In recent years, the rapid advancement of drone technology has revolutionized various sectors, including logistics, environmental monitoring, and low-altitude transportation. Unmanned Aerial Vehicle (UAV) networks, when integrated with ground infrastructure, enable complex collaborative operations in dynamic environments. However, traditional cloud-centric architectures face significant challenges due to geographical distance, leading to latency issues that hinder real-time applications. To address this, cloud-edge collaborative frameworks have emerged, where computational tasks are offloaded from the cloud-based Network Control Center (NCC) to edge-located Ground Stations (GS), reducing communication costs and transmission delays. Despite these improvements, efficient handover authentication remains a critical concern in UAV networks, as frequent GS switches by high-mobility UAVs can introduce delays and security vulnerabilities. Existing authentication protocols often lack physical security attributes and suffer from inefficiencies, making them susceptible to attacks such as machine learning (ML) assaults and physical capture. In this paper, we propose a novel handover authentication protocol leveraging Physical Unclonable Functions (PUF) to achieve lightweight and secure authentication in cloud-edge collaborative UAV networks. Our protocol incorporates an anonymous response segmentation method and a dynamic challenge-response pair (CRP) synchronization mechanism based on the Chinese Remainder Theorem (CRT), enhancing resistance against ML attacks and improving handover stability. Through comprehensive security analysis and performance evaluation, we demonstrate that our protocol offers superior security properties while reducing computational overhead at GS by over 9.1% and overall communication costs by over 13.8% compared to existing schemes.
The proliferation of drone technology has enabled Unmanned Aerial Vehicles to perform tasks that were previously impractical, such as autonomous delivery and real-time surveillance. In cloud-edge collaborative environments, UAVs interact with GS and NCC to optimize resource allocation and task execution. However, the limited coverage of GS necessitates frequent handovers, where UAVs switch between GS nodes to maintain connectivity. This process requires efficient authentication to prevent security breaches, such as man-in-the-middle attacks and replay attacks. Traditional authentication methods, based on conventional cryptographic primitives, often fail to address physical security concerns, as UAVs and GS deployed in open environments are vulnerable to physical capture. Moreover, these methods incur high computational and communication overhead, exacerbating latency issues in time-sensitive applications. To overcome these limitations, we explore the use of PUF, a hardware-based security primitive that generates unique, unpredictable responses based on physical device characteristics. PUF-based authentication enhances resistance against physical attacks and reduces reliance on stored secrets, making it ideal for resource-constrained UAV networks. In this work, we design a protocol that integrates PUF with cloud-edge coordination, ensuring seamless and secure handovers while minimizing performance bottlenecks.
Existing handover authentication protocols for UAV networks have been extensively studied, yet they exhibit significant shortcomings. For instance, protocols based on elliptic curve cryptography, such as those in literature, achieve authentication by offloading computations to edge servers but involve multiple communication rounds, increasing latency. Others employ symmetric encryption or hybrid approaches, which, while lightweight, depend heavily on key secrecy and lack resilience against physical attacks. Recent efforts incorporating PUF focus on pre-stored CRPs, but this leads to substantial storage overhead and vulnerability to ML attacks, as attackers can model CRPs from distributed nodes. Dynamic CRP update mechanisms have been proposed to mitigate storage issues, but they struggle with synchronization across multiple GS in handover scenarios. Additionally, schemes using secret sharing or blockchain introduce computational complexity that undermines real-time performance. Our review highlights the need for a protocol that combines PUF’s physical security with efficient synchronization and low overhead, specifically tailored for cloud-edge collaborative UAV networks. In contrast to prior work, our protocol employs anonymous response segmentation and CRT-based batch synchronization, addressing these gaps effectively.
The system model for our cloud-edge collaborative UAV network comprises three entities: the NCC, GS, and UAV. The NCC, a trusted entity in the cloud, manages system parameters, registration, and pre-handover computations. GS, as semi-trusted edge nodes, provide local authentication services but are prone to physical capture. UAV, being resource-constrained devices, perform tasks and initiate handovers when moving between GS coverage areas. The handover process is divided into pre-handover and handover phases. In the pre-handover phase, non-real-time data, such as UAV trajectory and GS status, are negotiated to prepare for potential handovers. The handover phase involves real-time authentication between UAV and target GS, culminating in session key establishment. We adopt the Dolev-Yao threat model, where attackers can eavesdrop, modify, or replay messages over public channels but cannot compromise the NCC. Attackers may physically capture UAV or GS to extract stored data, but PUF ensures that any tampering alters responses, preventing key recovery. ML attacks are considered, where adversaries collect CRPs from multiple nodes to model PUF behavior; however, our segmentation method thwarts such efforts by anonymizing and splitting responses.
Our proposed authentication protocol consists of five stages: system initialization, registration, initial authentication, pre-handover authentication, and handover authentication. In system initialization, the NCC selects public parameters, including an elliptic curve generator $P$, a hash function $H(\cdot)$, a large prime $p$, and a master key $K_s$. The pre-shared key $k$ is computed as $k = H(ID_{ncc} || K_s)$, and public parameters $\{ ID_{ncc}, P, H(\cdot), p \}$ are published. For GS registration, the NCC assigns a unique identity $ID_{g_i}$ and a large prime $pr_{g_i}$, sending $\{ ID_{g_i}, pr_{g_i}, k \}$ securely to GS. The GS computes its public key $PU_{g_i} = pr_{g_i} P$, and using a PUF challenge $C_{g_i}$, derives the response $R_{g_i} = f_{PUF}(C_{g_i})$ and hidden private key $PR_{g_i} = pr_{g_i} \oplus R_{g_i}$, storing $PR_{g_i}$ and $C_{g_i}$ locally. For UAV registration, the NCC generates an initial challenge $C^1_{u_i}$ and identity $ID_{u_i}$, sending them to the UAV. The UAV computes the PUF response $R^1_{u_i} = f_{PUF}(C^1_{u_i})$ and a pseudonym $PID_{u_i}$ based on a secret value $\sigma_{u_i}$ from biometrics or a password. The NCC then uses an anonymous response segmentation method to split $R^1_{u_i}$ into two shares $R^1_{u_i,1}$ and $R^1_{u_i,2}$ via additive congruence, ensuring that neither share alone reveals the full response. Specifically, for a random number $n_0$, we compute $R^1_{u_i,1} = R^1_{u_i} \oplus n_0$ and $R^1_{u_i,2} = n_0$, and then derive a temporary identity $TID_{u_i} = H(ID_{u_i} || k)$. The NCC sends $\{ R^1_{u_i,1} \}$ to the UAV and $\{ TID_{u_i}, C^1_{u_i}, R^1_{u_i,2} \}$ to all GS in the domain. The UAV stores $\{ PID_{u_i}, R^1_{u_i,1}, \tau_{u_i}, \omega_{u_i} \}$, while GS store $\{ TID_{u_i}, C^1_{u_i}, R^1_{u_i,2} \}$.
In the initial authentication phase, a UAV authenticates with a GS within its current coverage area. The UAV first recovers $\sigma^*_{u_i}$ from user input and computes $Q^*_{u_i}$ to verify $H(Q^*_{u_i}) = \omega_{u_i}$. If valid, it reveals $ID_{u_i} = PID_{u_i} \oplus Q^*_{u_i}$, generates a random number $v_{u_i}$ and timestamp $t_1$, and computes $V_{u_i} = v_{u_i} P$, $M_1 = ID_{u_i} \oplus V_{u_i} pr_{g_i}$, and $M_2 = H(ID_{u_i} || R^1_{u_i,1} || t_1)$. The UAV sends $\{ M_1, M_2, V_{u_i}, t_1 \}$ to the GS. The GS checks $t_1$ freshness, recovers $pr_{g_i}$ from PUF, and computes $V_{u_i} pr_{g_i}$ to decrypt $M_1$, obtaining $ID^*_{u_i}$ and $R^{1*}_{u_i,1}$. It then verifies $M_2$ by computing $M^*_2 = H(ID^*_{u_i} || R^{1*}_{u_i,1} || t_1)$. Upon success, the GS generates random number $n_1$ and timestamp $t_2$, computes $TID_{u_i} = H(ID^*_{u_i} || k)$, and retrieves $\{ C^1_{u_i}, R^1_{u_i,2} \}$ from storage. The GS reconstructs $K_{u_i} = R^{1*}_{u_i,1} \oplus R^1_{u_i,2}$ and computes $M_3 = n_1 \oplus K_{u_i}$ and $M_4 = H(K_{u_i} || n_1 || t_2)$, sending $\{ M_3, M_4, C^1_{u_i}, t_2 \}$ to the UAV. The UAV validates $t_2$, computes $R^1_{u_i} = f_{PUF}(C^1_{u_i})$, and derives $K^*_{u_i} = R^1_{u_i} \oplus n_0$ (from registration). It then recovers $n^*_1 = M_3 \oplus K^*_{u_i}$ and checks $M_4$. If valid, the UAV updates the challenge to $C^2_{u_i}$, generates randoms $n_2, n_3, t_3$, computes $R^2_{u_i} = f_{PUF}(C^2_{u_i})$, and splits it into $R^2_{u_i,1}$ and $R^2_{u_i,2}$ using a new random $n’_0$. It then computes $M_5 = n_3 \oplus K^*_{u_i}$, $M_6 = C^2_{u_i} \oplus H(K^*_{u_i} || n_3)$, $M_7 = H(ID_{u_i} || K^*_{u_i} || n_3 || t_3)$, and the session key $SK_{u_i-g_i} = H(ID_{u_i} || K^*_{u_i} || n_1 || n_3)$. The UAV sends $\{ M_5, M_6, M_7, t_3 \}$ to the GS, which recovers $n^*_3$, $C^{2*}_{u_i}$, and $R^{2*}_{u_i,2}$, verifies $M_7$, and computes $SK_{g_i-u_i} = H(ID_{u_i} || K_{u_i} || n_1 || n^*_3)$ to complete authentication.
The pre-handover authentication phase facilitates non-real-time data negotiation for seamless handovers. When a UAV detects weakening signal strength from its current GS, it sends a pre-handover request $REQ1: \{ ID_{u_i}, R^2_{u_i,1}, \text{info} \}$ encrypted with the session key to the source GS, where info includes trajectory and path planning data. The source GS computes $TID_{u_i} = H(ID_{u_i} || k)$ and forwards $REQ2: \{ ID_{u_i}, R^2_{u_i,1}, \text{info}, TID_{u_i}, C^2_{u_i}, R^2_{u_i,2} \}$ to the NCC. The NCC decrypts the message, analyzes UAV trajectory and GS statuses, and selects $m$ target GS based on quality-of-service criteria. Using CRT, the NCC computes a synchronization parameter $S_{u_i}$ for the UAV and target GS. Specifically, for each target GS $j$ with prime $pr_{g_j}$, we solve the system of congruences:
$$ S_{u_i} \equiv R^2_{u_i,1} \mod pr_{g_1} $$
$$ S_{u_i} \equiv R^2_{u_i,1} \mod pr_{g_2} $$
$$ \vdots $$
$$ S_{u_i} \equiv R^2_{u_i,1} \mod pr_{g_m} $$
The solution $S_{u_i}$ is computed via CRT, ensuring that only authorized GS can decrypt it with their private keys. The NCC sends $\{ TID_{u_i}, C^2_{u_i}, R^2_{u_i,2} \}$ to the target GS and $\{ S_{u_i} \}$ to the UAV via the source GS, completing pre-handover setup.
In the handover authentication phase, the UAV initiates real-time authentication with a target GS by sending $\{ S_{u_i} \}$. The GS decrypts $S_{u_i}$ using its private key $pr_{g_j}$ to obtain $ID^*_{g_j}$, $ID^*_{u_i}$, and $R^{2*}_{u_i,1}$. It verifies $ID^*_{g_j} = ID_{g_j}$ to prevent DoS attacks, then computes $TID^*_{u_i} = H(ID^*_{u_i} || k)$ and retrieves $\{ C^2_{u_i}, R^2_{u_i,2} \}$. The GS reconstructs $K_{u_i} = R^{2*}_{u_i,1} \oplus R^2_{u_i,2}$, generates random $n_4$ and timestamp $t_4$, and computes $M_8 = n_4 \oplus K_{u_i}$ and $M_9 = H(K_{u_i} || n_4 || t_4)$, sending $\{ M_8, M_9, C^2_{u_i}, t_4 \}$ to the UAV. The UAV checks $t_4$, computes $R^2_{u_i} = f_{PUF}(C^2_{u_i})$, and derives $K^*_{u_i} = R^2_{u_i} \oplus n’_0$. It recovers $n^*_4 = M_8 \oplus K^*_{u_i}$ and verifies $M_9$. If valid, the UAV updates to $C^3_{u_i}$, generates randoms $n_5, n_6, t_5$, computes $R^3_{u_i} = f_{PUF}(C^3_{u_i})$, and splits it into $R^3_{u_i,1}$ and $R^3_{u_i,2}$. It then computes $M_{10} = n_6 \oplus K^*_{u_i}$, $M_{11} = C^3_{u_i} \oplus H(K^*_{u_i} || n_6)$, $M_{12} = H(ID_{u_i} || K^*_{u_i} || n_6 || t_5)$, and session key $SK_{u_i-g_j} = H(ID_{u_i} || K^*_{u_i} || n_4 || n_6)$. The UAV sends $\{ M_{10}, M_{11}, M_{12}, t_5 \}$ to the GS, which recovers $n^*_6$, $C^{3*}_{u_i}$, and $R^{3*}_{u_i,2}$, verifies $M_{12}$, and computes $SK_{g_j-u_i} = H(ID_{u_i} || K_{u_i} || n_4 || n^*_6)$ to establish secure communication.
Security analysis of our protocol encompasses both informal and formal methods. Informally, the protocol achieves mutual authentication as both UAV and GS verify each other through hashed messages like $M_9$ and $M_{12}$. Anonymity and unlinkability are maintained by using pseudonyms $PID_{u_i}$ and encrypted $TID_{u_i}$, preventing identity exposure. Perfect forward secrecy is ensured as session keys incorporate ephemeral randoms (e.g., $n_4, n_6$) and PUF-derived secrets, so compromising long-term keys does not reveal past or future keys. Impersonation attacks are thwarted because adversaries cannot replicate PUF responses or reconstruct $K_{u_i}$ without both response shares. Man-in-the-middle and replay attacks are mitigated through timestamp and random number checks. DoS resistance is achieved by early verification of $ID_{g_j}$ in handover. Physical capture attacks on UAV or GS are ineffective due to PUF’s tamper-evident nature, and ML attacks are countered by anonymous response segmentation, which disrupts CRP mapping. Malicious UAV revocation is possible since GS can decrypt $S_{u_i}$ to obtain $ID_{u_i}$ for reporting to NCC. Formally, we use the Real-or-Random (ROR) model to prove semantic security. Let $Adv^S_A$ denote the advantage of an adversary $A$ in breaking the protocol $S$. We bound this advantage as follows:
$$ Adv^S_A \leq \frac{q_H^2}{2^{l_H}} + \frac{q_P^2}{2^{l_P}} + \frac{q_S}{2^{l-1}} $$
where $q_H$, $q_P$, and $q_S$ are the number of hash, PUF, and send queries, respectively, $l_H$ is the hash output length, $l_P$ is the PUF response length, and $l$ is the session key length. This shows that the protocol is secure against polynomial-time attacks.
Performance evaluation compares our protocol with existing schemes in terms of computational and communication overhead. We define operation times based on empirical measurements: elliptic curve multiplication $T_m = 0.34$ ms on GS and 0.54 ms on UAV, hash $T_h = 0.001$ ms, key derivation function $T_k = 0.0047$ ms, and symmetric encryption $T_s = 0.001$ ms. The computational overhead for UAV and GS in various protocols is summarized in Table 1.
| Protocol | UAV (ms) | GS (ms) |
|---|---|---|
| Literature [9] | $7T_h + 2T_m \approx 1.0884$ | $13T_h + 2T_m \approx 0.6930$ |
| Literature [11] | $T_h + 4T_s \approx 0.0732$ | $T_h + 10T_s \approx 0.0110$ |
| Literature [12] | $6T_h \approx 0.0072$ | $10T_h \approx 0.0100$ |
| Literature [14] | $8T_h \approx 0.0096$ | $11T_h \approx 0.0110$ |
| Literature [18] | $4T_k + 3T_h + T_s \approx 0.0716$ | $2T_h + T_k + T_s \approx 0.0077$ |
| Our Protocol | $6T_h \approx 0.0072$ | $7T_h \approx 0.0070$ |
Our protocol achieves the lowest computational overhead at GS, reducing it by over 9.1% compared to literature [18], and maintains minimal overhead at UAV. This is attributed to the use of lightweight operations and pre-handover synchronization. For communication overhead, we consider message sizes: ECC point (320 bits), hash (256 bits), ID (64 bits), nonce (256 bits), KDF (256 bits), PUF challenge/response (64 bits), and timestamp (32 bits). The total communication overhead for handover authentication is compared in Table 2.
| Protocol | Message Count | Communication Overhead (bits) |
|---|---|---|
| Literature [9] | 4 | $3 \times 320 + 6 \times 256 + 4 \times 64 + 5 \times 32 = 2912$ |
| Literature [11] | 6 | $3 \times 256 + 7 \times 256 = 2560$ |
| Literature [12] | 2 | $7 \times 256 + 2 \times 32 = 1856$ |
| Literature [14] | 3 | $8 \times 256 + 3 \times 32 = 2144$ |
| Literature [18] | 6 | $5 \times 256 + 256 + 64 + 4 \times 256 = 2624$ |
| Our Protocol | 3 | $5 \times 256 + 2 \times 64 + 2 \times 64 + 2 \times 32 = 1600$ |
Our protocol reduces overall communication overhead by over 13.8% compared to literature [12], thanks to the pre-handover phase minimizing real-time data exchange. Additionally, the CRT-based synchronization enhances handover stability by allowing UAVs to switch to backup GS seamlessly. In multi-UAV scenarios, our protocol maintains low overhead, whereas aggregate signature-based schemes incur higher computational costs due to elliptic curve operations. The integration of drone technology and Unmanned Aerial Vehicle networks with PUF and CRT ensures robust security and efficiency, making our protocol suitable for large-scale deployments.
In conclusion, we have presented an efficient handover authentication protocol for cloud-edge collaborative UAV networks that addresses the limitations of existing schemes. By leveraging PUF, we enhance physical security against capture and ML attacks, while the anonymous response segmentation and CRT-based synchronization reduce overhead and improve stability. Security analysis confirms resistance to various attacks, and performance evaluation demonstrates significant reductions in computational and communication costs. Future work will explore adaptive mechanisms for dynamic network conditions and integration with emerging drone technology standards. The continuous evolution of Unmanned Aerial Vehicle networks underscores the importance of lightweight, secure authentication protocols to enable reliable and scalable operations in cloud-edge environments.