G2Auth: Secure Mutual Authentication for Drone Delivery Without Special User-Side Hardware

Abstract

Because of its cost effectiveness and timeliness, package delivery using unmanned aerial vehicles (UAVs), called drone delivery, is drawing growing attention. Authentication is critical for ensuring that a package is not picked up by an attacker's drone or delivered to an attacker. As delivery drones are costly and may carry sensitive or expensive packages, a drone should not get very close to a person unless she is authenticated; thus, conventional authentication approaches that require human-drone physical contact do not work. Existing authentication methods for drone delivery suffer from one or multiple of the following limitations: (1) requiring special user-side hardware; (2) enforcing one-way authentication only; (3) being vulnerable to relay attacks; (4) having compatibility issues. We present the first system, named Greet-to-Auth (G2Auth, for short), that supports mutual authentication between a user and a drone, without these limitations. A user waves her hand holding a smartphone to conduct the authentication. The evaluation shows that it is secure, accurate, usable, and robust.