*2.2. Blockchain Technology*

From the system architecture aspect, a typical blockchain system consists of three essential components: a distributed ledger, a consensus protocol, and smart contracts [26]. Essentially, distributed ledger technology (DLT) is a type of distributed database that is shared, replicated, and maintained by all participants under a P2P networking environment. Each participant maintains a local view of the distributed ledger in the context of a distributed computing environment, and a well-established consensus allows all participants to securely reach an agreement on a global view of the distributed ledger under consideration of failures (Byzantines or crash faults). Given different consensus algorithms and network models, distributed consensus protocols are categorized into Nakamoto consensus protocols [20] or Byzantine fault-tolerant (BFT) consensus protocols [27]. From a topology aspect, blockchain can be classified into three types: public (permissionless) blockchains, private (permissioned) blockchains, and consortium blockchains [28].

By using cryptographic and security mechanisms, a *smart contract* (SC) combines protocols with user interfaces to formalize and secure the relationships over computer networks [29]. Essentially, SCs are programmable applications containing predefined instructions and data stored at a unique address on the blockchain. Through exposing the public functions or application binary interfaces (ABIs), an SC acts as the trusted autonomous agent between parties to perform predefined business logic functions or contract agreements under specific conditions. Owing to the secure execution of predefined operational logic, unique addresses and public, exposed ABIs, using a SC provides an ideal decentralized app (Dapp) backbone to support upper-level IoT applications.

### *2.3. Blockchain-Based UAV Networks*

There have been many studies in the past that have explored blockchain and smart contracts to enable decentralized UAV networks. In general, existing blockchain-based UAV networks can be categorized into three branches: securing UAV communications, maintaining data integrity and improving identity authentication.

#### 2.3.1. UAV Communication

By utilizing the blockchain concept in the development of drone networks, a blockchainempowered drone network called BeDrone allows drones in service to act as the miners of the blockchain [15]. Each drone can acquire computing and storage resources from nearby edge service providers to carry on the blockchain processes, such as mining blocks and storing ledgers. BeDrone uses game theory to design incentive mechanisms for resource allocation, acquisition, and trading among participants. However, details of the underlying blockchain framework are not discussed.

To ensure ultra-reliability and security for intelligent transport during drone-catching in multi-access edge computing (MEC) networks, a neural-blockchain-based transport model (NBTM) [13] was proposed by forming a distributed decision neural network for multiple blockchains. NBTM uses neural networks to formulate policies and rules as the drone-caching model for reliable communication and content sharing. A hierarchical blockchain model consisting of three blockchains and a master blockchain provides security mechanisms for content sharing and data delivery. The simulation results demonstrate that the proposed NBTM can enhance the reliability of UAV networks with a lower failure rate. However, the performance of using multi-blockchains is not mentioned.

To build agile and resilient UAV networks for the collaborative application of largescale drone groups, a software-defined UAV network called SUV [30] was proposed by combining software-defined networking (SDN) and blockchain technology to achieve a decentralized, efficient and flexible network infrastructure. By decoupling the control panel and the data panel of a UAV network, SDN allows SUV to optimally manage all drones and simplify functions of data forwarding. Blockchain facilitates the decentralization of the SDN control panel and ensures the credibility of the SDN controller identity and behavior in an open networking environment. The proposed SUV is promising for the provision of

flexibility, survivability, security, and programmability for 5G-oriented UAV networks [30]. However, its implementation and performance evaluation are not described.

Similar to the works [13,30] that focusesd on improving security in UAV communications, a lightweight blockchain based on a proof-of-traffic (PoT) consensus algorithm was proposed to provide secure routing for swarm UAVs [14]. PoT leverages the traffic status of swarm UAVs to construct a consensus rather than the computation resources used by PoW. The evaluation shows that PoT can reduce the burden of energy consumption and computational resource allocation for swarm UAV networking. However, the performance of PoT consensus is not discussed, such as transaction latency and throughput.

#### 2.3.2. UAV Data Integrity

Some early works used blockchain as tamper-proof storage to protect the UAVs' data integrity during sharing and operating processes. To secure drone communications and preserve data integrity, a blockchain-based drone system called DroneChain [19] was proposed using a PoW blockchain and a cloud server. The collected data of each drone are associated with its device ID and are saved into a cloud server, while a hash of each data record is stored in the blockchain. DroneChain allows for data assurance, provenance, and resistance against tampering. Moreover, the distributed nature of DroneChain also improves the availability and resilience of data validation for potential failures and attacks. However, using a centralized cloud server for UAV raw data storage is prone to privacy violations and SPF in data querying and sharing.

To address issues of DroneChain that adopts the traditional cloud server and PoW blockchain in UAV networks, a secure data dissemination model based on a consortium blockchain was proposed for IoD [18]. All users and drones are divided into multiple clusters, and one master controller (MC) within a cluster can work as a normal node in a public Ethereum blockchain network. A forger node selection algorithm on the basis of utility function using game theory periodically selects one forger node for block generation. The experimental results evaluate the performance of the data dissemination model, such as the computation time of block creation and validation. However, details of blockchain design and data storage are not mentioned.

#### 2.3.3. UAV Authentication

By storing identification and access control information in the distributed ledger, blockchain can provide decentralized authentication services for UAV networks. To solve issues of authentication of drones during flights, a secure authentication model with low latency for IoD in smart cities was proposed by using a drone-based delegated proofof-stake (DDPOS) blockchain atop zone-based network architecture [16]. Similar to [18], a drone controller in each zone of a smart city is responsible for the management and authentication mechanism for drones, and it also handles all operations related to the blockchain. Compared to the original PoS algorithm, a customized DDPOS algorithm can mitigate mining centralization and the flaws of real-life voting in the UAV network. The experimental results show the efficiency of the proposed solution under a simulated environment, such as low package loss rate, high throughput, and end-to-end delay.

To address the challenges of centralized authentication approaches in cross-domain operations, a blockchain-based cross-domain authentication scheme for an intelligent 5Genabled IoD was proposed [17]. The proposed solution uses a local private blockchain based on Hyperledger fabric to support drone registration and identity management. As multiple signatures based on threshold sharing are used to build an identity federation for collaborative domains, a smart contract contains access control policies, and multi-signatures aims to secure mutual authentication between terminals across different domains.

#### **3. Design Rationale and System Architecture**

UAM offers the potential to create a faster, cleaner, safer, and more integrated transportation systems. However, recent events have shown that modern UAVs are vulnerable

to attack and subversion through faulty or sometimes malicious devices that are present on UAM communication networks, which increases the need for cyber awareness to include UAVs in the airspace and the risk of cyber intrusion. Aiming at a secure-by-design, intelligent and decentralized network architecture for assurance and resilience-oriented UAM networks, LightMAN leverages deep learning (DL) and microchains to enable efficient, secure, and privacy-preserving data access and sharing among participants in UAV networks. Figure 1 demonstrates the LightMAN architecture that consists of two sub-frameworks: (i) the UAM network and (ii) the microchain fabric.

**Figure 1.** System Architecture of LightMAN.

A UAM network encompasses air traffic operations for manned and unmanned aircraft systems in a metropolitan area. The left part of Figure 1 shows a UAV application that provides on-demand, automated transportation services. Each drone uses its onboard sensors to enroll and capture raw mission data, such as ADS-B messages or MAVLink messages, and these data can be digitized and converted to key features, such as aircraft identification and trajectories. The operation centers (ground stations) can collect data for flight planning and monitoring. In addition, raw data can be transferred to an avionic data center that provides long-term storage services (data at rest) for high-level information fusion and analysis. Finally, a cloud server performs high-level computing extensive and big-data-oriented tasks such as multi-airborne collaborative planning and decision-making reasoning. Based on a thorough analysis of shared avionics data, intelligent avionic services (data in transit) incorporates AI technologies to optimize UAV services and protect against never-before-seen attacks. Information visualization (data in use) provides context-based human–machine interactions for authorized users to learn dynamic mission priorities and resource availability [31].

The microchain fabric acts as a security and trust networking infrastructure to provide decentralized security and privacy-preserving guarantees for UAM data. Microchain leverages a permissioned UAV network management and assumes that the system administrator is a trustworthy oracle to maintain registered identity profiles of UAM. Thus, each drone or user uses their unique ID to identify authentication and access control procedures. In addition, cryptographic primitives such as public key infrastructure (PKI) and encryption algorithms can guarantee the confidentiality and integrity of drone data (e.g., ADS–B) in communication. Moreover, microchain integrates a lightweight consensus protocol with

a hybrid on-chain and off-chain storage to ensure UAV data and flight logs are stored securely and distributively without relying on any centralized server.
