With the advancement of Vehicle-to-Everything (V2X) integrated systems in China, the secure and efficient exchange of information between vehicles, road infrastructure, and the cloud has become paramount. Vehicular Ad-hoc Networks (VANETs), a cornerstone of intelligent transportation, enable vehicles to share critical road safety and infotainment data. However, a significant challenge persists in remote or infrastructure-deprived areas, such as mountainous regions or rural zones in China, where traditional Roadside Units (RSUs) are absent, leaving vehicles disconnected from vital cloud services and compromising driving safety.
To address this coverage gap, Unmanned Aerial Vehicles (UAVs), or drones, have emerged as a promising mobile base station alternative. Their rapid deployability, flexibility, and line-of-sight advantages make China UAV drones ideal for providing emergency communication relays. Nevertheless, the open wireless channel and the high mobility of vehicles introduce severe security and privacy threats. Establishing fast, mutual authentication between vehicles and drones while preserving user anonymity and resisting various attacks is a critical, yet challenging, requirement for China’s smart transportation ecosystem. Furthermore, drones themselves, often deployed in unattended environments, are susceptible to physical tampering. Existing authentication schemes often rely on computationally intensive cryptographic primitives unsuitable for resource-constrained UAVs and vehicles, or on centralized architectures prone to single points of failure.
This article proposes a security-enhanced, lightweight authentication and key agreement scheme specifically designed for UAV-assisted vehicular networks. The core innovation lies in the synergistic integration of three key technologies: Quantum Key Distribution (QKD)-derived keys for robust cryptographic security, Physical Unclonable Functions (PUFs) for hardware-intrinsic resilience against physical attacks on the China UAV drone, and a permissioned blockchain for decentralized and tamper-proof record-keeping, eliminating the single-point-of-failure risk. The protocol facilitates mutual authentication between a vehicle and a supporting China UAV drone, establishes a fresh session key for secure subsequent communication, and supports conditional privacy preservation with efficient traceability. Formal security verification using tools like Scyther and AVISPA, alongside informal analysis, confirms the scheme’s resilience against common attacks such as replay, impersonation, and physical cloning. Performance evaluations demonstrate substantial computational efficiency gains compared to recent state-of-the-art protocols, making it highly suitable for the dynamic and resource-limited environment of China’s expansive connected vehicle networks.
1. System Architecture and Threat Model
The proposed system operates within a framework consisting of four primary entities: the Quantum Secure Cloud (QSC), the Cloud Service Provider (CSP), UAVs (Drones), and Vehicles (OBUs). Each entity plays a distinct role in ensuring secure and reliable communication in areas beyond fixed RSU coverage in China.
1.1 Entity Descriptions
- Quantum Secure Cloud (QSC): A trusted authority responsible for the initial provisioning of cryptographic key material. It pre-loads a pool of quantum-safe secret keys (QSKs), derived from QKD processes, into tamper-resistant quantum security chips embedded in the CSP, UAVs, and Vehicles. The QSC operates on a zero-knowledge principle, storing no identity or session-specific information from the other entities.
- Cloud Service Provider (CSP): A trusted server with substantial computational and storage resources. It acts as the registration authority, managing the enrollment of UAVs and vehicles. The CSP generates pseudo-identities (PIDs) for registered entities, handles revocation requests, and maintains a permissioned blockchain ledger storing essential authentication parameters. It securely stores a subset of the QSKs for its operations.
- Unmanned Aerial Vehicle (UAV / Drone): A trusted mobile entity deployed as an aerial base station. Each China UAV drone is equipped with a quantum security chip (holding QSKs), a PUF circuit, and communication modules. Its primary function is to authenticate nearby vehicles and relay their data securely to the network or blockchain. It is vulnerable to physical capture and tampering.
- Vehicle (V): A semi-trusted entity equipped with an On-Board Unit (OBU) containing a quantum security chip and a PUF. Vehicles seek to authenticate with a nearby China UAV drone to access network services or report data in areas without RSUs.
1.2 System Assumptions and Threat Model
The design is based on the following realistic assumptions prevalent in China’s UAV-assisted IoV deployments:
- The initial registration of UAVs and Vehicles with the CSP is performed over a secure, out-of-band channel (e.g., during manufacturing or initial setup).
- The CSP and the QSC are fully trusted entities.
- The UAV is trusted but subject to physical attacks; the Vehicle is semi-trusted, meaning it follows the protocol but its user’s credentials could be compromised.
- The wireless communication channels between the Vehicle and the China UAV drone, and between the drone and the CSP, are public and insecure, vulnerable to eavesdropping, modification, and replay attacks by a probabilistic polynomial-time adversary $\mathcal{A}$.
- The adversary $\mathcal{A}$ can intercept, modify, delete, replay, or inject messages. $\mathcal{A}$ may also attempt to extract secret parameters from a physically captured UAV or Vehicle but cannot clone the unique PUF or quantum chip.
- The blockchain is a permissioned ledger where only authenticated entities (like the CSP and authenticated UAVs/Vehicles) can write or read specific data. It is resilient to tampering.
2. The Proposed Authentication and Key Agreement Scheme
The proposed scheme consists of five phases: (1) System Initialization, (2) Registration, (3) Mutual Authentication & Key Agreement, (4) Revocation & Traceability, and (5) Identity Update. The notation used throughout the protocol is summarized in Table 1.
| Symbol | Description |
|---|---|
| $ID_u / ID_v$ | Unique identity of UAV / Vehicle |
| $PWD_u / PWD_v$ | Start-up password of UAV / Vehicle |
| $PID / TID$ | Pseudo-identity of UAV / Vehicle |
| $H(\cdot)$ | Cryptographic one-way hash function (e.g., SHA-256) |
| $\oplus$ | Bitwise XOR operation |
| $Mac$ | Message Authentication Code |
| $T_i / T_i’$ | Current / Received timestamp |
| $Cha_x$ | Challenge value for PUF |
| $t_i$ | Validity period of pseudo-identity |
| $PUF(\cdot)$ | Physical Unclonable Function |
| $QSK$ | Pre-loaded Quantum Secret Key |
| $QSK_{tag}$ | Identifier for a specific QSK |
| $VID / DID$ | Authentication credential for UAV / Vehicle |
| $sk_{U-V}$ | Session key agreed between UAV and Vehicle |
| $E_{key}(M)/D_{key}(C)$ | Encryption/Decryption of message $M$/ciphertext $C$ using symmetric key $key$ (e.g., SM4) |
2.1 System Initialization Phase
The QSC pre-loads a set of Quantum Secret Keys $\{QSK_i\}$ and their corresponding identifiers $\{QSK_{tag,i}\}$ into the secure chips of the CSP, all registered UAVs, and all registered Vehicles. The CSP selects three cryptographic hash functions $H_1, H_2, H_3: \{0, 1\}^* \rightarrow Z^*_q$. The CSP generates its master PUF challenge $Cha_c$. Each UAV generates its unique PUF challenges $Cha_u$ and $Cha_a$. Each Vehicle generates its unique PUF challenges $Cha_v$ and $Cha_e$. The CSP computes its PUF response $Res_c = PUF(Cha_c)$. A permissioned blockchain is established with the CSP as the administrator to store authentication parameters.
2.2 Registration Phase
This phase is executed once for each entity via a secure channel. The process for a China UAV drone is detailed below and summarized in Figure 1. The vehicle registration follows a symmetric process.
- UAV → CSP: The UAV sends its real identity $ID_u$ and a chosen start-up password $PWD_u$ to the CSP.
- CSP → UAV: The CSP splits $ID_u$ into two parts $(ID_{u1}, ID_{u2})$. It then generates a quantum random number $QRNG_a$ and a validity period $t_1$. It computes the UAV’s pseudo-identity:
$$PID_1 = H_1(PWD_u, QRNG_a, t_1) \oplus ID_{u2}$$
$$PID_2 = ID_{u1} \oplus H_1(PID_1, QRNG_a)$$
The full pseudo-identity is $PID = (PID_1, PID_2)$. The CSP sends $\{PID, t_1\}$ to the UAV. - UAV → CSP: Upon receipt, the UAV computes its PUF responses $Res_u = PUF(Cha_u)$ and $Res_a = PUF(Cha_a)$. It then computes a partial authentication credential $VID_1 = H_2(Res_u, PID)$ and sends $\{VID_1, Res_a\}$ to the CSP.
- CSP Processing & Storage: The CSP encrypts $Res_a$ using a QSK shared with vehicles: $M_u = E_{QSK_v}(Res_a)$. It computes the second part of the credential $VID_2 = H_2(VID_1, Res_c)$ and the final UAV credential $VID = H_1(VID_1, VID_2)$. The tuple $\{PID, t_1, M_u, QSK_{tag,v}, H_3(VID)\}$ is stored on the blockchain. The CSP sends $\{VID\}$ to the UAV and stores $\{PWD_u, QRNG_a, t_1, VID\}$ locally. The UAV stores $\{PID, VID, Res_u, Cha_a\}$.
The Vehicle registration is analogous, resulting in a pseudo-identity $TID$, a credential $DID$, and a parameter $M_v = E_{QSK_u}(Res_e)$ stored on the blockchain.
2.3 Mutual Authentication and Key Agreement Phase
When a vehicle $V_i$ enters the coverage area of a China UAV drone $UAV$, they execute this lightweight protocol to authenticate each other and establish a session key. The process, illustrated in Figure 2, involves the following steps:
- Vehicle $V_i$ Initiates:
- Generates a timestamp $T_1$ and a quantum random number $QRNG_c$.
- Computes: $\alpha = Res_e \oplus QRNG_c$, $\lambda = H_2(QRNG_c, \alpha)$, $\mu = \lambda \oplus H_3(DID)$.
- Forms message $Msg_1 = \{\mu, \alpha, TID, H_2(Res_v)\}$.
- Computes $Mac_1 = H_3(Msg_1)$ and sends $\{Mac_1, Msg_1, T_1\}$ to the $UAV$.
- UAV Authenticates Vehicle:
- Checks freshness: $|T_1′ – T_1| \leq \Delta T$.
- Verifies integrity: Recomputes $Mac_1′ = H_3(Msg_1)$ and checks $Mac_1′ \stackrel{?}{=} Mac_1$.
- Retrieves the vehicle’s record $\{TID, t_2, M_v, QSK_{tag,u}, H_3(DID)\}$ from the blockchain.
- Uses $QSK_{tag,u}$ to locate $QSK_u$ and decrypts: $Res_e = D_{QSK_u}(M_v)$.
- Recovers $QRNG_c = \alpha \oplus Res_e$ and computes $\lambda’ = H_2(QRNG_c, \alpha)$ and $H_3′(DID) = \lambda’ \oplus \mu$.
- Authenticates $V_i$ if: $H_3′(DID) \stackrel{?}{=} H_3(DID)$.
- UAV Responds & Authenticates Itself:
- Generates timestamp $T_2$ and quantum random number $QRNG_d$.
- Computes: $\alpha_{new} = Res_a \oplus QRNG_d$, $\lambda_{new} = H_2(QRNG_d, \alpha_{new})$, $\mu_{new} = \lambda_{new} \oplus H_3(VID)$.
- Computes intermediate values for the session key: $\partial = H_2(H_3(DID), H_3(VID))$ and $\Upsilon = H_2(QRNG_d, QRNG_c)$.
- Computes the session key: $sk_{U-V} = H_2(\partial, \Upsilon, TID, PID)$.
- Forms message $Msg_2 = \{\mu_{new}, \alpha_{new}, PID, H_2(Res_u), H_3(sk_{U-V})\}$.
- Computes $Mac_2 = H_3(Msg_2)$ and sends $\{Mac_2, Msg_2, T_2\}$ to $V_i$.
- Vehicle Authenticates UAV & Establishes Session Key:
- Checks freshness: $|T_2′ – T_2| \leq \Delta T$.
- Verifies integrity: $Mac_2′ = H_3(Msg_2) \stackrel{?}{=} Mac_2$.
- Retrieves the UAV’s record $\{PID, t_1, M_u, QSK_{tag,v}, H_3(VID)\}$ from the blockchain.
- Uses $QSK_{tag,v}$ to locate $QSK_v$ and decrypts: $Res_a = D_{QSK_v}(M_u)$.
- Recovers $QRNG_d = \alpha_{new} \oplus Res_a$ and computes $\lambda_{new}’ = H_2(QRNG_d, \alpha_{new})$ and $H_3′(VID) = \mu_{new} \oplus \lambda_{new}’$.
- Authenticates $UAV$ if: $H_3′(VID) \stackrel{?}{=} H_3(VID)$.
- Computes $\partial’ = H_2(H_3(DID), H_3(VID))$, $\Upsilon’ = H_2(QRNG_c, QRNG_d)$, and the session key $sk_{U-V}’ = H_2(\partial’, \Upsilon’, TID, PID)$.
- Verifies key agreement if: $H_3(sk_{U-V}’) \stackrel{?}{=} H_3(sk_{U-V})$ received from the UAV.
Upon successful completion, both the China UAV drone and the vehicle share the same session key $sk_{U-V}$ for encrypting their subsequent application data exchanges.
2.4 Revocation and Traceability Phase
The CSP can revoke a malicious or compromised entity. Upon receiving a revocation request for a pseudo-identity $TID$, the CSP performs traceability. Knowing $TID = (TID_1, TID_2)$ and its stored secrets $(PWD_v, QRNG_b, t_2)$ for that vehicle, it computes:
$$ID_{v2} = H_1(PWD_v, QRNG_b, t_2) \oplus TID_1$$
$$ID_{v1} = TID_2 \oplus H_1(TID_1, QRNG_b)$$
The real identity is recovered as $ID_v = (ID_{v1}, ID_{v2})$. The CSP then removes all related entries from the blockchain and its local database. A similar process applies to a China UAV drone using its $PID$.
2.5 Identity Update Phase
To maintain privacy, pseudo-identities are refreshed periodically or when a start-up password is changed. The vehicle or UAV initiates the process with the CSP (similar to Step 1 of registration), providing its real $ID$ and the new password. The CSP generates new random numbers and a new validity period to compute a fresh pseudo-identity $(PID_{new}$ or $TID_{new})$, updates the blockchain record, and informs the entity. The old pseudo-identity is effectively invalidated.
3. Security Analysis
3.1 Formal Security Verification
The proposed protocol’s authentication and key agreement phase was modeled and verified using the Scyther tool under the Dolev-Yao adversary model. The analysis confirms that the protocol satisfies key security properties for both the Vehicle and UAV roles:
- Alive & Niagree (Non-injective Agreement): Proves that each participant indeed communicated with the other, and agreed on the values of critical parameters like the credentials and session key.
- Nisynch (Non-injective Synchronization): Ensures the protocol steps were executed in the correct order.
- Secret (Secrecy): Verifies that the long-term credentials ($DID$, $VID$) and the session key $sk_{U-V}$ remain confidential from the adversary.
All security claims were verified as “OK,” indicating no attacks were found within the bounded model. Furthermore, validation using the AVISPA tool’s OFMC and CL-AtSe backends also confirmed the protocol’s safety against active and passive attacks, supporting the session key’s secrecy.
3.2 Informal Security Analysis
- Resistance to Physical Attacks on China UAV Drone: An adversary capturing a drone cannot clone its unique PUF. Tampering alters the PUF’s challenge-response behavior, preventing the generation of correct $Res_a$ or $Res_u$. Since these values are essential for computing and verifying $VID$ and $DID$, authentication fails. The physical integrity of the China UAV drone is thus intrinsically linked to its cryptographic identity.
- Impersonation Attack Resistance: To impersonate a legitimate vehicle $V_i$, an adversary needs to forge a valid $DID$. However, $DID = H_1(DID_1, DID_2)$, where $DID_1 = H_2(Res_v, TID)$ and $DID_2 = H_2(DID_1, Res_c)$. Without access to the vehicle’s PUF response $Res_v$ or the CSP’s secret $Res_c$, constructing a valid $DID$ is computationally infeasible. The same logic applies to impersonating a UAV.
- Replay Attack Resistance: Every message in the authentication phase includes a fresh timestamp ($T_1$, $T_2$). The recipient checks if $|T’ – T| \leq \Delta T$. A replayed message will have an outdated timestamp and be rejected, effectively thwarting replay attacks.
- Session Key Security (Perfect Forward Secrecy): The session key $sk_{U-V} = H_2(\partial, \Upsilon, TID, PID)$ depends on ephemeral quantum random numbers $(QRNG_c, QRNG_d)$ generated anew for each session: $\Upsilon = H_2(QRNG_d, QRNG_c)$. Compromising the long-term secrets ($QSK$, $VID$, $DID$) does not allow past session keys to be derived, as the ephemeral values are not stored.
- Anonymity and Unlinkability: Vehicles and China UAV drones communicate using pseudo-identities $TID$ and $PID$, which are cryptographically generated using hash functions and random numbers. The periodic update of these pseudo-identities severs the link between different communication sessions of the same entity. Only the trusted CSP, possessing the associated $PWD$ and $QRNG$, can reverse the process to recover the real identity for traceability purposes, satisfying conditional privacy.
- Resistance to Man-in-the-Middle (MitM) Attacks: Mutual authentication is achieved because both parties independently verify the other’s credential ($DID$ or $VID$) derived from shared secrets (PUF responses via blockchain) and exchanged random values. A MitM cannot complete both verification steps simultaneously without knowing $Res_e$, $Res_a$, $VID$, and $DID$.
4. Performance Evaluation and Comparison
4.1 Computational Cost Analysis
The computational overhead was evaluated by benchmarking cryptographic operations on a standard platform. The execution times for core operations are listed in Table 2. Note that XOR and PUF operations have negligible cost compared to cryptographic functions.
| Operation | Symbol | Time (μs) |
|---|---|---|
| Hash (SHA-256) | $T_h$ | 0.1327 |
| MAC (HMAC-SHA256) | $T_{mac}$ | 1.0823 |
| Symmetric Enc/Dec (SM4) | $T_{sm4}$ | 3.7791 |
| ECC Scalar Multiplication | $T_s$ | 338.1180 |
Based on the protocol steps, the total computational cost for a single vehicle and the UAV (serving $N$ vehicles in its range) is derived. The cost is compared with two recent, relevant schemes: Hussain et al.’s drone-assisted scheme and Chaudhry et al.’s lightweight IoT authentication scheme adapted for the context. The comparison, summarized in Table 3, highlights the efficiency of the proposed scheme.
| Scheme | Vehicle Cost | UAV Cost (for N vehicles) |
|---|---|---|
| Chaudhry et al. | $3T_{sm4} + 3T_h \approx 11.74 \mu s$ | $N \times (2T_{sm4} + T_h) \approx 7.69N \mu s$ |
| Hussain et al. | $T_s + 15T_h \approx 340.11 \mu s$ | $N \times (2T_{sm4} + 8T_h) \approx 8.62N \mu s$ |
| Proposed Scheme | $7T_h + T_{mac} + T_{sm4} \approx 6.87 \mu s$ | $N \times (7T_h + T_{mac} + T_{sm4}) \approx 6.87N \mu s$ |
The analysis reveals significant gains. Compared to Chaudhry et al., the proposed scheme reduces vehicle-side cost by approximately 41.5% and UAV-side cost by about 10.6%. The advantage is even more pronounced against Hussain et al., with a vehicle-side reduction of roughly 98.0% and a UAV-side reduction of about 20.3%. This efficiency stems from the exclusive use of lightweight hash functions, MACs, and symmetric operations, avoiding expensive public-key cryptography like ECC scalar multiplication ($T_s$), which is common in other UAV authentication protocols. This makes the proposed scheme exceptionally suitable for resource-constrained China UAV drones and OBUs that need to handle authentication for multiple vehicles concurrently.
4.2 Communication and Storage Overhead
The communication overhead is moderate. The authentication phase requires two rounds of message exchange. The sizes of $Msg_1$ and $Msg_2$ are dominated by hash outputs (32 bytes each) and pseudo-identities, resulting in total message sizes well under 200 bytes per authentication session, which is minimal for modern wireless links.
Storage overhead on the vehicle/UAV is also low, requiring only the storage of its own pseudo-identity, credential, PUF challenges/responses, and the QSK pool. The use of blockchain externalizes the storage of dynamic parameters ($M_u$, $M_v$, $H_3(VID)$, etc.), alleviating storage pressure on the mobile nodes. The CSP bears the cost of maintaining the blockchain, which is justified by its superior resources.
5. Conclusion
This article presented a novel, lightweight, and secure authentication scheme for UAV-assisted vehicular networks, addressing the critical need for reliable communication in areas beyond the reach of traditional infrastructure in China. The proposed scheme innovatively integrates quantum-based keys for long-term cryptographic security, hardware PUFs for physical attack resistance on China UAV drones, and blockchain for decentralized and trustworthy storage. The protocol establishes mutual authentication and a secure session key between a vehicle and a drone using only efficient hash functions, symmetric operations, and XOR calculations, avoiding computationally intensive primitives.
Rigorous security analysis, including formal verification with Scyther/AVISPA and informal reasoning, demonstrates the scheme’s robustness against a wide range of attacks, including replay, impersonation, MitM, and physical cloning attempts. It also provides conditional privacy for legitimate users while enabling efficient traceability of malicious entities by the trusted CSP.
Most notably, performance evaluations confirm the scheme’s superior efficiency. It achieves a significant reduction in computational overhead—up to 98% on the vehicle side and 20% on the UAV side compared to related works—making it highly practical for real-world deployment in China’s large-scale and dynamic Internet of Vehicles. The successful integration of quantum keys, PUF, and blockchain paves the way for next-generation, security-by-design intelligent transportation systems where China UAV drones play a pivotal role in ensuring seamless and safe connectivity. Future work will explore optimizing the scheme for group authentication scenarios involving multiple vehicles and a fleet of cooperating China UAV drones.