Drone Security Achieves Lightweight Authentication and Key Exchange for Cross-Domain Networks

The increasing prevalence of drones demands robust security solutions for seamless and trustworthy communication across different networks, a challenge known as the Internet of Drones. Xuanyu Chen, Yue Zheng, and Junqing Zhang, from The Chinese University of Hong Kong, Shenzhen, and the University of Liverpool respectively, alongside colleagues Guanxiong Shen and Chip-Hong Chang, now present a new protocol that tackles these issues. Their research introduces a lightweight authentication system utilising unique radio frequency fingerprints and physical unclonable functions, enabling secure drone-to-drone and drone-to-ground communication without the need for storing sensitive secrets on the drones themselves. This innovative approach achieves over-the-air enrollment and ephemeral key generation, significantly reducing computational demands and enhancing security against common attacks, ultimately paving the way for practical and secure cross-domain drone deployments.

It combines Physical Unclonable Functions (PUFs) with Radio Frequency (RF) fingerprinting to provide robust security for drone communication, addressing vulnerabilities in existing IoD systems. A formal security analysis using the ProVerif tool confirms the protocol’s effectiveness. The Internet of Drones represents a network of interconnected drones creating a communication infrastructure. Physical Unclonable Functions are hardware security primitives that leverage manufacturing variations to create unique, unclonable fingerprints for devices, used for authentication and key generation.

Radio Frequency Fingerprinting identifies devices based on unique imperfections in their radio frequency signals, which are difficult to replicate. The proposed protocol enhances security, offering a lightweight design suitable for drones with limited processing power, while preserving privacy and ensuring robustness against attacks. It is designed to be scalable to accommodate a large number of drones, improving upon existing IoD security solutions by addressing the limitations of computationally expensive traditional cryptographic approaches and single-factor authentication methods. It also offers a more practical solution than blockchain-based approaches, which can have scalability and performance issues.

The authors used the ProVerif tool to mathematically prove the security of their protocol, modeling it in ProVerif’s input language and checking for common cryptographic vulnerabilities, such as man-in-the-middle and replay attacks. The formal verification provides confidence in the protocol’s security. The paper likely follows a standard research structure, including an introduction to IoD security challenges, a review of related work, explanations of PUFs and RF fingerprinting, a detailed description of the proposed protocol, and a security analysis. Potential applications include secure drone communication, drone identification, access control, swarm robotics, and critical infrastructure protection.

Lightweight Drone Authentication via Fingerprints and PUFs

This research pioneers a new approach to secure communication for the Internet of Drones, addressing limitations in existing systems deployed in dynamic environments. The team engineered a lightweight mutual authentication mechanism integrating Radio Frequency Fingerprint (RFF) and Physical Unclonable Function (PUF) technology to establish secure drone-to-drone (D2D) and drone-to-ground station server (D2G) communication. This work eliminates the need for secure enrollment environments and reliance on pre-shared secrets, a significant advancement for resource-constrained drones. Scientists overcame the rigidity of traditional drone enrollment procedures, which require secure environments, by developing a Radio Frequency Fingerprint Identification (RFFI) system.

This system exploits unique imperfections in a device’s radio-frequency front-end to identify individual transmitters without requiring pre-shared secrets or extensive computational resources. The technique enables over-the-air (OTA) enrollment, bypassing the need for physical access during initial drone registration, and offers inherent resistance to replay and Man-in-the-Middle attacks. The research harnesses a PUF as the root of trust for direct, lightweight authentication between drones, co-designing its key generation capability with One-Time-Pad (OTP) encryption. This realizes ephemeral keying and eliminates the need for storing secrets within the drones.

The dual root-of-trust framework utilizes RFFI for secure OTA provisioning and transitions to PUF-based authentication, ensuring both initial security and ongoing communication integrity. The protocol achieves perfect forward secrecy and replay attack resistance through dynamic updates of PUF-based long-term keys, completing authentication with only two message exchanges to minimize communication overhead. Rigorous security analysis, including formal verification with ProVerif, demonstrates the protocol’s resilience against common security threats and outperforms existing IoD authentication schemes in terms of security, computation, communication, and storage requirements.

Drone Authentication via Radio Frequency Fingerprints

Scientists have developed a new lightweight authentication protocol for secure communication within the Internet of Drones, addressing critical security challenges in dynamic and untrusted environments. This work integrates Radio Frequency Fingerprint (RFF) and Physical Unclonable Function (PUF) technology to achieve secure drone-to-drone (D2D) and drone-to-ground station server (D2G) communication without relying on secret storage within the drones themselves. The method utilizes RFF for over-the-air enrollment, establishing a root of trust with the PUF for mutual authentication between communicating devices. Experiments demonstrate that the proposed protocol achieves mutual authentication with only two message exchanges, minimizing bandwidth consumption to approximately 1000 bits.

Measurements confirm relatively low storage requirements on the drone, with a storage cost of 864 bits for D2D communication and 576 bits plus the RFF model size for D2G communication. Detailed analysis of computational complexity reveals that the protocol requires minimal computational cost for both drones and the ground station server. The team standardized security parameter sizes, setting device identities and timestamps to 32 bits, and hash outputs, random nonces, keys, and PUF challenges/responses to 256 bits. Comparisons with existing IoD authentication schemes show that this new protocol outperforms them in terms of security features, communication overhead, and storage requirements, achieving a communication cost of 544 bits for D2D and 512 bits for D2G. Formal security verification using the ProVerif tool, alongside informal analysis, comprehensively demonstrates the protocol’s resilience against common security attacks and guarantees perfect forward secrecy through dynamic key updates.

Drone Security via RF Fingerprints and PUFs

This research presents a new lightweight authentication protocol for secure communication within the Internet of Drones, addressing limitations found in existing systems. The team successfully integrated Radio Frequency Fingerprint technology and Physical Unclonable Functions to create a mechanism for secure drone-to-drone and drone-to-ground station communication, enabling over-the-air enrollment and eliminating the need for drones to store sensitive secrets. This approach establishes mutual authentication without relying on third parties or requiring a strictly controlled initial setup, improving practicality for dynamic environments. The protocol’s key achievement lies in its ability to provide both security and efficiency, demonstrated through formal verification and comparative analysis, revealing lower computational cost and communication overhead than current IoD authentication methods.

By co-designing the PUF’s key generation capability with One-Time-Pad encryption, the system achieves ephemeral keying and forward secrecy, enhancing resilience against potential attacks. The performance of the Radio Frequency Fingerprint component is a key factor influencing the overall system, and further optimization in this area could yield additional benefits. Future work may focus on exploring the protocol’s performance in more complex and realistic deployment scenarios, and investigating its integration with other security mechanisms to provide even greater protection for IoD systems.