Unmanned Aerial Vehicle (UAV) technology has revolutionized numerous fields including logistics, environmental monitoring, and aerial transportation. These drones leverage their agility and adaptability to form networks with ground infrastructure for complex operations. However, traditional cloud computing architectures struggle with latency-sensitive applications due to geographical distances. Cloud-edge collaborative drone networks address this by offloading tasks from cloud-based Network Control Centers (NCCs) to edge-located Ground Stations (GSs), significantly reducing communication costs and transmission delays.
In cloud-edge drone networks, limited GS coverage necessitates frequent handovers for high-mobility drones. Inefficient authentication protocols increase handover latency and may cause communication failures. Existing approaches face critical limitations:
| Challenge | Impact | Existing Gap |
|---|---|---|
| Physical Capture Attacks | Identity forgery during handover | Traditional schemes lack physical security attributes |
| Machine Learning Attacks | CRP modeling from distributed nodes | Static CRP storage vulnerable to correlation analysis |
| Synchronization Issues | Cross-GS authentication failures | Localized CRP updates lack multi-node coordination |
| Computational Overhead | Delayed handover execution | Heavy cryptographic primitives on resource-constrained drones |
To overcome these challenges, we propose a Physical Unclonable Function (PUF)-based handover authentication protocol featuring three key innovations:
- Anonymous Response Segmentation using additive congruence:
$$R_{u,1} = R_u \oplus H(\text{ID}_u \parallel n_0) \quad \text{and} \quad R_{u,2} = R_u \oplus R_{u,1}$$
This splits responses while breaking CRP mapping relationships. - CRT-based Dynamic CRP Synchronization for batch pre-negotiation:
$$S_u = \left( \text{ID}_u, R_{u,1} \right) \mod \prod_{j=1}^m \text{pr}_{g_j}$$
enabling single-message parameter distribution to multiple GSs. - Edge-centric authentication architecture shifting computational load from NCC to GSs.
The system architecture comprises three entities:
| Entity | Role | Capabilities |
|---|---|---|
| NCC | Central trusted authority | Global management, parameter generation |
| Ground Stations (GS) | Edge authentication nodes | Local authentication, physical attack resistance |
| Drones (UAV) | Resource-constrained endpoints | PUF-based identity verification |
Our protocol operates through five phases:
1. Anonymous Response Segmentation
During UAV registration, NCC generates initial challenge $C_u^1$ and computes:
$$R_u^1 = f_{\text{PUF}}(C_u^1)$$
$$R_{u,1}^1 = R_u^1 \oplus H(\text{ID}_u \parallel n_0)$$
$$R_{u,2}^1 = R_u^1 \oplus R_{u,1}^1$$
Fragments are distributed such that $R_{u,1}$ resides on the drone while $R_{u,2}$ is stored at GSs under encrypted identifier $\text{TID}_u = H(k \parallel \text{ID}_u)$. This prevents CRP reconstruction from compromised nodes.
2. CRT-based Batch Synchronization
When drones trigger pre-handover conditions (RSSI < threshold), NCC:
- Predicts trajectory using motion models
- Selects $m$ candidate GSs based on coverage overlap
- Computes synchronization parameter via CRT:
$$S_u = \left( \text{ID}_u, R_{u,1}^k \right) \mod \prod_{j=1}^m \text{pr}_{g_j}$$
Target GSs recover parameters through single modular operation:
$$\left( \text{ID}_u, R_{u,1}^k \right) = S_u \mod \text{pr}_g$$
enabling efficient cross-station synchronization.
3. Lightweight Handover Authentication
During real-time handover, UAV sends $S_u$ to target GS. After CRP reconstruction:
$$K_u = H(R_{u,1} \parallel R_{u,2} \parallel \text{ID}_u)$$
session keys are derived as:
$$\text{SK} = H(K_u \parallel n_4 \parallel n_6 \parallel \text{ID}_u \parallel \text{ID}_g)$$
requiring only 0.007 ms computation on drones.
Security Analysis
Formal security verification using Real-or-Random (ROR) model proves semantic security:
$$\text{Adv}_{\mathcal{A}}^{\text{Protocol}} \leq \frac{q_H^2}{2^{l_H}} + \frac{q_P^2}{2^{l_P}} + \frac{q_S}{2^{l-1}}$$
where $q_H$, $q_P$, $q_S$ represent query counts and $l$ denotes security parameters.
Comprehensive security properties achieved:
| Property | Mechanism |
|---|---|
| ML Attack Resistance | Fragmented CRPs with no identity mapping |
| Physical Capture Protection | PUF-obfuscated private parameters |
| Perfect Forward Secrecy | Ephemeral-randomness enhanced session keys |
| DoS Mitigation | Early ID verification at GS |
Performance Evaluation
Testbed implementation on Raspberry Pi 5 (UAV) and Intel Core Ultra 9 (GS) demonstrates:
Computational Efficiency
| Protocol | UAV (ms) | GS (ms) |
|---|---|---|
| Proposed | 0.0072 | 0.0070 |
| Yang et al. | 0.0716 | 0.0077 |
| Kwon et al. | 1.0884 | 0.6930 |
Our solution reduces GS computation by >9.1% versus state-of-the-art.
Communication Overhead
| Protocol | Messages | Overhead (bits) |
|---|---|---|
| Proposed | 3 | 1,600 |
| Wen et al. | 2 | 1,856 |
| Son et al. | 3 | 2,144 |
13.8% reduction in total communication cost achieved through CRT-based parameter aggregation.
ML Attack Resistance Validation
Testing with 10,036 CRP samples shows our segmentation prevents modeling even at HD=3:
| Method | Samples | Prediction Accuracy |
|---|---|---|
| Raw CRP | 10,000 | 97.8% |
| Proposed | 10,000 | <50% (random) |
Conclusion
This work presents a novel PUF-based authentication protocol addressing critical security and efficiency challenges in cloud-edge drone networks. The anonymous response segmentation technique provides inherent resistance against machine learning attacks targeting distributed CRP repositories. By integrating Chinese Remainder Theorem with lightweight cryptography, we establish efficient cross-station synchronization while minimizing computational burden on resource-constrained drones. Performance evaluations confirm significant improvements: >9.1% reduction in ground station computation and >13.8% lower communication overhead versus state-of-the-art solutions. These advancements facilitate secure, low-latency operations for next-generation drone technology deployments in latency-sensitive applications.