Key Management for Dynamic UAV Swarm Networks: A Hybrid LKH and Blom Matrix Approach

The proliferation of Unmanned Aerial Vehicles (UAV drones) across sectors such as disaster response, precision agriculture, logistics, and infrastructure inspection has ushered in an era of unprecedented operational flexibility. These UAV drone swarms, often operating as ad-hoc networks (FANETs), promise collaborative missions where tasks are distributed among multiple drones. However, the very characteristics that make UAV drone networks powerful—their dynamic topology, resource-constrained nodes, and open wireless communication channels—also render them acutely vulnerable to a spectrum of security threats. Ensuring confidential and authenticated communication within a UAV drone swarm is not merely an added feature; it is a fundamental prerequisite for mission safety and success. At the heart of secure group communication lies a robust and efficient key management scheme, responsible for the generation, distribution, storage, and timely renewal of cryptographic keys among all participating UAV drones.

Traditional key management paradigms often struggle in the UAV drone context. Centralized approaches introduce a single point of failure and a communication bottleneck at a leader or ground control station, which is untenable in a highly mobile and potentially partitioned swarm. Fully distributed schemes, while resilient, typically incur high communication and computation overhead during group changes, draining the limited battery resources of individual UAV drones. Furthermore, the frequent arrival and departure of UAV drone nodes—due to mission role changes, failures, or mobility—demand schemes with low-latency key updates and strong forward/backward secrecy properties.

This article presents a novel, hybrid key management scheme specifically engineered for the challenges of UAV drone swarm networks. The scheme synergistically integrates the structured efficiency of a modified Logical Key Hierarchy (LKH) with the resilient, pair-wise key establishment capability of the Blom matrix-based key pre-distribution. The core innovation lies in adapting and layering these mechanisms to create a scalable, secure, and operationally practical framework. We construct an adaptive LKH tree, termed R-LKH, which reduces administrative overhead. Crucially, we partition the global Blom matrix into subgroup-specific segments, distributing the key generation and management load from a central root controller to subgroup controllers within the swarm. This hierarchical decentralization enhances scalability and survivability. We detail the complete protocol lifecycle: initial swarm formation and key tree establishment, secure key distribution leveraging the Blom mechanism, efficient intra- and inter-subgroup communication procedures, and dynamic key update protocols for member joins and leaves. A comprehensive analysis demonstrates that our hybrid scheme achieves a superior balance between security robustness, communication/computation efficiency, and network connectivity compared to existing approaches, making it a viable solution for securing real-world UAV drone operations.

System Architecture and Key Tree Establishment

The foundation of our scheme is a logical key hierarchy that maps the administrative structure of the UAV drone swarm. In a standard LKH tree for a group of n members, a binary tree is constructed. The root node, acting as the Group Controller (GC), holds the Group Key (GK). Intermediate nodes hold Key Encryption Keys (KEKs), and leaf nodes represent individual UAV drones and hold their unique private keys. Each UAV drone stores all the keys along the path from its leaf to the root. While straightforward, a full binary tree for a large UAV drone swarm results in significant storage at the GC and a long key update path.

We employ an optimized R-LKH (Reduced-LKH) structure. Let n be the total number of UAV drones, and m be the desired maximum number of drones per operational subgroup (e.g., a flight team). The R-LKH tree is formed by conceptually “pruning” the lower levels of a full LKH tree. The parameter i represents the number of levels reduced from the bottom, where m = 2ⁱ. This creates a flatter tree where leaf nodes in the original tree become direct children of a higher-level node, which we designate as the Subgroup Controller (SGC).

For example, with n=16 UAV drones and subgroup size m=4 (i=2), the R-LKH tree structure is as follows:

Root (GC): Holds the primary Group Key, $K_G$.
Subgroup Controllers (SGCs): Four SGC nodes (SGC1, SGC2, SGC3, SGC4), each holding a Subgroup Key (e.g., $K_{S1}$, $K_{S2}$) and the keys necessary to communicate with the GC.
Leaf Nodes (UAV Drones): Each subgroup contains m=4 UAV drones (e.g., U41, U42, U43, U44 under SGC4). Each drone holds its private key, its subgroup key, and the group key.

This structure offers a critical advantage: key update operations when a UAV drone joins or leaves are often confined within a subgroup, drastically reducing the number of re-keying messages that need to be broadcast across the entire swarm. The GC manages inter-subgroup coordination, while each SGC handles intra-subgroup management, effectively distributing the system’s load.

Hybrid Key Distribution: Integrating the Blom Matrix

The R-LKH tree efficiently manages group and subgroup keys. However, establishing secure, direct pair-wise communication channels between any two UAV drones—especially those in different subgroups—still requires a mechanism. For this, we integrate a modified Blom key pre-distribution scheme, renowned for its $\lambda$-secure property and guaranteed key sharing between any pair of nodes.

In the classic Blom scheme, a trusted authority generates a public matrix $\mathbf{G}$ and a secret symmetric matrix $\mathbf{D}$ over a finite field $GF(q)$. The matrix $\mathbf{A} = (\mathbf{D} \cdot \mathbf{G})^T$ is computed. By providing row i of $\mathbf{A}$ and the corresponding generator seed for column i of $\mathbf{G}$ to node i, any two nodes i and j can independently compute an identical pair-wise key: $K_{ij} = \mathbf{A}_i \cdot \mathbf{G}_j = \mathbf{A}_j \cdot \mathbf{G}_i$. The system is $\lambda$-secure, meaning an adversary must compromise more than $\lambda$ nodes to break the scheme.

Applying the vanilla Blom scheme globally to a large UAV drone swarm places a heavy burden on the GC (which must generate and protect the large secret matrix $\mathbf{D}$) and exposes the entire network if more than $\lambda$ drones are captured. Our innovation is to partition the Blom matrix according to the R-LKH subgroup structure.

Global Matrix Generation: The GC generates a global secret symmetric matrix $\mathbf{D}_{global}$ and a public matrix $\mathbf{G}_{global}$. It then computes the master Blom matrix $\mathbf{A}_{global} = (\mathbf{D}_{global} \cdot \mathbf{G}_{global})^T$.
Submatrix Allocation: The GC partitions the rows and columns of $\mathbf{A}_{global}$ into segments corresponding to the k subgroups. For subgroup $s$, it extracts a submatrix $\mathbf{A}_s$. A unique subgroup identifier $ID_s$ is also generated.
Secure Distribution: The GC encrypts the tuple $(ID_s, \mathbf{A}_s)$ using the subgroup’s established key (from the R-LKH initialization) and sends it to the respective SGC. The GC discards $\mathbf{A}_{global}$ after distribution, retaining only $\mathbf{D}_{global}$ and the mapping information.
Intra-Subgroup Distribution: Upon receiving its $\mathbf{A}_s$, the SGC assigns a unique row index from this submatrix to each UAV drone under its control, along with the necessary public seed. Each UAV drone now possesses: its private LKH keys, its subgroup key, a unique row from $\mathbf{A}_s$, and the public seed for its subgroup’s segment of $\mathbf{G}$.

This hybrid approach yields significant benefits. The compromise of one subgroup’s $\mathbf{A}_s$ does not reveal pair-wise keys for drones in other subgroups, effectively localizing the damage. The storage and computation load for the Blom scheme is distributed among SGCs. Most importantly, it enables any two UAV drones to establish a shared secret on-demand, whether they are in the same subgroup or not, by simply exchanging subgroup IDs and public seeds and performing a lightweight matrix-vector multiplication.

Communication Protocols for UAV Drones

With keys distributed, UAV drones can engage in secure communication. The process differs for intra-subgroup and inter-subgroup scenarios, optimizing for efficiency.

Intra-Subgroup Communication

When two UAV drones belong to the same subgroup (verified by comparing subgroup IDs), they already share a common Subgroup Key ($K_S$). This key can be used directly for efficient broadcast or multicast within the team. For dedicated, point-to-point communication, they may also use their assigned Blom row vectors to compute a unique pair-wise key, providing an additional layer of secrecy.

Inter-Subgroup Communication

For UAV drones in different subgroups, they lack a common subgroup key. They establish a session key as follows:

Initiation: UAV drone $U_i$ (in subgroup $s_i$) wishing to communicate with $U_j$ (in subgroup $s_j$) sends a request containing its subgroup ID $ID_{s_i}$.
Seed Exchange: $U_j$ responds with its subgroup ID $ID_{s_j}$. Both drones then exchange the public seeds associated with their respective subgroup’s segment of the $\mathbf{G}$ matrix, $seed_i$ and $seed_j$. This exchange can be encrypted using the global Group Key $K_G$ for confidentiality.
Key Computation: $U_i$ uses $seed_j$ to reconstruct the $\mathbf{G}$ column vector for $U_j$’s position within its own subgroup’s context. It then computes the shared secret: $SK_{ij} = \mathbf{A}_i \cdot \mathbf{G}_j$. $U_j$ performs the symmetric operation: $SK_{ji} = \mathbf{A}_j \cdot \mathbf{G}_i$. By the properties of the Blom scheme, $SK_{ij} = SK_{ji}$.
Session Key Derivation: The computed shared secret $SK$ is input into a Key Derivation Function (KDF) along with nonces to generate a fresh session key for this specific communication link.

This protocol enables any two UAV drones in the network to establish a secure channel in constant time, without multi-hop routing of key material, which is crucial for dynamic UAV drone swarm topologies.

Dynamic Key Management for UAV Swarm Changes

The fluid nature of UAV drone swarms necessitates efficient key update protocols for member joins and leaves to maintain forward and backward secrecy.

UAV Drone Join

When a new UAV drone $U_{new}$ is authenticated and authorized to join subgroup $s$:

The GC updates the Group Key $K_G$ to $K_G’$ and encrypts it for all other subgroups. It provides $U_{new}$’s credentials and a join token to SGC$_s$.
SGC$_s$ updates its Subgroup Key $K_S$ to $K_S’$. It broadcasts the new $K_S’$ encrypted with the old $K_S$ to its existing members.
SGC$_s$ assigns $U_{new}$ an unused row $\mathbf{A}_s^{(new)}$ from its Blom submatrix and the corresponding public seed. It also provides $U_{new}$ with $K_S’$ and $K_G’$.
The keys on the path from SGC$_s$ to the GC in the R-LKH tree are also updated, but this cost is amortized over the entire subgroup size.

The join operation’s complexity is primarily confined to the affected subgroup.

UAV Drone Leave/Eviction

When a UAV drone $U_{comp}$ in subgroup $s$ leaves or is compromised:

LKH Key Update: SGC$_s$ generates a new Subgroup Key $K_S”$. It cannot use the old key to encrypt it. Instead, it encrypts $K_S”$ individually for each remaining member using their unique Blom-based pair-wise keys or other KEKs from the R-LKH tree. The GC also updates the Group Key $K_G$ to $K_G”$ and distributes it securely to all SGCs.
Blom Matrix Revocation: The row $\mathbf{A}_s^{(comp)}$ assigned to $U_{comp}$ is permanently revoked. To maintain the $\lambda$-security property within the subgroup, SGC$_s$ may need to refresh its entire Blom submatrix $\mathbf{A}_s$ if the number of revoked drones exceeds a threshold. It requests a new $\mathbf{A}_s’$ from the GC and redistributes new rows to all its members.

The leave operation is more costly than a join, as it requires individual re-keying within the subgroup, but it is still localized.

Security and Performance Analysis

Security Properties

Our hybrid scheme provides robust security guarantees for UAV drone networks:

Forward and Backward Secrecy: Achieved through the re-keying protocols of both the LKH and Blom components. A joining UAV drone cannot access past communications, and a leaving/compromised drone is immediately excluded from future communications.
Resilience to Node Capture: The partitioned Blom scheme provides $\lambda$-security within each subgroup. Capturing fewer than $\lambda$ UAV drones in a subgroup does not reveal the keys of other drones in that subgroup. Capturing drones in one subgroup has no effect on the keys of drones in other subgroups, containing the breach.
Authentication: Initial node joining is based on authentication by the GC. Subsequent communication can be authenticated using keys derived from the authenticated base.
Resistance to Common Attacks: The use of session keys derived from long-term Blom secrets protects against replay attacks. The combination of symmetric (LKH) and matrix-based asymmetric (Blom) mechanisms complicates cryptanalysis.

Efficiency and Complexity Analysis

The efficiency of the proposed scheme is paramount for resource-constrained UAV drones. We analyze storage, communication, and computation overhead.

1. Storage Overhead per UAV Drone:
Each UAV drone must store:

LKH Keys: $O(\log_k n)$ keys, where $k$ is the tree degree (reduced in R-LKH).
Blom Data: One row of $\mathbf{A}_s$ (λ+1 elements) and one public seed.

This is a modest, constant storage requirement independent of total swarm size.

2. Communication Overhead for Re-keying:
This is the most critical metric for dynamic swarms. Let $m$ be the subgroup size.

Operation	Classical LKH (Full Tree)	Proposed Hybrid Scheme (R-LKH + Blom)	Benefit
Member Join	$O(\log n)$ broadcast messages (updating path keys)	$O(\log (n/m))$ inter-subgroup messages + $O(1)$ intra-subgroup broadcasts.	Localizes most traffic to the joining subgroup.
Member Leave	$O(\log n)$ broadcast messages	$O(\log (n/m))$ inter-subgroup messages + $O(m)$ unicast/multicast messages within the subgroup.	While intra-subgroup cost is $O(m)$, it avoids global broadcast. For moderate $m$, this is efficient.

3. Computation Overhead:
The most expensive operation for a UAV drone is computing the shared secret during inter-subgroup communication, which involves a matrix-vector multiplication of size ($\lambda$+1). This is a lightweight operation compared to standard public-key cryptography (e.g., ECC). All other operations involve efficient symmetric-key encryption/decryption.

Comparative Analysis

The table below contrasts key features of our scheme with other representative approaches for UAV drone or ad-hoc network key management.

Scheme / Feature	Centralized LKH	Pure Blom Pre-distribution	Cluster-based Schemes	Proposed Hybrid (LKH+Blom)
Scalability	Poor (GC bottleneck)	Limited by $\lambda$ parameter	Good within clusters	Excellent (Hierarchical, load-distributed)
Dynamic Support	Good, but costly global updates	Poor (difficult re-keying)	Moderate (cluster-level updates)	Very Good (localized subgroup updates)
Connectivity	Only via group key	Guaranteed pair-wise	Intra-cluster guaranteed, inter-cluster multi-hop	Guaranteed pair-wise (via Blom), plus group/subgroup keys.
Resilience to Capture	GC compromise is catastrophic	Global compromise if >$\lambda$ nodes caught	Cluster head compromise affects cluster	Localized compromise (subgroup Blom matrix isolated)
Overhead per UAV Drone	Storage: $O(\log n)$	Storage: $O(\lambda)$	Varies, often includes cluster head role	Storage: $O(\log (n/m) + \lambda)$ Comp: Lightweight matrix ops

Conclusion and Future Work

Securing communication in highly dynamic and resource-constrained UAV drone swarms is a complex challenge that demands innovative solutions. This article has presented a hybrid key management scheme that successfully marries the structured, efficient re-keying of a reduced Logical Key Hierarchy (R-LKH) with the resilient, direct connectivity of a partitioned Blom key pre-distribution system. By organizing the UAV drone swarm into manageable subgroups, the scheme distributes the control load, enhances scalability, and localizes the impact of security breaches. The protocol ensures that any two UAV drones can rapidly establish a secure session key, supporting the fluid and collaborative nature of swarm missions while maintaining strong forward and backward secrecy.

Analysis confirms that the scheme offers a favorable trade-off: it provides robust security and guaranteed connectivity without imposing prohibitive communication or computation overhead on individual UAV drones. This makes it a practical and promising candidate for real-world deployment in applications ranging from coordinated search-and-rescue to automated delivery fleets.

Future work will focus on several enhancements. Firstly, optimizing the Blom submatrix refresh protocol to be more efficient in scenarios with high churn rates. Secondly, investigating the integration of physical layer security or lightweight post-quantum cryptographic primitives to further fortify the scheme against evolving threats. Thirdly, developing and testing a robust protocol for the dynamic election and handover of Subgroup Controller (SGC) roles to handle SGC failure or departure, moving further towards a fully self-organizing and survivable key management framework for autonomous UAV drone swarms.