With the advances in 5G communication and mobile device, internet of drones (IoD) has emerged as a fascinating new concept in the realm of smart cities, and has garnered significant interest from both scientific and industrial communities. However, IoD are fragile to variety of security attacks because an adversary can reuse, delete, insert, intercept or block the transmitted messages over an open channel. Therefore, it is imperative to have robust and efficient authentication and key agreement (AKA) schemes for IoD in order to to fulfill the necessary security requirements. Recently, Nikooghadm et al. designed a secure and lightweight AKA scheme for internet of drones (IoD) in IoT environments. However, we prove that their scheme is not resilient to various security threats and does not provide the necessary security properties. Thus, we propose the essential security requirements and guidelines to enhance the security flaws of Nikooghadm et al.’s scheme.