6406 IEEE INTERNET OF THINGS JOURNAL, VOL. 8, NO.

8, APRIL 15, 2021

Enabling Drones in the Internet of Things With

Decentralized Blockchain-Based Security
Abbas Yazdinejad , Reza M. Parizi , Senior Member, IEEE, Ali Dehghantanha , Senior Member, IEEE,
Hadis Karimipour , Senior Member, IEEE, Gautam Srivastava , Senior Member, IEEE,
and Mohammed Aledhari

Abstract—There is currently widespread use of drones and drones have a considerable amount of benefits that can be real-
drone technology due to their rising applications that have ized for the human race. They enable us as a race to do things
come into fruition in the military, safety surveillance, agricul- that are nearly impossible to do in remote parts of the phys-
ture, smart transportation, shipping, and delivery of packages
in our Internet-of-Things global landscape. However, there are ical world. From a more technical standpoint, the design and
security-specific challenges with the authentication of drones implementation of drone network models have challenges [10].
while airborne. The current authentication approaches, in most These challenges mainly come from running a multitude of
drone-based applications, are subject to latency issues in real time topologies and unstable connection issues [10], [13]. In par-
with security vulnerabilities for attacks. To address such issues, ticular, though, both drone movement and insufficient security
we introduce a secure authentication model with low latency for
drones in smart cities that looks to leverage blockchain tech- may result in several problems that are yet to come into
nology. We apply a zone-based architecture in a network of fruition. These include unauthorized access, excessive latency,
drones, and use a customized decentralized consensus, known and high energy usage in the drone’s network [10], [16], [21].
as drone-based delegated proof of stake (DDPOS), for drones Moreover, there is widespread concern regarding using drones
among zones in a smart city that does not require reauthenti- in the growing number of Internet-of-Things (IoT)-enabled
cation. The proposed architecture aims for positive impacts on
increased security and reduced latency on the Internet of Drones smart cities. One of the most important issues in smart cities
(IoD). Moreover, we provide an empirical analysis of the proposed nowadays is the issue of authentication of drones during
architecture compared to other peer models previously proposed flight [6], [17]. The conventional question arises here, whether
for IoD to demonstrate its performance and security authenti- all drones should be allowed to fly all over a given smart city
cation capability. The experimental results clearly show that not or into particular zones. There is ongoing contention as to how
only does the proposed architecture have low packet loss rate,
high throughput, and low end-to-end delay in comparison to peer moderators of drones as well as smart cities can respond to
models but also can detect 97.5% of attacks by malicious drones this question. Many people are of the opinion that only trusted
while airborne. drones should be allowed to fly airborne due to the fact that
Index Terms—Authentication, blockchain, decentralized unauthorized drones can violate privacy and impose risks. To
authentication, drone security, drones, Internet of Things (IoT). tackle this issue, the need for a secure drone network in each
zone of the smart city is imperative.
Most commercial drone-assisted applications require a low-
I. I NTRODUCTION latency authentication mechanism with high security [27].
Since preserving the quality of service and removing the effect
N RECENT years, drone technology has emerged as key
I aerial machinery with a wide range of industrial, environ-
mental, safety, and military applications [16]. Some examples
of parameters may influence drones’ authentication mecha-
nism, we should have an efficient approach in drone networks
that can handle time-sensitive tasks in a nearly real-time man-
include surveillance, search and rescue operations, aerial pho-
ner. Indeed, in some drone-based applications, the issue of
tography, and disaster monitoring [10], [16]. The use of drones
latency is crucial [3], [27]. Take as an example using drones
and drone technology will undoubtedly rise in our modern
to monitor disasters, where any latency may be the differ-
cyber-run society. As is pertinent in the current literature,
ence between life and death. In this article, we examine a
Manuscript received June 1, 2020; revised July 14, 2020; accepted July secure low-latency authentication scheme for drones using
29, 2020. Date of publication August 10, 2020; date of current version blockchain-based security in a smart city that is suitable for
April 7, 2021. (Corresponding author: Gautam Srivastava.) networks of drones. Our approach is built upon the blockchain
Abbas Yazdinejad, Ali Dehghantanha, and Hadis Karimipour are with the
Cyber Science Lab, University of Guelph, Guelph, ON 81746, Canada (e-mail: technology through the creation of decentralized authentica-
[email protected]; [email protected]; [email protected]). tion using a zone-based architecture in a smart city which can
Reza M. Parizi and Mohammed Aledhari are with the College of Computing be beneficial in a multitude of ways [22].
and Software Engineering, Kennesaw State University, Kennesaw, GA 30060
USA (e-mail: [email protected]; [email protected]). In our proposed architecture, we apply a public blockchain
Gautam Srivastava is with the Department of Mathematics and Computer so that all drones can have the ability to register to fly (become
Science, Brandon University, Brandon, MB R7A 6A9, Canada, and also with authorized) by authenticating on the blockchain. Drones in a
the Research Centre for Interneural Computing, China Medical University,
Taichung 404, Taiwan (e-mail: [email protected]). given smart city are connected through P2P networks using
Digital Object Identifier 10.1109/JIOT.2020.3015382 a shared ledger [22]. All connected drones can migrate to
2327-4662 
c 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.

Authorized licensed use limited to: American University of the Middle East. Downloaded on October 05,2021 at 06:21:58 UTC from IEEE Xplore. Restrictions apply.
YAZDINEJAD et al.: ENABLING DRONES IN INTERNET OF THINGS WITH DECENTRALIZED BLOCKCHAIN-BASED SECURITY 6407

other city’s zones through their disseminated identity quickly. a method called Dronemap Planner, which is a cloud-based
In fact, we consider several zones which cover the specific drone administration method. This method can control, moni-
area in each city. The movement of any drone that is already tor, and assist in communication between drones across the
authenticated on the network from one zone to another zone Internet. Dronemap Planner provided solid interaction with
will not require reauthentication of that drone to occur again. drones across the Internet, enabling their authority everywhere
The cluster-based approach originally proposed in [5] is fol- and anytime without limitation on the range.
lowed in our proposed zone architecture. Like a cluster-head For using blockchain for authentication, we can men-
in each cluster, we consider a drone controller in each zone of tion [20], [22], and [24] where the authors offered a software-
a smart city. The drone controller plays a management role in defined network solution for 5G networks as well as an
the authentication mechanism for drones and handles all oper- authentication system for patients in hospital networks both
ations that are related to the blockchain. This characteristic by using blockchain. Furthermore, Choi and Jung [7] developed
itself has a significant influence on maximizing security and the authentication method that including direct authentication
minimizing the time required for the authentication of drones based on public cryptography. In this work and [23], com-
overall. mon authentication and key exchange are accomplished using
We organize the remainder of this work as follows. a 3-way handshake.
Next, we give a brief related work summary in Section II.
Following this, we present our methodology and architecture III. P ROPOSED A RCHITECTURE
in Section III. Our evaluation and simulation results are dis- Fig. 1 presents the high-level model of our architecture.
cussed in-depth in Section IV. Finally, concluding remarks are In this architecture, the smart city is divided into multiple
presented in Section V. zones as shown. Each zone has a drone controller that handles
and controls all activities, including authentication, migration,
II. R ELATED W ORK and communication of drones in relation to the distributed
In this section, a summary of related work that investigates ledger powered by the blockchain technology. In this model,
blockchain in drone environments is given. We also consider we assume that drone controllers have no limitations in terms
using the blockchain technology for authentication purposes of energy and processing power. In contrast, drones them-
in the scope of articles mentioned here. selves will be constrained both in energy consumption and
Yue et al. [26] introduced amateur drone surveillance tech- computational power.
niques that use wireless acoustic networking. The authors All zones can take part in communications which may
offered a system that is distributed to assist in the identifica- include drone controller to drone controller (DC-DC), drone
tion of features as well as the estimated location of uninvited controller to drone (DC-D and D-DC), drone to drone (D-D),
drones using a wireless network alongside artificial intelli- and drone-controller to the blockchain (DC-BC). Zones are
gence (AI). Applying decoded data, the authors make use of able to securely communicate with other zones via the P2P
control commands to remove drones that are trespassing before network provided via the blockchain. Moreover, we apply the
transferring aggressive monitoring drones. In contrast, though, security of blockchain during the authentication of drones on
the authors did not consider the issue of security and latency in which they will join or move to other zones.
this work. In another work, Lin et al. [11] studied the construc- One of the significant issues in most authentication
tion and its privacy and security elements for the Internet of approaches in a smart city is the scalability problem since
Drones (IoD). In fact, the authors addressed challenging mat- drones can fly all over the city, and this point needs to be
ters, such as resilient accessibility, privacy leakage, and data highlighted here. As shown in Fig. 1, the scalability problem
confidentiality security with the confidence that this work will in our architecture is handled with a hierarchical approach. In
provide the basis for later study in this area. other words, there are both zones (cluster based) and multiple
Aggarwal et al. [4] suggested using an Ethereum-based layers of components in each zone in the proposed architec-
blockchain that can securely offer drone communication for ture. A drone controller is responsible for the overall control
gathering data and transportation. This model implemented of an area. Not only DCs in our proposed architecture has
secure and private communication between drones/users. a network that can communicate with each other (as another
Blockchain was used in the authors’ architecture for drone layer) but also they are interacting with public blockchain (as
data storage to reduce the burden on the drones. However, a higher layer). If any drone controller becomes down in any
this model did not pay any attention to the drone’s latency zone, we can manage this zone via another drone controller in
during authorization. the network between drone controllers. It is also assumed that
Sharma et al. [15] used blockchain to secure drones treat- the drone controllers can get drone’s information and zone’s
ing them as nodes in an on-demand network and through policy from the existing data in the shared ledger as the higher
this offering interservice operability. Diversified segments and layer. As a result, the proposed architecture could extend and
policies for encouraging blockchain-based drones were also respond to increasing or decreasing in terms of the number of
displayed. Moreover, the authors highlight threats of drones zones with any numbers of DCs and drones.
using a blockchain-based solution and analyze known the Fig. 2 gives the structure of blockchain for the drone
deployment problems with traditional drone-based wireless network in which each block is comprised of transactions, key,
networks that are centralized. Additionally, Koubâa et al. [9] and hash. Transactions consist of unique information specific
provided a cloud-based solution for IoT. The authors presented to drones, such as ID, MAC address, zone number, and path

Authorized licensed use limited to: American University of the Middle East. Downloaded on October 05,2021 at 06:21:58 UTC from IEEE Xplore. Restrictions apply.
6408 IEEE INTERNET OF THINGS JOURNAL, VOL. 8, NO. 8, APRIL 15, 2021

Fig. 1. Proposed zone-based architecture with drone controllers using blockchain.

Fig. 2. Public blockchain in the drone network.

Fig. 3. Relationship between the drone controller and drone.

information. Each drone has public/private keys that are gen-

erated by the drone controller during the registration process communication and transportation during the fly. As a result,
(explained in later sections). The drone enables the use of a this operation can play an important role in increasing the
public key in each zone for communication and applies a pri- privacy protection for users. In the public blockchain, all of
vate key during migration to other zones and communications the drones are allowed access to the network and will be
with other drones in different zones. assigned their public/private key pairs. Additionally, for imple-
menting the public blockchain here, each block will include
A. Drone Controller and Blockchain a key, hash, and transactions in which each transaction con-
Fig. 3 shows the internal structure of the drone controller tains data (unique features of a drone including MAC address)
and its relation with drones. The fundamental components collected during the flight. In the meantime, the system will
forming the drone controller include a ledger (to maintain create a vector of information stored in Vector_info. Via
and store information), Auth-unit, and Cntrl-unit. The tasks Vector_info, drones get public/private keys, and Valid ID
of the drone controller are adopted from the mechanism from to log in to their requested zones. Also, drones can use this
our previous work [20]. These components along with the information obtained from Vector_info for migration to
authentication procedure are further explained in Section III-B. other zones. All drone controllers can be involved in the con-
In our architecture, we consider a public blockchain since sensus process [25]. A customized Drone-Based Delegated
all drones are allowed to register in zones for secure Proof-of-Stake (DDPOS) consensus algorithm is proposed

Authorized licensed use limited to: American University of the Middle East. Downloaded on October 05,2021 at 06:21:58 UTC from IEEE Xplore. Restrictions apply.
YAZDINEJAD et al.: ENABLING DRONES IN INTERNET OF THINGS WITH DECENTRALIZED BLOCKCHAIN-BASED SECURITY 6409

Algorithm 1 DDPOS Algorithm

1: DC = Get_info_Zone ({d1, d2, . . . , dn}, num_zone,{dc1, dc2, . . . , dcm}, VB, tstamp Trans)
//Drone-controller is updating and getting information and data like, ( H: Header of Block , VB :Version of Block ,
tstamp: Timestamp, dc1 is a drone-controller 1, Trans: transactions, and d1 is drone 1.
2: Group_V = Voting() // Creating a group of agents for mining process
3: DC → Broad_Announce (Candidate_mining) // Transfering data and information to Candidate
4: Integer Z = 0;
5: Set bool T = False
6: While (NoT T) do
7: transaction = random(m) // range [1:m]
8: Calculate_Func ( Merkle tree root (Root_Z))
9: Root_P→ basing on the transactions in payload
10: Hashed block header ( Hm = VBHPre tstamp{d1, d2, . . . , dm} Trans)
11: Count_Zone (a = Azm zone dm  {dc1, dc2, . . . , dcm} )
12: while ( NoT T & ! got DDPOS) do
13: Group_V→ mining(block);
14: Create header: H_verify= VBHPretstampSTrans;
15: The string to Hash_m= H_verifynonce;
16: R = hash(Hm  nonce)
17: DCm = Cooperate (Group_V)
18: Extract nonce = getNonce(Hm);
19: RootZ basing on the transactions in W_payload
20: nonce ++ ; Fig. 4. Registration in a zone in the proposed architecture.
21: if (! DDPOS) then
22: Group_V→ mining(block);
23: Z= (nonce - 1) into nonce field
24: Return (nonce - 1);
25: T= true; Auth-unit in the drone controller and a reply is sent back to
26: else if (receive DDPOS) then that drone after it is confirmed. In the meantime, Cntrl-unit
27: Group_V→ mining(block );
28: T= true; in the drone controllers sends the encryption information of
29: return 0; keys of this drone. Whenever a drone starts to send multiple
30: end if
31: end while repetitive joining requests to the DC, such flooding of requests
32: end while triggers a defense action. Since the Auth-unit in DC counts the
33: If (Min_Proc == success) then
34: Miner (Zone(i)) = Resive_data_interest (); number of drone’s requests, the behavior of that drone will be
35: Share_data (Miner(i));
36: } } marked as malicious, and the DC will block the MAC address
37: end
and ID of that drone for participating in the zone. Also, other
DCs will become aware of this drone’s act and behavior. This
will be facilitated via the blockchain. The malicious drone’s
here since there are some limitations and drawbacks in the ID gets recorded into the blockchain. Once such information
original DPOS algorithm, such as centralization and flaws of is made available in the shared ledger, other DCs will ignore
real-life voting [20]. DDPOS not only can check/validate all any incoming requests that this malicious drone may issue in
transactions inside the zone and approve the drones’ truth dur- a short time frame.
ing movements in the smart city but also can decrease the To elaborate with more details, the Auth-unit is used to
number of nodes that are related to the authentication process. identify the unique drone properties of a given drone, such
Furthermore, the DDPOS algorithm is a useful consensus algo- as location, unique identity, direction, and public/private key
rithm in the drone-network environment that is presented in assignment that is produced by the Cntrl-unit. Through the
Algorithm 1. Cntrl-unit, messages are directed to the distributed ledger
securely using capsuled packages. A collection of information
B. Secure and Low-Latency Authentication Mechanism from drones that are registered such as the public key is sent
According to the architecture, we use a distributed zone to the blockchain that will be saved in the ledger and available
network among affiliated drones using blockchain technology. for viewing by other drone controllers. The public key PK is
Each zone can handle blockchain interaction, and secure com- known between drones and the drone controller, the private key
munication is required as the data of drones moves around. QK is applied in signing transactions between drones. After
Moreover, there is the possibility of migration of drones to registering the drone, drone controllers send their information
other zones without the necessity to reauthenticate, creating directly to the blockchain.
a major time/cost saving computationally. Not requiring reau- Fig. 4 represents the workflow of the proposed architecture.
thentication will inevitably lead to less overall delay. As shown In the first step, drone A requests to enter zone A, which is
in Fig. 1, the drones are registered in drone controllers in also controlled by drone controller A. This is how the secure
each zone to produce encryption data. Each drone will receive communication channel of A is established. Next, drone A
both key and encryption information. Then, drone controllers is authenticated, and drone controller A wants to send drone
send the drone data to the blockchain and other drone con- information of A to the blockchain. Generally, each drone con-
trollers of the smart city, which they will be aware of it in a troller shares securely a key pair for each drone and just that
simultaneous manner. The drone controller gives public and drone can use the generated key pair with the drone controller
private keys to each drone respectively. As is illustrated in since it is based on specific drone information. Drone A in
Fig. 4, drone authentication with drone controllers happens as any zone can communicate easily with any other drone or
one procedure. A request is sent by drones to the drone con- drone controllers geographically far away, provided they are all
trollers to join a given zone. This request is received by the authenticated in the same zone. In addition, they can securely

Authorized licensed use limited to: American University of the Middle East. Downloaded on October 05,2021 at 06:21:58 UTC from IEEE Xplore. Restrictions apply.
6410 IEEE INTERNET OF THINGS JOURNAL, VOL. 8, NO. 8, APRIL 15, 2021

Algorithm 2 Migration of Drones Among Zones Algorithm 3 Key Processing Time During Authentication
1: Reg_Drone to DC ({d1, d2, . . . , dn}) // Register all drones into Drone- 1: Input : DC (Receiving (dr_Auth_Req))
controller in each zone reg bool == True 2: Output : DC (Generate (KCPi)) // KCP1, KCP2âòe.. KCPn :As the Key collection period
2: while (reg == True) do 3: DC = Starting (mining_Proc)
3: ({d1, d2, . . . , dn} →) Req authentication 4: DC → initialize (Drones_Zone )
4: Send (authen_vector (Public & Private/ Key)) → ALL_Drones 5: Drone controller→ Record to Blcokchain// Path traffic in zone
5: end while 6: For (i=0; i<=n ; i++)//n is number of Drones
6: Call Hash_Func() 7: Calculate (KCPi)
7: Drone i = receive (Hash 256) 8: Call Traffic Zone (CPi)
8: Call Join_Zone (di) // join to zone 9: Kcp[i]→Kcp
9: if ({d1, d2, . . . , dn} →)== Rang DC) then 10: End for
10: auth = Ture 11: Kcpn =min (Kcp)
11: Calculate (mobility) 12: Return Kcpn
12: elas auth = False 13: end
13: Calculate (migration)
14: else
15: auth = Ture
16: Calculate (mobility) 2) Managing Keys in the Authentication Process: The drone
17: elas auth = False
18: Calculate (migration) controllers offer the ability to manage keys in any zone,
19: end if which reduces the overall time of transfer for keys
20: if (moving == True) then among all the zones. The focal point here for drone
21: if ( If ({d1, d2, . . . , dn} Rang)
22: if ( auth = Ture ) controllers should be on managing keys in zones to
23: {d1, d2, . . . , dn} = Join_Zone() achieve a transfer mechanism that is lightweight over-
24: else all. The main responsibility of drone controllers is to
25: Block (Call Join_Zone)
26: end if remove any third-party interaction within the transac-
27: while (auth = False ) do tions themselves. In Algorithm 3, it manages the time
28: if (Mobility = True or migration = Ture) then of keys processing during drone’s authentication among
29: if (authenticate)) // in Zone
30: DC_i: Message (i)// Zone i zones. It consists of the public and private keys transfer
31: Update (Zone_info) for drones by the drone controller.
32: Migrate (i, current, Target) Before concluding this section, two points are worth dis-
33: else
34: DC_i: Message (Blcokchain)// Update X1 cussing concerning the architecture.
35: end if 1) How Will the Architecture Behave if a DC
36: end while Crashes/Becomes Down During Runtime? In such
37: while (migrate or mobility! = Flase) do
38: New_Zone_DC = Received (data_i) cases, if a DC becomes dysfunctional, DCs in the
39: New_Zone_DC = Decrypt (Create header) neighborhood becomes aware of this event via the
40: end while existing DC’s network in the architecture. In this
situation, according to the cellular structure of the
proposed architecture, at least three or four DCs will be
in the neighborhood of that down DC. Of those DCs,
interact via the blockchain. In this way, a drone from, say, one that has fewer drones in its zone will be selected
zone C will easily be able to communicate with a drone from for controlling and managing all drones flying in that
zone B. zone.
As mentioned earlier, the drone controllers are responsible 2) How Will the Architecture Behave if a Blockchain
for the drone organization and enforcing the policy for the Transaction Fails During Runtime? For as much as a
zone. If for any reason a drone decides to move from its cur- transaction is a set of handshake operations, as shown
rent zone to another zone, it requires sending the request to in Fig. 4, all of these operations together are either
the destination zone, where its authentication will get checked successful, or none will take place. In fact, it is an
by the drone controllers in that specific zone. The drone atomicity feature that is considered for the proposed
controllers check the information of that drone by querying architecture, and this feature is known as all or noth-
the blockchain to determine its authenticity from malicious ing in transactions. Hence, the transaction is successful
drones and untrusted drones. Generally, the unique properties if all operations executed in the authentication process
of a given drone exist on the blockchain. Therefore, the need are successful. According to this rule, the DC must be
to reauthenticate drones when passing through zones is not able to roll back all previous operations if one of the
required. For the movement of drones, the drone controllers operations fails during the drone’s activities.
can recognize the next zone and let other drone controllers
know if any drones are moving zones. The drone controllers
can then check the Cntrl-unit and the shared ledger to ensure IV. E VALUATION AND R ESULTS
that the drones are at a trusted zone. To summarize, we have For measuring the effectiveness of our methodology and
the following. architecture, we focus on three well-known metrics, namely:
1) Migration to Other Zones: A movement process 1) loss rate (packets);
between the two zones for the secure and low-latency 2) throughput;
authentication is implemented using Algorithm 2. 3) end-to-end delay;

Authorized licensed use limited to: American University of the Middle East. Downloaded on October 05,2021 at 06:21:58 UTC from IEEE Xplore. Restrictions apply.
YAZDINEJAD et al.: ENABLING DRONES IN INTERNET OF THINGS WITH DECENTRALIZED BLOCKCHAIN-BASED SECURITY 6411

TABLE I
S IMULATION PARAMETERS

where the results are then compared with peer models. Next,
the effect of the proposed architecture on the authentication of
drones during communication and handling attacks is inves-
tigated. Then, the impact of blockchain technology on the
proposed architecture is evaluated. Finally, the evaluation of
DDPOS and key processing time algorithm is compared with
other algorithms.

A. Performance Evaluation
A simulator is a crucial element for examining and veri-
fying models and structures of any system and policy. The
proposed architecture is assessed using the NS-3 V3.35 simu-
lator [2] which is a well-established network simulator that is
applied for a plethora of researches in the network areas with a
reasonably well-used opensource blockchain plugin for it [8].
This plugin gives the customizability to extend the consen-
sus algorithm, which we utilized to implement DDPOS. The
details and source files of this plugin are presented in [1] with
a high-level description for modifying and extending it.
The NS-3 simulator supports the largest of the networking
models and protocols. Moreover, it supports the largest
types of networking devices. For the evaluation of the
proposed architecture performance, the simulation parameters
are presented in Table I. To achieve more realistic results, we
ran the simulation for 30 min with 2000 transactions between
drones and drone controller during movement in zones. The
average results were obtained over 100 simulations in our
scenario.
For comparing our proposed architecture’s performance
Fig. 5. Comparison of network performance. (a) Throughput. (b) End-to-end
metrics, we used the approach in, Secure Lightweight [18], delay. (c) Packet loss rate.
which is a lightweight user authentication scheme for the IoD.
Additionally, we design another scenario as a basic model
during the simulation. The basic model does not incorpo- Throughput: We measure throughput as the number of bits
rate the blockchain technology. Instead, it simply applies a carried per unit time in each zone [19], which mathematically
common technique for drone authentication proposed in [7], remarks that we have examined the simulation time as 30 min,
which uses a third-party authentication server, in the authen- entirely real time. In Fig. 5(a), the throughput assessments for
tication process, and authenticated ephemeral key exchange the proposed architecture, Secure Lightweight, and the basic
between participants. The basic model cannot support P2P model are 260, 201.5, and 223.89 b/second (b/s), respectively.
communication compared with our model, and it depends on The throughput of our system is more than that for other meth-
the authentication server during runtime. ods. This is because the proposed architecture did not need

Authorized licensed use limited to: American University of the Middle East. Downloaded on October 05,2021 at 06:21:58 UTC from IEEE Xplore. Restrictions apply.
6412 IEEE INTERNET OF THINGS JOURNAL, VOL. 8, NO. 8, APRIL 15, 2021

reauthenticate and has less communication compared to other

methods.
End-to-End Delay: It is defined as the average time needed
by the data packets to reach a drone controller or another drone
from a drone [19]. Of the outcomes presented in Fig. 5(b),
it can be observed that the end-to-end delays are 0.0226,
0.210, and 0.03985 b/s for the proposed architecture, Secure
Lightweight, and the basic model, respectively. The end-to-
end delay of the proposed work is less than that for other
models [7], [18]. This is so that the proposed architecture
uses the zone-based structure and distributed authentication
as a result; it creates less end-to-end delay as compared to the
other models.
Packet Loss Rate: It is a different critical network mea-
sure that is calculated by the number of packets that are lost
per unit time. For secure network connections, it is expected
that the packet loss rate must be quite low [19]. Fig. 5(c)
demonstrates packet loss rates below various situations among
the proposed architecture and other existing models. As the
results suggested, the proposed architecture compared to the
peer models has a low loss rate of packets.

B. Authentication During Communication

In this particular analysis, we were interested in observing
the effect of the proposed architecture on the authentication
of drones during secure communication and handling attacks.
The evaluation of the authentication of drones in the proposed
architecture is compared with the basic model.
Authentication Delay: It is defined as the time required to
authenticate a drone after the request is sent by the specific
drone. As mentioned earlier, in the peer model, drones should
authenticate in the zone and during movements among zones
reauthenticate again to ensure uninterrupted secure communi- Fig. 6. Proposed architecture effect on authentication. (a) Authentication
cation. This painstaking process requires reapproving drones delay. (b) Attack detection probability.
between zones for continuity in the authentication. In our
proposed architecture, drones do not need to reauthenticate
when traveling between various zones. Fig. 6(a) illustrates the blockchain. During the evaluation, as presented in Fig. 6(b),
comparison between the delay of the proposed architecture and the ability of the proposed architecture and the basic model is
the basic model. As results suggested, all drones were able to simulated with ten zones, 100 drones, 50 malicious drones,
move among zones faster than the peer model, attesting to the and ten drone controllers. As demonstrated in the results,
efficiency of the proposed work. the proposed architecture detected roughly 97.5% of attacks
Authentication Attacks: It is defined as the different types launched by the malicious drones while the basic method could
of attacks that authentication procedures may face in a detect about 55%.
given network. The introduced architecture was exposed to
some popular Denial-of-Service attacks (DoS/DDoS), such as C. Blockchain Effect
SYN/UDP/TCP Flood, as well as the authentication attack, It goes without saying that blockchain can have a direct
known as AUTH, which can happen when a drone attempts to effect on IoD [14]. In this section, we evaluate the impact of
join a zone [12]. Moreover, a drone controller should be pre- blockchain, including the block size and the number of min-
pared to face these types of attacks in a well-connected smart ers in the proposed architecture, especially on bandwidth and
city infrastructure. For example, in authentication attacks, a throughput. The block size determines the most considerable
malicious drone attempts to join a zone in the network using number of transactions conducted within a block. This size,
a fake or a blocked ID. We can see clearly from Fig. 6(b) the thus, manages the throughput achieved by the proposed archi-
attack detection rate in the proposed architecture. We exam- tecture. Big blocks provoke more slow propagation in each
ined attacks where drones attempt to join an associated zone zone. Fig. 7(a) shows that with the increase in the block size
with a fake ID through simulation. Also, the DoS/DDoS attack from 0.1 up to 1 MB, the bandwidth consumption increases
is simulated by floods of both UDP and TCP packets. Thus, with the growing the block size. Indeed, this parameter has
via P2P communication, attackers can obtain data from the a direct effect on bandwidth in the proposed architecture.

Authorized licensed use limited to: American University of the Middle East. Downloaded on October 05,2021 at 06:21:58 UTC from IEEE Xplore. Restrictions apply.
YAZDINEJAD et al.: ENABLING DRONES IN INTERNET OF THINGS WITH DECENTRALIZED BLOCKCHAIN-BASED SECURITY 6413

Fig. 8. Comparison of handover authentication delay.

Fig. 9. Comparison of key processing time.

areas for confirmation. In DDPOS, there is no need to reau-

thenticate when being drones moved to other areas since they
Fig. 7. Impact of blockchain on the proposed architecture. Impact of (a) block
size on bandwidth and (b) block size and miners on throughput.
are once authenticated and now are valid. Fig. 8 illustrates the
comparison between handover authentication delay of DDPOS
and two other models that with the increase in the number of
Fig. 7(b) indicates that with the increasing number of min- nodes, there will be more movement and mobility, so DDPOS
ers from 16 up to 128, and the block size from 0.1 up to has less delay during the handover authentication process.
1 MB in the whole of the smart city’s zones, the throughput Regarding the key processing time in the proposed architec-
of the proposed architecture will increase. As a matter of fact, ture, the public-key and private-key transfer time in each zone
the increase in the number of miners, it helps the drone con- during drone migration should be considered. As a result, the
trollers to reach the consensus quickly. Moreover, the proposed key processing time in our work is compared with DPOS [20]
architecture can handle more transactions in each block with and POW [20] models which are presented in Fig. 9. With
increasing the size of the block. As a result, it will grow the growing the count of transactions while nodes are moving
throughput rate in the proposed architecture. in the network, our key processing time algorithm has bet-
ter performance owing to the fact that the drone controller has
D. Evaluation of DDPOS and Key Processing the ability to manage keys and use a lightweight mechanism
for transfer keys that are presented in Algorithm 3. Moreover,
As has been mentioned, DDPOS has not only a consensus using zone-based architecture is a direct effect on managing
role in the proposed architecture but also can check/validate keys by the drone controller.
all transactions and approve the drones’ truth during drones’
authentication. To evaluate the DDPOS algorithm during
drones’ authentication in the proposed method, we compared E. Limitations
it with both POW-based [20] and network-based [20] models. In this section, the limitations are discussed from various
By and large, in the POW-based model, nodes need to reau- perspectives.
thenticated in the cells which are similar to our zones. Besides, 1) Geographic Area Range: A well-known problem with
these two models require separate protocols between various wireless and IoT architecture is that we should care

Authorized licensed use limited to: American University of the Middle East. Downloaded on October 05,2021 at 06:21:58 UTC from IEEE Xplore. Restrictions apply.
6414 IEEE INTERNET OF THINGS JOURNAL, VOL. 8, NO. 8, APRIL 15, 2021

about the geographic area range and covering it. [2] Ns3 Network Simulator. Accessed: Jul. 10, 2020. [Online].
Geographic area range has a direct and indirect effect on Available: https://www.isi.edu/nsnam/ns/
[3] R. A. Addad, T. Taleb, H. Flinck, M. Bagaa, and D. Dutra, “Network
the performance of any wireless and IoT architecture, slice mobility in next generation mobile systems: Challenges and
especially in the drone-based architecture. Therefore, potential solutions,” IEEE Netw., vol. 34, no. 1, pp. 84–93, Jun. 2020.
when we want to have a general-purpose architecture [4] S. Aggarwal, M. Shojafar, N. Kumar, and M. Conti, “A new secure data
for a smart city, the architecture needs to consider more dissemination model in Internet of drones,” in Proc. IEEE Int. Conf.
Commun. (ICC), 2019, pp. 1–6.
proper and efficient infrastructures until we can respond [5] D. Aneja, L. Kumar, and V. Sharma, “A cluster based approach for
to nodes all over the city. We cannot deny that geo- detection and protection of wormhole attack in wireless sensor network,”
graphic area range issues can have effects on throughput, Sensor Lett., vol. 17, no. 12, pp. 955–964, 2019.
utilization, and performance metrics such as delay. [6] J. H. Cheon et al., “Toward a secure drone system: Flying with real-
time homomorphic authenticated encryption,” IEEE Access, vol. 6,
2) Drones Speed: It is essential to mention that one of the pp. 24325–24339, 2018.
crucial specifics of the proposed architecture is the drone [7] J. Choi and S. Jung, “A handover authentication using credentials based
speed parameter. The drone speed parameter can have on Chameleon hashing,” IEEE Commun. Lett., vol. 14, no. 1, pp. 54–56,
Jan. 2010.
a side effect on the performance of drone-based archi- [8] A. Gervais. (Oct. 2016). Github Bitcoin-Simulator for Ns3. [Online].
tecture owing to the fact that this type of architecture is Available: https://github.com/arthurgervais/Bitcoin-Simulator
handling mobility and wireless communication feature [9] A. Koubâa et al., “Dronemap planner: A service-oriented cloud-based
of a drone. We cannot dismiss mobility issues that can management system for the Internet-of-drones,” Ad Hoc Netw., vol. 86,
pp. 46–62, Apr. 2019.
affect throughput, utilization, and performance. During [10] P. Kumar, P. Singh, S. Darshi, and S. Shailendra, “Analysis of
the simulation of the proposed architecture, we had con- drone assisted network coded cooperation for next generation wire-
sidered the speed of 10 m/s for drones. For higher speed, less network,” IEEE Trans. Mobile Comput., early access, Sep. 3, 2019,
doi: 10.1109/TMC.2019.2939308.
that might likely exist other issues tied to robustness in
[11] C. Lin, D. He, N. Kumar, K.-K. R. Choo, A. Vinel, and X. Huang,
the wireless link, and real-time authentication process. “Security and privacy for the Internet of drones: Challenges and
solutions,” IEEE Commun. Mag., vol. 56, no. 1, pp. 64–69, Jan. 2018.
V. C ONCLUSION [12] C. Lyu, X. Zhang, Z. Liu, and C.-H. Chi, “Selective authentication based
geographic opportunistic routing in wireless sensor networks for Internet
To ensure low latency and secure communication between of Things against DoS attacks,” IEEE Access, vol. 7, pp. 31068–31082,
drones in a smart city, the authentication process must be prop- 2019.
[13] K. Namuduri, Y. Wan, M. Gomathisankaran, and R. Pendse, “Airborne
erly established between the parties involved in each zone. network: A cyber-physical system perspective,” in Proc. 1st ACM
Sharing information through drones is a newer avenue of MobiHoc Workshop Airborne Netw. Commun., 2012, pp. 55–60.
research and could be revolutionary for the future of smart [14] T. Rana, A. Shankar, M. K. Sultan, R. Patan, and B. Balusamy, “An intel-
city technology. In this article, we tackled the secure and ligent approach for UAV and drone privacy security using blockchain
methodology,” in Proc. 9th Int. Conf. Cloud Comput. Data Sci. Eng.
low-latency authentication of drones using blockchain-based (Confluence), 2019, pp. 162–167.
security. Through a series of zones connected through a dis- [15] V. Sharma, I. You, and G. Kul, “Socializing drones for inter-service
tributed network using blockchain technology, our architecture operability in ultra-dense wireless networks using blockchain,” in Proc.
Int. Workshop Manag. Insider Security Threats, 2017, pp. 81–84.
provided users with a transparent and efficient mechanism
[16] W. Shi, H. Zhou, J. Li, W. Xu, N. Zhang, and X. Shen, “Drone assisted
for data security well suited for fast and secure communi- vehicular networks: Architecture, challenges and opportunities,” IEEE
cation. The proposed architecture allowed the migration of Netw., vol. 32, no. 3, pp. 130–137, Jan. 2018.
drones and secure data recorded in each zone. All drones in [17] J. Srinivas, A. K. Das, N. Kumar, and J. J. Rodrigues, “TCALAS:
Temporal credential-based anonymous lightweight authentication
the presented authentication scheme can also take part in P2P scheme for Internet of drones environment,” IEEE Trans. Veh. Technol.,
communication and easily migrate to and from other zones vol. 68, no. 7, pp. 6903–6916, Jun. 2019.
in the smart city via a decentralized identity. The authenti- [18] M. Wazid, A. K. Das, N. Kumar, A. V. Vasilakos, and J. J. Rodrigues,
cation process did not require reauthentication of drones and “Design and analysis of secure lightweight remote user authentication
and key agreement scheme in Internet of drones deployment,” IEEE
had a considerable impact on increasing throughput, reducing Internet Things J., vol. 6, no. 2, pp. 3572–3584, Apr. 2019.
time overhead, and, most importantly, the energy consumption [19] A. Yazdinejad, R. M. Parizi, A. Bohlooli, A. Dehghantanha, and
of any drone which is known to be energy constrained. For K.-K. R. Choo, “A high-performance framework for a network pro-
grammable packet processor using p4and FPGA,” J. Netw. Comput.
future research, tracking the use of network function virtualiza- Appl., vol. 156, Apr. 2020, Art. no. 102564.
tion (NFV) and software-defined networking (SDN) in a smart [20] A. Yazdinejad, R. M. Parizi, A. Dehghantanha, and K.-K. R. Choo,
city and its impact on the authentication process while com- “Blockchain-enabled authentication handover with efficient privacy pro-
tection in SDN-based 5G networks,” IEEE Trans. Netw. Sci. Eng., early
paring it with our proposed solution could be an interesting access, Aug. 28, 2019, doi: 10.1109/TNSE.2019.2937481.
avenue of research. In addition, applying AI can be further [21] A. Yazdinejad, R. M. Parizi, A. Dehghantanha, G. Srivastava, S. Mohan,
researched in the proposed architecture for routing and the and A. M. Rababah, “Cost optimization of secure routing with untrusted
movement of drones in zones to increase the throughput of the devices in software defined networking,” J. Parallel Distrib. Comput.,
vol. 143, pp. 36–46, Sep. 2020.
network. Similarly, the investigation of deep learning could be [22] A. Yazdinejad, R. M. Parizi, A. Dehghantanha, Q. Zhang, and
interesting during attack detection in the proposed architecture. K.-K. R. Choo, “An energy-efficient SDN controller architecture for IoT
networks with blockchain-based security. IEEE Trans. Services Comput.,
vol. 13, no. 4, pp. 625–638, Jul.–Aug. 2020.
R EFERENCES
[23] A. Yazdinejad, R. M. Parizi, G. Srivastava, A. Dehghantanha, and
[1] Bitcoin Simulator. Project Structure and Get Ready to Extend. Accessed: K.-K. R. Choo, “Energy efficient decentralized authentication in Internet
Aug. 20, 2019. [Online]. Available: https://arthurgervais.github.io of underwater things using blockchain,” in Proc. IEEE Globecom
/Bitcoin-Simulator/structure.html Workshops (GC Wkshps), 2019, pp. 1–6.

Authorized licensed use limited to: American University of the Middle East. Downloaded on October 05,2021 at 06:21:58 UTC from IEEE Xplore. Restrictions apply.
YAZDINEJAD et al.: ENABLING DRONES IN INTERNET OF THINGS WITH DECENTRALIZED BLOCKCHAIN-BASED SECURITY 6415

[24] A. Yazdinejad, G. Srivastava, R. M. Parizi, A. Dehghantanha, Hadis Karimipour (Senior Member, IEEE)
K.-K. R. Choo, and M. Aledhari, “Decentralized authentication of dis- received the Ph.D. degree in energy system
tributed patients in hospital networks using blockchain,” IEEE J. Biomed. from the Department of Electrical and Computer
Health Informat., vol. 24, no. 8, pp. 2146–2156, Aug. 2020. Engineering, University of Alberta, Edmonton, AB,
[25] A. Yazdinejad et al., “SLPOW: Secure and low latency proof of work Canada, in February 2016.
protocol for blockchain in green IoT networks,” in Proc. IEEE 91st Veh. She was a Postdoctoral Fellow with the
Technol. Conf. (VTC-Spring), 2020, pp. 1–5. University of Calgary, Calgary, AB, Canada,
[26] X. Yue, Y. Liu, J. Wang, H. Song, and H. Cao, “Software defined radio working on cyber security of the smart power grids.
and wireless acoustic networking for amateur drone surveillance,” IEEE She is currently an Assistant Professor with the
Commun. Mag., vol. 56, no. 4, pp. 90–97, Apr. 2018. School of Engineering, Engineering Systems and
[27] X. Zhu, C. Bian, Y. Chen, and S. Chen, “A low latency clustering method Computing Group, University of Guelph, Guelph,
for large-scale drone swarms,” IEEE Access, vol. 7, pp. 186260–186267, ON, Canada. Her research interests include the application of machine
2019. learning on security analysis, cyber–physical modeling, cybersecurity of the
smart grids, and parallel and distributed computing.
Dr. Karimipour serves as the Chair for the IEEE Women in Engineering
and the Chapter Chair for IEEE I NFORMATION T HEORY in Kitchener
Waterloo section. She is a member of the IEEE Computer Society.

Abbas Yazdinejad received the B.Sc. degree

in computer engineering from Shahid Bahonar
University of Kerman, Kerman, Iran, in 2014, and
the M.Sc. degree in computer system architecture
from the University of Isfahan, Isfahan, Iran, in
2016. He is currently pursuing the Ph.D. degree
with the Decentralized Science Lab, Kennesaw State
University, Kennesaw, GA, USA.
He is currently associated with the Cyber Science
Lab, School of Computer Science, University of Gautam Srivastava (Senior Member, IEEE)
Guelph, Guelph, ON, Canada. His research interests received the B.Sc. degree from Briar Cliff
are software-defined networking, FPGA design, IoT and network modeling, University, Sioux City, IA, USA, in 2004, and the
and blockchain security. M.Sc. and Ph.D. degrees from the University of
Victoria, Victoria, BC, Canada, in 2006 and 2012,
respectively.
He then taught for three years with the
Department of Computer Science, University of
Victoria, where he was regarded as one of the top
undergraduate professors in the Computer Science
Reza M. Parizi (Senior Member, IEEE) received Course Instruction. In 2014, he joined a tenure-track
the B.Sc. and M.Sc. degrees in software engineering position with Brandon University, Brandon, MB, Canada, where he is cur-
and computer science, and the Ph.D. degree in soft- rently active in various professional and scholarly activities. He was promoted
ware engineering from University Putra Malaysia, to the rank of Associate Professor in January 2018. He is active in research in
Seri Kembangan, Malaysia, in 2005, 2008, and the field of cryptography, data mining, security and privacy, and blockchain
2012, respectively. technology. In his five years as a research academic, he has published a total
He is the Director of the Decentralized Science of 80 papers in high-impact conferences in many countries and in high-status
Lab, Kennesaw State University, Kennesaw, journals (SCI and SCIE) and has also delivered invited guest lectures on big
GA, USA. He is a Consummate Technologist data, cloud computing, Internet of Things, and cryptography at many universi-
and a Software Security Researcher with an ties worldwide. He currently has active research projects with other academics
entrepreneurial spirit. He was with the New York in Taiwan, Singapore, Canada, Czech Republic, Poland, and the USA.
Institute of Technology, Old Westbury, NY, USA. His research interests are Dr. Srivastava is an Editor of several SCI/SCIE journals. He is an Associate
research and development in decentralized AI, blockchain systems, smart Editor of IEEE ACCESS.
contracts, and emerging issues in the practice of secure software-run world
applications.
Dr. Parizi is a Senior Member of IEEE Blockchain Community and ACM.

Ali Dehghantanha (Senior Member, IEEE)

received the Ph.D. degree in security in computing
from University Putra Malaysia, Seri Kembangan,
Malaysia, in 2011. He has a number of professional
certifications, including CISSP and CISM. Mohammed Aledhari received the Ph.D. degree
He has served as a Sr. Lecturer with the in computer science from Western Michigan
University of Sheffield, Sheffield, U.K., and as University, Kalamazoo, MI, USA.
an EU Marie-Curie International Incoming Fellow He is currently an Assistant Professor with
with the University of Salford, Salford, U.K. He is the Department of Computer Science, Kennesaw
the Director of the Cyber Science Lab, School of State University, Kennesaw, GA, USA. His cur-
Computer Science, University of Guelph, Guelph, rent research interests include the Internet of
ON, Canada. He has served for more than a decade in a variety of industrial Things, big data, computer vision deep learning, and
and academic positions with leading players in Cyber-Security and Artificial autonomous vehicles.
Intelligence. His main research interests are malware analysis and digital
forensics, IoT security, and application of AI in the cybersecurity.

Authorized licensed use limited to: American University of the Middle East. Downloaded on October 05,2021 at 06:21:58 UTC from IEEE Xplore. Restrictions apply.