We present a novel lightweight cross-domain identity authentication scheme specifically designed for drone technology environments. The proliferation of unmanned aerial vehicles (drone technology) in applications such as military reconnaissance, emergency rescue, and smart agriculture demands robust security mechanisms. However, existing authentication schemes for drone technology networks suffer from heavy dependence on third-party key centers and high computational complexity. To address these issues, we propose a scheme that combines blockchain with dynamic pseudonyms to achieve decentralized trust and enhanced privacy.
The core of our approach is a dynamic pseudonym generation mechanism. Each drone technology entity receives a batch of pseudonym seeds from its ground control unit (GU) during registration. The seeds form a hash chain: $$h_n(\text{seed}_i) \leftarrow h_{n-1}(\text{seed}_i) \cdots \leftarrow h_1(\text{seed}_i) \leftarrow \text{seed}_i,$$ where the ephemeral key is computed as $$e_k = \sum_{i=1}^k h_1(\text{seed}_i) \pmod{q}.$$ This mechanism eliminates the risk of identity forgery and enhances the resilience of drone technology systems.
To remove centralized trust, we employ a consortium blockchain. The blockchain stores identity licenses and revocation lists, creating a decentralized root of trust. Smart contracts automate identity management and provide traceability. In the cross-domain authentication phase, a drone technology from domain A initiates authentication with the GU of domain B. The drone computes a pseudonym $$PID = \{L_{ik}, SID_i, T_{res}\}$$ and signs the request using its private key: $$y = l_{ik} + d_{sk} \cdot (PID\|M\|T_{auth}^i),$$ where \(L_{ik} = l_{ik} \cdot P\). The GU verifies by checking $$y \cdot P = L_{ik} + D_{pk} \cdot (PID\|M\|T_{auth}^i).$$ After successful verification, a session key is established: $$key_{dg} = H_4(N_g \| N_d).$$

We formally verified the security of our protocol using ProVerif under the Dolev-Yao threat model. The results confirm that our scheme resists identity impersonation, replay attacks, and man-in-the-middle attacks. Additionally, we applied BAN logic to prove the authentication goals. The key beliefs derived include: $$GUB| \equiv DrA| \sim \{Did_A, PID, L_K, M, y, N_d, T_{auth}\}$$ and $$DrA| \equiv GUB| \equiv key.$$
Performance evaluation demonstrates significant improvements. We implemented the scheme using Hyperledger Fabric and measured computational, communication, and storage overheads. The following tables summarize the comparisons.
| Scheme | Authentication | Session Key Agreement | Total |
|---|---|---|---|
| Ref [25] | 10.056 | 0.105 | 10.161 |
| Ref [26] | 2.969 | 0.0003 | 2.972 |
| Ref [27] | 1.7042 | 1.1126 | 2.8168 |
| Our Scheme | 1.1458 | 0.1046 | 1.2504 |
The computational overhead of our scheme is reduced by approximately 55.6%–87.7% compared to existing works. This is critical for resource-constrained drone technology platforms where battery life and processor capabilities are limited.
| Scheme | Communication (bytes) | Number of Messages | Storage (bytes) |
|---|---|---|---|
| Ref [23] | 444 | 3 | – |
| Ref [26] | 1216 | 4 | 136 |
| Ref [27] | 496 | 3 | 160 |
| Ref [25] | – | – | 283 |
| Our Scheme | 288 | 3 | 120 |
Our scheme achieves the lowest communication overhead (288 bytes, a 35%–76% reduction) and storage overhead (120 bytes, an 11.8%–57.6% reduction). The compact message structure and dynamic pseudonym generation contribute to these gains, making the scheme highly suitable for bandwidth-constrained drone technology networks.
We also conducted blockchain performance experiments using Hyperledger Fabric 2.4.9 with Caliper 0.5.0. The chaincode throughput and latency were measured for three operations: upload, query, and update of licenses. Query latency remained below 20 ms, and throughput increased steadily with the number of transactions. This demonstrates that the blockchain layer can efficiently support the read-intensive authentication workflow typical in drone technology scenarios.
In conclusion, we have proposed a lightweight cross-domain identity authentication scheme for drone technology networks. By integrating dynamic pseudonyms and blockchain, we achieve decentralized trust, formal security guarantees, and significant performance improvements. The scheme is particularly well-suited for the high-mobility, resource-constrained environment of modern drone technology applications.
