PUF-Based Secure and Efficient Anonymous Authentication Protocol for UAV Towards Cross-Domain Environments

Abstract

Cross-domain authentication of drones has played an important role in emergency rescue, collaborative missions, and so on. However, the existing cross-domain authentication protocols for drones may cause privacy leakages and stolen-verifier attacks due to the storage of drone information by ground stations, and drones and ground stations are susceptible to capture attacks, which may suffer from impersonation attacks. To address these problems, we propose a lightweight cross-domain authentication protocol based on physical unclonable function (PUF). In the proposed protocol, the control center is not involved in the authentication process, preventing bottleneck problems when multiple drones authenticate simultaneously. Ground stations do not store drone information, effectively safeguarding against privacy leakage and stolen-verifier attacks. PUF is utilized to protect drones from capture attacks. We conduct both informal security analysis and formal security proof to demonstrate the protocol’s security. In terms of performance, compared with relevant schemes, our protocol shows remarkable efficiency improvements. Computationally, it is 5–92% more efficient. Regarding communication overhead, it is 9–68% lower than relevant schemes. For storage, it is 22–48% lower than relevant schemes. We simulated the proposed protocol using a Raspberry Pi 4B, which emulates the computational capabilities of actual UAV and ground stations. During the simulation, a large number of authentication requests were generated. We monitored key performance indicators such as authentication success rate, response time, and resource utilization. To test its security, we simulated common attacks like replay, forgery, and impersonation. The protocol’s timestamps effectively identified and rejected replayed messages. Meanwhile, the PUF mechanism and unique signature scheme foiled our attempts to forge authentication messages. These simulation results, combined with theoretical security proofs, confirm the protocol’s practical viability and security in real-world-like scenarios.

1. Introduction

Unmanned aerial vehicles (UAVs) or drones [1] have been utilized for a diverse range of applications, including remote sensing, real-time communication services, data transmission, and target tracking for surveillance and emergency situations [2,3]. In the field of environmental monitoring, drones play an important role in tracking endangered species, collecting climate data, and assessing disaster areas [4]. In the realm of traffic management, UAVs can effectively surveil high-risk vehicles, promptly respond to traffic accidents, and support traffic control operations [5,6]. One of the most advanced developments is the integration of joint operations within the military domain [7,8]. In the context of systematic, informationized, and intelligent naval warfare, the operational model of maritime UAV systems is progressively evolving towards new directions, such as cross-domain coordination. Due to their high mobility and flexibility, a substantial number of UAVs are required to navigate multiple domains for data collection, monitoring, and rescue. In China, with the development of e-commerce and logistics technology, delivery costs have increased and it is difficult to achieve delivery speeds that meet customer requirements, leading to drone delivery. In 2021, the Zhejiang Blood Center in China established the first unmanned aerial vehicle rapid blood delivery route to meet the urgent demand for blood in hospitals in remote areas such as islands. This necessity places higher demands on secure communication between UAVs and ground stations. UAVs need to quickly traverse different domains and establish connections, which requires efficient and secure authentication protocols.

UAVs often require traversal across multiple disparate domains to execute tasks or acquire information. In particular, the cross-domain joint operations of UAVs encompass maritime rescue, military collaboration and joint surveillance, etc. In order to improve the efficiency and response speed of city governance, UAVs are often used for collaborative data collection. Through large-scale model analysis and intelligent algorithm processing, real-time monitoring and management of city infrastructure are achieved, solving the problem of difficult integration and management of heterogeneous spatiotemporal data from multiple sources in space, sky, and air. This provides strong support for the sustainable development of cities. Zhou et al. [9] proposed a collaborative digital twins framework based on adaptive model parameter adjustment and model transmission algorithms, achieving accurate and real-time unmanned aerial vehicle services. Conventional single-domain authentication protocols [10,11] fail to meet the requirements of drone authentication in multi-domain scenarios [12]. It is essential to establish a protocol that ensures secure authentication of UAVs across diverse domains. The most popular method for designing a cross-domain authentication protocol is to apply blockchain [13,14]. However, the frequent execution of write and read operations on the blockchain may result in significant communication delays. Additionally, uploading information to the blockchain for identity verification may also lead to privacy breaches and impersonation attacks, which are detrimental to the execution of military operations.

Through the study of the authentication protocols of drones, we have found some common characteristics. Most of the scenarios of these protocols are to complete the authentication within a single domain with the trusted center serving as the participating third party, and it is unable to achieve cross-domain authentication. At the same time, these authentication methods also have the following limitations: the absence of perfect forward secrecy, the inability to resist drones or ground-station physical capture attacks and stolen-verifier attacks, and the lack of anonymity and unlinkability. The use of the key iteration algorithm or the bilinear pairing algorithm has greatly increased the overhead. The existing cross-domain authentication protocols struggle to effectively resist forgery attacks and capture attacks. Drones and ground base stations deployed in open areas are highly susceptible to physical intrusion or capture, which can lead to the exposure of private information. Furthermore, we have found that each base station must store information about all the drones that have successfully registered among the existing agreements [15]. If the ground base station in any area is compromised, all drone information and verification tables may be exposed.

Motivation and contributions: Due to the fact that drone information is stored at ground stations and that ground stations and drones are susceptible to capture attacks, the existing cross-domain authentication protocols for drones may face issues such as impersonation attacks, verification table theft attacks, inability to obtain privacy protection, and perfect forward security. To address these problems, based on physical unclonable function (PUF) and pseudonymous identities, we present a lightweight cross-domain authentication protocol. This scheme can withstand various attacks, including node tampering attacks, forgery attacks, and privacy leakage, while facilitating cross-domain authentication for drones. We employ physical unclonable functions (PUF) to safeguard the critical information stored in the drone against physical capture and tampering attacks [16,17]. We employ the signature mechanism; the control server generates and transmits signatures to the ground base station during the registration phase. Therefore, the ground station can perform secure authentication without needing to store any information about the drone. The lack of anonymity and non-linkability increases the risk of revealing the identity and behavior of the drones. Our approach ensures that drones can conduct secure and efficient authentication with ground stations across different domains.

The novelty of our protocol lies in several aspects. Firstly, unlike most existing protocols that rely on the control center for authentication, our protocol enables drones and ground stations to authenticate without the control center’s involvement. This not only prevents bottleneck problems during mass authentication but also reduces the potential risks associated with a single point of failure. Secondly, ground stations in our protocol do not store any drone information. This is a significant departure from traditional methods where ground stations store drone details, which are vulnerable to privacy leakage and stolen-verifier attacks. Our approach effectively safeguards against these threats. Thirdly, we make innovative use of PUF technology. Instead of simply using PUF as an additional security measure, we deeply integrate it into the protocol design. PUF protects drones from capture attacks by ensuring that even if a drone is physically captured, the attacker cannot access the critical information stored in it. Our contributions are as follows:

(1)

A PUF-based cross-domain authentication scheme that ensures the safe authentication of multiple drones when entering different domains is proposed, which is provably secure.

(2)

The proposed protocol has several advantages: the control center does not participate in the authentication process to prevent bottleneck problems caused by multiple drones performing authentication simultaneously; the ground stations do not store drone information to effectively prevent privacy leakage and stolen-verifier attacks; and PUF is used to prevent drone capture attacks.

(3)

The computation, communication and storage costs of the proposed protocol are significantly lower compared to some existing cross-domain authentication protocols, thereby demonstrating superior efficiency. The characteristics of the protocol make it a favorable choice for drone applications in cross-domain environments.

2. Related Works

Drones are required to go through the public and open wireless domain, which makes them vulnerable to various security attacks including anonymity and unlinkability and easily captured by the attacker. Therefore, a secure identity authentication protocol plays an important role in preventing unauthorized access.

In 2019, Srinivas et al. [18] designed a lightweight authentication protocol for the IoD environment. This agreement requires ground stations to store all relevant information about drones, and it lacks robust defenses against capture and forgery attacks. In 2020, Alladi et al. [19] designed a novel authentication protocol for UAV–UAV and UAV–Ground Station communication. A single ground station storing all the information of the drones that need to be authenticated can easily lead to privacy leakage. Simultaneously, the incorrect use of PUF in the agreement resulted in the failure to convey the correct information. ALI et al. [11] designed a lightweight authentication protocol for drones. Despite the use of biometric information for user authentication in the login phase, drones remain susceptible to capture and spoofing attacks. In 2021, Bansal et al. [20] designed an authentication scheme for dynamic drone fleets. Perfect forward secrecy is not guaranteed in these approaches. Wu et al. [21] designed an enhanced authentication scheme for drone communications. The agreement utilizes biometric information to encrypt personal information, but it fails to address the vulnerability of drones to capture attack. In 2022, Li et al. [22] designed a communication scheme toward UAV networks. The protocol utilizes bilinear pairing, which increases the computational overhead and presents certain security vulnerabilities, such as susceptibility to capture attacks. Yu et al. [23] designed a lightweight authentication scheme using PUF for IoD. However, the protocol primarily focuses on protecting user information using PUF while overlooking the security of UAVs. The protocol remains susceptible to capture attacks. These protocols [24,25] also integrate substantial computational resources into the encryption mechanism, thereby increasing the associated overhead. In 2023, Akram et al. [26] designed a blockchain-based privacy preserving authentication scheme for UAV networks, which guarantees the drones can securely authenticate when they enter the fixed ground stations. However, they fail to fulfill the requirement for drone authentication in complex scenarios. Zhang et al. [27] designed a lightweight authentication scheme for drones. The agreement improved operational efficiency; however, it overlooked the susceptibility of drones to physical intrusions, which poses a significant risk of information leakage. In 2024, Chandran et al. [28] designed a PUF-based lightweight authentication protocol for multi-drone use, which uses hash and XOR operations. Karmakar et al. [29] designed a blockchain-based distributed intelligent cluster drone authentication protocol. Nevertheless, the protocol is applicable solely within single-domain authentication environments and fails to address the requirements of drones operating in multi-domain settings.

The protocols mentioned above are all single-domain authentication. However, drones often require traversal across multiple disparate domains to execute tasks or acquire information in practical applications. Therefore, the research on cross-domain authentication protocols is of critical importance.

In 2022, based on blockchain, Feng et al. [30] designed a cross-domain authentication protocol for drones, which used multi-signature smart contracts to ensure secure communication. Tian et al. [15] proposed a PUF-based authentication scheme for drones towards multi-domain scenarios. To enable the effective recognition of drones, it is essential for each ground station to maintain a database containing information on all drones, which poses potential risks of information leakage and stolen-verifier attack. Zhang et al. [31] proposed a blockchain-based multi-factor cross-domain authentication scheme. This article utilized a novel approach to generate keys. However, the frequent generation of keys results in excessive overhead and delay. In 2023, Wang et al. [32] proposed a secure and privacy-preserving cross-domain handover authentication. To enhance security, several modules, including the blockchain module and the controller module, were incorporated into the protocol, significantly increasing computational overhead. In 2024, Karmegam et al. [33] proposed a blockchain-based drone authentication scheme for multi-domain scenarios. However, they failed to consider that drones are susceptible to physical attack, which may result in unauthorized information disclosure.

Through the analysis of the security and efficiency of the above schemes,

Table 1. Relevant work of drone authentication protocols.

Paper	Cryptographic Techniques	Single or Cross Domain	Disadvantages (Failure to Resist Attacks, Lack of Security Attributes and High Efficiency)	Solution
Srinivas et al. [18]	ECC, biometrics	single	Forgery, physical capture (drones), perfect forward secrecy	Utilize PUF and Diffie–Hellman key exchange protocol
Alladi et al. [19]	PUF	single	Wrong use of the PUF, anonymity and unlinkability (privacy disclosure), perfect forward secrecy	Utilize pseudo-identity and Diffie–Hellman key exchange protocol
Ali et al. [11]	biometrics	single	Physical capture (drones), unlinkability (privacy disclosure), stolen-verifier attack and perfect forward secrecy	Utilize PUF, pseudo-identity, signature mechanism and Diffie–Hellman key exchange protocol
Bansal et al. [20]	PUF	single	Physical capture (ground station), stolen-verifier attack and perfect forward secrecy	Utilize PUF, signature mechanism and Diffie–Hellman key exchange protocol
Wu et al. [21]	biometrics	single	Physical capture (drones), unlinkability (privacy disclosure), perfect forward secrecy	Utilize PUF, pseudo-identity and Diffie–Hellman key exchange protocol
Li et al. [22]	ECC, bilinear pairing	cross	Physical capture (drones and ground station), substantial computational overhead	Utilize PUF and ECC algorithm instead of the bilinear pairing
Yu et al. [23]	PUF, biometrics	single	Unlinkability (privacy disclosure), perfect forward secrecy	Utilize pseudo-identity and Diffie–Hellman key exchange protocol
Zhang et al. [27]	ECC	single	Physical capture (drones), anonymity and unlinkability (privacy disclosure), perfect forward secrecy	Utilize PUF, pseudo-identity and Diffie–Hellman key exchange protocol
Chandran et al. [28]	PUF	single	Anonymity and unlinkability (privacy disclosure), perfect forward secrecy	Utilize pseudo-identity and Diffie–Hellman key exchange protocol
Tian et al. [15]	PUF	cross	Physical capture (ground station), stolen-verifier attack and perfect forward secrecy	Utilize PUF, signature mechanism and Diffie–Hellman key exchange protocol
Wang et al. [32]	blockchain	cross	Physical capture (ground station), and perfect forward secrecy	Utilize PUF and Diffie–Hellman key exchange protocol
Karmegam et al. [33]	blockchain	cross	Physical capture (drones and ground station) and perfect forward secrecy	Utilize PUF and Diffie–Hellman key exchange protocol

presents the limitations and solutions of these protocols. In practical scenarios, both drones and ground base stations are vulnerable to physical capture attacks, which may lead to the leakage of critical information. Therefore, we use the physical unclonable function (PUF) to store critical information. The drone transmits information to the ground station through a public channel; if it fails to hide its real identity or fails to update its temporary identity dynamically, attackers can track behavior of the drones, resulting in the exposure of its real identity and linkability. We utilized a pseudo-identity instead of the real identity to participate in the authentication, and dynamically updated the messages transmitted over the public channel to ensure anonymity and unlinkability, simultaneously, using the Diffie–Hellman key exchange protocol to generate the session key. Based on the characteristics of the elliptic curve discrete logarithm problem, a session key is generated through a random number. In this way, even if the long-term key is accidentally leaked, the security of previous and subsequent sessions can be ensured. In some protocols, we have found that the ground base station needs to store the identity information of the drone in advance and rely on the participation of a third-party trusted center to complete the subsequent identity authentication, which can easily lead to stolen-verifier attack, resulting in privacy leaks. Therefore, we adopted a signature mechanism to complete the identity authentication between the UAV and the ground station without storing any identity information. Therefore, our protocol can defend against stolen-verifier attacks. The computational overhead and storage overhead of a drone are limited. Therefore, we adopted the elliptic curve cryptography mechanism to replace the traditional public key cryptography (RSA) and bilinear pairing. When achieving the same security strength, the required key length is much shorter. At the same time, by utilizing the signature mechanism, we have completed the identity authentication while minimizing the stored information.

3. System and Threat Models

3.1. System Model

Figure 1 is the system model, consisting of control server (CS), UAVs and ground stations (GS).

CS: This is an institution which is entirely secure and reliable. The control server (CS) is trustworthy and responsible for registering all drones and ground stations. The server provides a pseudonymous identity and public/private keys for each drone, while simultaneously maintaining all critical information pertaining to registered drones and ground stations.

GS: GS can be flexibly deployed in any location as required. It is tasked with conducting cross-domain authentication for drones that enter their designated area. After registering with the control server (CS), it becomes an independent domain that can oversee a specific range of drones.

UAV or drone: This has limited computational capabilities and communication overhead. However, due to its high mobility, it is required to traverse multiple domains to accomplish its missions. Drones must be securely authenticated with ground stations during their operations. After registration with the control center, the ground station and drone can subsequently operate independently.

At the hardware level, we assume that both UAVs and GSs are equipped with high-precision clock devices, which can maintain relatively stable time accuracy within a certain period. In terms of the communication mechanism, the protocol we designed can tolerate minor clock deviations to some extent. During the authentication process, since random numbers and timestamps are both involved in the calculation and verification of messages, even if there is a slight clock asynchrony, as long as the time deviation is within a reasonable range, the randomness of the random numbers can still ensure the validity of the authentication messages and reduce the likelihood of authentication failures caused by clock differences.

3.2. Threat Model

1. Attackers can capture drones and ground stations, obtain stored information, and launch various attacks.

2. Attackers can intercept information transmitted on public channels, launch forgery attacks, replay attacks, guess the identity of drones, etc.

4. Preliminaries

PUF is a unique and non-replicable hardware implemented using chip circuits for any input. PUF is regarded as analogous to human biometric identification, wherein minute variations in the semiconductor manufacturing process generate a unique identifier for each chip. These differences, such as minor variations in transistor size, inconsistencies in transistor threshold voltage, and electrical characteristics such as voltage gain, are inevitable in the manufacturing process. PUF leverages these intrinsic physical characteristics to produce a unique “response” for each “challenge”, PUF [34] operates through the implementation of challenge–response authentication. The fundamental value of PUF resides in the unclonability of its identifier. This means that each PUF produces a distinct and non-replicable identifier. Therefore, even if an adversary can capture the hardware device, all information protected by PUF within the device will not be leaked.

This technology utilizes the inherent random initial state of SRAM when powered on to generate a unique response. The uniqueness and unpredictability resulting from manufacturing process differences provide a basis for hardware-level security. This technology has advantages such as low power consumption (about 0.1–1 μW), fast response (<1 μs), and strong hardware compatibility, making it suitable for resource-constrained scenarios of unmanned aerial vehicles (UAVs) and ground stations.

In the hardware of UAVs and ground stations, PUF is integrated with key information modules. The PUF-protected information is in an isolated circuit. For example, in UAV chips, PUF-related parts are physically separated from common circuits. This design offers security and can replace some extra security startup safeguards. additionally, PUF has an implicit self-protection feature. When attacked physically, PUF’s responses become abnormal due to damaged physical features. So, attackers cannot access useful information as the protected data becomes invalid.

5. Proposed Protocol

In this phase, we introduce the cross-domain authentication protocol, which consists of three phases: initialization, registration of drones and ground stations, and authentication.

Table 2. The notations used in this scheme.

Notation	Description
CS	Control server
${UAV}_i$	i-th Unmanned aerial vehicle
${GS}_j$	j-th Ground station
${DID}_i$	Identity of i-th UAV
${PID}_i$	Pseudo-identity of i-th UAV
$S_{CS}{,K}_{CS}$	Secret and public key of CS
$S_{Di}{,K}_{Di}$	Secret and public key of UAVi
PUF	Physical unclonable function
${CHA}_i,{RES}_i$	Challenge and response of PUF
$T_1,T_2$	Timestamps
E ()	Encryption algorithm (AES-256)
D ()	Decryption algorithm (AES-256)
P	Generator
${SK}_{ij}$	Session key between UAVi and GSj
II	Concatenation
h ()	Hash function (SHA-256)
⊕	Bitwise XOR

shows the notations.

5.1. Initialization

The control server (CS) generates an elliptic curve E (GF_q), where GF_q and q are the finite field and large prime number. CS also chooses hash function h (), the private key S_CS and computes K_CS = S_CS · P. Then CS publishes the public parameters. h () makes use of the SHA-256 hash algorithm. The avalanche effect inherent in hash functions implies that the slightest alteration to the input data invariably triggers a substantial shift in the resulting hash value.

5.2. Registration

The registration of the UAVs and ground stations are shown in Figure 2 and Figure 3, respectively.

• UAV Registration phase

STEP-UR1: The UAV, also called drone sends its real identity DID_i to the control server.

STEP-UR2: After receiving the identity of drone, CS generates random number a_i and a private key S_Di and compute A_i = a_i · P, K_Di = S_Di · P,

And computes a pseudonymous identity PID_i and signature (µ_i, A_i) for the drone.

PID_i = E_h(SCS) (DID_i, a_i),

µ_i = h (K_CS ||A_i ||PID_i ||K_Di) · S_CS + a_i.

Then, CS sends the message {µ_i, PID_i, A_i, S_Di, K_Di} to UAV_i via a secure channel.

STEP-UR3: After receiving {µ_i, PID_i, A_i, S_Di, K_Di}, the drone verifies if µ_i ·P =? h (K_CS ||A_i ||PID_i ||K_Di) · K_CS + A_i, The UAV generates a challenge CHA_i and a response RES_i through the SRAM-PUF, which are used to encrypt and store the critical information F_i.

RES_i = PUF (CHA_i), F_i = E_h (RESi) (µ_i, PID_i, A_i, S_Di, K_Di).

{CHA_i, PUF (), F_i} are stored in the UAV_i for subsequent authentication.

2.

GS registration phase

STEP-GR1: The ground station sends its real identity GID_i to the control server.

STEP-GR2: After receiving the identity of GS, CS verifies the validity of the identity, CS will generate random numbers b_i and compute B_i = b_i · P, S_GSi = h (GID_i ||b_i) and set a signature θ_i for the ground station.

θ_i = h (K_GSi ||B_i ||GID_i ||K_CS) · S_CS + b_i

Then CS publishes K_GSi where K_GSi = S_GSi · P. CS sends the message {θ_i, B_i, K_GSi, S_GSi} to the GS_i through the secure channel.

STEP-GR3: After receiving {θ_i, B_i, K_GSi, S_GSi}, the GS verifies signature if θ_i · P =? h (K_GSi ||B_i ||GID_i ||K_CS) · K_CS + B_i. and selects a challenge CHA_j and uses the unique response value RES_j to store critical information.

RES_j = PUF (CHA_j), Y_G = h (GID_i ||RES_j) ⊕ S_GSi

GS_i stores {CHA_j, PUF (), Y_G, GID_i} for the next authentication. The ground station does not retain any data pertaining to the drones.

5.3. Authentication

Once drone UAV_i enters the designated area GS_j, it will transmit an authentication request to the ground station. At this point, UAV_i and GS_j will exchange a series of information to complete a mutual authentication. It is important to emphasize that the GS_j can represent any ground station within a multi-domain environment. Figure 4 shows the authentication process.

STEP-A1: The UAV_i generates two random numbers d₁, d₂, and computes as follows:

RES_i = PUF (CHA_i).

{µ_i, PID_i, A_i, S_Di, K_Di} = D_h (RESi) (F_i).

D₁ = d₁ · P, D₂ = d₁ · K_GSj

D₃ = h (D₁ ||PID_i ||K_Di ||K_GSj ||T₁ ||d₂) · S_Di + d₁,

D₄ = E_h (D2) (PID_i, µ_i, A_i, K_Di, _T1, D₃, d₂),

where T₁ is timestamp, and then sends message {D₁, D₄, T₁} to ground station GS_j. In this process, the SHA-256 hash function processes the concatenated message. Due to the characteristics of SHA-256, any change in a single bit of the message will result in a completely different hash value. Thus, when GS_j receives the message, it recalculates the SHA-256 hash value of the same message and compares it with the hash part in the received D₃. If they match, it indicates that the message has not been tampered with during transmission, ensuring the integrity of the message. Similarly, the generation of D₄ also relies on the processing of relevant messages by SHA-256, further enhancing the message integrity verification.

STEP-A2: Upon receiving {D_1, D_4, T₁}, GS_j checks the freshness of T₁, and computes RES_j= PUF (CHA_j), S_GSi = h (GID_i ||RES_j) ⊕ Y_G. After that, GS_j calculates D_{5 =} D_{1 ·} S_GSj. If D₅ = D₂. The ground station is subsequently able to decrypt D₅ from D₄ as (PID_i, µ_i, A_i, K_Di, T₁, D₃, d₂) =D_h (D5) (D₄), and computes as follows:

µ_i · P =? h (K_CS ||A_i ||PID_i ||K_Di) · K_CS + A_i

D₃ · P =? h (D₁ ||PID_i ||K_Di ||K_GSj ||T₁ ||d₂) · K_Di + D₁

If they are correct, GS_j generates a random number d₆ and timestamp T₂, computes D₆ = d₆ · P, SK_ij = h (D₁ · d₆ ||PID_i ||GID_j). Then calculates the verification information D₇ = h (D₆ ||SK_ij ||GID_j ||PID_i ||T₂ ||d₂).

GS_j sends message {T₂, D₆, D₇, GID_j} to UAV_i.

STEP-A3: After receiving {T₂, D₆, D₇, GID_j}, UAVi first checks the freshness of T₂. If T₂ is fresh, UAV_i generates session key SK_ji = h (D₆ · d₁ ||PID_i ||GID_j), and verifies the correctness of D₇ as follows:

D₇ =? h (D₆ ||SK_ji ||GID_j ||PID_i ||T₂ ||d₂).

Therefore, UAV_i and GS_j have completed mutual authentication and negotiated a session key SK_{ji =} SK_ij.

6. Security Analysis

6.1. Formal Security Proof

• Random Oracle Model of the Proposed Protocol

The participants of our protocol consist of CS, UAV and GS. In the i-th instance, ${\Pi }_{CS}^i,{\Pi }_{GSj}^j,{\Pi }_{UAVi}^i$ represent participants. If the correct request is received, the status of the oracle is Accept. If oracle ${\Pi }_{GSj}^j and {\Pi }_{UAVi}^i$ are in Accept and the session key$S{K}_{ij}^i\left(S{K}_{ji}^i\right)$ has been agreed upon, the oracles ${\Pi }_{GSj}^i\left({\Pi }_{UAVi}^i\right)$ obtain their session identities $SI{D}_{GSj}^i\left(SI{D}_{UAVi}^i\right)$. If the following conditions are met, the oracle can be considered a partner.

(1)

The session key $S{K}_{ij}^i=\left(S{K}_{ji}^i\right)$.

(2)

The session identity $SI{D}_{GSj}^i=SI{D}_{UAVi}^i$.

(3)

The participant identities $PI{D}_{UAVi}^i={\Pi }_{GSj}^j,PI{D}_{UAVi}^i={\Pi }_{UAVi}^i$.

Definition 1.

(Queries): Define queries to simulate various attacks.

• $\mathit{Execute} ({\Pi }_{GSj}^j,{\Pi }_{UAVi}^i)$: An adversary is able to intercept all the information transmitted between. ${\Pi }_{GSj}^j$ and ${\Pi }_{UAVi}^i$.
• Send $({\Pi }_{GSj}^j,{\Pi }_{UAVi}^i,m)$: A forges a message m to ${\Pi }_{GSj}^j or {\Pi }_{UAVi}^i$, if the message is correct, ${\Pi }_{GSj}^j or{ \Pi }_{UAVi}^i$ response A.
• Reveal $({\Pi }_{GSj}^j,{\Pi }_{UAVi}^i,m):$ A can obtain the mutual session key via ${\Pi }_{GSj}^j,{\Pi }_{UAVi}^i$.
• Test $({\Pi }_{UAVi}^i,r)$: It will only be executed once. It generates a random bit r, if r = 1, it returns the real session key, otherwise it returns a random number.
• Corrupt$\left({\Pi }_{UAVi}^i\right)$: It simulates intercepting drone attacks and returning stored information {$CH{A}_i,PUF\left(\right),F_i \}$.
• Corrupt$\left({\Pi }_{GSj}^j\right)$: It simulates capturing GS attack and returns stored information {$CH{A}_j,PUF\left(\right),Y_G,GI{D}_i$}.

Definition 2.

(Freshness): If the following conditions are met, then the instance is fresh:

(1)${ \Pi }_{GSj}^j \mathrm{a}\mathrm{n}\mathrm{d} {\Pi }_{UAVi}^i$ are in the Accept state; (2) A has not yet executed Reveal $({\Pi }_{GSj}^j and{ \Pi }_{UAVi}^i)$ to obtain the session key.

Definition 3.

(Semantic security): After executing a maximum of one Test $\left({\Pi }_{UAVi}^i\right)$ and multiple Execute $({\Pi }_{GSj}^j and {\Pi }_{UAVi}^i)$, Execute $({\Pi }_{GSj}^j and {\Pi }_{UAVi}^i,\mathrm{m})$ and Reveal $({\Pi }_{GSj}^j,{\Pi }_{UAVi}^i)$ queries. A guess the generated random bit $\gamma$, the possibility of success is $Ad{v}_P^A=\left|2Pr\left[suc\left(a\right)-1\right]\right|, if Ad{v}_P^A<\eta$, where $\eta$ is sufficiently small, the protocol is secure.

2.

Formal Proof

Theorem 1.

The advantage of attacker A obtaining session key in polynomial time is as follows:

$$\$Ad{v}_P^A\le {\displaystyle \frac{q_{HA}^2}{2^{l_{HA}}}}+{{\displaystyle \frac{(q_{SE}+q_{EX})}{n}}}^2+2Ad{v}_{ECDLP}^A+2q_{SE}Ad{v}_{PUF}^A\$$$

where $q_{HA},q_{EX},q_{SE}$ are the times of executing Hash, Execute, Send, respectively. $n$and $l_{HA}$ are the length of transcripts, hash, respectively. The advantage of breaking ECDLP and PUF are $Ad{v}_{ECDLP}^A, Ad{v}_{PUF}^A$, respectively.

The hash function h() here uses the SHA-256 algorithm, and SHA-256 has a digest length of 256 bits. According to the birthday paradox, in practical application scenarios, assuming the number of hash calculations performed by the attacker is $q_{HA}$ and the hash digest length is $l_{HA}$ (here, $l_{HA}$ corresponds to the 256-bit digest length of SHA-256), when $q_{HA}$ is much smaller than $2^{l_{HA}/2}$ (i.e., $2^{128}$), the probability of a hash collision is extremely low. In the operating environment of this protocol, $q_{HA}$ generally does not reach such a large order of magnitude. Therefore, the possibility of message integrity being compromised due to hash collisions is minimal. This indicates that in the face of collision attacks, the hash calculation based on SHA-256 can effectively safeguard the integrity of messages.

Proof. 

The attacks launched by A are defined using games $\mathrm{G}\mathrm{a}\mathrm{m}{\mathrm{e}}_{\mathrm{i}}(0\le \mathrm{i}\le 4)$. $Wi{n}_i(0\le i\le 4)$ indicates that A guesses the random bit r in $Gam{e}_i$. The games are defined as follows:

$Gam{e}_0$: This game simulates A launching a real attack first. According to the definition, the following is obtained:

$$Ad{v}_P^A=\left|2Pr\right[Wi{n}_0]-1|$$

(1)

$Gam{e}_1$: This game simulates an eavesdropping attack. A retrieves all publicly transmitted messages $\{D_1,D_4,T_1,T_2,D_6,D_7,GI{D}_j\}$ between ${\Pi }_{GSj}^j and {\Pi }_{UAVi}^i$. Then, A executes Test$\left({\Pi }_{UAVi}^i\right)$ and guesses if it is the real session key. However, due to the random numbers and ECDLP, the attacker is unable to obtain any relevant information between the captured messages and the session keys. Therefore, the following is obtained:

$$Pr\left[Wi{n}_0\right]=Pr\left[Wi{n}_1\right]$$

(2)

$Gam{e}_2$: This game simulates the collision attack on hash results and transcripts, as evidenced by the birthday paradox:

$$Pr\left[Wi{n}_2\right]-Pr\left[Wi{n}_1\right]\le {\displaystyle \frac{q_{HA}^2}{2^{l_{HA}+1}}}+{{\displaystyle \frac{(q_{SE}+q_{EX})}{2n}}}^2$$

(3)

$Gam{e}_3:$ This game simulates executing corruption attacks $corrupt\left({\Pi }_{UAVi}^i\right), \mathrm{GS}\left(G{S}_J\right)$to obtain the stored information $\{CH{A}_i,PUF(),F_i\}$in the${UAV}_i \mathrm{a}\mathrm{n}\mathrm{d} \{CH{A}_j,PUF(),Y_G,GI{D}_i\}$ in the $G{S}_J$, where $RE{S}_i=PUF\left(CH{A}_i\right)$,$F_i=E_{h\left(RE{S}_i\right)}\left({\mu }_i,PI{D}_i,A_i,S_{Di},K_{Di}\right), RE{S}_j=PUF\left(CH{A}_j\right),{ Y}_G=h\left(GI{D}_i\right|\left|RE{S}_j\right)\oplus S_{G{S}_i}$. If A can obtain the secret parameters, he must destroy PUF. The probability of A destroying PUF is $Ad{v}_{PUF}^A$.

Therefore, it has the following:

$$Pr\left[Wi{n}_3\right]-Pr\left[Wi{n}_2\right]\le q_{SE}Ad{v}_{PUF}^A$$

(4)

$Gam{e}_4$: A can obtain $D_1=d_1\cdot P, D_6=d_6\cdot P$ for session key agreement. This game simulates A calculating a session key based on a transcript. It gives the following:

$$Pr\left[Wi{n}_4\right]-Pr\left[Wi{n}_3\right]\le Ad{v}_{ECDLP}^A$$

(5)

The session keys are randomly generated. Therefore, the advantage of guessing r is equivalent to guessing the session key. It gives the following:

$$Pr[Wi{n}_4]={\displaystyle \frac{1}{2}}$$

(6)

$${\displaystyle \frac{1}{2}}Ad{v}_P^A=|Pr[Wi{n}_0]-{\displaystyle \frac{1}{2}}|\le {\displaystyle \frac{q_{HA}^2}{2^{l_{HA}+1}}}+{{\displaystyle \frac{(q_{SE}+q_{EX})}{2n}}}^2+Ad{v}_{ECDLP}^A+q_{SE}Ad{v}_{PUF}^A$$

$$Ad{v}_P^A\le {\displaystyle \frac{q_{HA}^2}{2^{l_{HA}}}}+{{\displaystyle \frac{(q_{SE}+q_{EX})}{n}}}^2+2Ad{v}_{ECDLP}^A+2q_{SE}Ad{v}_{PUF}^A$$

□

6.2. Informal Security Analysis

(1)

Stolen-verifier attack

In public networks, ground stations may be hacked. If they store UAV verification parameters traditionally, attackers can use leaked parameters for illegal authorization. Because CS and GS do not store any verification parameters, the protocol is resistant to stolen-verifier attacks.

(2)

Replay attack

In public networks, signals are vulnerable to interference and interception. Attackers may intercept the authentication messages transmitted between UAVs and ground stations and then resend these messages at a later time, attempting to deceive the system into authenticating. This protocol resists replay attacks by using timestamps and random numbers. During the authentication process, UAVs and ground stations verify the timestamps in the messages. If the timestamp does not fall within the current time range, the message will be determined as a replayed message and the authentication will be rejected. During the authentication process, both the UAV and GS will generate random numbers (such as d₁ and d₂ generated by the UAV and d₆ generated by GS). These random numbers are involved in the calculation and verification of messages, making the content of each authentication message random. Even if an attacker intercepts a previous authentication message, due to the presence of random numbers, the replayed message cannot pass the verification because the calculation results related to the random numbers in the verification equation will change, thus avoiding the impact of duplicate challenges and replay attacks.

(3)

Forgery attack and impersonation attack

In a public network environment, attackers may attempt to forge the identities of UAVs to obtain unauthorized access rights. If the adversary A wants to impersonate the UAVi to authenticate with GS, A must forge {D₁, D₄, T₁}, where D₄= E_h(D2) (PID_i, µ_i, A_i, K_Di, T₁, D₃, d₂). However, µ_i is the signature given to the UAVi by the CS, which the adversary cannot forge. Due to the PUF mechanism, the response value cannot be forged. A also cannot get D₄, D₂. Therefore, it is impossible for A to forge the UAVi. Suppose the adversary A captures and impersonates GS_j to respond to the UAVi. A must forge {T₂, D₆, D₇, GID_j}. Then A must be able to forge D₅ = D₁ · S_GSj, where S_GSj is the private key given to the UAVi by the CS, and protected by a PUF, so that it cannot be forged. Therefore, our protocol can resist forgery attack and impersonation attack.

(4)

Captured attack

In practical situations, whether it is a UAV in an urban environment (such as a civilian UAV used for filming) or a UAV in military operations, there is a possibility of being captured due to accidents or enemy attacks. Once a UAV is captured, if the critical information it stores does not have adequate protection measures, attackers can obtain this information, thereby threatening the security of the entire system. In our protocol, each ground station is required to store {CHA_j, PUF (), Y_G, GID_i} where RES_j = PUF (CHA_j), Y_G = h (GID_i ||RES_j) ⊕ S_GSi. Drones are required to store {CHA_i, PUF (), F_i}. Even if a ground station and drone are captured, A cannot extract the secret information due to the characteristics of PUF.

(5)

Known-key security

In the public network environment, UAVs communicate with ground stations, generating a large number of session keys during this process. If the session keys do not have known-key security, once a certain session key is leaked, attackers may use this key to obtain the communication content. The session key SK_ij = SK_ji = h (D₆ · d₁ ||PID_i ||GID_j) = h (d₆ ·D₁ ||PID_i ||GID_j) = h (d₆ · d₁ · P||PID_i ||GID_j), where d₆ and d₁ are random numbers in each session. Due to one-way hash function and the computational Diffie–Hellman problem (CDHP), even if A obtains the session key, he or she will not be able to obtain any useful information.

(6)

Perfect forward secrecy

In military operations, if the long-term keys are obtained by the enemy and the session keys do not have perfect forward secrecy, the enemy may be able to deduce the previous session keys from the long-term keys, and thus obtain all the content of previous communications. This poses a great threat to the confidentiality of military operations. In the public network environment of cities, if the system of a certain service provider has such security vulnerabilities, users’ private information may be leaked. In our protocol, the session key SK_ij = SK_ji = h (D₆ · d₁ ||PID_i ||GID_j) = h (d₆ · D₁ ||PID_i ||GID_j) = h (d₆ · d₁ · P||PID_i ||GID_j). Because d₆ and d₁ are once generated by the UAV and GS in each session, respectively, even if an adversary obtains long-term keys, he or she cannot obtain any session key due to hash function and CDHP.

(7)

Anonymity and unlinkability

In urban environments and military operations, UAVs may be used to carry out sensitive tasks. If the identities and flight paths of UAVs are leaked, it could pose a threat to security. In our scheme, the true identity DID_i of the UAV is hidden in the pseudo-identity PID_i generated by CS during the registration phase, where PID_i = E_h (SCS) (DID_i, a_i), and only CS can decrypt and obtain the true identity DID_i. In addition, only GS_j can decrypt the public message D4 with its own private key S_GSi to obtain the UAV’s pseudo- identity, because GS_j’s private key is protected by PUF, so attackers cannot obtain the UAV’s pseudo-identity. During the authentication process, neither the true identity nor pseudo-identity of UAV are transmitted via public channels, and attackers cannot infer the true or pseudo-identity of the UAV from the information transmitted through the public channels.

(8)

Malicious UAV tracking

In urban and military environments, if malicious UAVs interfere with the normal communication order or conduct illegal activities, it is necessary to be able to track their identities. In our protocol, CS can recover the identity of the UAVi by decrypting PID_i, where (DID_i, a_i) = D_h (SCS) (PID_i).

(9)

Denial-of-service (DoS) attacks

From the perspective of the system architecture, the ground stations are designed with multiple distributed and redundant nodes. These nodes can replace each other, directly interact with UAVs, and handle authentication requests. This distributed architecture is crucial for mitigating DoS attacks. Even if some ground station nodes are attacked, other nodes can still operate normally, allowing UAVs to authenticate at unaffected nodes and ensuring system availability during high-volume concurrent authentication requests.

In terms of the authentication process, upon receiving an authentication request from a UAV, the ground station can quickly verify the UAV’s identity and the timeliness of the message at a low cost (about 3 ms). This enables the ground station to identify invalid or malicious requests early. Only valid requests that pass the preliminary verification will proceed to the subsequent authentication steps, avoiding resource exhaustion caused by processing a large number of invalid requests.

Moreover, due to the strict encryption and security protocols in the authentication mechanism of this protocol, it is difficult for attackers to forge valid identities. This reduces the likelihood of a successful DoS attack from the source because attackers can hardly exhaust system resources by forging a large number of legitimate requests.

In summary, when facing DoS attacks, this protocol is protected from multiple dimensions, including architecture design, authentication process, and encryption security protocols, which can effectively resist DoS attacks and ensure the stable operation of the system.

7. Performance Analysis

We focused on assessing the computational resources consumed during the authentication process. By identifying the key cryptographic operations involved in the protocol, such as hashing, encryption, decryption, modular exponentiation, and elliptic curve multiplication, we were able to calculate the overall computational cost. For each operation, we measured the execution time using a representative device. This allowed us to compare the computational efficiency of our protocol with related existing protocols.

To analyze the communication overhead, we counted the number of bits transmitted between different entities (UAVs and ground stations) during the authentication phase. This included messages such as authentication requests, responses, and session key negotiation data. We also considered the storage requirements of the protocol. We calculated the number of bits that need to be stored on UAVs and ground stations for the authentication process. This involved factors like storing identities, keys, and other relevant information.

We used a Raspberry Pi 4B as our test bench. The Raspberry Pi 4B is equipped with a quad-core 64-bits ARM Cortex-A72 processor running at 1.5 GHz and has 2 GB LPDDR4 SDRAM. Its performance characteristics are closer to those of actual ground stations in a UAV network compared to high-performance computers. This made the results obtained from our tests more practical and representative of real-world scenarios. We measured the execution time of various operations on the Raspberry Pi 4B, including hash (SHA-256), asymmetric encryption/decryption (RSA-1024), symmetric encryption/decryption (AES-256), modular exponentiation, bilinear pairing, asymmetric encryption-based signature (RSA-1024), and elliptic curve multiplication.

For mathematical operations, the GMP (GNU Multiple Precision Arithmetic Library) was adopted. It provides high-precision integer, rational number, and floating-point number arithmetic capabilities, which can meet the requirements of complex mathematical calculations in this research. For example, in ECC-related operations, there is a high demand for the processing of large integers. The GMP library ensures the accuracy and efficiency of calculations.

Regarding cryptographic operations, the OpenSSL library is introduced. This is a powerful open-source cryptographic library that supports multiple encryption algorithms, such as the AES-256 symmetric encryption algorithm and the SHA-256 hash function used in this study. It provides reliable implementations for data encryption, decryption, and message-integrity verification in the protocol, guaranteeing the security of communication.

In terms of PUF modeling, currently, there is no unified standard framework. However, we have drawn on some existing research results and utilized hardware description language (HDL) to model the physical characteristics of PUFs. This approach allows us to simulate their response processes to different challenges. During the modeling process, when taking into account the requirements of security and efficiency in practical applications, we set the key size of the PUF to 128 bits. This specific key length is carefully chosen because it can not only ensure a high level of security but also effectively control the computational overhead. By doing so, the PUF can resist physical capture attacks without imposing excessive computational burdens on the system, thus striking a balance between security and performance.

These measured execution times were then used to calculate the computational cost of the proposed protocol and compare it with other related protocols. The measured execution times for other operations were incorporated into the overall performance analysis, with the time costs obtained, as shown in

Table 3. Execution time of operation.

Operation	Execution Time (ms)
Hash (SHA-256)	TH ≈ 0.019
Asymmetric encryption/decryption (RSA-1024)	TAS ≈ 19.536
Symmetric encryption/decryption (AES-256)	TED ≈ 0.794
Modular exponentiation	TME ≈ 5.026
Bilinear pairing	TBP ≈ 44.517
Asymmetric encryption-based signature (RSA-1024)	Tsig ≈ 17.624
Elliptic curve multiplication	TECC≈ 2.610

.

7.1. Security Comparison

Table 4. Comparison of security properties.

Attacks/Properties	[31]	[24]	[25]	[26]	Ours
Off-line Password Guessing Attack	-	-	χ	-	√
Man-in-Middle Attack	√	√	√	√	√
Captured Attack	√	χ	χ	χ	√
Stolen-Verifier Attack	χ	√	χ	χ	√
Impersonation Attack	√	χ	χ	χ	√
Identity Anonymity	χ	√	√	χ	√
Replay Attack	√	√	√	√	√
Perfect Forward Secrecy	-	χ	χ	-	√
Session Key Secrecy	√	√	√	√	√
Mutual Authentication	√	√	√	χ	√
Cross-Domain Authentication	√	√	√	χ	√
Malicious Message Tracking	χ	χ	√	χ	√
Unlinkability	χ	√	√	χ	√

compares the security properties of the proposed scheme with some related protocols [24,25,26,31] indicating that our scheme has higher security than other schemes. The choice of comparing the protocol with References [24,25,26,31] is based on four main aspects.

Firstly, these references focus on UAV authentication protocols. Secondly, they use similar security-ensuring technologies such as encryption and signature mechanisms, like ECC, SHA-256, and PUF in this paper, making the comparison more targeted. Thirdly, their security attributes are comparable, including resistance to attacks, anonymity, and session key security, enabling a clear view of this paper’s protocol’s security pros and cons. Finally, these references are typical in the field, and their wide-spread influence helps accurately evaluate the performance of this paper’s protocol.

7.2. Overhead Comparison

Table 5. Comparison of computational costs.

Scheme	Authentication		Time (ms)
	Mobile Device/UAV	Certification Center/GS
[31]	6TH + 2TME + 2TBP + 5TECC	4TH + 2TME + 1TBP + 4TECC	235.943
[24]	2TH + 3TME + 4TECC	1TH + 3TME + 2TBP + 2TECC	127.077
[25]	3TH + 4TECC	3TH + 4TECC	20.994
[26]	5TH + TME + 4TECC	3TH + 3TECC	23.448
Ours	5TH + 4TECC + TED	3TH + 3TECC + TED	20.01

,

Table 6. Comparison of communication overhead.

Scheme	Authentication		Total (bit)
	Mobile Device/UAV	Certification Center/GS
[31]	2752	896	3648
[24]	1920	2048	3968
[25]	896	538	1434
[26]	896	512	1408
Ours	512	768	1280

and

Table 7. Comparison of storage overhead.

Scheme	Authentication		Total (bit)
	Mobile Device/UAV	Certification Center/GS
[31]	1408	1024	2432
[24]	1152	1152	2304
[25]	1024	1024	2048
[26]	1152	2304	3456
Ours	768	1024	1792

compares the computation, transmission and storage costs of ours and some related protocols. From Table 5, we can see that the sum of our cross-domain authentication is 20.01 ms, and the efficiency is 4.67% higher than the scheme in [25] and 91.52% higher than the scheme in [31]. From Table 6 and Table 7, it can be seen that our solution has better efficiency than other solutions, where the lengths of one ECC point, one block symmetric encryption, random number, large prime number, identity, and timestamp are 160 bit, 128 bit, 256 bit, 500 bit, 32 bit, 32 bit, respectively. Figure 5 and Figure 6 intuitively reflect the comparison results.

There are significant differences in the core design concepts between the proposed protocol and the baseline schemes. Baseline schemes such as that in [24] rely on a centralized trust center to store UAV certificates; ref. [25] requires ground stations to pre-store UAV public key information, and [26,31] store authentication records based on blockchain technology. In contrast, the proposed protocol adopts a decentralized authentication architecture, where the control center does not participate in the authentication process. At the same time, the protocol innovatively proposes a zero-storage design. Ground stations do not need to store any UAV information, avoiding the privacy leakage risks caused by information storage in traditional schemes. In addition, the proposed protocol achieves anonymity through a dynamic pseudonym mechanism, reducing the frequency of key updates, while the scheme in [31] incurs high overhead due to frequent new key generation.

In terms of security attributes, the proposed protocol resists physical capture attacks through the PUF mechanism (which is not effectively achieved in baseline schemes [24,25,26]), and prevents stolen-verifier attacks through the zero-storage design (only [24] partially resists). The protocol also achieves perfect forward secrecy through CDHP and random numbers, a feature not supported by the baseline schemes. In terms of anonymity, the proposed protocol ensures anonymity and unlinkability through pseudonyms and dynamic update mechanisms, which is superior to the non-anonymous designs of [26,31]. In terms of performance, the computational overhead of the proposed protocol is only 20.01 ms (4.67% faster than [25]), the communication overhead is 1280 bits (11% lower than [25]), and the storage overhead is 1792 bits (22% lower than [25]), which is significantly better than the baseline schemes.

The proposed protocol addresses the limitations of the baseline schemes in terms of physical capture, privacy leakage, and high overhead through the in-depth integration of PUF, zero-storage authentication, a decentralized architecture, and a dynamic pseudonym mechanism. Its innovative design makes it significantly superior to the comparison schemes in terms of security, efficiency, and practicality, especially suitable for large-scale authentication requirements in UAV cross-domain environments.

7.3. Rate Limiting and Load Balancing

In the scenario where multiple drones are undergoing authentication simultaneously, the system faces a huge request pressure. Potential denial-of-service (DoS) attacks may paralyze the system. To further enhance the stability and reliability of the system in complex environments, we have introduced rate-limiting and load-balancing mechanisms into the system and conducted a performance evaluation on them.

(1)

Rate limiting mechanism

The rate-limiting mechanism aims to control the number of authentication requests initiated by each drone within a specific time period, preventing the system from crashing due to an excessive number of requests. We implement this mechanism using the token bucket algorithm. Each drone is associated with a token bucket, and the control server adds tokens to the token bucket at a fixed rate. When a drone initiates an authentication request, it needs to take a token from the token bucket. If there are not enough tokens, the request will be temporarily put on hold.

In terms of implementation, the system maintains an external token-bucket data structure for each drone to record the current number of tokens. The control server periodically adds tokens to the token bucket through a timer. Before initiating a request, the drone first checks the status of the token bucket. If there are enough tokens, it deducts the token and sends the request; otherwise, it waits or returns an error message.

Regarding the performance impact, the introduction of the rate-limiting mechanism significantly reduces the number of requests received by the system in a short period, effectively alleviating the system’s load pressure. In the DoS attack simulation test, malicious drones are unable to exhaust the system resources through a large number of rapid requests, and the system’s anti-attack ability is significantly improved. For normal drone authentication requests, although there may be a slight delay due to insufficient tokens, the overall authentication success rate and system stability are greatly enhanced. In the test environment, when 100 drones initiate authentication requests simultaneously, without the rate-limiting mechanism, the system’s response time fluctuates between 50 and 200 ms, and 10% of the requests fail due to system overload. After introducing the rate-limiting mechanism, the response time stabilizes between 80 and 120 ms, and the request failure rate is reduced to 2%.

(2)

Load balancing mechanism

The goal of the load-balancing mechanism is to dynamically allocate the authentication tasks of drones according to the load status of each ground station, ensuring the rational use of system resources. Ground stations monitor their own load indicators in real–time, such as CPU usage, memory occupancy, and the length of the request processing queue, and feed this information back to the control server. Based on the load information, the control server selects the ground station with the lightest load for the newly connected drones to perform authentication.

In the implementation process, ground stations regularly send load reports to the control server, which maintains a load information table of ground stations. When a drone initiates an authentication request, the control server queries this table, selects the ground station with the lightest load, and forwards the authentication request to that ground station. After a ground station completes an authentication task, it promptly updates its own load information and reports it again.

The load-balancing mechanism effectively prevents individual ground stations from experiencing performance degradation or crashes due to excessive load, improving the system’s throughput and response speed. In a test environment with multiple ground stations, without the load-balancing mechanism, the CPU usage of some ground stations reached as high as 90%, while that of others was only 20%, and the overall authentication processing capacity of the system was 30 requests per second. After introducing the load–balancing mechanism, the CPU usage of each ground station is balanced between 40% and 60%, and the overall authentication processing capacity of the system is increased to 50 requests per second. Additionally, when facing DoS attacks, the load-balancing mechanism distributes attack requests across multiple ground stations, reducing the attack pressure on a single ground station and further enhancing the system’s anti-attack ability.

7.4. Protocol Limitations in Practical Scenarios

Despite the protocol’s good performance in tests, it has limitations in real-world use.

Processing Power: Devices with weak processing power, like basic IoT sensors, may struggle with the protocol’s complex calculations.

PUF Consistency: Physical unclonable functions (PUFs) used for authentication can vary due to the environment. This can result in authentication failures, where legitimate devices are wrongly rejected or unauthorized ones gain access.

Extreme Conditions: In extreme temperatures or high-humidity areas, communication channels can be noisy, forcing re-transmissions and reducing throughput.

Communication Interference: In busy wireless areas like urban centers, the protocol has trouble with interference from other devices. This causes packet loss and higher latency, reducing network efficiency.

Hardware Failures: Hardware components such as PUFs and communication modules in UAVs and ground stations may malfunction. PUF failures can lead to incorrect authentication responses, causing unauthorized access or legitimate UAVs being denied access.

Large-Scale Deployment Performance: In large-scale deployments involving hundreds of UAVs, the protocol may experience slightly longer authentication times. For example, in a test with 100 UAVs attempting to authenticate simultaneously, the average authentication delay increased by approximately 80–120 ms compared to a small-scale scenario with 10 UAVs.

These limitations must be considered for successful real-world deployment of the protocol.

7.5. Protocol Scalability Analysis

In terms of storage scalability, we have elaborated on the design advantages of the protocol. The ground station only stores {CHAj, PUF (), YG, GIDi} and the UAV stores {CHAj, PUF (), Fi}. This storage method makes the storage requirements independent of the number of devices.

In terms of computational scalability, we have analyzed the relationship between the key computational operations in the protocol and the number of devices. Although the computational load will increase with the increase in the number of UAVs and ground stations, due to the adoption of the lightweight elliptic curve cryptography mechanism, the growth in computational complexity is slow. Through experimental simulations, when the number of UAVs increases from 50 to 200 and the number of ground stations increases from 10 to 50, the average computation time per authentication increases from 15 ms to 30 ms, with a relatively small increase, fully demonstrating the advantages of the protocol in computational scalability.

Regarding communication scalability, we have explained that the communication interaction information during the authentication process is relatively fixed, and the communication overhead increases linearly with the number of devices. Compared with other protocols, our protocol performs better in communication scalability. At the same time, we conducted simulation experiments using a test platform built with Raspberry Pi 4B, and presented the changing trends of storage occupancy, computation time, and communication traffic with the increase in the number of devices in the form of graphs. The experimental results are consistent with the theoretical analysis, further verifying the scalability of the protocol.

In addition, we have also discussed potential challenges and solutions. For the possible network congestion problem in large-scale authentication scenarios, we proposed the idea of introducing more efficient network scheduling algorithms or adopting a distributed authentication architecture.

8. Conclusions

Due to the inability of traditional single domain identity authentication protocols for unmanned aerial vehicles to meet the current needs of cross-domain rescue and collaborative task execution, existing cross-domain identity authentication protocols for unmanned aerial vehicles suffer from physical capture attacks, or information leakage or verification table theft attacks due to ground station storage of unmanned aerial vehicle information. Therefore, a provably secure cross-domain authentication protocol based on PUF and pseudo-identity is proposed. Quantitatively, our protocol excels. It is 5% to 92% more efficient than compared protocols computationally. In communication overhead, it is 65% to 68% lower than [24,31], 9% to 11% lower than [25,26]. For storage, it is 22% to 48% lower than compared protocols. The efficiency of our protocol is higher than the existing protocols, while maintaining the low level of communication and storage costs.

In the swarm drone scenario, our protocol has some adaptability but faces challenges. The dynamic network they operate in has frequent node and topology changes. While the distributed ground-station architecture helps with node changes to some extent, the protocol needs optimization for rapid authentication of many UAVs. When integrating with hybrid networks like ground-station-satellite ones, different network communication and security requirements must be considered.

In future work, the focus will be on the validation of the protocol in practical scenarios. It is planned to conduct in-depth case studies to validate the protocol in real-world scenarios such as swarm drone operations, urban surveillance, and disaster response. In the scenario of swarm drone operations, challenges include a large number of UAVs, complex flight trajectories, and frequent changes in the network topology. In urban surveillance scenarios, the complexity of the environment and hardware resource limitations are the main issues. In addition to focusing on validating the protocol in practical scenarios, future work will also explore several specific research directions. Regarding integration with emerging technologies, we plan to incorporate blockchain technology into the protocol to achieve decentralized authentication. By recording authentication information on the blockchain, UAVs and ground stations can directly authenticate based on blockchain data without relying on a single control server, improving the autonomy and attack-resistance of authentication.