Securing Cross-Domain Internet of Drones: An RFF-PUF Allied Authenticated Key Exchange Protocol With Over-the-Air Enrollment

• URL: http://arxiv.org/abs/2512.21827v1
• Date: Fri, 26 Dec 2025 02:04:24 GMT
• Title: Securing Cross-Domain Internet of Drones: An RFF-PUF Allied Authenticated Key Exchange Protocol With Over-the-Air Enrollment
• Authors: Xuanyu Chen, Yue Zheng, Junqing Zhang, Guanxiong Shen, Chip-Hong Chang,
• Abstract summary: Internet of Drones (IoD) is an emerging and crucial paradigm enabling advanced applications that require seamless, secure communication.<n>Access control and the transmission of sensitive data pose significant security challenges for IoD systems.<n>We propose a lightweight mutual authentication mechanism that integrates Radio Frequency Fingerprint (RFF) and Physical Unclonable Function (PUF) technologies for secure drone-to-drone (D2D) and drone-to-ground station server (D2G) communication.
• Score: 22.842391212425184
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The Internet of Drones (IoD) is an emerging and crucial paradigm enabling advanced applications that require seamless, secure communication across heterogeneous and untrusted domains. In such environments, access control and the transmission of sensitive data pose significant security challenges for IoD systems, necessitating the design of lightweight mutual authentication and key exchange protocols. Existing solutions are often hampered by high computation overhead, reliance on third parties, the requirement for secret storage in resource-constrained drones, and the need for a strictly controlled enrollment environment. These limitations make them impractical for dynamic cross-domain deployment. To address these limitations, we propose a lightweight mutual authentication mechanism that integrates Radio Frequency Fingerprint (RFF) and Physical Unclonable Function (PUF) technologies for secure drone-to-drone (D2D) and drone-to-ground station server (D2G) communication. RFF-based device identification is used to achieve over-the-air (OTA) enrollment, while the PUF serves as the root of trust for establishing mutual authentication among communication parties. Additionally, the on-the-fly key generation capability of the PUF is co-designed with One-Time-Pad (OTP) encryption to realize ephemeral keying and eliminate the need for storing secrets within drones. Both informal security analysis and ProVerif-based formal security verification comprehensively demonstrate the resilience of our protocol against common security attacks. The proposed protocol also outperforms existing IoD authentication schemes in terms of security features, as well as computation, communication, and storage overhead.

Related papers

• Multi-Agent-Driven Cognitive Secure Communications in Satellite-Terrestrial Networks [58.70163955407538]
  Malicious eavesdroppers pose a serious threat to private information via satellite-terrestrial networks (STNs)<n>We propose a cognitive secure communication framework driven by multiple agents that coordinates spectrum scheduling and protection through real-time sensing.<n>We exploit generative adversarial networks to produce adversarial matrices, and employ learning-aided power control to set real and adversarial signal powers for protection layer.
  arXiv  Detail & Related papers  (2026-01-06T10:30:41Z)
• Quantum-Resistant Authentication Scheme for RFID Systems Using Lattice-Based Cryptography [8.236194998741565]
  We propose a novel quantum-resistant mutual authentication scheme for radio-frequency identification (RFID) systems.<n>Our scheme uses lattice-based cryptography and, in particular, achieves quantum-resistance by leveraging the hardness of the inhomogeneous short integer solution (ISIS) problem.<n>This paper is the first quantum-resistant authentication protocol for RFID systems that comprehensively addresses the insecurity of both the reader-server and tag-reader communication channels.
  arXiv  Detail & Related papers  (2025-11-25T18:49:29Z)
• LSEG: A Lightweight and Secure Key Exchange Protocol for Smart Grid Communication [0.9449650062296824]
  This paper proposes a lightweight authentication and secure key exchange protocol for smart grid environments.<n>Session communication is protected using ASCON128a, a lightweight, NIST-standardized, authenticated encryption algorithm.<n>Results show LSEG effectively balances security, efficiency, and compliance, making it a scalable solution for secure communication in smart grid infrastructures.
  arXiv  Detail & Related papers  (2025-11-10T19:01:55Z)
• A Lightweight Authentication and Key Agreement Protocol Design for FANET [19.77683707225124]
  The advancement of low-altitude intelligent networks enables unmanned aerial vehicle (UAV) interconnection via flying ad-hoc networks (FANETs)<n>Existing multi-factor and public-key cryptography protocols are vulnerable due to their reliance on stored sensitive information.<n>This paper proposes a lightweight authentication and key agreement protocol for FANETs, integrating physical unclonable functions with dynamic credential management and lightweight cryptographic primitives.
  arXiv  Detail & Related papers  (2025-09-22T07:03:23Z)
• Secure Physical Layer Communications for Low-Altitude Economy Networking: A Survey [76.36166980302478]
  The Low-Altitude Economy Networking (LAENet) is emerging as a transformative paradigm.<n>Physical layer communications in the LAENet face growing security threats due to inherent characteristics of aerial communication environments.<n>This survey comprehensively reviews existing secure countermeasures for physical layer communication in the LAENet.
  arXiv  Detail & Related papers  (2025-04-12T09:36:53Z)
• ACRIC: Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  Recent security incidents in safety-critical industries exposed how the lack of proper message authentication enables attackers to inject malicious commands or alter system behavior.<n>These shortcomings have prompted new regulations that emphasize the pressing need to strengthen cybersecurity.<n>We introduce ACRIC, a message authentication solution to secure legacy industrial communications.
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• Decentralized PKI Framework for Data Integrity in Spatial Crowdsourcing Drone Services [0.6284464997330884]
  The paper presents D2XChain, a blockchain-based PKI framework designed for the Internet of Drone Things (IoDT) By decentralizing the CA infrastructure, D2XChain eliminates this single point of failure, thereby enhancing the security and reliability of drone communications. This innovative approach not only strengthens the defense of drone services against various security threats but also showcases its practical application through deployment on a private testbed.
  arXiv  Detail & Related papers  (2024-07-01T00:55:07Z)
• Physical Layer Deception with Non-Orthogonal Multiplexing [52.11755709248891]
  We propose a novel framework of physical layer deception (PLD) to actively counteract wiretapping attempts.<n>PLD combines PLS with deception technologies to actively counteract wiretapping attempts.<n>We prove the validity of the PLD framework with in-depth analyses and demonstrate its superiority over conventional PLS approaches.
  arXiv  Detail & Related papers  (2024-06-30T16:17:39Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• A Lightweight and Secure PUF-Based Authentication and Key-exchange Protocol for IoT Devices [0.0]
  Device Authentication and Key exchange are major challenges for the Internet of Things. PUF appears to offer a practical and economical security mechanism in place of typically sophisticated cryptosystems like PKI and IBE. We present a system in which the IoT device does not require a continuous active internet connection to communicate with the server in order to Authenticate itself.
  arXiv  Detail & Related papers  (2023-11-07T15:42:14Z)
• An Efficient and Multi-private Key Secure Aggregation for Federated Learning [41.29971745967693]
  We propose an efficient and multi-private key secure aggregation scheme for federated learning. Specifically, we skillfully modify the variant ElGamal encryption technique to achieve homomorphic addition operation. For the high dimensional deep model parameter, we introduce a super-increasing sequence to compress multi-dimensional data into 1-D.
  arXiv  Detail & Related papers  (2023-06-15T09:05:36Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.