A Lightweight and Efficient Authentication Scheme for the Internet of Drone Based on Cancelable Biometrics

The Internet of Drones (IoD) is a layered architecture that enables coordinated access and communication for Unmanned Aerial Vehicles (UAVs), commonly referred to as drones, within a regulated airspace. A typical IoD system comprises drones, ground stations (GSs), and remote users, forming an interconnected ecosystem for aerial operations [1]. Initially deployed in military contexts, drones have since expanded into a broad range of civilian and industrial applications due to the miniaturization of sensors, advances in wireless communication, and growth in autonomous control technologies.

IoD applications now span urban traffic control, environmental monitoring, search and rescue operations, agriculture, industrial inspection, logistics, public safety, and even emergency healthcare delivery [2]. By equipping drones with high-precision sensors and integrating big data analytics and artificial intelligence (AI) capabilities, UAVs can perform complex tasks such as autonomous navigation, real-time anomaly detection, and cooperative swarm coordination with minimal human intervention. This improves operational precision, reduces human error, and enhances responsiveness in time-sensitive scenarios.

From a network perspective, the Air Traffic Networks (ATNs) offer significantly greater spatial freedom than traditional Ground Transportation Networks (GTNs). The rational exploitation of ATNs can relieve congestion in GTNs and open new paradigms for real-time, on-demand services in smart cities. According to Drone Industry Insights, the global drone market is projected to reach $54.6 billion by 2030, with a compound annual growth rate (CAGR) of 7.7%, indicating a robust upward trajectory.

However, the rapid proliferation of IoD technologies introduces critical challenges in security and privacy protection [3]. Due to their reliance on open wireless communication, drones are vulnerable to eavesdropping, jamming, replay attacks, spoofing, and signal injection. GPS spoofing can mislead navigation, and vulnerabilities in Wi-Fi protocol stacks create opportunities for unauthorized access. Moreover, drones often communicate with ground stations and remote servers over insecure channels such as Wi-Fi or Long Term Evolution (LTE), where conventional security assumptions may no longer hold.

To mitigate these threats, robust authentication, key agreement, and data integrity mechanisms must be integrated into the IoD framework. In response to these challenges, this paper proposes a multi-factor authentication and key agreement scheme, which incorporates Cancelable Biometric techniques and a Physically Unclonable Function (PUF) update mechanism. The approach aims to strengthen identity verification, support revocability of compromised biometric templates, and enhance resilience against physical and cyber-attacks. The scheme is designed to provide mutual authentication, session key establishment, and protection against impersonation, replay, and template inversion attacks, thereby achieving a balance between lightweight performance and high security assurance in IoD environments.

A key component of securing IoD systems is robust authentication. However, many authentication and key agreement (AKA) protocols neglect biometric protection. Remote biometric authentication systems often face four main threats: sensor spoofing, database attacks, comparator attacks, and channel interception [4]. Cancelable biometrics enhance system security by transforming original biometric templates into protected representations in a secure domain, preventing the leakage of original samples [5]. Comparisons are performed within this domain to ensure data protection during identification.

Traditional authentication relies on passwords, which burden users and are prone to guessing attacks [6]. Therefore, we adopt biometrics, which serve as unique, hard-to-replicate identifiers [7]. Teoh [8] proposed Multispace Random Projections (MRP), a widely used method for cancelable template generation [9]. However, stolen projection matrices can allow reconstruction of the original biometrics. Index-of-Max Hashing (IoM) [10] is a classical method that maps biometric features into index-domain hash codes using gaussian random projection (GRP) or uniformly random permutation (URP) to generate secure templates. Kuzu et al. [11] applied deep learning to create cancelable finger vein templates, showing high robustness. Cancelable biometrics exhibit cancelability (template regeneration via parameter change), non-invertibility (blocking reconstruction), diversity (preventing cross-system linkability), and accuracy (maintaining recognition performance) [7].

Authentication schemes have evolved to multi-factor approaches that combine biometrics, smart cards, and auxiliary data for enhanced security [12]. A secure AKA protocol is crucial for pre-communication key agreement over insecure channels, especially in UAV networks. In 2021, Srinivas et al. [13] proposed UAP-BCIoT, a three-factor authentication protocol enabling mutual authentication and key agreement for smart transportation. Sarier [14] proposed MFBA, integrating zero-knowledge proofs and homomorphic encryption to perform biometric comparison in encrypted space. However, storing transformation parameters on the smart card risks biometric leakage.

Recently, drone communications over wireless channels have gained attention. However, these channels expose drones to security threats [15]. Unlike traditional authentication protocols, our design supports dynamic key generation during mutual authentication. Gope et al. [16] introduced a PUF-based authentication with an update mechanism, enhancing resistance against attacks. Their scheme leverages physical-layer security for sensor networks. Due to limited drone resources, many lightweight protocols [17] sacrifice robustness. Liu et al. [18] proposed a PUF-based lightweight protocol without challenge-response pairs (CRP) update, while others adopt ECC and hash functions for efficient key management [19]. Despite PUF’s popularity in IoT and IoD, few protocols integrate it with biometric protection. Given PUF’s support for irreversibility, unlinkability, and reproducibility (key cancelable biometric requirements), this combination is promising. Bian et al. [20] confirmed its feasibility by integrating PUF and fuzzy extractors for secure template generation.

Table 1 presents the Gap Analysis and provides brief descriptions of 11 identity authentication-related research papers. The columns include Scheme/Year, Template Protection, Cancelable Property, PUF Usage, CRP Updateability, Formal Proof (ROR Model), Formal Verification (AVISPA Tool), Attack Coverage, and Dataset-Based Evaluation. This structure renders the novelty, security, and efficiency claims of the proposed scheme traceable and persuasive.

Addressing the various limitations of identity authentication in IoD, we have designed a new protocol to meet the challenges. In this protocol, we employ a cancelable biometric template protection method to safeguard biometric data. Specifically, the contributions of our paper are as follows:

The rest of this article is organized as follows: Section 3 provides preliminary information. Section 4 describes the proposed template protection process and the proposed authentication scheme. Section 5 analyzes the security performance of the proposed scheme. Section 6 describes the experiments performed and the associated performance analysis. This article is summarized in Section 7.

This section describes the network model and the adversary model in detail.

As shown in Figure 1, the network architecture is composed of three parts: (i) users (U_i), equipped with mobile devices integrated with biometric scanners (e.g., fingerprint sensors) and smart cards (SC) for local storage of authentication parameters $$\left(A,{ID}_{cs}^{\mathrm{\prime}},RPW,{\mathrm{\tau }}_{i}\right)$$. (ii) Control center server (CS), a fully trusted entity responsible for generating global keys $${K}_{global}$$, challenges $$\left({C}_{u},{C}_{d}\right)$$, pseudo-identities $$\left({PID}_{u},{PID}_{d}\right)$$, and storing registration data $$\left({PID}_{u},\left({C}_{u},{R}_{u}\right)\right)$$, $$\left({ID}_{d},{PID}_{d},\left({C}_{d},{R}_{d}\right)\right)$$. and (iii) Drones ($${RD}_{j}$$), resource-constrained devices that register with CS to obtain authentication credentials, store $${PID}_{d}$$ locally, and execute PUF-based challenge-response mechanisms. The operator must carry a mobile device to receive data and store it locally for use during registration or mutual authentication processes. The CS is a trusted entity that generates auxiliary parameters for both $${U}_{i}$$ and $${RD}_{j}$$; it is also needed to store the registered IDs or pseudo-IDs of $${U}_{i}$$ and $${RD}_{j}$$.

The drone also needs to register with the CS to obtain key data for mutual authentication. If $${U}_{i}$$ and $${RD}_{j}$$ successfully complete the session key agreement through the CS, and a temporary session key will be generated for secure data communication.

The core assumptions of the system are as follows: Communication between users (U_i), the control server (CS), and drones (D_j) is conducted via insecure public channels such as Wi-Fi and LTE, which are vulnerable to interception and tampering; user smart cards and drones are untrusted and may be lost or stolen, and the data stored locally on them can be extracted through side-channel attacks (e.g., power analysis); the control server is immune to all attacks and maintains the data integrity of the stored registration information.

This article adopts the widely used Dolev–Yao (DY) threat model for analyzing the security of cryptographic protocols [23]. Our protocol involves three types of participants: users (U_i), the control server (CS), and drones ($${RD}_{j}$$), each with multiple instances. The DY model assumes that an adversary $$\mathcal{A}$$ having multiple instances:

Fuzzy extractor (FE) is a cryptographic tool used to extract and reproduce a reliable and random key from noisy data. There are two functions, FE.Gen(·) and FE.Rep(·) [20]. Enter the biometric Bi to FE.Gen(·) to generate auxiliary data $$\sigma$$ and key $$\tau$$, denoted as ($$\sigma$$, $$\tau$$) = FE.Gen(Bi). If the subsequently extracted biometric is sufficiently similar to Bi, the $$\sigma$$ can be recovered by FE.Rep($${Bi}^{\mathrm{\prime}}$$, $$\tau$$). FE is not sensitive to noise, as long as $$\mathrm{d}\mathrm{i}\mathrm{s}\left(Bi,{Bi}^{\mathrm{\prime}}\right)<t$$, the same ($$\sigma$$, $$\tau$$) can be generated [21]. FE can effectively address the issue of minor differences in biometric features during the registration and authentication phases.

Cancelable biometrics enhance the security and privacy of biometric systems by transforming the original biometric vector $$\mathbf{x}\in {\mathbb{R}}^{n}$$ into a protected template $$\mathbf{y}$$ using a user-specific transformation function $${T}_{K}$$, such that $$\mathbf{y}={T}_{K}\left(\mathbf{x}\right)$$, where $$K$$ is a secret key. When a template is compromised, a new unlinkable template can be generated by altering the key, i.e., $${\mathbf{y}}^{\mathrm{\prime}}={T}_{{K}^{\mathrm{\prime}}}\left(\mathbf{x}\right)$$ with $${K}^{\mathrm{\prime}}\ne K$$. This approach ensures cancelability, non-invertibility, diversity, and matching accuracy: the original biometric cannot be feasibly recovered from $$\mathbf{y}$$; different keys produce distinct templates for the same biometric input, i.e., $${T}_{{K}_{1}}\left(\mathbf{x}\right)\ne {T}_{{K}_{2}}\left(\mathbf{x}\right)$$ for $${K}_{1}\ne {K}_{2}$$; and the transformation preserves recognition performance within the transformed domain [4,7].

Physical Unclonable Function (PUF) are a hardware security technology based on the physical characteristics of a device. PUF comes from the IC manufacturing process, which adds random physical changes to the IC’s microstructure, making it unique and impossible to clone [24]. The core concept of PUF is CRP: a random string is input, and the PUF generates a unique response. PUFs are unpredictable but easy to build and check, making them suitable for security protection in lightweight devices. Since the output of a PUF is physically dependent, any tampering will alter its behavior, making it useless. These features enable PUF to be used as a cancelable step or as an authentication factor, increasing system complexity and improving security at the physical level [20].

Table 2 lists the important symbols used to describe the proposed scheme. In the proposed scheme, the user’s fingerprint is captured and extracted by the device for local authentication, and cancelable biometric methods are used to avoid the risk of permanent leakage of biometric information. Currently, most mobile devices can be equipped with biometric scanners, which can easily scan the user’s fingerprint onto the device, thus solving the problem of biometric acquisition in the proposed scheme.

Figure 2 illustrates the integration of the cancelable biometric mechanism with FE and PUF. The raw fingerprint vector is transformed into a cancelable version $$\mathbf{y}={T}_{K}\left(\mathbf{x}\right)$$, which is further processed through FE.Gen(·) to obtain auxiliary data $$\sigma$$, and used as input to the PUF for generating the response R. We propose an FFT-GRP-based method to improve efficiency and robustness.

The transformation parameters (non-repeating random permutation array r, n p×q-dimensional Gaussian Random Projection (GRP) matrices) adopt a design of dynamic generation and no local persistent storage to completely avoid the risk of parameter storage leakage. The specific implementation is as follows:

Although IoM is classic and efficient, Ghammam et al. [25] pointed out that IoM is not as resistant to various attacks as initially claimed, and the scheme is very susceptible to authentication and linking attacks. GRP-based IoM hashing [10] embeds the fingerprint vector into an n-dimensional Gaussian random subspace and extracts the index of the maximum projection feature. From the perspective of Locality Sensitive Hashing (LSH), this is equivalent to a hashing entry in the rank space [26]. The FFT-GRP method we propose combines GRP, Fast Fourier Transform, and random arrange to improve the efficiency and accuracy of fingerprint recognition.

GRP-based IoM hashing embeds the fingerprint vector into an n-dimensional Gaussian random subspace and extracts the index of the maximum projection feature. From the perspective of Locality Sensitive Hashing (LSH), this is equivalent to a hashing entry in the rank space [25]. Our method adopts this concept to enhance the efficiency and accuracy of fingerprint recognition. The method we use to generate templates is based on GRP and combines it with the Fast Fourier Transform (FFT) and random arrangement, which we call FFT-GRP. The specific process is as Figure 3 follows:

In our scheme, we first use the Fast Fourier Transform (FFT) to process the raw vector, converting fingerprint data from the spatial domain to the frequency domain. This makes the frequency characteristics of the fingerprint more pronounced, which is beneficial for subsequent processing. However, in practical applications, FFT is generally considered reversible. We then introduce random permutation and Gaussian Random Projections (GRP).

Unlike typical random projections, Gaussian random projection (GRP) matrices preserve the statistical structure and orthogonality of the original data. They enhance dimensionality reduction while maintaining discriminative features. The hash indices obtained from GRP also preserve Euclidean distance relations, which benefits template stability and matching performance [10].

In this phase, the user registers with the control server and obtains essential parameters for subsequent authentication.

Step-1: The user sends a registration request Reg_req to CS.

Step-2: Upon receiving the request, CS generates a challenge $${C}_{u}$$ and global key $${K}_{global}$$, then returns $${C}_{u}$$ to the user.

Step-3: The user’s device computes $${R}_{u}={PUF}_{u}\left({C}_{u}\right)$$, inputs $${ID}_{u},{PW}_{u}$$, and biometric $${Bi}_{u}$$. Using the cancelable transformation (Figure 3), it computes $${Bi}_{u}^{*}=CB\left({Bi}_{u}\right)$$ and derives ($${\sigma }_{i}$$, $${\tau }_{i}$$) = Gen($${Bi}_{u}^{*}$$). Then, it computes $${R}_{{\sigma }_{i}}=PUF\left({\sigma }_{i}\right)$$ and $$RPW=h\left({ID}_{u}||{PW}_{u}||{R}_{{\sigma }_{i}}\right)$$. The tuple ($${R}_{u}$$,$${ID}_{u}$$,$$RPW$$) is sent to CS.

Step-4: CS computes a pseudo-identity $${PID}_{u}={ID}_{u}\oplus h\left({K}_{global}||{ID}_{cs}\right)$$ and $$={PID}_{u}\oplus h\left({ID}_{u}||RPW\right)$$. It stores $$\left({PID}_{u},\left({C}_{u},{R}_{u}\right)\right)$$ for future authentication and replies with $$\left({ID}_{cs},A\right)$$.

Step-5: The user calculates $${ID}_{cs}^{\mathrm{\prime}}={ID}_{cs}\oplus {R}_{{\sigma }_{i}}$$ and stores $$\left(A,{ID}_{cs}^{\mathrm{\prime}},RPW,{\mathrm{\tau }}_{i}\right)$$ in the smart card (SC).

Before deploying a new drone, you need to register with CS, and the specific steps are as follows.

Step-1: The drone sends a registration request to CS, where $${Reg}_{req}$$ represents the registration request.

Step-2: CS first generates an ID for the drone, denoted as $${ID}_{d}$$, and a challenge $${C}_{d}$$ for the authentication process. CS calculates a pseudo identity for the drone $${PID}_{d}={ID}_{d}\oplus h\left({K}_{global}||{ID}_{cs}\right)$$. The data $$\left({PID}_{d},{C}_{d}\right)$$ is sent to the drone.

Step-3: The drone uses $${C}_{d}$$ as input for its PUF and obtains the response $${R}_{d}={PUF}_{d}\left({C}_{d}\right)$$. The drone stores $${PID}_{d}$$ in its device and sends $${R}_{d}$$ back to CS.

Step-4: CS stores the data $$(ID_d,PID_d,(C_d,R_d))$$ in the server.

After registration, the user uses the smart card to authenticate with the control server and drone. Figure 4 summarizes the protocol.

Step-1: The user inserts the smart card, inputs $$\left({ID}_{u}{,PW}_{u}\right)$$, and captures biometric $${Bi}_{u}$$. The device computes the cancelable template $${Bi}_{u}^{*}=CB\left({Bi}_{u}\right)$$, then recovers $${\sigma }_{i}^{*}=Rep\left({\tau }_{i},{Bi}_{u}^{*}\right)$$ and obtains $${R}_{{\sigma }_{i}^{*}}=PUF\left({\sigma }_{i}^{*}\right)$$. It computes $${RPW}^{*}$$ and compares with stored RPW. If matched, the user calculates $${PID}_{u}^{*}$$ and $${ID}_{cs}^{*}$$, then generates timestamp $${t}_{1}$$, and computes $${M}_{1}={\mathrm{P}\mathrm{I}\mathrm{D}}_{\mathrm{u}}^{\mathrm{*}}\oplus {ID}_{u}$$ and $${M}_{2}=h\left({M}_{1}||{ID}_{u}||{ID}_{cs}^{*}||{t}_{1}\right)$$. The message $$\left({M}_{1},{M}_{2},{t}_{1}\right)$$ is sent to CS via a public channel.

Step-2: CS checks if $${t}_{1}$$ is fresh. If valid, it uses stored $${PID}_{u}$$ to recover $${ID}_{u}={PID}_{u}\oplus {M}_{1}$$ and verifies $${M}_{2}$$. Then, it selects $$\left({C}_{u},{R}_{u}\right)$$ based on $${ID}_{u}$$, generates $${t}_{2}$$, computes $${TC}_{u}$$ and $${M}_{3}$$, and sends ($${M}_{3}$$,$${TC}_{u}$$,$${t}_{2}$$) to the user.

Step-3: The user validates $${t}_{2}$$, derives $${C}_{u}$$=$${TC}_{u}\oplus {t}_{2}$$, and obtains $${R}_{u}={PUF}_{u}\left({C}_{u}\right)$$. If matched with the original, it verifies $${M}_{3}$$, then generates $${t}_{3}$$ and random $${N}_{a}$$, and computes $${C}_{u}^{new}=h\left({C}_{u}||{N}_{a}||{t}_{3}\right)\oplus {PID}_{u}^{*},{R}_{u}^{new}={PUF}_{u}\left({C}_{u}^{new}\right)$$. The user encrypts $${M}_{4}={E}_{{PID}_{u}^{*}}\left({N}_{b},{R}_{u}^{new}\right)$$ , calculates $${M}_{5}=h\left({R}_{u}^{new}||{N}_{a}||{ID}_{cs}^{*}||{t}_{3}\right)$$, and sends ($${M}_{4}$$,$${M}_{5}{,t}_{3}$$) to CS.

Step-4: CS checks $${t}_{3}$$, decrypts $$M$$ using $${PID}_{u}$$ to recover $$\left({N}_{a},{R}_{u}^{new}\right)$$, and verifies $${M}_{5}$$. If valid, it generates $${t}_{4}$$ and random $${N}_{b}$$, selects $$\left({C}_{d},{R}_{d}\right)$$, and computes $${TC}_{d}={C}_{d}\oplus h\left({N}_{b}||{t}_{4}\right)$$, $${M}_{6}={E}_{{PID}_{d}}\left({N}_{b},{ID}_{d},{PID}_{u},h\left({N}_{a}||{N}_{b}\right)\right)$$, and $${M}_{7}=\mathrm{ }h\left({R}_{d}||h\left({N}_{a}||{N}_{b}\right)||{N}_{b}||{t}_{4}\right)$$. Then $$\left({M}_{6},{M}_{7},{TC}_{d},{t}_{4}\right)$$ is sent to the drone.

Step-5: The drone validates $${t}_{4}$$, decrypts $${M}_{6}$$, derives $${C}_{d}$$, and obtains $${R}_{d}={PUF}_{d}\left({C}_{d}\right)$$. After verifying $${M}_{7}$$, it generates $${t}_{5}$$ and random $${N}_{c}$$, computes $${C}_{d}^{new}=h\left({C}_{d}||{N}_{c}||{t}_{5}\right)\oplus {PID}_{d}$$, and $${R}_{d}^{new}={PUF}_{d}\left({C}_{d}^{new}\right)$$. It then calculates the session key $${SK}_{d2u}=h\left({PID}_{u}||{PID}_{d}||h\left({N}_{a}||{N}_{b}\right)||{N}_{c}\right)$$, encrypts $${M}_{9}={E}_{{PID}_{d}}\left({N}_{c},{R}_{d}^{new}\right)$$, and computes $${M}_{8}$$ and $${M}_{10}$$. The tuple ($${M}_{8}$$,$${M}_{9}$$,$${M}_{10}$$,$${t}_{5}$$) is sent to CS.

Step-6: CS checks $${t}_{5}$$, decrypts $${M}_{9}$$ to get $$\left({N}_{c},{R}_{d}^{new}\right)$$, and verifies $${M}_{10}$$. It then computes $${C}_{u}^{new}$$ and $${C}_{d}^{new}$$, updating the stored $$\left({C}_{u},{R}_{u}\right)$$ and $$\left({C}_{d},{R}_{d}\right)$$ to their new values. It generates $${t}_{6}$$, prepares $${M}_{11}={E}_{{PID}_{u}}\left({PID}_{d},{N}_{b},{N}_{c}\right)$$, $${M}_{12}=h\left({M}_{8}||{N}_{a}||{N}_{b}||{N}_{c}||{ID}_{u}||{ID}_{d}||{t}_{6}\right)$$, then sends $$\left({M}_{11},{M}_{12},{t}_{6}\right)$$ to the user.

Step-7: The user decrypts $${M}_{11}$$ to retrieve $$\left({PID}_{d},{N}_{b},{N}_{c}\right)$$ and calculates $${SK}_{u2d}=h\left({PID}_{u}^{\mathrm{*}}||{PID}_{d}||h\left({N}_{a}||{N}_{b}\right)||{N}_{c}\right)$$ and $${ID}_{d}={PID}_{d}\oplus \left({PID}_{u}^{\mathrm{*}}\oplus {ID}_{u}\right)$$. If $${M}_{8}$$ and $${M}_{12}$$ are both valid, then all parties have authenticated each other and agreed on the session key $${SK}_{u2d}={SK}_{d2\mathrm{u}}$$.

To address template leakage or proactive privacy protection needs, this scheme designs a lightweight cancelable process based on the dynamic parameter generation mechanism. Template invalidation can be achieved only by updating the password or salt without modifying the user’s original biometrics. The specific steps are as follows:

The process uses PUF (Physical Unclonable Function) hardware uniqueness, random number challenges, and hash verification to confirm the drone’s legitimacy. Drones perform a self-check either on a schedule or before joining the swarm with the server. The following is the self-check process.

The core logic of drone swarm hierarchical authentication is that users only complete mutual authentication with the swarm Leader once, and ordinary drones, after passing self-check, access the swarm via “Control Server (CS) authentication + Leader authentication” without interacting with users to reduce redundant overhead, thereby reducing redundant overhead and effectively intercepting malicious drones.

This section presents both formal and informal analyses, evaluating potential attacks using the ROR model and AVISPA tool.

In this section, we will introduce the use of the widely used ROR model [21] to prove the semantic security of the protocol. Table 3 shows the definition of the symbols and their query bounds.

Security Proof: The security proof provided in Theorem 1 is similar to the security proof given in [21,22].

Theorem 1. Let $$\mathcal{A}$$ be a polynomial-time adversary attacking protocol $$\mathcal{P}$$ in the random oracle model. Table 3 definitions of parameters and query bounds. Then:

Proof. Five games, denoted as $${\mathrm{G}}_{i}\left(i = 0,\mathrm{ }1,\mathrm{ }2,\mathrm{ }3,\mathrm{ }4\right)$$ are defined. Let $${Succ}_{i}$$ represent the event that the attacker $$\mathcal{A}$$ successfully guesses the bit c in game $${\mathrm{G}}_{i}$$. □

G₀: Fully simulates the real execution of Protocol $$\mathcal{P}$$. Hash operations, PUF responses, fuzzy extractor (FE) operations, and timestamp verification are performed in accordance with the original protocol logic. The adversary’s advantage is defined as:

G₁: In G₁, the attacker performs an eavesdropping attack on $$\mathcal{P}$$. $$\mathcal{A}$$ can intercept authentication phase messages like $$\left({M}_{1},{M}_{2},{t}_{1}\right)$$, etc. In this game, $$\mathcal{A}$$ makes an Execute($${\varPi }^{t},{\varPi }^{u}$$) (intercept public channel messages such as $$\left({M}_{1},{M}_{2},{t}_{1}\right)$$) and a Test query (verify whether the session key is random) to verify whether it is the true session key SK or a random number. The session key SK is calculated as: $$SK=h\left({ID}_{u}||{PID}_{RD}||{ID}_{RD}||h\left({N}_{b}||{N}_{c}\right)||{N}_{d}\right)$$. But this $$SK$$ isn’t on the public channel, and relies on random numbers and encrypted pseudo-identities ($${PID}_{u}={ID}_{u}\oplus h\left({K}_{global}||{ID}_{cs}\right)$$). So $$\mathcal{A}$$ can’t get or derive $$SK$$. Associated Components: One-wayness of the hash function h(·), encrypted pseudo-identity mechanism. Therefore, the probability of $$\mathcal{A}$$ winning G₁ by eavesdropping on the exchange messages does not increase. That is to say,

G₂: On the basis of G₁, simulate Hash Oracle responses—all h(·) queries from the adversary return random values conforming to the hash distribution. Transition Argument: According to the birthday paradox, the upper bound of the hash collision probability is $$\frac{{q}_{h}^{2}}{2|RH|}$$. Associated Components: Random oracle assumption of the hash function (used to generate RPW,$$\,{M}_{2},{M}_{3}$$, etc.). The random oracle property makes the simulated responses indistinguishable from real responses, as:

G₃: On the basis of G₂, simulate PUF Oracle responses-all PUF(·) queries from the adversary return random values conforming to the PUF distribution. But PUF has physical unclonability and pseudorandomness. Associated Components: PRF property of PUF (generating challenge-response pairs C/R). and its responses are indistinguishable from random numbers. The upper bound of the collision probability is $$\frac{{q}_{P}^{2}}{2|RP|}$$, as:

G₄: In this game model, no random oracle is assumed. The probability of $$\mathcal{A}$$ successfully forging all messages depends on the inclusion of CorruptDevice operations. In this scenario, $$\mathcal{A}$$ can retrieve all secret data stored in the user’s device ($$\mathrm{A},{ID}_{\mathrm{C}\mathrm{S}},RPW,{\mathrm{\tau }}_{i}$$). However, $$\mathcal{A}$$ cannot derive any valuable information from this data, as the user’s ID, password, and biometric features are not directly stored on the smart card. Instead, the card stores data computed from these elements. $$RPW=h\left({ID}_{u}||{PW}_{u}||{R}_{{\sigma }_{i}}\right)$$ relies on $${R}_{{\sigma }_{i}}$$ generated by FE and PUF. Assuming the scheme replaces the original mechanism with k random bits, the probability of guessing the biometric password approximates $$\frac{1}{{2}^{k}}$$. The adversary needs to guess both the password (from DC) and the biometric (length k), with a success probability upper bound of $$\frac{{q}_{s}}{{2}^{k}\cdot |DC|}$$.The system also limits the number of incorrect password attempts. Since games G₃ and G₄ remain identical under scenarios without guessing attacks, we derive:

Note that the session keys for all random oracles are simulated in game G₄. So after the Test query is completed, $$\mathcal{A}$$ needs to guess bit c to win the game. We infer that:

Based on (1), (2), and (6), we can first derive the following relationship:

Using the triangular inequality and (6), we further derive:

Based on (3), (4), and (5), we can deduce:

Thus:

In conclusion, this result demonstrates that the proposed scheme achieves session key security:

The security of the protocol relies on the synergy of four core components, which support the corresponding game transitions respectively:

We use the AVISPA tool [27] to formally verify the security of the proposed protocol. AVISPA simulates against active threats, including replay and man-in-the-middle attacks, using the Dolev–Yao (DY) model [23]. The protocol is first written in High-Level Protocol Specification Language (HLPSL), then translated to Intermediate Format (IF) via the HLPSL2IF converter, and finally analyzed using AVISPA’s backends. The Output Format (OF) clearly states whether an attack is possible. The intruder model actively participates in sessions. As shown in Figure 5 simulation under the SPAN interface confirms that the proposed protocol resists both replay and man-in-the-middle attacks.

We believe users’ mobile devices and drones are vulnerable, with stored data at risk of theft. Data is transmitted via public channels, making it easy to intercept. However, we consider this protocol safe and capable of achieving the following objectives. Table 4 shows the comparison of the proposed scheme with other schemes in the field in terms of their resistance to different attacks. Where “ √ ” indicates that it can be done, “ × ” indicates that it cannot be done, and “NA” indicates discussion or ambiguity.Each claimed security property is mapped to the adversary’s capabilities (from Section 2.2) and the corresponding protocol steps that ensure the property, as follows:

The corresponding threat is ID disclosure via public channel interception, and the adversary’s capability is II.B.1 (public channel interception). The protocol ensures this property through the following steps: During user registration, $${PID}_{u}={ID}_{u}\oplus h\left({K}_{global}||{ID}_{cs}\right)$$ is executed (Step 4); during authentication, the real ID is hidden via $${M}_{1}={\mathrm{P}\mathrm{I}\mathrm{D}}_{u}^{\mathrm{*}}\oplus {ID}_{u}$$ (Step 1), and only the Control Server (CS) can recover $${ID}_{u}$$ in Step 2, preventing ID leakage over public channels.

The corresponding threat is the compromise of long-term keys/CRPs, and the adversary’s capabilities are II.B.2 (drone memory compromise) and II.B.3 (partial parameter leakage). The protocol’s guarantee steps include: After authentication, CRP updates are performed, i.e., $${C}_{u}^{new}=h\left({C}_{u}||{N}_{a}||{t}_{3}\right)\oplus {PID}_{u}^{*}$$ and $${C}_{d}^{new}=h\left({C}_{d}||{N}_{c}||{t}_{5}\right)\oplus {PID}_{d}$$ (Steps 3, 5), and the Control Server updates the stored $$\left({C}_{u},{R}_{u}\right)$$ and $$\left({C}_{d},{R}_{d}\right)$$ in Step 6, ensuring that even if long-term keys or old CRPs are compromised, past session keys remain secure.

The corresponding threat is drone ID disclosure, and the adversary’s capability is II.B.1 (public channel interception). The protocol generates a pseudo-identity via $${PID}_{d}={ID}_{d}\oplus h\left({K}_{global}||{ID}_{cs}\right)$$ during drone registration (Step 2) and hides $${ID}_{d}$$ in the encrypted message $${M}_{6}$$ during authentication (Step 4), preventing the drone’s real ID from being intercepted and obtained.

The corresponding threat is the replay of authentication messages ($${M}_{1}$$–$${M}_{12}$$), and the adversary’s capability is II.B.1 (message replay). The protocol performs freshness checks on timestamps $${t}_{1}$$–$${t}_{6}$$ (Steps 2, 3, 4, 5, 6) and introduces random numbers $${N}_{a}/{N}_{b}/{N}_{c}$$ into session key calculation (Steps 3, 4, 5), ensuring that replayed old messages are rejected due to invalid timestamps or mismatched random numbers.

The corresponding threat is message tampering/injection, and the adversary’s capability is II.B.1 (message modification/injection). The protocol verifies message integrity through a hash verification mechanism (e.g., $${M}_{2}=h\left({M}_{1}||{ID}_{u}||{ID}_{cs}^{*}||{t}_{1}\right)$$ (Step 1), $${M}_{3}=h\left({R}_{u}||{PID}_{u}||{t}_{2}\right)$$ (Step 2), etc.) and performs symmetric encryption on sensitive data $${M}_{4}={E}_{{PID}_{u}^{*}}\left({N}_{b},{R}_{u}^{new}\right)$$, $${M}_{6}={E}_{{PID}_{d}}\left({N}_{b},{ID}_{d},{PID}_{u},h\left({N}_{a}||{N}_{b}\right)\right)$$ to resist man-in-the-middle attacks on message tampering and injection.

The corresponding threat is Physical Unclonable Function (PUF) tampering/physical cloning, and the adversary’s capability is II.B.2 (drone memory compromise). The protocol leverages the unclonability of PUF—Challenge-Response Pairs (C,R) are bound to physical devices, and tampering invalidates PUF responses (Section 3.3)—while decoupling templates from physical biometrics via cancelable biometric transformation (FFT-GRP) (Section 4.2) to resist physical attacks on PUF and biometrics.

The corresponding threat is smart card/drone loss with data extraction, and the adversary’s capability is II.B.2 (smart card/drone data extraction). The protocol ensures that smart cards only store derived data $$RPW=h\left({ID}_{u}||{PW}_{u}||{R}_{{\sigma }_{i}}\right)$$ instead of raw IDs, passwords, or biometrics (Step 3), and drones only store pseudo-identity $${PID}_{d}$$ without plaintext $${ID}_{d}$$ or global key $${K}_{global}$$ (Step 3), preventing sensitive information from being directly obtained if the device is lost.

The corresponding threat is session key leakage leading to the compromise of past/future keys, and the adversary’s capability is II.B.1 (message interception). The protocol’s guarantee mechanisms include: The session key $$SK=h\left({PID}_{u}^{\mathrm{*}}||{PID}_{d}||h\left({N}_{a}||{N}_{b}\right)||{N}_{c}\right)$$ (Steps 5, 7) uses unique random numbers for each session, and Challenge-Response Pairs are updated after each authentication (Steps 3, 5, 6), ensuring that the leakage of a single session key does not affect the security of other sessions.

The corresponding threat is online/offline password guessing via a dictionary, and the adversary’s capability is II.B.4 (guessing attacks). The protocol combines the password with biometric-derived $${R}_{{\sigma }_{i}}$$ to generate RPW ($$RPW=h\left({ID}_{u}||{PW}_{u}||{R}_{{\sigma }_{i}}\right)$$, Step 3) and limits the number of incorrect RPW matching attempts through the system (Section 4.6), significantly reducing the probability of successful password guessing.

The corresponding threat is stolen devices leading to identity impersonation, and the adversary’s capability is II.B.2 (smart card data extraction). The protocol requires biometric verification during authentication, i.e., recovering $${\sigma }_{i}^{*}$$ via $${Bi}_{u}^{*}=CB\left({Bi}_{u}\right)$$ and $${\sigma }_{i}^{*}=Rep\left({\tau }_{i},{Bi}_{u}^{*}\right)$$ (Step 1), and the calculation of $${PID}_{u}$$ and $${ID}_{cs}$$ depends on valid RPW matching (Step 1). Even if smart card data is extracted, the adversary cannot complete impersonation due to the lack of biometrics.

The corresponding threat is offline brute-force attacks on intercepted encrypted messages, and the adversary’s capability is II.B.1 (message interception). The protocol uses pseudo-identities $$\left({PID}_{u},{PID}_{d}\right)$$ as keys for encrypted messages $$\left({M}_{4},{M}_{6},{M}_{9},{M}_{11}\right)$$ (Steps 3, 4, 5, 6), and pseudo-identities are derived from the global key$$\,{K}_{global}$$ unknown to the adversary, making offline cracking difficult without valid keys.

The corresponding threat is biometric template leakage due to stolen biometric sensors, and the adversary’s capability is II.B.2 (sensor data extraction). The protocol generates cancelable biometric templates (CB) via FFT-GRP transformation (Section 4.2), making it impossible to reverse the original biometric $${Bi}_{u}$$ from CB, and templates can be updated by modifying random permutation arrays $$r$$ or projection matrices, avoiding permanent biometric leakage after sensor theft.

The corresponding threat is biometric template inversion/replay, and the adversary’s capability is II.B.3 (partial parameter leakage). The protocol prevents template inversion via $$CB = FFT-GRP\left({Bi}_{u}\right) + PUF\left({\sigma }_{i}^{*}\right)$$ (Section 4.1), and the $$Rep$$ function of the fuzzy extractor requires $${Bi}_{u}$$ to be sufficiently similar to the registered $${Bi}_{u}$$ ($$dis\left(Bi,{Bi}_{u}\right)<t$$, Section 4.1), resisting replayed forged biometric data.

The corresponding threat is the inability to update credentials after compromise, and the adversary’s capability is II.B.2 (device data extraction). During the update phase, the protocol allows users to enter a new password ($${PW}_{u}^{new}$$) or new biometric ($${Bi}_{u}^{new}$$), calculate a new $${RPW}^{\mathrm{*}}=h\left({ID}_{u}||{PW}_{u}||{\sigma }_{i}^{\mathrm{*}}\right)$$ and replace the old RPW (Steps 1–2), enabling secure credential updates.

The corresponding threat is unilateral authentication failure, and the adversary’s capability is II.B.1 (impersonation via message forgery). The protocol ensures mutual authentication through three-level verification: Between the user and the Control Server via $${M}_{2}$$ (user to CS) and $${M}_{3}$$ (CS to user) (Steps 1–2), between the Control Server and the drone via $${M}_{7}$$ (CS to drone) and $${M}_{8}/{M}_{10}$$ (drone to CS) (Steps 4–5), and between the user and the drone via $${M}_{12}$$ (CS to user) and session key consistency check (Step 7), ensuring that the identities of all three parties are legally verified.

The corresponding threat is stale Challenge-Response Pairs leading to PUF response forgery, and the adversary’s capability is II.B.2 (drone memory compromise). The protocol implements PUF updates by generating new Challenge-Response Pairs, i.e., $${C}_{u}^{new}=h\left({C}_{u}||{N}_{a}||{t}_{3}\right)\oplus {PID}_{u}^{*},{R}_{u}^{new}={PUF}_{u}\left({C}_{u}^{new}\right)$$ (Step 3), and $${C}_{d}^{new}=h\left({C}_{d}\left|\left|{N}_{c}\right|\right|{t}_{5}\right)\oplus {PID}_{d},{R}_{d}^{new}={PUF}_{d}\left({C}_{d}^{new}\right)$$ (Step 5), and the control server updates the stored $$\left({C}_{u},{R}_{u}\right)$$ and $$\left({C}_{d},{R}_{d}\right)$$ in Step 6, avoiding PUF response forgery using old CRPs.

The corresponding threats are replay/man-in-the-middle attacks, and the adversary’s capability is II.B.1 (message replay/injection). The protocol undergoes Avispa simulation via HLPSL specification (Section 5.2), and tool verification confirms its effective resistance to the aforementioned threats, ensuring the protocol’s security in simulated attack scenarios.

The experiment uses four public fingerprint datasets: FVC2002 DB1, DB2, and FVC2004 DB1, DB2, each containing 800 images from 100 users with 8 samples per finger. Following Jin’s method [28], get three samples are used for training and five for testing. The paper adopts the modified Polar Grid-based Three-Tuple Quantization (PGTQ) for feature extraction, which has an alignment-free property. Taking each minutia as a reference point, only neighboring minutiae within a 70-pixel radius are considered. After rotation-translation correction and polar coordinate conversion, they are quantized into triplets with steps of 10 pixels for radius, 20° for radial angle, and 30° for orientation angle. A polar grid containing more than one minutia is mapped to bit “1”, and finally, a variable-length binary vector is formed. Matching adopts a two-stage strategy consisting of local descriptor intersection matching and global score ratio calculation. Then evaluates system performance using genuine/imposter scores and the Equal Error Rate (EER), as per [29].

For each dataset, on an experimental platform with hardware configured as Intel(R) Core(TM) i5-12400F with 16 GB of memory, and software as MATLAB 9.12.0.1884302 (R2022a) , randomly generate 200 passwords of varying lengths as seeds, run 100 times, and record their minimum, maximum, average, and variance values. Figure 6 presents the EER and ROC results on FVC2002 DB1 and FVC2004 DB1. The ROC curves for DB1 (2002) and DB1 (2004) are nearly ideal, with steep curves approaching the top-left, indicating strong performance. As shown in Table 5, our method achieves the lowest EER on three datasets and performs competitively on the fourth. Compared to GRP hashing [10], our method significantly improves accuracy.

Biometric identification systems must satisfy unlinkability. This means that two or more repeatable templates generated from the same biometric features cannot be linked to each other, nor can it be inferred that they originate from the same biometric [4].

To verify that our proposed template protection scheme meets the requirement of unlinkability, we adopt a method proposed in [32] that uses a global metric $${D}_{↔}^{sys}$$ to evaluate the unlinkability of the system. $${D}_{↔}^{sys}$$ has values ranging from 0 to 1; $${D}_{↔}^{sys}$$ value of 1 suggests that the system is fully linkable, while a value of 0 indicates complete unlinkability. Generate 10 random keys as parameters to perform 10 transformations on each fingerprint vector, resulting in a total of 5000 transformed templates; and then calculate two scores for evaluation, namely Mated score and Non-Mated score. Based on these two evaluation scores, $${D}_{↔}^{sys}$$ is calculated. Figure 7 shows our assessment of the scheme using the FVC2002-DB1 and FVC2004-DB1 fingerprint databases.

To intuitively analyze the performance of the proposed scheme, we compare its computational cost with that of existing protocols. Let $${T}_{h}$$, $${T}_{PUF}$$, $${T}_{FE}$$, and $${T}_{E/D}$$ denote the time required for hash operations, PUF evaluations, fuzzy extractor computation, and symmetric encryption/decryption (e.g., AES-128), respectively. Bitwise XOR operations are excluded due to negligible cost. Based on experimental results from [20] (The hardware configuration of this experiment is as follows: the user device adopts an HTC One smartphone, and the server uses an Intel Core i5-4300 machine; in terms of core technologies and tools, a 128-bit arbiter PUF is used for PUF operations, BCH code is adopted for the generation (FE.Gen) and reconstruction (FE.Rec) operations of the fuzzy extractor, and the JCE library is used to estimate the execution time of cryptographic operations) and [33] (The paper obtains the values of the operation times such as modular exponentiation and symmetric encryption/decryption through benchmark parameter setting and logical conversion. Instead of being derived from actual measurement through self-built hardware experiments, these values are based on standardized conversion supported by existing research conclusions in the field of cryptography), we adopt $${T}_{h}=0.056\, \mathrm{m}\mathrm{s}$$, $${T}_{PUF}=0.13\, \mathrm{m}\mathrm{s}$$, $${T}_{FE}=3\, \mathrm{m}\mathrm{s}$$, and $${T}_{E/D}=8.7\, \mathrm{m}\mathrm{s}$$. Accordingly, our mutual authentication phase completes in 74.408 ms: 21.164 ms for the user, 35.304 ms for the server, and 17.94 ms for the drone.

For comparison, other protocols incur costs from modular arithmetic and elliptic curve operations, with $${T}_{m}=16.84\,\mathrm{ }\mathrm{m}\mathrm{s}$$, $${T}_{eca}=4.4\mathrm{ }\,\mathrm{m}\mathrm{s}$$, and $${T}_{ecm}=17.1\, \mathrm{m}\mathrm{s}$$ [21]. As shown in Table 6, our scheme achieves lower computation overhead while maintaining strong security, unlike the overly lightweight design in [17], which compromises robustness.

This paper proposes a method that combines the Fast Four Transform, Gaussian Random Projections, Position-Sensitive Hashing, Fuzzy Extractors, and Physical Unclonable Function to generate cancelable biometric templates, addressing the issue of permanent loss of biometric templates, and enhancing the protection of sensitive biometric data while ensuring strong resistance to known attacks. Experimental evaluations on FVC2002 and FVC2004 datasets demonstrate high accuracy and unlinkability. The complete AKA protocol introduced in this paper incorporates cancelable methods and PUF update schemes, allowing the generation of new templates by modifying parameters in case of data theft, ensuring security and efficiency. Formal security analysis using the ROR model and AVISPA simulation confirms the protocol’s robustness against replay, man-in-the-middle, and device-corruption attacks. Compared with existing protocols, our method achieves a better balance between security strength, computational efficiency, and biometric privacy, making it suitable for deployment in resource-constrained IoD environments.

Conceptualization, K.C. and W.B.; Methodology, K.C.; Software, K.C.; Validation, K.C., W.B. and D.X.; Formal Analysis, K.C.; Investigation, Q.L.; Resources, W.B.; Data Curation, W.B.; Writing—Original Draft Preparation, K.C.; Writing—Review & Editing, W.B.; Visualization, J.M.; Supervision, W.B.; Project Administration, W.B.; Funding Acquisition, W.B. and D.X.

Not applicable.

Not applicable.

Bundled with the book Handbook of Fingerprint Recognition (3rd Ed., Springer, 2022). Available via a formal license application to the FVC organizers (University of Bologna).

The work are partially supported by the National Natural Science Foundation of China (No. 61801004), Natural Science Foundation of Anhui Province (No. 2108085MF206).

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.