Internet of Things (IoT) is ubiquitous because of its broad applications and the advance in communication technologies. The capabilities of IoT also enable its important role in homeland security and tactical missions, including Reconnaissance, Intelligence, Surveillance, and Target Acquisition (RISTA). IoT security becomes the most critical issue before its extensive use in military operations. While the majority of research focuses on smart IoT devices, treatments for legacy dumb network-ready devices are lacking; moreover, IoT devices deployed in a hostile environment are often required to be dumb due to the strict hardware constraints, making them highly vulnerable to cyber attacks. To mitigate the problem, we propose a light-weight authentication scheme for dumb IoT devices, in a case study of the UAV-sensor collaborative RISTA missions. Our scheme utilizes the covert channels in the physical layer for authentications and does not request conventional key deployments, key generations which may cause security risks and large overhead that a dumb sensor cannot afford. Our scheme operates on the physical layer, and thus it is highly portable and generalizable to most commercial and military communication protocols. We demonstrate the viability of our scheme by building a prototype system and conducting experiments to emulate the behaviors of UAVs and sensors in real scenarios.