Bio-2FA-IoD: A Biometric-Enhanced Two-Factor Authentication Protocol for Secure Internet of Drones Operations

The Internet of Drones (IoD) is increasingly utilized in sensitive applications, demanding robust authentication mechanisms. Traditional authentication methods face challenges from various attacks, and the unique operational context of IoD, including potential drone capture, necessitates advanced security measures. This paper proposes a Biometric-Enhanced Two-Factor Authentication Protocol for IoD (Bio-2FA-IoD), drawing inspiration from established principles in two-factor authentication and leveraging recent advancements in biometric security. The protocol aims to provide strong mutual authentication between a drone operator (via an operator device), the drone (acting as a relay), and a Ground Control Station (GCS), facilitated by a Trusted Authority (TA). We detail the registration and authentication phases, integrating fuzzy extractors for reliable biometric key generation, a technique proven effective in various secure systems. The security of Bio-2FA-IoD is then analyzed using BAN (Burrows-Abadi-Needham) logic to demonstrate the establishment of shared beliefs and authenticated key agreement, and through the Bellare-Pointcheval-Rogaway (BPR) model to formally prove its security against active adversaries in the Authenticated Key Exchange (AKE) context. A comparative performance evaluation highlights the protocol's efficiency in terms of computational and communication costs, positioning it as a viable solution for resource-constrained IoD environments.