Research Article  Open Access
Muhammad Asghar Khan, Insaf Ullah, Shibli Nisar, Fazal Noor, Ijaz Mansoor Qureshi, Fahimullah Khanzada, Hizbullah Khattak, Muhammad Adnan Aziz, "Multiaccess Edge Computing Empowered Flying Ad Hoc Networks with Secure Deployment Using IdentityBased Generalized Signcryption", Mobile Information Systems, vol. 2020, Article ID 8861947, 15 pages, 2020. https://doi.org/10.1155/2020/8861947
Multiaccess Edge Computing Empowered Flying Ad Hoc Networks with Secure Deployment Using IdentityBased Generalized Signcryption
Abstract
A group of small UAVs can synergize to form a flying ad hoc network (FANET). The small UAVs are, typically, prone to security lapses because of limited onboard power, restricted computing ability, insufficient bandwidth, etc. Such limitations hinder the applicability of standard cryptographic techniques. Thus, assuring confidentiality and authentication on part of small UAV remains a farfetched goal. We aim to address such an issue by proposing an identitybased generalized signcryption scheme. The lightweight security scheme employs multiaccess edge computing (MEC) whereby the primary UAV, as a MEC node, provides offloading to the computationally fragile member UAVs. The scheme is based on the concept of the hyperelliptic curve (HEC), which is characterized by a smaller key size and is, therefore, suitable for small UAVs. The scheme is robust since it offers confidentiality and authentication simultaneously as well as singly. Formal as well as informal security analyses and the validation results, using the Automated Validation for Internet Security Validation and Application (AVISPA) tool, second such notion. Comparative analysis with the existing schemes further authenticates the sturdiness of the proposed scheme. As a case study, the scheme is applied for monitoring crops in an agricultural field. It has been found out that the scheme promises higher security and incurs lower computational and communication costs.
1. Introduction
Unmanned Aerial Vehicles (UAVs) have earned recognition in multiple domains owing to their versatile applications for surveillance, agriculture, health services, traffic monitoring, inspection, public safety, etc. [1]. Multiple small UAVs, as a flying ad hoc network (FANET), can combine and accomplish the assigned tasks efficiently in an autonomous manner [2, 3]. In FANETs, small interconnected UAVs synergize and exchange data with one another and with the ground stations [4]. They are characterized by high mobility, easy deployment, and selforganizing behavior [5]. However, such distinctive features, for efficient and effective deployment, demand the compliance of stringent guidelines [6]. For instance, it is mandatory to assure security and Quality of Service (QoS) when choosing a FANET system for ontime data communication services. Moreover, the networks must deploy an efficient networking architecture complemented by an efficient security scheme in order to allow a reliable exchange of information between UAVs and the ground stations.
FANETs can either be deployed independently or they can be integrated with the traditional networks via satellite or cellular communication links. The topic allures experts from the industry as well as academia. Most of the relevant research studies propose to integrate multipleUAV systems with the traditional networks to assure Quality of Service (QoS), unhampered security, and sustained reliability. Therefore, it is imperative to identify loopholes in existing solutions. This can pave the way for solutions that support high throughput and a secure data communication regime. The envisioned Fifth Generation (5G) of wireless cellular communication systems is expected to offer higher capacity, enhanced data rate, and lower latency [7]. Besides, 5G offers multiaccess edge computing (MEC) architecture, which is characterized by cloud computing functionalities. Thus, 5G, when integrated into a UAV environment, by leveraging MEC, can relieve the resourceconstrained UAVs from processing the computational tasks. Instead, the computationally intensive tasks will be offloaded to the edge of the network.
Generally, the small UAVs are not designed with security considerations and are, therefore, prone to security and privacy pitfalls [8]. UAV’s sensing portion is also worth consideration. For instance, in the worst case, a sensor might transmit wrong information and that can result in UAVs making erroneous decisions. Similarly, the case of the faulty sensor is far more sinister. A damaged sensor can severely hamper the UAV’s attempt to obtain information and might result in an event of a crash. Furthermore, a strong communication link is essential to allow the exchange of information between a UAV and a Base Station. An insecure and vulnerable link, on the other hand, is susceptible to attacks [9]. The concerns of confidentiality and authentication can be addressed by employing encryption and digital signature, respectively. And, in case both the attributes are desired, a hybrid version, the signthenencrypt approach, is utilized mostly.
However, the stringent constraints associated with a flying ad hoc network (FANET), such as limited onboard energy and limited computing capability, do not permit complex cryptographic operations. Moreover, undertaking computationally intensive tasks may result in slow response time which can, in turn, deteriorate the performance of FANETs. Fortunately, such deficiencies can be resolved by employing an amalgamated scheme, named “signcryption” [10]. It is a public key cryptosystem that performs the function of encryption and digital signature simultaneously. It is far more efficient and costeffective than each of the alternates, i.e., encryption and digital signature. To simplify the key management process and to allow flexibility, Han et al. [11] presented an extension of the signcryption scheme, i.e., generalized signcryption (GSC). Not only does GSC offer encryption and digital signature in one go, but it also has the option to offer them separately, if demanded. Such feature is helpful in case either of the two key attributes, confidentiality or authenticity, is required.
In the public key cryptosystems, two basic approaches, Public Key Infrastructure (PKI) and IdentityBased Cryptography (IBC), are used to authenticate public keys [12]. In the PKI environment, it is crucial to ensure a trustworthy unforgeable link between the identity of the participant and its public key. This further stipulates the need for a signature Certificate Authority (CA) that assigns the link a unique signature. In the certification stage, the CA bounds the public key as the identity of a participant with certificates. The Public Key Infrastructure (PKI) approach encounters issues with certificate distribution and storage. On the other hand, an identitybased cryptosystem is used to reduce the cost of public key management [13]. In IDbased systems, a trusted third party named private key generator (PKG) computes private keys from a master secret and users’ identity information. It then distributes these private keys to the users participating in the scheme. This eradicates the necessity for certificates as used in a conventional PKI.
The security and efficiency of the aforementioned security schemes are based on computationally hard problems. The RSA cryptography [14, 15] is based on a large factorization problem, which utilizes a large key, parameter certificate, and the identity stretches as much as 1024 bits [16]. This is not suitable for resourceconstrained networks, or FANETs, because small UAVs lack onboard processing resources. Furthermore, bilinear pairing is 14.31 times worse than RSA [17], due to huge pairing and maptopoint function computation. In order to eliminate the discrepancies accompanying RSA and bilinear pairing, a new type of cryptography called the elliptic curve was introduced [18]. The elliptic curve cryptography is characterized by smaller parameter size, smaller public/private key size, smaller identity, and smaller certificate size. Moreover, unlike bilinear pairing and RSA, the security hardiness and efficiency of the elliptic curve cryptography scheme are based on 160bit small keys [19]. The 160bit key is, still, not suitable for and affordable by resourcehungry devices such as small UAVs. Thus, the hyperelliptic curve, a more modern version of the elliptic curve cryptography, was proposed [20]. The hyperelliptic curve uses an 80bit key, identity, and certificate size and, at the same time, promises the security features assured by the elliptic curve, bilinear pairing, and RSA [21, 22]. Therefore, the hyperelliptic curve is a cogent choice for energyconstrained devices.
1.1. Authors’ Motivation and Contributions
To reap the extensive benefits of multiUAV systems, the underlying technical challenges need to be addressed. For instance, the small UAVs have limited onboard energy, which restricts the flying time to a specified period and the UAV’s limited computational capability does not permit complex cryptographic operations. Therefore, there is a need to harness a stateoftheart communication architecture with a lightweight security mechanism, which can, significantly, stabilize the battery lifetime, offer limited computation cost, and provide better connectivity.
Motivated by such objectives, for FANETs, the authors, here, suggest an identitybased generalized signcryption scheme. The very scheme makes use of multiaccess edge computing (MEC) and is based on a much advanced version of the elliptic curve, i.e., the hyperelliptic curve (HEC). HEC is characterized by a smaller key size and, at the same time, promises security comparable to that of the counterparts, i.e., elliptic curve, bilinear pairing, and modular exponentiation. Incorporation of HEC reduces power consumption and improves the device’s performance, thereby making it suitable for a wide range of devices, ranging from sensors to UAVs.
Some of the salient features signifying the contribution of our research work, in this paper, are as follows:(i)We introduce a new architecture for flying ad hoc networks (FANETs) leveraging multiaccess edge computing (MEC) facility, where the primary UAV acts as a MEC node in order to provide computational offloading services for the member UAVs having limited local computing capabilities(ii)We propose an efficient and provably secure identitybased generalized signcryption scheme for the architecture using the concept of a hyperelliptic curve(iii)The proposed scheme is potent enough to thwart attacks, both known and unknown, and the validation results using the Automated Validation for Internet Security Validation and Application (AVISPA) tool second such notion(iv)Moreover, upon doing a comparative analysis with the extant schemes, it is revealed that our proposed scheme is superior, particularly, in terms of computational and communication costs
1.2. Structure of the Paper
The rest of the paper is organized as follows. In Section 2, we provide a brief about the related work. Foundational concepts of the research work are presented in Section 3. Section 4 is dedicated to present the two system models, i.e., network model and threat model. In Section 5, we explain the salient features of the proposed scheme. Informal security analysis is provided in Section 6. Section 7 presents the practical deployment of the proposed scheme. For performance evaluation, the proposed scheme is compared with the existing schemes in Section 8. Section 9 contains a brief about a case study in which the scheme is applied for precision agriculture. Finally, Section 10 concludes the work.
2. Related Work
2.1. UAVEnabled Multiaccess Edge Computing
Owing to the promising features of ondemand communication services and flexible deployment, UAVenabled multiaccess edge computing capabilities have received much attention in recent years. So far, various studies have been conducted to examine the usability of edge computing for UAVs [23, 24]. However, the studies do not address the topic of security. Garg et al. [25] aimed to answer the surveillancerelated concerns by proposing a framework based on probabilistic data structures. The framework treats UAVs as intermediate aerial nodes that offer a cyberthreat detection mechanism complemented with a realtime analysis. Four major elements of the framework are as follows: UAV, dispatcher, aggregator, and edge devices. The UAV is responsible for capturing and validating the data. The processing tasks in the edge computing devices are scheduled by the dispatcher. The aggregator assures the secure transmission of data. And, the edge devices analyze the data.
In [26], the authors extend the concept of network slicing to the case of UAVbased 5G network deployment and investigate the feasibility of a backhaul of an aerial node utilizing a UAV. The LTE signals are monitored to evaluate the suitability of UAVs in two scenarios: network capacity enhancement and increasing network coverage.
The methodology proposed by Christian et al. [27] increases the system reliability and reduces the endtoend sourceactuator latency. Their work intends to broaden the 5G network edge by making the FANET UAVs fly close to the monitoring layer. For enhanced operations, the UAVs follow a policy of mutual help and are accoutered with MEC facilities. However, the work fails to address the issue of the limited battery duration of the MECUAVs. In [28], the authors proposed a UAV edgecloud computing model that utilizes a UAV swarm to provide the users realtime support. The end data are stored in the cloud server. In [29], the authors presented an architectural design of a slice orchestrator that enables new application models where the Internet of Things related functions can be applied on small Unmanned Aerial Vehicles, thus paving the way for implementing these functions on the edge network.
2.2. Security Mechanisms in Flying Ad Hoc Networks
The primary security mechanisms for FANETs emphasize authenticity, confidentiality, and integrity of data via cryptography. A welldesigned data protection mechanism can significantly reduce the probability of the data get compromised, irrespective of the devilish technique involved. There are a few studies dedicated to investigating the data protection issues for UAV Networks. In a secure communication scheme proposed by He et al. [30], the requirement of an online centralized authority is waived off. The UAVs manage the area themselves and the authorized devices can obtain a broadcast key. The scheme is characterized by employing hierarchical identitybased broadcast encryption and a pseudonym mechanism, whereby the devices can, anonymously, broadcast the encrypted messages and decrypt the legal ciphertext. The work done seconds the notion that the very scheme, satisfactorily, addresses the four important security concerns: confidentiality, authentication, partial privacy preservation, and resistance to Denial of Service (DoS) attacks. However, it inherits a restriction in the registration phase, i.e., the concern of finding a hash value’s preimage persists.
Three communication scenarios have been described by Won et al. [31, 32] to propose cryptographic protocols for drones and smart objects. The first scenario, i.e., onetoone, implies a certificateless signcryption tag key for facilitating an authenticated key agreement and for providing nonrepudiation and user revocation. Onetomany, or the second scenario, enables a UAV to broadcast privacysensitive data to multiple smart objects using a certificateless multirecipient encryption scheme. The third scenario is termed “manytoone” and is characterized by UAVs capable of collecting data from multiple smart objects. However, for such protocols [31, 32], transmitting encrypted messages and assuring privacy simultaneously are too difficult to undertake. Such novel cryptographic mechanisms are efficient and secure. However, they are supposed to be used in group communication where nodes are of equal computational capability. In 2019, Asghar et al. [33] proposed a blind signature scheme for flying ad hoc networks in a certificateless setting. The scheme is suitable for authentication; however, it does not offer confidentiality and authentication simultaneously.
2.3. IdentityBased Generalized Signcryption Schemes
Lal et al. [34], in 2008, introduced the first identitybased generalized signcryption scheme and proposed a security model for it. However, Yu et al. [13] pointed out that the security model presented by Lal et al. [34] scheme is incomplete and proposed a new scheme, which is efficient in terms of computation and is secure. Later, in 2011, Kushwah et al. [35] simplified the security model introduced by Yu et al. [13] and proposed a more efficient identitybased generalized signcryption scheme. Wei et al. [36], in 2015, presented an identitybased generalized signcryption scheme, which demonstrated to be secure enough in the random oracle model. Shen et al. [37], in 2017, proposed an identitybased generalized signcryption scheme in the standard model. Nevertheless, the proposed scheme is based on bilinear pairing that is computationally expensive. In 2019, Waheed et al. [38] analyzed the work done by Wei et al. [36] and suggested an improved scheme that is far more secure and costeffective. Lastly, in 2019, Zhou et al. [39] proposed an identitybased combined public key scheme for signature, encryption, and signature (IBCSESC). Under the premise of ensuring the confidentiality, integrity, authentication, and nonrepudiation of data, the combined cryptosystem reduces the key management work, saves storage space, and offers decreased computational consumption.
3. Preliminaries
3.1. Hyperelliptic Curve Cryptography (HECC)
HECC is the advanced form of elliptic curve cryptography (ECC), and it is used to exchange keys and facilitate secure communications between two parties with very small size keys and incur lower computational and communication costs. For instance, an encryption activity done using RSA with a 1024bit key and ECC with a 160bit key is equivalent in performance to HECC encryption with an 80bit key [40].
Suppose that ℑ is a predetermined set and presume as the genus of having order as . Let (), f() ℑ [], deg (h()) ≤ , and f() is a monicpolynomial having deg (f()) = 2 + 1. Thus, of genus over ℑ is set of points (,) ℑ ∗ ℑ as shown in
It forms the divisors which are the formal sum of finite integers like where and . Further, it forms a Jacobian group having the following order:
3.2. Hyperelliptic Curve Discrete Logarithm Problem
Assume that d is the divisor that is publicly available in the network and ℒ is a randomly picked private number from ℑ_{t}. Upon recovering ℒ from ℒ is said to be .
4. System Models
To elaborate on the operation and applicability of the proposed scheme, two models are used.
4.1. Network Model
We devise a novel architecture for a flying ad hoc network (FANET), constituted by UAVs, with a multiaccess edge computing (MEC) facility that makes use of the Fifth Generation (5G) wireless communication technology on backhaul and the WiFi technology on fronthaul, as shown in Figure 1. The 5G and WiFi wireless technologies are enabled on MECUAV in order to link it with the Macro Base Station (MBS) and to provide a hotspot service over the MUAVs. The MUAVs are connected with each other via a WiFi link. The primary reason behind opting for such a hybridized approach is to utilize the prominent features of both technologies. This ends up in the resulting solution being of low cost, low power, high range, and high speed. A huge bandwidth is required when linking the Macro Base Stations with the core network. The proposed architecture involves the UAVs connected together via either of the two classes: monitoring UAV (MUAV), responsible for performing the monitoring function from an assigned zone; and multiaccess edge computing UAV (MECUAV), utilizing MEC to handle a set of MUAVs connected to it. It is the load generated by an MUAV that acts as a decisive factor when assigning MUAV(s) to a MECUAV, or the primary UAV. In the maneuver, each of the MECUAVs is equipped with Raspberry PI (RPI) powered with a 1.5 GHz 64bit quadcore ARM CortexA72 processor [41].
4.2. Threat Model
The proposed scheme employs the DolevYao (DY) threat model [42]. The model indicates that an untrustworthy nature prevails between the endpoint entities and that there is an insecure open channel between the parties. Thus, for an attacker, it eases the task to eavesdrop and delete/modify the exchanged messages. Far worse is the scenario when a drone, while hovering over a hostile area, is physically captured and the data is compromised. Recently, the widely accepted “Canetti and Krawczyk’s adversary model (CKadversary model)” [43] becomes the “current de facto standard model in modeling authenticated key exchange protocols.” According to the CKadversary model, “the adversary can not only deliver the messages (as in the DY model), but can compromise the secret credentials, secret keys and session states a well, particularly, when stored in the insecure memory.” Therefore, it becomes an essential requirement that “the leakage of some forms of secret credentials, such as session ephemeral secrets or secret key, should minimally effect the secrecy of the communicating participants” [33].
5. Proposed IdentityBased Generalized Signcryption Scheme
5.1. Syntax of IdentityBased Generalized Signcryption Scheme
A formal model of identitybased generalized signcryption scheme consists of the following four algorithms [13, 37]: setup, key extraction, generalized signcryption, and generalized unsigncryption. The notations used in the proposed scheme are illustrated in Table 1.(i)Setup. In the setup phase, the private key generation (PKG) generates the public parameters, randomly selects their master private key, and computes the master public key with the input of security parameter.(ii)Key Extraction. When each of the participated contestants transmits their respective identities () to the PKG, PKG generates the private () and public () keys for each of them and delivers them using the private network.(iii)Generalized Signcryption. The sender performs this process for producing generalized signcryption of a message It initially takes the input parameter such as the identity of the sender and receiver ), message the private key of the sender (), the public key of the receiver (), and a fresh nonce ().(iv)Generalized Unsigncryption. The receiver performs this process for recovering a message and verifying generalized signcryption text . It takes the input parameter like generalized signcryption text , the identity of the sender and receiver), the private key of the receiver (), the public key of the receiver(), and the public key of the sender ().

5.2. Construction of the Proposed IdentityBased Generalized Signcryption Scheme
It includes the following four subphases [13, 37]: Setup: in this phase, the private key generation (PKG) center performs essential steps. It(a)Selects a security parameter (b)Selects a hyperelliptic curve (HEC) of genus 2(c)Selects a parameter where the length is equivalents to 80 bits(d)Selects a finite field , where its order is (e)Selects a divisor of the order (f)Selects two oneway hash function, i.e., and (g)Selects a number uniformly for its private key as (h)Computes its public key as (i)Produces all the public parameter param and publish them to the network Key extraction: when each of the participating contestants transmits their identity () to the PKG, the PKG generates the private and public keys by utilizing the performing the following computations:(a)It computes private key for identity () as = (b)It computes public key for identity () as = (c)It delivers the pair of the public and private keys () to the participating contestants with its identity () by using the private network Generalized signcryption: given a message (m), the private key of the sender (), the public key of the receiver (), the identity of the sender and receiver (), and a fresh nonce (), the sender performs this process for producing generalized signcryption by undertaking the following steps(a)It selects a number in an irregular manner as and calculates (b)It calculates (c)It computes (d)It calculates (e)It computes (f)It produces the final generalized signcryption text for the receiver as Generalized unsigncryption: given a generalized signcryption text , the private key of the receiver (), the public key of sender and receiver (), and the identity of the receiver (), the sender performs this process for verifying the signature, and recovering a plain text by undertaking the following steps:(a)It computes (b)It decrypts (c)It computes (d)It compares , if holds, then accept otherwise generate the error symbol ╨
Note that, in the above algorithm, if and , then generalized signcryption proceeds in an encryption process. If and, then generalized signcryption will run in the signature mode. And, if and, then generalized signcryption will run in signcryption mode.
5.3. Correctness
The receiver can compute the decryption key asand it verifies as it computes and compares . In case of equality, it accepts and else generates the error symbol ╨.
6. Informal Security Analysis
This section is dedicated to spotlight the proposed scheme’s contribution in upholding basic security including resistance to replay attack, confidentiality, integrity, and unforgeability. Each of the characteristics is briefly analyzed in the following sections.
6.1. Confidentiality
The proposed scheme ensures confidentiality. In case an intruder wants to steal the original contents of a message or the secret key, he/she must have beforehand information about the key as . In order to determine , it is required to compute from , which is the discrete log problem in the hyperelliptic curve.
6.2. Replay Attack
The scheme offers replay attack resistance. Each session implies a fresh key () and a nonce () i.e., . Therefore, it is, literally, not possible for an intruder of a session to penetrate another session with the same session key. Besides, the receiver is required to run a check for ascertaining the freshness of a message at every instance of reception. An obsoleteness, if spotted, renders the message useless.
6.3. Integrity
The sender takes the “hash value” of the message before sending the message, i.e.,: . The “hash” exhibits a property of being an irreversible function. For the confirmation if either of the ciphertexts is altered or not, the receiver performs the following steps: it first decrypts and computes . After it compares , if it holds, then it accepts ψ; otherwise, it generates the error symbol ╨.
6.4. Unforgeability
In our proposed scheme, if the intruder tries to generate a valid signature, then he/she is, first of all, required to compute , and to do so, the intruder needs to find from and from = . This equates to solving two hard problems with commensurate efforts. Thus, it is ensured that our designed approach offers resistance against the signature forging attack.
7. Deployment of the Proposed Scheme
In this phase, we provide the practical deployment of our proposed technique in the UAVs network for precision agriculture that involves monitoring of crop health in a cultivated field. The proposed scheme includes three subphases that are initializations, registration, and data transmission and verification, respectively.
7.1. Initialization
Figure 2 illustrates the initialization process, in which the PKG first calls the setup algorithm; i.e., it first selects a security parameter , picks a hyperelliptic curve (HEC) of the genus, chooses a parameter where the length is equivalent to 80 bits, selects a finite field , where its order is , picks a divisor of order , select two oneway hash functions, i.e., and , chooses a number uniformly for its private key as , computes its public as , produces all the public parameter , and published it to the network. Note that, in this subphase, we used , , and for the identity of MECUAV, MBS/SBS, and MUAV.
7.2. Registration
Figure 3 illustrates the registration process in which the PKG first calls the key extraction algorithm; i.e., when each of the participated contestants transmits its identity () to the PKG, then PKG generates the private and public keys as follows: it computes the private key for identity () as , and then it computes public key for identity () as Finally, PKG delivers the pair of public and private keys () to the participated contestants with its identity () by using the private network.note; in this subphase, we used , , and for the private and public keys of MECUAV, MBS/SBS, and MUAV.
7.3. Data Transmission and Verification
Figure 4 illustrates the data transmission and verification of the proposed scheme. In this phase, MECUAV performs the following process for generating a signcrypted ciphertext: it first selects a number in an irregular manner as and calculates . It also calculates and computes . Then, it computes and . Finally, it sends ψ to MBS/SBS using an open network. Upon reception of ψ MBS/SBS, it performs the verification and decryption process as follows: it computes and decrypts . It also computes and compares ; if it holds, then, it accepts ; otherwise, it generates the error symbol ╨.
In the above process, if and , then MECUAV performs the encryption process. If and , then MECUAV performs the signature method. If and , then MECUAV performs the signcryption mode.
8. Performance Comparison
This section equates the performance of the proposed scheme with the existing counterparts suggested by Yu et al.’s scheme [13], Kushwah et al.’s scheme [35], Wei et al.’s scheme [36], Shen et al.’s scheme [37], and Zhou et al.’s scheme [39].
8.1. Computational Cost
For evaluating the effectiveness, the proposed scheme is compared with five existing schemes proposed by Yu et al. [13], Kushwah et al. [35], Wei et al. [36], Shen et al. [37], and Zhou et al. [39]. The major findings obtained from the comparison are depicted in Table 2. The five existing schemes utilize elliptic curve scalar multiplication and bilinear pairings, both of which are costlier options. Therefore, we apply the hyperelliptic divisor multiplication. From the observations, it has been revealed that the time taken for processing a single scalar multiplication varies considerably: Elliptic Curve Point Multiplication (ECPM), 0.97 ms; bilinear pairing, 14.90 ms; pairingbased point multiplications, 4.31 ms; and modular exponentiation, 1.25 ms [44]. In order to measure the performance of the proposed scheme, the Multiprecision Integer and Rational Arithmetic C Library (MIRACL) [12] is used. It tests the runtime of the basic cryptographic operations for about 1000 times. For testing the simulation results, a workstation having the following specifications is used: Intel Core i7 4510U CPU @ 2.0 GHz, 8 GB RAM, and Windows 7 Home Basic 64bit Operating System [42]. Owing to a smaller key size of 80 bits, the Hyperelliptic Curve Divisor Multiplication (HCDM) is assumed to be of 0.48millisecond duration [45, 46].
 
hm = hyperelliptic curve divisor multiplication, em = elliptic curve scalar multiplication, bp = bilinear pairing, bpm = pairingbased point multiplications, mexp = modular exponentiation. 
From the findings in Tables 2–4 and Figure 5, it is evident that our approach is far more efficient in terms of computational costs.
 
Percentage change, z = x − y/x 100. 
8.2. Communication Cost
This section is dedicated to discuss the comparison results in the perspective of communication costs. The proposed approach is compared with the existing five schemes presented by Yu et al. [13], Kushwah et al. [35], Wei et al. [36], Shen et al. [37], and Zhou et al. [39]. In the comparative analysis, the variables used along with the respective values are shown in Table 5 [40].

It is assumed that each of the schemes has associated communication costs as shown in Table 6.
From Figure 6, it is evident that a decision to opt for our proposed scheme results in a significant reduction in the associated communication costs. Table 7 depicts the percentage reduction in communication costs.

8.3. Security Functionalities
Here, the proposed scheme is compared with the existing schemes in terms of security functionalities. Table 8 lists the comparison outcomes based on the following security parameters: unforgeability, integrity, replay attack, and formal analysis. From the table, it can be seen that none of the existing schemes offer a replay attack.
 
U: unforgeability, I: integrity, RA: replay attack, FA: formal analysis. The symbol ✓ satisfies the security functionality; ✗ does not satisfy the security functionality. 
9. Flying Ad Hoc NetworkBased Precision Agriculture: A Case Study
To further assess the practicability, the proposed scheme is applied to a precision agriculture case that involves FANETs for monitoring the health of the crops. Small UAVs are used to capture the images, which are, in the next step, processed to extract useful information. Values from the Normalized Difference Vegetation Index (NDVI) are computed to differentiate healthy plants from the nonhealthy ones. This is done by measuring the chlorophyll content. It further helps in the localization of the area under stress. The images captured by the MUAVs are transferred to the MECUAV, which, utilizing the onboard microcontroller, generates the respective tasks to be carried on by the Decision Support Engine (DSE). For value addition and versatility, the MUAVs can have additional gadgets, such as cameras, IMU, sensors, and GPS units. The web portal contains a variety of services such as visualization of historical/real data, NDVI mapping, and the correlation functionality.
10. Conclusions
There is an evolving trend of combining multiple small UAVs, as a flying ad hoc network (FANET), to cater to the needs of future applications that demand autonomy and pervasiveness. However, the small UAVs inherent limited onboard energy and restricted computational capability. Such limitations hinder their deployment for longer timeintervals and complex cryptographic operations. Addressing such deficiency, in this article, utilizing the concept of the hyperelliptic curve (HEC), we propose an efficient lightweight security scheme, called identitybased generalized signcryption. The scheme is based on multiaccess edge computing (MEC). The HEC approach is effective in generating small keys and is, therefore, suitable for lowcomputational devices such as small UAVs. Both formal and informal security analyses, using the AVISPA tool, demonstrate the potency of the proposed scheme in thwarting various known and unknown cyberattacks. Moreover, upon comparative analysis with the major existing counterparts, the scheme has demonstrated to be efficient in terms of computational and communication costs.
For our future work, we aim to complement the research work by including other aspects of formal analysis, such as the RealOrRandom (ROR) model and Random Oracle Model (ROM). Moreover, we also intend to incorporate a computational offloading and scheduling mechanism, in which the MUAVs will be able to offload and schedule the computing tasks to the MECUAV for improved processing power and faster execution.
Appendix
Implementation of Our Proposed Scheme in AVISPA
Highlevel protocol specification language (HLPSL) has been consulted to implement the proposed scheme for MECUAV and MBS. This has been illustrated in Algorithms 1 and 2. To run the simulations, a Haier Win8.1 PC computer workstation powered with an Intel (R) Core (TM) i34010U CPU @ 1.70 GHz and 64bit Operating System was chosen. The software part of the setup is composed of Oracle VM Virtual Box (version: 5.2.0.118431) and SPAN (version: SPANUbuntu10.10light_1). From Algorithms 3 and 4, the roles for session, goal, and environment have been executed to comply with the conventions. The execution test considers OFMC and CLAtSe back ends for evaluating the system’s susceptibility to attacks. The simulation results do not include the results of SATMC and TA4SP. It is because SATMC and TA4SP are not compatible with bitwise XOR operations. Another factor worthy of consideration is the requirement to monitor the execution of a specified protocol. Therefore, the back ends delegated the responsibility to check operations. In order to verify the DolevYao (DY) model, the back ends also estimate the vulnerability of the system to maninthemiddle attack [42]. The widely known webtool SPAN (Specific Protocol Animator for AVISPA) is also used to simulate the proposed scheme. The results obtained from OFMC (Figure 7) and AtSe (Figure 8) further demonstrate the scheme’s potency against replay and maninthemiddle attacks.




Data Availability
All data generated or analysed during this study are included in this published article.
Conflicts of Interest
The authors declare no conflicts of interest with respect to the research, authorship, and/or publication of this article.
References
 M. A. Khan, B. A. Alvi, A. Safi, and I. U. Khan, “Drones for good in smart cities: a review,” in Proceedings of the 2018 International Conference on Electrical, Electronics, Computers, Communication, Mechanical and Computing (EECCMC, pp. 1–6, Vaniyambadi, India, January 2018. View at: Google Scholar
 E. Yanmaz, S. Yahyanejad, B. Rinner, H. Hellwagner, and C. Bettstetter, “Drone networks: communications, coordination, and sensing,” Ad Hoc Networks, vol. 68, pp. 1–15, 2018. View at: Publisher Site  Google Scholar
 V. Sharma, “Advances in drone communications, stateoftheart and architectures,” Drones, vol. 3, no. 1, p. 21, 2019. View at: Publisher Site  Google Scholar
 O. S. Oubbati, M. Atiquzzaman, P. Lorenz, M. H. Tareque, and M. S. Hossain, “Routing in flying ad hoc networks: survey, constraints, and future challenge perspectives,” IEEE Access, vol. 7, pp. 81057–81105, 2019. View at: Publisher Site  Google Scholar
 V. Sharma and R. Kumar, “GFANET: an ambient network formation between ground and flying ad hoc networks,” Telecommunication Systems, vol. 65, no. 1, pp. 31–54, 2017. View at: Publisher Site  Google Scholar
 M. A. Khan, I. M. Qureshi, and F. Khanzada, “A hybrid communication scheme for efficient and lowcost deployment of future flying adhoc network (FANET),” Drones, vol. 3, no. 1, p. 16, 2019. View at: Publisher Site  Google Scholar
 M. Marchese, A. Moheddine, and F. Patrone, “IoT and UAV integration in 5G hybrid terrestrialsatellite networks,” Sensors, vol. 19, no. 17, p. 3704, 2019. View at: Publisher Site  Google Scholar
 C. Lin, D. He, N. Kumar, K.K. R. Choo, A. Vinel, and X. Huang, “Security and privacy for the Internet of drones: challenges and solutions,” IEEE Communications Magazine, vol. 56, no. 1, pp. 64–69, 2018. View at: Publisher Site  Google Scholar
 Y. Zhi, Z. Fu, X. Sun, and J. Yu, “Security and privacy issues of UAV: a survey,” Mobile Networks and Applications, vol. 25, pp. 95–101, 2019. View at: Google Scholar
 Y. Zheng, “Digital signcryption or how to achieve cost(signature & encryption) ≪ cost(signature) + cost(encryption),” in Proceedings of the Advances in Cryptology  CRYPTO '97, pp. 165–179, Springer, Santa Barbara, CA, USA, August 1997. View at: Publisher Site  Google Scholar
 Y. Han, X. Yang, P. Wei, Y. Wang, and Y. Hu, “ECGSC: elliptic curve based generalized signcryption,” in Proceedings of the Third International Conference Ubiquitous Intelligence and Computing, Vol. 4159 of Lecture Notes in Computer Science, pp. 956–965, Springer, Wuhan, China, September 2006. View at: Google Scholar
 Shamus Sofware Ltd, “Miracl Library,” GitHub, Inc., San Francisco, CA, USA, http://github.com/miracl/MIRACL. View at: Google Scholar
 G. Yu, X. Ma, Y. Shen, and W. Han, “Provable secure identity based generalized signcryption scheme,” Theoretical Computer Science, vol. 411, no. 4042, pp. 3614–3624, 2010. View at: Publisher Site  Google Scholar
 M. SuárezAlbela, P. FragaLamas, and T. FernándezCaramés, “A practical evaluation on RSA and ECCbased cipher suites for IoT highsecurity energyefficient fog and mist computing devices,” Sensors, vol. 18, no. 11, p. 3868, 2018. View at: Publisher Site  Google Scholar
 M. Yu1, J. Zhang, J. Wang et al., “Internet of Things security and privacypreserving method through nodes differentiation, concrete cluster centers, multisignature, and blockchain,” International Journal of Distributed Sensor Network, vol. 14, p. 12, 2018. View at: Publisher Site  Google Scholar
 A. Braeken, “PUF based authentication protocol for IoT,” Symmetry, vol. 10, p. 8, 2018. View at: Publisher Site  Google Scholar
 C. Zhou, Z. Zhao, W. Zhou, and Y. Mei, “Certificateless keyinsulated generalized signcryption scheme without bilinear pairings,” Security and Communication Network, vol. 2017, Article ID 8405879, 17 pages, 2017. View at: Publisher Site  Google Scholar
 S. Kumari, M. Karuppiah, A. K. Das, X. Li, F. Wu, and N. Kumar, “A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers,” The Journal of Supercomputing, vol. 74, p. 12, 2017. View at: Publisher Site  Google Scholar
 A. Omala, A. Mbandu, K. Mutiria, C. Jin, and F. Li, “Provably secure heterogeneous access control scheme for wireless body area network,” Journal of Medical Systems, vol. 42, p. 6, 2018. View at: Publisher Site  Google Scholar
 C. Tamizhselvan and V. Vijayalakshmi, “An energy efficient secure distributed naming service for IoT,” International Journal of Advanced Studies of Scientific Research, vol. 3, p. 8, 2019. View at: Google Scholar
 V. S. Naresh, R. Sivaranjani, and N. V. E. S. Murthy, “Provable secure lightweight hyper elliptic curvebased communication system for wireless sensor Network,” International Journal of Communication Systems, vol. 31, p. 15, 2018. View at: Publisher Site  Google Scholar
 A. Rahman, I. Ullah, M. Naeem, R. Anwar, H. Khattak, and S. Ullah, “A lightweight multimessage and multireceiver heterogeneous hybrid signcryption scheme based on hyper elliptic curve,” International Journal of Advanced Computer Science and Applications, vol. 9, p. 5, 2018. View at: Publisher Site  Google Scholar
 S. Ouahouah, T. Taleb, J. Song, and C. Benzaid, “Efficient offloading mechanism for UAVsbased valueadded services,” in Proceedings of the 2017 IEEE International Conference on Communications (ICC), pp. 1–6, Paris, France, May 2017. View at: Google Scholar
 N. H. Motlagh, M. Bagaa, and T. Taleb, “UAVbased iot platform: a crowd surveillance use case,” IEEE Communications Magazine, vol. 55, no. 2, pp. 128–134, 2017. View at: Publisher Site  Google Scholar
 S. Garg, A. Singh, S. Batra, N. Kumar, and L. T. Yang, “UAVempowered edge computing environment for cyberthreat detection in smart Vehicles,” IEEE Network, vol. 32, no. 3, pp. 42–51, 2018. View at: Publisher Site  Google Scholar
 G. K. Xilouris, M. C. Batistatos, G. E. Athanasiadou, G. Tsoulos, H. B. Pervaiz, and C. C. Zarakovitis, “UAVassisted 5G network architecture with slicing and virtualization,” in Proceedings of the 2018 IEEE Globecom Workshops (GC Wkshps), pp. 1–7, Abu Dhabi, UAE, December 2018. View at: Google Scholar
 C. Grasso and G. Schembra, “A fleet of MEC UAVs to extend a 5G network slice for video monitoring with lowlatency constraints,” Journal of Sensor and Actuator Networks, vol. 8, no. 1, p. 3, 2019. View at: Publisher Site  Google Scholar
 W. Chen, B. Liu, H. Huang, S. Guo, and Z. Zheng, “When UAV swarm meets edgecloud computing: the QoS perspective,” IEEE Network, vol. 33, no. 2, pp. 36–43, 2019. View at: Publisher Site  Google Scholar
 J.M. Fernandez, I. Vidal, and F. Valera, “Enabling the orchestration of IoT slices through edge and cloud microservice platforms,” Sensors, vol. 19, no. 13, p. 2980, 2019. View at: Publisher Site  Google Scholar
 S. He, Q. Wu, J. Liu, W. Hu, B. Qin, and Y. N. Li, “Secure communications in unmanned aerial vehicle network,” in Proceedings of the International Conference on Information Security Practice and Experience, pp. 601–620, Springer, Melbourne, Australia, December 2017. View at: Google Scholar
 J. Won, S.H. Seo, and E. Bertino, “Certificateless cryptographic protocols for efficient dronebased smart city applications,” IEEE Access, vol. 5, pp. 3721–3749, 2017. View at: Publisher Site  Google Scholar
 J. Won, S. H. Seo, and E. Bertino, “A secure communication protocol for drones and smart objects,” in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ser. ASIA CCS’15, pp. 249–260, ACM, Singapore, April 2015. View at: Google Scholar
 J. Srinivas, A. K. Das, N. Kumar, and J. P. C. Rodrigues, “CloudCentric authentication for wearable healthcare monitoring system,” IEEE Transactions on Dependable and Secure Computing, 2018. View at: Google Scholar
 S. Lal and P. Kushwah, “ID based generalized signcryption,” Tech. Rep., October 2019, Cryptology ePrint Archive, Report 2008/084, October 2019, http://eprint.iacr.org/2008/084. View at: Google Scholar
 P. Kushwah and S. Lal, “An efficient identity based generalized signcryption scheme,” Theoretical Computer Science, vol. 412, no. 45, pp. 6382–6389, 2011. View at: Publisher Site  Google Scholar
 G. Wei, J. Shao, Y. Xiang, P. Zhu, and R. Lu, “Obtain confidentiality or/and authenticity in Big Data by IDbased generalized signcryption,” Information Sciences, vol. 318, pp. 111–122, 2015. View at: Publisher Site  Google Scholar
 X. Shen, Y. Ming, J. Feng, X. Shen, Y. Ming, and J. Feng, “Identity based generalized signcryption scheme in the standard model,” Entropy, vol. 19, no. 3, p. 121, 2017. View at: Publisher Site  Google Scholar
 A. Waheed, A. I. Umar, N. Din, N. U. Amin, S. Abdullah, and P. Kumam, “Cryptanalysis of an authentication scheme using an identity based generalized signcryption,” Mathematics, vol. 7, no. 9, p. 782, 2019. View at: Publisher Site  Google Scholar
 Y. Zhou, Z. Li, F. Hu, and F. Li, “Identitybased combined public key schemes for signature, encryption, and signcryption,” in Information Technology and Applied Mathematics, pp. 3–22, Springer, Singapore, 2019. View at: Google Scholar
 I. Ullah, A. Alomari, N. Ul Amin, M. A. Khan, and H. Khattak, “An energy efficient and formally secured certificatebased signcryption for wireless body area networks with the Internet of Things,” Electronics, vol. 8, no. 10, p. 1171, 2019. View at: Publisher Site  Google Scholar
 “Raspberry pi 4,” 2019, https://www.raspberrypi.org/. View at: Google Scholar
 D. Dolev and A. Yao, “On the security of public key protocols,” IEEE Transactions on Information Theory, vol. 29, no. 2, pp. 198–208, 1983. View at: Publisher Site  Google Scholar
 R. Canetti and H. Krawczyk, “Universally composable notions of key exchange and secure channels,” in Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques—Advances in Cryptology (EUROCRYPT’02), pp. 337–351, Amsterdam, The Netherlands, May 2002. View at: Google Scholar
 C. Zhou, “An improved lightweight certificateless generalized signcryption scheme for mobilehealth system,” International Journal of Distributed Sensor Networks, vol. 15, no. 1, 2019. View at: Publisher Site  Google Scholar
 M. A. Khan, I. M. Qureshi, I. Ullah, S. Khan, F. Khanzada, and F. Noor, “An efficient and provably secure certificateless blind signature scheme for flying adhoc network based on multiaccess edge computing,” Electronics, vol. 9, no. 1, p. 30, 2019. View at: Publisher Site  Google Scholar
 M. A. Khan, I. Ullah, S. Nisa et al., “An efficient and provably secure certificateless keyencapsulated signcryption scheme for flying adhoc network,” IEEE Access, vol. 8, pp. 36807–36828, 2020. View at: Publisher Site  Google Scholar
Copyright
Copyright © 2020 Muhammad Asghar Khan et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.