the findings pertaining to vulnerabilities and of response times across ten consecutive detection processes.
40 encryption susceptibilities.
41
42
43
44
45
46 Fig. 7. Detection Outcomes for Vulnerabilities and Encryption
Vulnerabilities
47
48 1) Automated Detection of Overflow Vulnerabilities
49 To scrutinize the precision of the fuzz testing
50 methodology applied to overflow vulnerabilities, two
51 functions with vulnerabilities were deliberately incorporated
52 into the target test program. The vulnerabilities were induced
Fig. 8. Robustness Testing for Encryption Vulnerabilities
53 by the erroneous allocation of stack space. Functionality of
Figure 8 delineates the outcomes of the robustness
54 the vulnerable program involved conventional input and
analysis. In basic testing, the fluctuation across ten data sets
55 output operations, with finite stack space allocated for input
primarily ranged from 2.72 seconds to 2.75 seconds, with a
56 variables. Notably, the read function was assigned a length
57 minimal difference of 2.935 milliseconds between the
exceeding the allocated variable space. Consequently,
58 maximum and minimum values. In multi-parameter
inputting data surpassing the allocated space resulted in the
59 symbolic detection, the fluctuation across ten data sets
overflow of adjacent stack space, giving rise to a buffer
60 primarily ranged from 1.73 seconds to 1.79 seconds, with a
overflow. The experiment entailed the detection of this
61 minimal difference of 6.4 milliseconds between the
vulnerable program, encompassing parameters such as the
62 maximum and minimum values. Comparative results
byte stream length of the vulnerability, the specific
63
64
65
1
2 underscore that the detection time for target programs substantive repairs to the target program. The results affirm
3 exhibits minimal sensitivity to the number of detection the precision, effectiveness, and robustness of the detection
4 parameters and the disparities in symbolic representation. algorithms. The response time variations in the exemplary
5
The primary factor influencing the time consumption of the tests are minimal, attesting to high stability. Analysis
6
detection algorithm is likely the complexity of branching discerns the designed detection algorithm as a potent method
7
8 structures within program paths. Additionally, trend analysis for program vulnerability detection, evincing efficiency
9 was conducted on ten data sets for two target programs, minimally affected by the parameters under scrutiny. The
10 revealing a nearly normal distribution curve for both tested tested data results validate the research's effectiveness,
11 program data sets. The similar curvature of the two data sets realizing the intent of enhancing drone security and
12 indicates the robustness of the detection algorithm in the providing a robust foundation for subsequent in-depth
13 encryption reliability domain. research and implementation. The proffered anti-
14 In the robustness analysis of the overflow vulnerability interference technology and authentication scheme hold
15 detection algorithm, the methodology involved the analysis significant implications for the stability and security of drone
16 of response times across ten consecutive detection processes systems, with prospective ramifications for advancing the
17 for target detection programs with 32-bit and 64-bit technological landscape in the IoD domain and proffering
18 architectures. For the 32-bit program's vulnerability more dependable security assurances for drone applications.
19 detection process, the time consumption primarily ranged
20 from 0.76 seconds to 0.82 seconds, with minimal differences. B. Future Work:
21 The 64-bit program's vulnerability detection time Future research trajectories could encompass refining the
22 distribution ranged from 0.69 seconds to 0.71 seconds, with efficiency of detection algorithms and delving deeper into
23 very little difference. The results underscore that the security design aspects. Subsequent investigations may
24 architecture of the target program minimally influences the focus on further optimizing HMITD identity authentication
25 schemes to amplify system anti-interference resilience.
robustness of the overflow vulnerability detection algorithm
26 Simultaneously, exploring additional security design and
advanced in this study, thereby manifesting commendable
27 testing methodologies for lightweight IoD applications is
28 robustness.
warranted to enhance drone security comprehensively.
29
30 VII. CONCLUSION:
REFERENCES
31
A. Main Contribution: [1] Y. Tan, J. Wang, J. Liu, and N. Kato, "Blockchain-assisted distributed and
32
As drones continue their ubiquitous integration across lightweight authentication service for industrial unmanned aerial vehicles,"
33 IEEE Internet of Things Journal, vol. 9, no. 18, pp. 16928-16940, 2022.
34 diverse domains, their security considerations become
[2] D. He, Y. Qiao, S. Chan, and N. Guizani, "Flight security and safety of
35 increasingly challenging, particularly concerning signal drones in airborne fog computing systems," IEEE Commun. Mag., vol. 56,
36 interference and identity authentication mechanisms. This no. 5, pp. 66-71, 2018.
research, centered on the Internet of Drones (IoD) domain, [3] M. Dai, N. Huang, Y. Wu, J. Gao, and Z. Su, "Unmanned-Aerial-Vehicle-
37 Assisted Wireless Networks: Advancements, Challenges, and Solutions,"
38 addresses the imperatives of drone anti-interference and IEEE Internet of Things Journal, vol. 10, no. 5, pp. 4117-4147, 2022.
39 identity authentication security. It introduces anti- [4] M. Wazid, A. K. Das, N. Kumar, A. V. Vasilakos, and J. J. Rodrigues,
40 interference and HMITD identity authentication schemes, "Design and analysis of secure lightweight remote user authentication and
orchestrating a comprehensive integration of situational key agreement scheme in internet of drones deployment," IEEE Internet of
41 Things Journal, vol. 6, no. 2, pp. 3572-3584, 2018.
42 awareness security measures. Additionally, a security [5] D. Li et al., "State Prediction and Anti-Interference-Based Flight Path-
43 assessment system is outlined, providing security risk Following for UAVs," IEEE T. Intell. Transp., 2023.
44 assessments for drones, with experimental results [6] M. Tanveer, N. Kumar, and M. M. Hassan, "RAMP-IoD: A robust
45 authenticated key management protocol for the Internet of Drones," IEEE
demonstrating commendable precision and effectiveness. Internet of Things Journal, vol. 9, no. 2, pp. 1339-1353, 2021.
46 The research introduces an anti-error signal interference [7] V. Sharma, G. Choudhary, Y. Ko, and I. You, "Behavior and vulnerability
47 system for drones, employing heartbeat packet status assessment of drones-enabled industrial internet of things (iiot)," IEEE
48 Access, vol. 6, pp. 43368-43383, 2018.
verification. Upon detecting erroneous signal interference, a [8] M. Wazid, A. K. Das, N. Kumar, A. V. Vasilakos, and J. J. Rodrigues,
49 protective mechanism promptly severs the drone's "Design and analysis of secure lightweight remote user authentication and
50 connection to the interfering signal, inducing a state of key agreement scheme in internet of drones deployment," IEEE Internet of
51 Things Journal, vol. 6, no. 2, pp. 3572-3584, 2018.
stationary hover, thereby minimizing the impact of
52 [9] M. Tanveer, H. Shah, S. A. Chaudhry, and A. Naushad, "PASKE-IoD:
erroneous signal interference during drone flight and Privacy-protecting authenticated key establishment for Internet of Drones,"
53
54 augmenting its security. IEEE Access, vol. 9, pp. 145683-145698, 2021.
Furthermore, in the security evaluation section, the study [10]S. U. Jan, I. A. Abbasi, and F. Algarni, "A mutual authentication and cross
55 verification protocol for securing Internet-of-Drones (IoD)," Computers,
56 designs a symbolic execution-based detection algorithm Materials & Continua, vol. 72, no. 3, pp. 5845-5869, 2022.
57 tailored for lightweight Internet of Drones (IoD) applications, [11]S. U. Jan, F. Qayum, and H. U. Khan, "Design and analysis of lightweight
featuring an effective overflow detection scheme. The study authentication protocol for securing IoD," Ieee access, vol. 9, pp. 69287-
58
69306, 2021.
59 innovates further with a reliability detection algorithm for [12]S. U. Jan and H. U. Khan, "Identity and aggregate signature-based
60 encryption. The robustness of these algorithms is affirmed authentication protocol for IoD deployment military drone," IEEE Access,
61 through experiments, and a protection situation verification vol. 9, pp. 130247-130263, 2021.
62 algorithm is devised, demonstrating its efficacy in effecting
63
64
65
1
2 [13]M. Tanveer, A. Alkhayyat, A. Naushad, N. Kumar, and A. G. Alharbi, [34]S. Rani and H. Kaur, "Technical Review on Symmetric and Asymmetric
3 "RUAM-IoD: A robust user authentication mechanism for the Internet of Cryptography Algorithms.," International Journal of Advanced Research in
4 Drones," IEEE Access, vol. 10, pp. 19836-19851, 2022. Computer Science, vol. 8, no. 4, 2017.
[14]J. Srinivas, A. K. Das, N. Kumar, and J. J. Rodrigues, "TCALAS: Temporal [35]M. S. Yousefpoor and H. Barati, "Dynamic key management algorithms in
5 credential-based anonymous lightweight authentication scheme for Internet wireless sensor networks: A survey," Computer Communications, vol. 134,
6 of drones environment," IEEE T. Veh. Technol., vol. 68, no. 7, pp. 6903- pp. 52-69, 2019.
7 6916, 2019. [36]Y. Harold Robinson and E. Golden Julie, "MTPKM: Multipart trust based
8 [15]M. Tanveer, H. Alasmary, N. Kumar, and A. Nayak, "SAAF-IoD: Secure public key management technique to reduce security vulnerability in
9 and Anonymous Authentication Framework for the Internet of Drones," mobile ad-hoc networks," Wireless Pers. Commun., vol. 109, no. 2, pp.
IEEE T. Veh. Technol., 2023. 739-760, 2019.
10 [16]S. Yu, A. K. Das, Y. Park, and P. Lorenz, "SLAP-IoD: Secure and [37]S. Sridhar and S. Smys, "Intelligent security framework for iot devices
11 lightweight authentication protocol using physical unclonable functions for cryptography based end-to-end security architecture," in 2017 International
12 internet of drones in smart city environments," IEEE T. Veh. Technol., vol. Conference on Inventive Systems and Control (ICISC), 2017, IEEE, pp. 1-
13 71, no. 10, pp. 10374-10388, 2022. 5.
[17]M. Tanveer, N. Kumar, and M. M. Hassan, "RAMP-IoD: A robust [38]D. Abbasinezhad-Mood and M. Nikooghadam, "Design and hardware
14 authenticated key management protocol for the Internet of Drones," IEEE implementation of a security-enhanced elliptic curve cryptography based
15 Internet of Things Journal, vol. 9, no. 2, pp. 1339-1353, 2021. lightweight authentication scheme for smart grid communications," Future
16 [18]M. Tanveer, A. H. Zahid, M. Ahmad, A. Baz, and H. Alhakami, "LAKE- Generation Computer Systems, vol. 84, pp. 47-57, 2018.
17 IoD: Lightweight authenticated key exchange protocol for the Internet of [39]B. Dowling, D. Stebila, and G. Zaverucha, "Authenticated network time
Drone environment," IEEE Access, vol. 8, pp. 155645-155659, 2020. synchronization," in 25th USENIX security symposium (USENIX security
18 [19]M. Tanveer, T. Nguyen, M. Ahmad, and A. Abdei-Latif, "Towards a secure 16), 2016, pp. 823-840.
19 and computational framework for internet of drones enabled aerial [40]R. Rothblum, "Homomorphic encryption: From private-key to public-key,"
20 computing," IEEE Transactions on Network Science and Engineering, in Theory of cryptography conference, 2011, Springer, pp. 219-234.
21 2022. [41]M. Wazid, A. K. Das, N. Kumar, and A. V. Vasilakos, "Design of secure
22 [20]Y. Lei, L. Zeng, Y. Li, M. Wang, and H. Qin, "A lightweight authentication key management and user authentication scheme for fog computing
protocol for UAV networks based on security and computational resource services," Future Generation Computer Systems, vol. 91, pp. 475-492,
23 optimization," IEEE Access, vol. 9, pp. 53769-53785, 2021. 2019.
24 [21]Y. Zhang, D. He, L. Li, and B. Chen, "A lightweight authentication and key [42]C. Combemale, K. Whitefoot, L. Ales, and E. Fuchs, "Not all technological
25 agreement scheme for Internet of Drones," Computer Communications, vol. change is equal: Disentangling labor demand effects of automation and
26 154, pp. 455-464, 2020. parts consolidation," Industrial and Corporate Change, 2021.
[22]C. Pu, A. Wall, K. R. Choo, I. Ahmed, and S. Lim, "A lightweight and [43]V. Mosco, "A critical perspective on the post-Internet world," Javnost-The
27 privacy-preserving mutual authentication and key agreement protocol for Public, vol. 25, no. 1-2, pp. 210-217, 2018.
28 Internet of Drones environment," IEEE Internet of Things Journal, vol. 9, [44]M. A. Jabraeil Jamali et al., "IoT architecture," Towards the Internet of
29 no. 12, pp. 9918-9933, 2022. Things: Architectures, Security, and Applications, pp. 9-31, 2020.
30 [23]P. T. Selvi, T. S. Sri, M. N. Rao, B. R. Babu, K. V. Rao, and A. Srikanth, [45]E. James and F. Rabbi, "Fortifying the IoT Landscape: Strategies to
"Toward efficient security-based authentication for the internet of drones Counter Security Risks in Connected Systems," Tensorgate Journal of
31 in defense wireless communication," Soft Comput., vol. 26, no. 10, pp. Sustainable Technology and Infrastructure for Developing Countries, vol.
32 4905-4913, 2022. 6, no. 1, pp. 32-46, 2023.
33 [24]S. Yu, A. K. Das, Y. Park, and P. Lorenz, "SLAP-IoD: Secure and [46]I. Butun, P. Österberg, and H. Song, "Security of the Internet of Things:
34 lightweight authentication protocol using physical unclonable functions for Vulnerabilities, attacks, and countermeasures," IEEE Communications
internet of drones in smart city environments," IEEE T. Veh. Technol., vol. Surveys & Tutorials, vol. 22, no. 1, pp. 616-644, 2019.
35
71, no. 10, pp. 10374-10388, 2022. [47]S. Shah and B. M. Mehtre, "An overview of vulnerability assessment and
36 [25]A. Fotouhi et al., "Survey on UAV cellular communications: Practical penetration testing techniques," Journal of Computer Virology and
37 aspects, standardization advancements, regulation, and security Hacking Techniques, vol. 11, pp. 27-49, 2015.
38 challenges," IEEE Communications surveys & tutorials, vol. 21, no. 4, pp. [48]M. Felderer, M. Büchler, M. Johns, A. D. Brucker, R. Breu, and A.
39 3417-3442, 2019. Pretschner, "Security testing: A survey," in Advances in Computers, vol.
[26]D. Radočaj, I. Plaščak, and M. Jurišić, "Global Navigation Satellite 101: Elsevier, 2016, pp. 1-51.
40 Systems as State-of-the-Art Solutions in Precision Agriculture: A Review [49]W. Niu, X. Zhang, X. Du, L. Zhao, R. Cao, and M. Guizani, "A deep
41 of Studies Indexed in the Web of Science," Agriculture, vol. 13, no. 7, p. learning based static taint analysis approach for IoT software vulnerability
42 1417, 2023. location," Measurement, vol. 152, p. 107139, 2020.
43 [27]Z. Kaleem and M. H. Rehmani, "Amateur drone monitoring: State-of-the- [50]R. Baldoni, E. Coppa, D. C. D Elia, C. Demetrescu, and I. Finocchi, "A
art architectures, key enabling technologies, and future research survey of symbolic execution techniques," ACM Computing Surveys
44 directions," IEEE Wirel. Commun., vol. 25, no. 2, pp. 150-159, 2018. (CSUR), vol. 51, no. 3, pp. 1-39, 2018.
45 [28]W. Goble et al., "Challenges of securing and defending unmanned aerial [51]M. Eceiza, J. L. Flores, and M. Iturbe, "Fuzzing the internet of things: A
46 vehicles," in National Cyber Summit (NCS) Research Track 2020, 2021, review on the techniques and challenges for efficient vulnerability
47 Springer, pp. 119-138. discovery in embedded systems," IEEE Internet of Things Journal, vol. 8,
[29]A. Rugo, C. A. Ardagna, and N. E. Ioini, "A security review in the UAVNet no. 13, pp. 10390-10411, 2021.
48
era: threats, countermeasures, and gap analysis," ACM Computing Surveys [52]M. Eceiza, J. L. Flores, and M. Iturbe, "Fuzzing the internet of things: A
49 (CSUR), vol. 55, no. 1, pp. 1-35, 2022. review on the techniques and challenges for efficient vulnerability
50 [30]M. N. Alenezi, H. Alabdulrazzaq, and N. Q. Mohammad, "Symmetric discovery in embedded systems," IEEE Internet of Things Journal, vol. 8,
51 encryption algorithms: Review and evaluation study," International Journal no. 13, pp. 10390-10411, 2021.
52 of Communication Networks and Information Security, vol. 12, no. 2, pp. [53]A. Ahmad."Model-based testing for IoT systems: methods and
256-272, 2020. tools,"UniversitéBourgogne Franche-Comté, 2018.
53 [31]W. Diffie and M. E. Hellman, "Multiuser cryptographic techniques," in [54]R. Baldoni, E. Coppa, D. C. D Elia, C. Demetrescu, and I. Finocchi, "A
54 Proceedings of the June 7-10, 1976, national computer conference and survey of symbolic execution techniques," ACM Computing Surveys
55 exposition, 1976, pp. 109-112. (CSUR), vol. 51, no. 3, pp. 1-39, 2018.
56 [32]M. N. Alenezi, H. Alabdulrazzaq, and N. Q. Mohammad, "Symmetric [55]D. Fang, Y. Qian, and R. Q. Hu, "A flexible and efficient authentication
encryption algorithms: Review and evaluation study," International Journal and secure data transmission scheme for IoT applications," IEEE Internet
57 of Communication Networks and Information Security, vol. 12, no. 2, pp. of Things Journal, vol. 7, no. 4, pp. 3474-3484, 2020.
58 256-272, 2020. [56]I. Butun, P. Österberg, and H. Song, "Security of the Internet of Things:
59 [33]M. Malik, M. Dutta, and J. Granjal, "A survey of key bootstrapping Vulnerabilities, attacks, and countermeasures," IEEE Communications
60 protocols based on public key cryptography in the Internet of Things," Surveys & Tutorials, vol. 22, no. 1, pp. 616-644, 2019.
IEEE Access, vol. 7, pp. 27443-27464, 2019. [57]P. Xu, Z. Mai, Y. Lin, Z. Guo, and V. S. Sheng, "A Survey on Binary Code
61
Vulnerability Mining Technology," Journal of Information Hiding and
62 Privacy Protection, vol. 3, no. 4, p. 165, 2021.
63
64
65
1
2 [58]H. G. Kayacik, A. N. Zincir-Heywood, and M. Heywood, "Evolving
3 successful stack overflow attacks for vulnerability testing," in 21st Annual
4 Computer Security Applications Conference (ACSAC'05), 2005, IEEE, pp.
8 pp.-234.
5 [59]T. A. Alhaj et al., "A survey: To govern, protect, and detect security
6 principles on internet of medical things (iomt)," IEEE Access, vol. 10, pp.
7 124777-124791, 2022.
8
9 ACKNOWLEDGEMENTS
10 Funding: This work is supported by the Natural Science
11 Foundation of Shandong Province of China under Grant (No.
12 ZR2019PEE019) and the Natural Science Foundation of
13 Shandong Province of China under Grant (No. ZR2021ME109).
14
15 DISCLOSURE STATEMENT
16
17 No potential conflict of interest was reported by the author(s).
18
19 DATA AVAILABILITY STATEMENT
20 The datasets generated during and/or analyzed during the
21 current study are available from the corresponding author upon
22 reasonable request.
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65