Abstract

Translate

Cooperative multi-UAV clusters have been widely applied in complex mission scenarios due to their flexible task allocation and efficient real-time coordination capabilities. The Air Command Aircraft (ACA), as the core node within the UAV cluster, is responsible for coordinating and managing various tasks within the cluster. When the ACA undergoes fault recovery, a handover operation is required, during which the ACA must re-authenticate its identity with the UAV cluster and re-establish secure communication. However, traditional, centralized identity authentication and ACA handover mechanisms face security risks such as single points of failure and man-in-the-middle attacks. In highly dynamic network environments, single-chain blockchain architectures also suffer from throughput bottlenecks, leading to reduced handover efficiency and increased authentication latency. To address these challenges, this paper proposes a mathematically structured dual-chain framework that utilizes a distributed ledger to decouple the management of identity and authentication information. We formalize the ACA handover process using cryptographic primitives and accumulator functions and validate its security through BAN logic. Furthermore, we conduct quantitative analyses of key performance metrics, including time complexity and communication overhead. The experimental results demonstrate that the proposed approach ensures secure handover while significantly reducing computational burden. The framework also exhibits strong scalability, making it well-suited for large-scale UAV cluster networks.

Full text

Turn on search term navigation

Translate

1. Introduction

A UAV cluster typically consists of multiple small UAVs, with a cluster head node responsible for managing the member UAVs. A cooperative multi-UAV cluster is composed of several UAV clusters with different functionalities, featuring distributed task allocation and real-time coordination capabilities [1]. Within such cooperative UAV cluster systems, the ACA acts as the central node, dynamically coordinating and scheduling tasks by communicating with the cluster head nodes of each UAV cluster [2]. However, when an ACA fails [3], command authority must be transferred to a new ACA, which then continues to lead the swarm in completing the assigned mission. During the ACA handover process, the system may encounter security threats such as man-in-the-middle attacks and spoofed ACA impersonation. After the handover is completed, the new ACA must quickly re-establish secure communication with the cluster head nodes. Moreover, in large-scale and highly dynamic UAV networks, the efficiency and scalability of ACA handover remain major challenges [4,5]. These limitations significantly hinder both the efficiency and security of the ACA handover operation.

During the ACA handover process, if a centralized authentication scheme is employed [6,7], the communication establishment between the ACA and the cluster head nodes of the UAV swarm imposes an increasing computational burden on the central node. This overhead grows exponentially with the number of UAVs in the network [8,9]. Furthermore, although traditional single-chain blockchain schemes [10,11] can effectively address the issue of single points of failure, they store both UAV identity data and the authentication information required for ACA handover within the same chain. This co-storage design results in reduced handover efficiency and excessive authentication latency [12]. In addition, the process is further affected by block size limitations and consensus delays.

To address the above issues, we propose a dual-chain collaborative handover scheme for ACA. By employing two blockchains with distinct functionalities, our method separately manages the identities of UAV clusters and handles the ACA handover process. For the entire authentication and handover procedure of the ACA, we introduce mathematical modeling and abstraction techniques. Specifically, we utilize state modeling and symbolic functions to represent the key steps in the authentication and handover workflow and introduce complexity functions to quantitatively evaluate authentication delay and communication overhead. In addition, we apply BAN logic to formally reason about the security of the authentication process and verify the protocol’s correctness and resistance to attacks. These methods not only enhance the verifiability of the system but also provide a quantitative foundation for performance optimization. The main contributions of this work are as follows:

(1). We propose a mathematically structured dual-chain collaboration mechanism, which utilizes an identity blockchain and an authentication blockchain to decouple the tasks of UAV cluster identity management and ACA handover authentication. Smart contracts are employed to automatically execute identity verification and key agreement, thereby improving the efficiency and security of dynamic handovers and mitigating throughput bottlenecks inherent in blockchain architectures.

(2). We design an ACA authentication and handover mechanism based on cryptographic primitives. By applying state modeling, symbolic functions, and complexity functions, we construct algorithmic models of the authentication and handover processes, enabling the quantitative analysis of computational and communication overhead at each stage and enhancing the interpretability of the proposed scheme.

(3). We apply BAN logic to conduct formal reasoning on the security of the authentication and handover processes between the ACA and cluster head nodes. An attack model is constructed to verify the system’s robustness against man-in-the-middle, replay, and spoofing attacks. Furthermore, simulation results demonstrate the proposed scheme’s advantages in terms of computational, communication, and storage efficiency, as well as scalability.

The remainder of this paper is organized as follows: Section 2 reviews the related literature and background knowledge. Section 3 provides a detailed introduction to the proposed system, including the involved entities in our scheme. It also elaborates on the system initialization, the mutual authentication process, and the ACA handover procedure, while addressing two special scenarios. Section 4 presents a comprehensive security analysis, demonstrating the security and reliability of the proposed scheme. Section 5 evaluates the performance of the scheme in terms of computational, communication, and storage overhead. Finally, Section 6 concludes this paper.

2. Related Work

UAV networks are characterized by resource-constrained nodes and highly dynamic topologies, which pose unique challenges to identity authentication and command aircraft handover mechanisms. Traditional authentication schemes based on Public Key Infrastructure (PKI) [13] can provide basic identity verification but rely on a centralized architecture, making them susceptible to single points of failure and man-in-the-middle attacks. Moreover, they are ill-suited for dynamic group authentication scenarios. To address these issues, researchers have begun exploring decentralized authentication schemes. Wang et al. [14] proposed a lightweight blockchain-enhanced mutual authentication protocol, which reduces computational overhead by simplifying cryptographic operations. However, due to its reliance on a single identity chain, the protocol faces a significant increase in block synchronization failure rates under high-mobility conditions. This limitation was partially addressed by Pan et al. [15], who introduced a blockchain-based authentication system that significantly improves authentication efficiency in low-altitude UAV networks. Nonetheless, their scheme does not sufficiently address key synchronization challenges under dynamic handover conditions.

To address the challenges of key management in dynamic network environments, Dong et al. [16] proposed a blockchain-based certificateless cross-domain authentication mechanism that leverages a decentralized ledger to eliminate the risks associated with certificate storage and management. However, their scheme suffers from high computational overhead when performing aggregate signatures in group authentication scenarios. Jeong et al. [17] proposed a key agreement protocol for UAV-to-UAV communication, emphasizing forward unlinkability and forward secrecy. However, the scheme does not address how to efficiently synchronize keys in group-based key agreement scenarios. Gope et al. [18] proposed an alternative solution involving a lightweight authentication protocol based on Physically Unclonable Functions (PUFs), which uses hash operations to achieve efficient key agreement in edge-assisted UAV networks. However, the scheme lacks support for scenarios involving coordination among multiple command aircraft. Although Sedjelmaci et al. [19] incorporated Support Vector Machines (SVMs) into intrusion detection systems to identify malicious UAVs based on behavioral patterns, offering a novel direction for secure authentication in dynamic environments, this machine learning-based method depends on continuous data training and falls short of meeting real-time requirements in battlefield scenarios.

In terms of optimizing handover authentication, Liu et al. [20] proposed a group authentication protocol for integrated satellite–terrestrial networks to manage large-scale terminal access via satellite communication. Although the scheme introduces an efficient handover authentication process, its complex key agreement mechanism imposes a significant burden on resource-constrained UAV nodes. Pardeshi et al. [21] proposed a pattern-based hash chain authentication protocol, which leverages fog computing to offload computational burden. However, the protocol still relies on centralized or edge nodes, making the entire system vulnerable if these nodes fail or are compromised. Benzarti et al. [22], leveraging characteristics of the LoRaWAN network, proposed an ID-based signcryption authentication scheme. By combining temporary identities with group identifiers, the approach enhances authentication flexibility. Nonetheless, its single-chain architecture still suffers from throughput bottlenecks during authentication.

In the field of formal modeling and security verification, some researchers have introduced formal logic and graph-based models into the analysis of authentication mechanisms in UAV networks. Wang et al. [23] employed Colored Petri Nets (CPNs) to construct a behavioral model for UAV clusters, enabling the formal representation of UAV state transitions and authentication trigger paths. Through visual graph-based modeling, their method provides quantifiable modeling support. However, the study mainly focuses on system-level parallel processes and does not address issues such as data consistency and throughput bottlenecks. In terms of protocol security verification, Choi et al. [24] proposed a PUF-based authentication and key agreement protocol for UAVs and applied BAN logic to perform formal analysis and reasoning. Their work demonstrates the security of the protocol in terms of mutual authentication and resistance to man-in-the-middle attacks. However, the analysis is limited to static point-to-point communication scenarios and lacks formal modeling and security reasoning for dynamic handover environments.

Finally, compared with existing authentication schemes based on single-chain architectures, the proposed dual-chain framework separates identity management from the authentication process by deploying them on distinct ledgers. This design significantly improves authentication concurrency and ledger throughput in high-frequency handover scenarios, thereby alleviating the synchronization bottlenecks commonly seen in traditional methods. Unlike the lightweight certificate-free or PUF-based schemes proposed by Dong et al. [16], this work ensures not only a low-overhead authentication process but also achieves automatic identity status updates through smart contracts. Moreover, it incorporates a bidirectional signature mechanism and a dynamic accumulator to construct a secure key management framework that supports collaborative ACA handover, thereby enhancing the system’s adaptability in dynamic environments. In addition, compared with the authentication optimization strategies designed for satellite and fog computing environments by Liu et al. [20], our study focuses more on the scalability and low-latency responsiveness required for frequent command handovers in large-scale, multi-cluster UAV systems. By utilizing locally distributed ledgers and a threshold signature mechanism, the proposed approach maintains the trustworthiness of communication links while effectively reducing the communication and computational overhead during the ACA handover process. The comparative analysis between our scheme and representative existing technologies is presented in Table 1.

3. System Overview

The overall framework of the proposed scheme is illustrated in Figure 1, which mainly consists of the following parts:

(1). Identity Blockchain (ID-Chain): Each UAV cluster uses an identity chain to manage intra-cluster identity information. The identity details of all member UAVs are uploaded to this chain and collaboratively maintained by the UAVs within the cluster.

(2). Authentication Blockchain (AUC-Chain): Jointly maintained by the cluster head nodes and the Air Command Aircraft, the authentication chain stores identity-related parameters. It is primarily responsible for verifying UAV identities, facilitating key agreement between the cluster heads and the ACA and enabling secure ACA handover.

(3). Edge Computing Center (CMC): Responsible for offloading computation and storage from the centralized system to the network edge. This enables the fast processing of UAV data and improves overall network responsiveness.

(4). Key Generation Center (KGC): Manages the creation, distribution, and maintenance of pseudo-identities and public–private key pairs necessary for secure communication among UAVs, ground control stations, and other UAVs.

(5). UAV Cluster Head Node: Acts as the central managing and coordinating unit within a UAV cluster. It collects data from member UAVs, distributes identity credentials, and leads the UAV cluster in task execution.

(6). Air Command Aircraft (ACA): Establishes communication links with the cluster head nodes and coordinates the UAV clusters under their control.

(7). Smart Contracts: Blockchain-based programs that are automatically executed when predefined conditions are met or invoked through specific interfaces. The main smart contracts used in this scheme include the following:

−. Registration Contract: Generates identity credentials and key pairs for UAVs. Only the ACA is authorized to invoke this contract.

−. Update Contract: The ACA invokes the update contract to refresh its distributed ledger, ensuring the real-time accuracy of the stored data.

−. Revocation Contract: When a UAV cluster exits the network, the ACA invokes this contract to mark the cluster head node’s identity status as false.

Table 2 presents the notations and their corresponding definitions used during the ACA handover process.

3.1. System Initialization

A cyclic additive group $G_{1}$ with generator P and a cyclic multiplicative group G with generator g, both of prime order q, are defined. A bilinear pairing function, $e : G_{1} \times G_{1} \to G$ , and two cryptographic hash functions, $H_{1} : {0, 1}^{*} \to Z_{q}^{*}$ and $H_{2} : {0, 1}^{*} \to {0, 1}^{z}$ , are also specified. Subsequently, the Key Generation Center (KGC) selects a random number $s \in Z_{q}^{*}$ as the master private key, $S K_{G} = s$ , and computes the corresponding public key $P K_{G} = g^{s}$ . Finally, the system publishes the public parameters $(P K, H_{1}, H_{2}, P, g, q)$ .

3.1.1. Registration of Cluster Head Node

The registration process of the cluster head node $C H_{A}$ in UAV cluster A, as illustrated in Figure 2, mainly consists of the following steps:

(1). The cluster head node $C H_{A}$ of UAV cluster A sends a registration request to the KGC in the form of ${Register}_{C H_{A}} = ({ID}_{C H_{A}} ∥ t)$ , where ${ID}_{C H_{A}}$ is the unique identifier of $C H_{A}$ and t is the timestamp of the request submission. Upon receiving ${Register}_{C H_{A}}$ , the KGC verifies the validity of t. If valid, the process continues; otherwise, the operation is aborted.

(2). The KGC invokes the Registration Contract to generate the corresponding pseudo-identity $P I D_{C H_{A}}$ and key pair $(P K_{C H_{A}}, S K_{C H_{A}})$ for $C H_{A}$ . The KGC selects a random number $r_{i} \in Z_{q}^{*}$ , and computes $P I D_{C H_{A}} = H_{2} (I D_{C H_{A}} ∥ r_{i}), S K_{C H_{A}} = H_{1} (I D_{C H_{A}} ∥ S K_{G}),$ $P K_{C H_{A}} = g^{S K_{C H_{A}}}$ , where $S K_{G}$ is the system’s master private key and $P K_{G}$ is the corresponding public key. After computation, the KGC returns $(P I D_{C H_{A}}, P K_{C H_{A}}, S K_{C H_{A}})$ to $C H_{A}$ and uploads $(P I D_{C H_{A}}, P K_{C H_{A}})$ to the AUC.

(3). Upon receiving $(P I D_{C H_{A}}, P K_{C H_{A}}, S K_{C H_{A}})$ , the cluster head node securely stores the private key $S K_{C H_{A}}$ .

3.1.2. Registration of the Air Command Aircraft

The registration process of the Air Command Aircraft ( $A C A_{1}$ ), as illustrated in Figure 3, involves the following steps:

(1). The $A C A_{1}$ sends a registration request to the Key Generation Center (KGC) in the form of ${Register}_{A C A_{1}} = ({ID}_{A C A_{1}} ∥ t_{1})$ , where ${ID}_{A C A_{1}}$ is the unique identity identifier of the $A C A_{1}$ and $t_{1}$ is the timestamp of the request. Upon receiving ${Register}_{A C A_{1}}$ , the KGC verifies the validity of the timestamp. If it is valid, the registration proceeds; otherwise, the operation is terminated.

(2). The KGC invokes the Registration Contract to generate a pseudo-identity $P I D_{A C A_{1}}$ and the key pair $(P K_{A C A_{1}}, S K_{A C A_{1}})$ for the $A C A_{1}$ . A random number $r_{j} \in Z_{q}^{*}$ is selected and $P I D_{A C A_{1}} = H_{2} (I D_{A C A_{1}} ∥ r_{j}), S K_{A C A_{1}} = H_{1} (I D_{A C A_{1}} ∥ S K_{G}), P K_{A C A_{1}} = g^{S K_{A C A_{1}}}$ is computed, where $S K_{G}$ is the system’s master private key and $P K_{G}$ is the corresponding public key. The KGC returns $(P I D_{A C A_{1}}, P K_{A C A_{1}}, S K_{A C A_{1}})$ to the $A C A_{1}$ and uploads $(P I D_{A C A_{1}}, P K_{A C A_{1}})$ to the AUC

(3). Upon receiving $(P I D_{A C A_{1}}, P K_{A C A_{1}}, S K_{A C A_{1}})$ , the $A C A_{1}$ securely stores the private key $S K_{A C A_{1}}$ .

3.1.3. Registration of the UAV Cluster

An RSA-based dynamic accumulator is employed to generate identity proofs for the member UAVs within cluster A. Based on these identity proofs, it is possible to directly verify whether a UAV belongs to a specific cluster. As illustrated in Figure 4, the registration process for a UAV cluster includes the following steps:

(1). Each UAV $I D_{i}^{A}$ in cluster A submits its identity credentials to the cluster head node $C H_{A}$ . If any duplicate identity exists (if $I D_{i}^{A} = I D_{j}^{A}$ for $i \neq j$ ), the UAV is required to resubmit its identity until uniqueness is ensured.

(2). After collecting the identity proofs of all member UAVs in the cluster, $C H_{A}$ sends the request ${Request}_{C H_{A}} = (P I D_{C H_{A}} ∥ {sig}_{i} ∥ t_{2} ∥ M_{1})$ to the Edge Computing Center (CMC), where $M_{1}$ contains the identity information of all UAVs in cluster A, $M_{1} = (I D_{1}^{A} ∥ I D_{2}^{A} ∥ I D_{3}^{A} ∥ \dots)$ , $P I D_{C H_{A}}$ is the pseudo-identity of the cluster head node $C H_{A}$ , and the signature ${sig}_{i} = H_{1} {(M_{1})}^{S K_{C H_{A}}}$ , $t_{2}$ represents the current timestamp.

(3). Upon receiving the request, the CMC first verifies the validity of the reception time. If $| {t_{2}}^{*} - t_{2} | \leq Δ T$ , the data is considered fresh. It then verifies the signature by checking whether $g^{{s i g}_{i}} = g^{H_{1} (M_{1}) * S K_{C H_{A}}} = {(g^{S K_{C H_{A}}})}^{H_{1} (M_{1})} = {P K_{C H_{A}}}^{H_{1} (M_{1})}$ . If the verification passes, the protocol proceeds; otherwise, the process is aborted.

(4). The CMC selects two large prime numbers a and b, computes their product $N = a * b$ as the modulus. The set of UAV identities ${I D_{1}^{A}, I D_{2}^{A}, \dots, I D_{n}^{A}}$ collected from $M_{1}$ is used to compute the accumulator value:

(1) $A c c X_{A} = g^{I D_{1}^{A} \cdot I D_{2}^{A} \dots I D_{n}^{A}} mod N$

This accumulator, $A c c X_{A}$ , serves as a collective proof for the UAV identities in cluster A. The CMC generates a membership witness $W i t_{I D_{i}^{A}}$ for each UAV $I D_{i}^{A}$ , which can be used to verify whether a UAV currently belongs to the cluster.

(2) $W i t_{I D_{i}^{A}} = g^{\prod_{j \neq i} I D_{j}^{A}} mod N$

(5). The CMC returns the accumulator $A c c X_{A}$ and witness $W i t_{I D_{i}^{A}}$ to the cluster head node. The cluster head issues the identity proofs $(I D_{i}^{A}, W i t_{I D_{i}^{A}})$ to the member UAVs in cluster A and, finally, uploads the complete identity proof set $(I D_{i}^{A}, W i t_{I D_{i}^{A}})$ to the IDC for storage and verification.

3.2. Air Command Aircraft Handover

3.2.1. Session Key Agreement

The cluster head node $C H_{A}$ of UAV cluster A and the $A C A_{1}$ establish a shared session key through a key agreement protocol to ensure secure communication. The session key negotiation and authentication process between $C H_{A}$ and $A C A_{1}$ , as shown in Figure 5, includes the following steps:

(1). $C H_{A}$ sends an authentication request to $A C A_{1}$ , ${Request}_{C - A} = (P I D_{C H_{A}} ∥ σ ∥ t a b_{i} ∥ T_{1})$ , where the signature $σ = H_{1} {(A c c X_{A})}^{S K_{C H_{A}}}$ and the temporary identifier $t a b_{i} = A c c X_{A} \oplus P I D_{C H_{A}}$

(2). Upon receiving the request, $A C A_{1}$ first verifies the freshness of timestamp $T_{1}$ . If $| T_{1}^{*} - T_{1} | \leq Δ T$ , the process continues; otherwise, authentication is terminated. If the timestamp is valid, $A C A_{1}$ retrieves $A c c X_{A}$ = $t_{a b} \oplus P I D_{C H_{A}}$ and then fetches the public key $P K_{C H_{A}}$ from the AUC to verify the signature $σ$ by checking whether $σ^{P K_{C H_{A}}} = H_{1} (A c c X_{A})$ . If verified, the $A C A_{1}$ proceeds with the next step.

(3). $A C A_{1}$ collects the identity tuples $(P I D_{C H_{i}}, A c c X_{i})$ from all cluster head nodes and sends them to the Edge Computing Center (CMC), which computes a new accumulator value:

(3) $A c c X_{S K} = g^{A c c X_{1} \cdot A c c X_{2} \cdot \dots \cdot A c c X_{n}} mod N$

The CMC sends $A c c X_{S K}$ back to $A C A_{1}$ , which stores the updated accumulator and maintains a distributed ledger for managing the identity information of all cluster head nodes. The format of the ledger is (Pseudo identity, Cumulative, Status) ((j = 1, 2, 3, …, n), where the status is marked as true for valid entries and false for revoked entries), as shown in Table 3.

(4). $A C A_{1}$ computes the shared session key with $C H_{A}$ , $S K_{A - C} = H_{2} (A c c X_{S K} ∥ A c c X_{A})$ , where $A c c X_{S K}$ denotes the system-level accumulator value derived from the accumulators of all cluster head nodes, initialized using RSA-based accumulator construction. This value is securely stored by $A C A_{1}$ . $A c c X_{A}$ denotes the accumulator value corresponding to UAV cluster A, computed and securely stored by the cluster head node $C H_{A}$ . The session key $S K_{A - C}$ is derived using a cryptographic hash function $H_{2}$ , where $H_{2} : {0, 1}^{*} \to {0, 1}^{256}$ is a collision-resistant and one-way hash function. The output is a 256 bit binary string that satisfies the randomness and unpredictability required for secure communication. $A C A_{1}$ generates a random number $n \in Z_{q}^{*}$ . It then computes the signature $S i g i = H_{1} {(M_{2})}^{S K_{A C A_{1}}}, where M_{2} = S K_{A - C} (n), t a b_{A} = A c c X_{S K} \oplus P I D_{A C A_{1}}$ . $A C A_{1}$ sends the response message ${Response}_{A} = (S i g i ∥ M_{2} ∥ t a b_{A} ∥ T_{2})$ to $C H_{A}$ .

(5). Upon receiving ${Response}_{A}$ , $C H_{A}$ first checks whether the timestamp $T_{2}$ is within the acceptable threshold. If not, the connection is terminated. If the timestamp is valid, $C H_{A}$ retrieves the public key $P K_{A C A_{1}}$ from the AUC and verifies the signature by checking whether $e (P K_{A C A_{1}}, H_{1} (M_{2})) = e (g, S i g i)$ . If the equation holds, $A c c X_{S K} = t a b_{A} \oplus P I D_{A C A_{1}}$ is calculated and the session key $S K_{A - C}^{'} = H_{2} (A c c X_{S K} ∥ A c c X_{A})$ is derived. $M_{2}$ is decrypted to obtain the random number n.

(6). $C H_{A}$ sends ${Response}_{C} = (s i g i ∥ M_{3} ∥ T_{3})$ to $A C A_{1}$ , where $s i g i = {(H_{1} (M_{3}))}^{S K_{C H_{A}}}$ and $M_{3} = A c c X_{S K} (n + 1)$ .

(7). Upon receiving ${Response}_{C}$ , $A C A_{1}$ first verifies whether the timestamp $T_{3}$ meets the requirement. If not, the session is terminated. If valid, it verifies the signature’s correctness. Finally, it uses $S K_{A - C}$ to decrypt the message $M_{3}$ to obtain the updated random number. If the change in the random number is verified to be valid, the secure session is considered to be successfully established; otherwise, the communication is aborted.

The session key agreement algorithm between the ACA and the cluster head node is described as follows (Algorithm 1).

Algorithm 1: Air Command Aircraft Session Key Agreement

3.2.2. Air Command Aircraft Handover

When the $A C A_{1}$ needs to perform a handover operation, $A C A_{2}$ takes over from $A C A_{1}$ to continue leading the UAV cluster in executing its mission. The ACA handover process, as illustrated in Figure 6, mainly includes the following steps:

(1). Prior to executing the handover task, $A C A_{1}$ broadcasts the message to all UAV clusters: $ExRequest = (sigi ∥ P I D_{A C A_{2}} ∥ M_{4} ∥ T_{4})$ , where $sigi = H_{1} {(M_{4})}^{S K_{A C A_{1}}}$ , and $M_{4} = (signal)$ indicates that a handover operation is to be performed. $P I D_{A C A_{2}}$ represents the pseudo-identity of the target ACA.

(2). Upon receiving the message, $C H_{A}$ first checks the validity of the timestamp $T_{4}$ . If $| T_{4}^{*} - T_{4} | < Δ T$ , the process continues. $C H_{A}$ obtains the public key of $A C A_{1}$ from the AUC and verifies the message by checking whether $e (P K_{A C A_{1}}, H_{1} (M_{4})) = e (g, sigi)$ . If the equation holds, the handover signal is considered valid, and $C H_{A}$ sends $(P I D_{C H_{A}}, A c c X_{A}, r_{A})$ to the CMC.

(3). The CMC generates a secret $k \in Z_{q}^{*}$ as the core signing key of the system and computes the public key $P K = g^{k}$ . It then selects a polynomial $p (x)$ of degree $t - 1$ and $t - 1$ integers such that $p (0) = k$ , with the polynomial defined as the system’s threshold:

(4) $p (x) = k + a_{1} x + a_{2} x^{2} + \dots + a_{t - 1} x^{t - 1} .$

The CMC computes the sub secret for $C H_{A}$ as $d_{A} = p (A c c X_{A})$ and the public value of the partial secret as $D_{A} = d_{A} \oplus A c c X_{A}$ . Finally, it returns the tuple $(P I D_{C H_{A}}, D_{A})$ to $C H_{A}$ .

(4). Upon receiving the message, $C H_{A}$ computes $d_{A} = A c c X_{A} \oplus D_{A}$ and uses the resulting value $d_{A}$ to sign the handover signal $s i g_{A} = H_{1} {(s i g n a l)}^{d_{A}}$ . $C H_{A}$ sends the tuple $(P I D_{C H_{A}}, s i g_{A})$ to $A C A_{1}$ .

(5). After receiving the message from $C H_{A}$ , $A C A_{1}$ performs a single signature verification. It initializes the counter count to 0 and verifies the following equation $e (s i g_{A}, g) = e (H_{1} (s i g n a l), D_{A})$ . If the equation holds, verification passes, and count is incremented by 1. When count reaches or exceeds the threshold t, $A C A_{1}$ performs the aggregate signature operation to generate the final signature S:

(5) $R = \prod_{i = 1}^{t} R_{i} = \prod_{i = 1}^{t} g^{r_{i}}$

(6) $S_{i} = r_{i} + H_{1} (s i g n a l ∥ R) \cdot d_{i}$

(7) $S = \sum_{i = 1}^{t} S_{i} = \sum_{i = 1}^{t} (r_{i} + H_{1} (s i g n a l ∥ R) \cdot d_{i})$

After generating the aggregate signature, $A C A_{1}$ sends the signature message to ${C H}_{A}$ $S i g_{A P} = H_{1} {(s i g n a l)}^{S}$ .

(6). After receiving the signature, ${CH}_{A}$ verifies whether the equation $g^{S} = R \cdot \prod_{i = 1}^{t} {(g^{d_{i}})}^{H_{1} (s i g n a l ∥ R)}$ holds. If the equation is satisfied, the signature S is considered valid and the ACA handover is deemed to be successful.

(7). $A C A_{1}$ transmits the secure message $M_{e x} = (M_{5} ∥ M_{4} ∥ t a b_{e x} ∥ T_{5})$ to $A C A_{2}$ via a secure channel, where $t a b_{e x} = A c c X_{S K} \oplus P I D_{A C A_{1}}$ and $M_{5}$ contains the distributed ledger information of the UAV cluster head nodes $(P I D_{C H_{i}}, A c c X_{i}, True)$ .

(8). Upon receiving the message, $A C A_{2}$ first checks the timestamp $T_{5}$ for validity. If the check passes, it computes $A c c X_{S K} = t a b_{e x} \oplus P I D_{A C A_{1}}$ and re-computes the shared session key with the cluster head node as ${S K_{A - C}}^{'} = H_{2} (A c c X_{S K} ∥ A c c X_{A})$ ; based on $M_{5}$ , it updates its own distributed ledger by adding the cluster head node’s information. Through this process, the new ACA successfully completes the handover and re-establishes a secure communication link.

The ACA handover algorithm is described as follows (Algorithm 2).

Algorithm 2: ACA Handover Mechanism

The abstract expression of the function is defined as follows:

(8) $S K_{A - C}^{'} = F (s i g n a l, {A c c X_{i}}_{i = 1}^{t}, {r_{i}}_{i = 1}^{t}, A c c X_{A C A})$

F

is a composite function that includes operations such as threshold signature aggregation, polynomial reconstruction, pairing verification, and hash derivation. The function outputs the new session key

S K_{A - C}^{'}

shared between the ACA and the cluster head node, serving as the foundation for subsequent secure communication.

The time complexity analysis is presented as follows.

The time complexity of generating the polynomial $p (x)$ is $O (t)$ , the time complexity of exponentiation and pairing operations is $O (t log q) + O (e)$ , the time complexity of threshold signature aggregation is $O (t)$ , and the time complexity of hash-based shared key generation is $O (1)$ . In summary, the overall computational complexity of the handover algorithm can be expressed as

(9) $C_{s w i t c h} = O (t log q) + O (e)$

where e denotes the cost of bilinear pairing operations and q is the group order. This complexity applies to medium-scale clusters, and when the number of cluster head nodes

t \leq 10

, the algorithm supports low-latency handover in practice.

3.2.3. Cluster Joining and Departure

(1). When UAV cluster Z joins the network, it collaborates with other UAV clusters under the leadership of the ACA to complete tasks.

The cluster head node $C H_{Z}$ of UAV cluster Z first registers with the KGC to obtain its pseudo-identity $P I D_{C H_{Z}}$ and key pair $(P K_{C H_{Z}}, S K_{C H_{Z}})$ . Through the CMC, identity proofs for the member UAVs in the cluster are generated, while $C H_{Z}$ stores its own accumulator value $A c c X_{Z}$ . When cluster Z joins the network, the shared session key must be updated as follows:

(10) ${A c c X_{S K}}^{'} = A c c X_{S K}^{A c c X_{Z}}$

(11) ${S K_{A - C}}^{''} = H_{2} ({A c c X_{S K}}^{'} ∥ A c c X_{Z})$

Subsequent communication between the ACA and $C H_{Z}$ uses ${S K_{A - C}}^{'}$ as the session key. The ACA invokes the update contract to add the information of cluster Z to the distributed ledger.

(2). When UAV cluster Z leaves the current network, the system must recompute the shared session key:

(12) ${A c c X_{S K}}^{'} = {A c c X_{S K}}^{A c c X_{Z}^{- 1}}$

(13) ${SK}_{A - C}^{''} = H_{2} ({A c c X_{S K}}^{'} ∥ A c c X_{i}) .$

Subsequent communication between the ACA and other cluster head nodes will use ${S K_{A - C}}^{''}$ as the session key. The ACA invokes the revocation contract to update the status of $P I D_{C H_{Z}}$ to false.

4. Security Analysis

In this section, we conduct a security analysis of the overall system framework, focusing on the security requirements that must be satisfied in the design of the authentication scheme. Finally, we discuss potential attacks that may arise during the implementation of the handover mechanism and propose corresponding countermeasures.

4.1. Proof of Logical Correctness

This section adopts BAN logic [17] (Burrows–Abadi–Needham, BAN) to prove the logical correctness of the proposed scheme. Table 4 presents the fundamental notations used in BAN logic.

Reasoning rules:

Message meaning rules:

Rule 1: $\frac{P ∣ \equiv \overset{K}{Q \leftrightarrow P}, P ◃ {X}_{K}}{P ∣ \equiv Q \sim X}$

Rule 2: $\frac{P ∣ \equiv # (X), P ∣ \equiv Q ∣ \sim X}{P ∣ \equiv Q ∣ \equiv X}$

Rule 3: $\frac{P ∣ \equiv X, P ∣ \equiv Y}{P ∣ \equiv (X, Y)}$ $\frac{P ∣ \equiv (X, Y)}{P ∣ \equiv X}$ $\frac{P ∣ \equiv Q ∣ \equiv (X, Y)}{P ∣ \equiv Q ∣ \equiv X}$

Rule 4: $\frac{P ∣ \equiv # (X)}{P ∣ \equiv # (X, Y)}$

4.1.1. The Mutual Authentication Inference Process Between UAV Cluster C and Air Command Aircraft A

Idealized Protocol:

Message 1.1: C → A: ${T_{C}, \overset{K_{C A}}{C \leftrightarrow A}}$ from C

Message 1.2: A → C: ${T_{A}, \overset{K_{C A}}{A \leftrightarrow C}}$ from A

Authentication Goals:

Purpose 1.1: $A ∣ \equiv C ∣ \equiv \overset{K_{C A}}{C \leftrightarrow A}$

Purpose 1.2: $C ∣ \equiv A ∣ \equiv \overset{K_{C A}}{(C \leftrightarrow A)}$

Initial Assumptions:

Assumption 1.1: $A ∣ \equiv C ∣ \sim {T_{C}, K_{C A}, C \leftrightarrow A}$

Assumption 1.2: $C ∣ \equiv A ∣ \sim {T_{A}, K_{C A}, A \leftrightarrow C}$

Assumption 1.3: $C ∣ \equiv # (T_{A})$

Assumption 1.4: $A ∣ \equiv # (T_{C})$

Step 1: We deduce from Message 1.1. The Air Command Aircraft A receives the message and confirms the source.

Based on Assumption 1.1 and Rule 1, $(B ∣ \equiv A \overset{K}{\leftrightarrow} B and B ▹ X, B ∣ \equiv A \sim X)$ , we can infer that

$R 1 : A ∣ \equiv C \sim {T_{C}, \overset{K_{C A}}{C \leftrightarrow A}}$

Based on Assumption 1.4, Rules 4 and R1, $(B ∣ \equiv # (X) and B ∣ \equiv A \sim X, B ∣ \equiv A ∣ \equiv X)$ we can deduce that

$R 2 : A ∣ \equiv C ∣ \equiv \overset{K_{C A}}{(C \leftrightarrow A)}$

Based on Rule 3 and R2 $(B ∣ \equiv A ∣ \equiv X, B ∣ \equiv X)$ , we can deduce:

$A ∣ \equiv \overset{K_{C A}}{C \leftrightarrow A}$

The Air Command Aircraft A will eventually confirm that $K_{C A}$ is trusted by the cluster node C.

Step 2: We deduce From Message 1.2. The cluster node C receives the message and confirms the source.

Based on Assumption 1.2 and Rule 1, $(B ∣ \equiv A \overset{K}{\leftrightarrow} B and B ▹ X, B ∣ \equiv A \sim X)$ , we can deduce that

$R 3 : C ∣ \equiv A \sim {T_{A}, \overset{K_{C A}}{C \leftrightarrow A}}$

Based on Assumption 1.3, Rule 4, and R3, $(B ∣ \equiv # (X) and B ∣ \equiv A \sim X, B ∣ \equiv A ∣ \equiv X)$ , we can deduce that

$R 4 : C ∣ \equiv A ∣ \equiv \overset{K_{C A}}{(A \leftrightarrow C)}$

This shows that the cluster node C and the Air Command Aircraft A share the trusted $K_{C A}$ .

Based on Rule 3 and R4, $(B ∣ \equiv A ∣ \equiv X, B ∣ \equiv X)$ , we can deduce that

$C ∣ \equiv \overset{K_{C A}}{A \leftrightarrow C}$

The cluster node C confirms that $K_{C A}$ , trusted by Air Command Aircraft A, is shared and trusted.

4.1.2. Authentication Reasoning for Handover of the Air Command Aircraft in the UAV Cluster (New Air Command Aircraft N, Handover Signal $s i g n a l$ )

Idealized Protocol:

Message 2.1: A → C: ${N, T_{A}, s i g n a l}$ from A

Message 2.2: C → N: ${T_{C}, \overset{K_{C N}}{C \leftrightarrow N}}$ from C

Message 2.3: N → C: ${T_{N}, \overset{K_{C N}}{N \leftrightarrow C}}$ from N

Authentication Goals:

Purpose 2.1: $N ∣ \equiv C ∣ \equiv \overset{K_{C N}}{C \leftrightarrow N}$

Purpose 2.2: $C ∣ \equiv N ∣ \equiv \overset{K_{C N}}{(N \leftrightarrow C)}$

Initial Assumptions:

Assumption 2.1: $N ∣ \equiv C ∣ \sim {T_{C}, K_{C N}, C \leftrightarrow N}$

Assumption 2.2: $C ∣ \equiv N ∣ \sim {T_{N}, K_{C N}, N \leftrightarrow C}$

Assumption 2.3: $C ∣ \equiv # (T_{N})$

Assumption 2.4: $N ∣ \equiv # (T_{C})$

Step 1: We deduce From Message 2.2. New Air Command Aircraft N receives messages and verifies sources.

Based on Assumption 2.1 and Rule 1, $(B ∣ \equiv A \overset{K}{\leftrightarrow} B and B ▹ X, B ∣ \equiv A \sim X)$ , we can deduce that

$R 5 : N ∣ \equiv C \sim {T_{C}, \overset{K_{C N}}{C \leftrightarrow N}}$

Based on Assumption 2.4, Rule 4, and R5, $(B ∣ \equiv # (X) and B ∣ \equiv A \sim X, B ∣ \equiv A ∣ \equiv X)$ , we can deduce that

$R 6 : N ∣ \equiv C ∣ \equiv \overset{K_{C N}}{(C \leftrightarrow N)}$

This indicates that the new Air Command Aircraft N and the cluster head node C confirm that the encryption key $K_{C N}$ is shared between them.

Based on Rule 3 and R6, $(B ∣ \equiv A ∣ \equiv X, B ∣ \equiv X)$ , we can deduce that

$N ∣ \equiv \overset{K_{C N}}{C \leftrightarrow N}$

This shows that the new Air Command Aircraft N ultimately confirms that the encryption key $K_{C N}$ is shared between the new Air Command Aircraft and the cluster head node C.

Step 2: We deduce From Message 2.3. Cluster head node C receives the message and verifies the source.

Based on Assumption 2.2 and Rule 1, $(B ∣ \equiv A \overset{K}{\leftrightarrow} B and B ▹ X, B ∣ \equiv A \sim X)$ , we can deduce that

$R 7 : C ∣ \equiv N \sim {T_{N}, \overset{K_{C N}}{(N \leftrightarrow C)}}$

Based on Assumption 2.3, Rule 4, and R7, $(B ∣ \equiv # (X) and B ∣ \equiv A \sim X, B ∣ \equiv A ∣ \equiv X)$ , we can deduce that

$R 8 : C ∣ \equiv N ∣ \equiv \overset{K_{C N}}{(N \leftrightarrow N)}$

This shows that cluster head node C, trusting the new Air Command Aircraft N, confirms that the encryption key $K_{C N}$ is shared between them.

Based on Rule 3 and R8, $(B ∣ \equiv A ∣ \equiv X, B ∣ \equiv X)$ , we can deduce that

$C ∣ \equiv \overset{K_{C N}}{C \leftrightarrow N}$

This shows that cluster head node C ultimately confirms that the encryption key $K_{C N}$ is shared between the new Air Command Aircraft N.

Through the application of BAN logic, the logical correctness of the mutual authentication between the cluster head node and the Air Command Aircraft (ACA), as well as the ACA handover process, is verified. The derivation not only prevents unauthorized access and replay attacks but also confirms the legitimacy of the shared session key. After a successful handover to the new ACA, secure communication with the cluster head node can be rapidly re-established.

4.2. Security Analysis

(1). Mutual Authentication [25]: In this scheme, mutual authentication is achieved through digital signatures, timestamp verification, and bilinearity-based techniques to ensure secure communication between UAV clusters and the Air Command Aircraft (ACA). The digital signature is based on the RSA algorithm. If an attacker attempts to impersonate the ACA, they must satisfy the following conditions:

(i). The attacker must recover the private key used for signature generation. However, RSA security is grounded in the hardness of integer factorization, which has exponential complexity and cannot be solved within a reasonable timeframe. Timestamp verification effectively limits replay attacks, preventing the reuse of captured signatures outside their validity period.

(ii). Given a signature $S = H {(m)}^{d} mod N$ , the attacker must recover d (the private key) in order to forge S. This requires factoring the modulus N into its prime components p and q. The most efficient known classical algorithm for this is the Number Field Sieve (NFS) [26], whose time complexity is $O (e^{{(c \cdot \log N)}^{1 / 3} {(\log \log N)}^{2 / 3}})$ , where c is a constant. For a 2048 bit RSA key, even with a supercomputer, factoring requires approximately $10^{19}$ operations, making it infeasible with current technology. Therefore, attackers cannot practically recover the RSA private key, rendering signature forgery nearly impossible.

(2). Confidentiality [27]: Confidentiality includes both forward and backward secrecy. In the proposed system, each authentication and communication session between the ACA and the cluster head node dynamically generates a session key based on their respective secret information. These session keys do not rely on long-term keys. Even if a session key is compromised in the future, the confidentiality of previous communications remains unaffected.

(3). Anonymity [28]: By employing pseudo-identities (PIDs) and RSA-based dynamic accumulator techniques, the ACA does not reveal its real identity during the authentication and handover processes.

(4). Attack Resistance: To effectively defend against spoofing attacks and man-in-the-middle (MITM) attacks, the proposed scheme integrates multiple protection mechanisms, including digital signature verification, timestamp validation, and randomness in session key negotiation. During each authentication process between the ACA and the cluster head node, the cluster head node signs the authentication message with its private key, and the ACA retrieves the corresponding public key from the AUC to verify the source legitimacy. Meanwhile, the authentication message includes a current timestamp, and a predefined time window ΔT is used to determine message freshness, thereby mitigating replay attacks. Furthermore, both parties incorporate XOR operations and hash functions to obfuscate the input parameters during session key negotiation, ensuring that the derived shared key is secure and resistant to reconstruction even if intercepted. By combining multi-source authentication, signature-based verification, and dynamic key negotiation, the proposed scheme significantly enhances the security and robustness of the authentication process. This ensures that the system can maintain stable identity verification capabilities even under dynamic and high-frequency communication conditions.

4.3. Attack Model

(1). Spoofing Attack [29]: The system ensures secure communication between the ACA and UAVs by employing digital signatures and timestamp verification. Digital signatures are generated using the RSA algorithm. To impersonate the ACA, an attacker would need to recover the private key, which is computationally infeasible due to the hardness of the integer factorization problem underlying RSA. Furthermore, timestamps are embedded in each communication to ensure message validity within a limited time window, making it impossible for attackers to reuse outdated messages for forgery.

(2). Man-in-the-Middle (MITM) Attack [30]: The system utilizes a session key agreement mechanism to dynamically generate shared keys, ensuring the confidentiality and integrity of transmitted data and preventing interception or tampering. The CMC promptly verifies signatures during the authentication process to validate both parties, reduce latency, and enhance the system’s resistance to MITM attacks.

(3). Denial-of-Service (DoS) Attack [31]: The proposed system adopts a dual-chain collaborative architecture comprising an identity blockchain and an authentication blockchain. By distributing authentication tasks across different ledger nodes, the system effectively reduces the risk of single-point control failures. In addition, the CMC acts as a buffer and filtering module in the authentication and message forwarding processes. When excessive request traffic targeting the main control node is detected, rate-limiting and frequency filtering mechanisms can be activated to prevent malicious request floods from congesting the communication channel. Furthermore, a request validation interface is embedded in the smart contracts, allowing only entities with a verified status of true to initiate authentication requests, thereby strengthening the system’s resistance to distributed denial-of-service (DDoS) attacks. Since identity information is stored on a decentralized blockchain, nodes that have already completed authentication can directly retrieve cluster head information from the distributed ledger. This reduces the communication burden on the main control node and simultaneously mitigates the impact of DDoS attacks.

5. Experimental Design

In this section, we evaluate the performance of the proposed scheme through simulation experiments, focusing on three key aspects: computational overhead, communication overhead, and storage overhead.

5.1. Experimental Setup

In our experiments, the system was configured with an Intel® Core™ i7-10870H CPU @ 2.20GHz and 32GB RAM, running Ubuntu 20.04 (64 bit). The blockchain network was deployed using FISCO BCOS version 2.9.0. This experimental environment supported detailed data analysis to evaluate the performance and feasibility of the proposed scheme. Furthermore, the effectiveness of ledger recording and management capabilities validated the practicality and reliability of the solution.

5.2. Performance Analysis

5.2.1. Computational Overhead

We divided the analysis into two phases, Phase 1 and Phase 2, representing the authentication process between the UAV cluster’s cluster head node and the ACA and the ACA handover process, respectively.

Phase 1 focused on establishing reliable communication between the cluster head node and the ACA. During this phase, mutual authentication was performed and session keys were negotiated to ensure confidentiality. The main computational tasks in this phase included key generation, encryption/decryption, and signature verification.

Phase 2 centered on the rapid handover of the ACA. During handover, the system verified the identity of the newly designated ACA and updated the communication keys of the cluster head nodes to maintain the integrity and security of the communication links. The main computational operations in this phase involved signature verification and session key updates.

Throughout mutual authentication and ACA handover, computational overhead mainly included pairing-based encryption, decryption, hash computation, and elliptic curve scalar multiplication. Table 5 provides a breakdown of the core computational operations involved in the system.

The computational overhead of each operation, ranked from lowest to highest in terms of time consumption, was as follows: $T_{V} < T_{X O R} < T_{H S} < T_{S E} < T_{H K} < T_{A E} < T_{S M} < T_{M}$ .

Under the same experimental settings, we selected Blockchain-based Cross-domain Authentication (BCA) [13], Anonymous Biometrics-based Authentication (ABA) [32], and Secure Authentication and Key Agreement (SAKA) [33] as baseline schemes for comparison, primarily due to their representativeness and technical relevance in the current field of authentication research. BCA is a blockchain-based authentication mechanism that adopts centralized control and identity chain architecture. It is highly representative in terms of identity isolation and trusted access but suffers from high authentication latency in high-frequency dynamic handover scenarios. The ABA scheme integrates biometric recognition and anonymity mechanisms, emphasizing lightweight design and privacy protection, and serves as a typical example of low-cost identity authentication. SAKA is based on the traditional UMTS architecture and focuses on ensuring the reliability of the authentication process and the consistency of key agreement, representing classical key negotiation models. However, these three schemes exhibit varying degrees of adaptability to the ACA handover scenario. BCA mainly targets blockchain-based access authentication and does not address the dynamic handover of command nodes. ABA and SAKA, though not specifically designed for UAV systems, support key agreement and fast re-authentication processes, thereby demonstrating a certain degree of adaptability to handover scenarios. In contrast, the proposed scheme is designed to support ACA handover authentication with enhanced dynamic adaptability, scalability, and mission coordination capability, effectively addressing the limitations of existing solutions in this domain. The key computational overhead for each scheme is summarized in Table 6.

As shown in Table 6, compared with other schemes, our proposed method improved both the mutual authentication efficiency between the cluster head node and the ACA and the performance of ACA handover. This was because our scheme completed the identity verification of each UAV node during the initialization phase and offloaded complex computations to the Edge Computing Center during cluster management and ACA handover, thereby reducing the computational burden on the UAV nodes. For instance, in Phase 2, the computational cost was represented as $T_{H K} + 2 T_{H S} + 3 T_{X O R} + 2 T_{V}$ , which corresponded to one key agreement operation, two hash computations, three XOR operations, and two verification operations executed during the ACA handover process.

Figure 7a illustrates the cost of mutual authentication between UAV cluster head nodes under our scheme and the BCA, ABA, and SAKA schemes when the number of clusters increased from 2 to 10 under the same experimental conditions. As shown in the figure, the authentication time in all schemes increased approximately linearly with the number of clusters. However, our scheme achieved significantly lower authentication time compared to BCA, ABA, and SAKA. In our scheme, each UAV cluster completed identity registration in advance, and the cluster head node distributed and uploaded identity credentials before the mutual authentication phase. Therefore, this step did not add computational overhead to the subsequent authentication process. Figure 7b illustrates the trend of computational overhead during the ACA handover process as the number of UAV clusters increased. In comparison with ABA and SAKA, the experimental results show that our proposed scheme maintained a relatively low level of computational cost as the cluster size grew, indicating good scalability of the scheme.

5.2.2. Communication Overhead

To better evaluate the communication cost differences between our scheme and other approaches, we adopted SHA256 as the hash function. The computation lengths of communication-related elements are summarized in Table 7.

Table 8 presents the communication overhead of our scheme in comparison with BCA, ABA, and SAKA during the communication phase.

Since messages of different tasks vary in length, we focused solely on calculating the communication overhead associated with identity authentication and handover processes between the cluster head node and the ACA.

In Figure 8a, we present the total signaling overhead generated in the network when each scheme performed the same number of access authentications. The figure shows that compared to BCA, ABA, and SAKA, our scheme significantly reduced the number of authentication signaling messages. This was because our scheme allowed the cluster head node to manage the identity of its member UAVs in advance, thereby reducing the number of identity verifications required by the network. Since signaling overhead was primarily determined by the number of clusters rather than the internal size of each cluster, our approach effectively alleviated the load during access bursts.

During the ACA handover process, as the number of handovers increased, the corresponding communication overhead also rose. By managing the cluster head nodes and updating the ACA’s distributed ledger, our scheme effectively reduced the amount of communication signaling required in the network, thereby alleviating the communication burden during handover. We conducted a simulation-based comparison with ABA and SAKA, where each scheme performed the same number of handover operations using its respective protocol, and the total communication signaling generated was recorded. As shown in Figure 8b, the experimental results demonstrate that under the same number of handovers, our scheme significantly reduced the number of interactions required during ACA handover, thus decreasing overall communication signaling and lowering communication overhead.

5.2.3. Storage Overhead

During the system initialization phase, identity information of UAVs within the cluster was sent to the cluster head node, which collected and forwarded it to the CMC. The CMC generated the corresponding identity credentials for each member UAV. The cluster head node only stored the cluster’s accumulated value $A c c X$ , eliminating the need to store additional parameters during subsequent authentication and handover processes.

In Phase 2, during ACA handover, each ACA maintained a local distributed ledger that stored the identity information of cluster head nodes for session key computation. Figure 9 shows the storage overhead per entity during mutual authentication and handover when the number of UAV clusters was 5. Compared to ABA and SAKA, our scheme achieved the lowest storage overhead per entity. The figure also shows that in our scheme, UAVs had the smallest storage burden across all tested cluster sizes. The storage overhead on the ACA side was slightly higher than in ABA due to the fact that the ACA maintained a categorized ledger of the identities of all cluster head nodes, which facilitated more efficient ACA handover.

6. Conclusions

This paper addressed the problem of identity authentication and secure communication during dynamic ACA handover in cooperative multi-UAV clusters. To this end, we proposed a dynamic authentication and handover mechanism based on a dual-chain architecture. By coordinating an identity chain and an authentication chain, the mechanism achieves a functional separation between UAV identity management and ACA handover authentication tasks, thereby enhancing the system’s scalability and responsiveness. The proposed design is supported by smart contract-driven authentication workflows, the formal modeling of algorithmic processes, computational complexity analysis, and security verification using BAN logic, providing a solid foundation for both logical correctness and engineering feasibility. This work emphasizes the following mathematical techniques:

(1). The formal modeling of the authentication process using symbolic functions and BAN logic to derive the system’s logical security properties.

(2). The construction of algorithmic models for key agreement and handover procedures, along with abstract function representation and time complexity analysis to evaluate computational resource consumption.

(3). The integration of cryptographic primitives, including cryptographic accumulators and bilinear pairings, to provide mathematically grounded security assurances.

The experimental results demonstrate that the proposed mechanism maintains strong security guarantees while achieving significant reductions in computation, communication, and storage overhead compared to existing solutions. It is especially effective in large-scale UAV networks with frequent node mobility. Future research will explore the following directions: extending formal verification to encompass the mathematical modeling of multi-chain synchronization and state consistency; incorporating adaptive game theory or reinforcement learning to optimize ACA handover strategies; and applying robust control theory to evaluate system self-recovery under ACA failure scenarios.

Author Contributions

Methodology, Y.C.; Formal analysis, Y.C.; Investigation, J.M., X.Y. and G.Y.; Resources, Y.F.; Writing—original draft, Y.C.; Writing—review and editing, Y.C., J.M., Y.F., and Z.D.; Visualization, Y.F.; Supervision, J.M.; Funding acquisition, Y.F. All authors have read and agreed to the published version of the manuscript.

Data Availability Statement

All information is included in the article.

Conflicts of Interest

The authors declare no conflicts of interest.

Footnotes

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Figures and Tables

Figure 1 System architecture.

Figure 2 The registration flowchart of the cluster head node.

Figure 3 The registration flowchart of the air command aircraft.

Figure 4 The registration flowchart of the UAV cluster.

Figure 5 The authentication flowchart between the cluster head node and the ACA.

Figure 6 The flowchart of the ACA handover process.

Figure 7 (a) Computational overhead of mutual authentication operations as the number of UAV clusters increased. (b) Computational overhead of handover operations as the number of UAV clusters increased.

Figure 8 (a) Communication signaling generated during mutual authentication as the number of UAV clusters increased. (b) Communication signaling generated during the same number of handover operations using different handover protocols.

Figure 9 Entity storage overhead.

Table 1

Comparative analysis between our scheme and representative existing technologies.

Dimension	Scheme [14]	Scheme [16]	Scheme [20]	Our Scheme
Architecture	Single-chain	Single-chain	Centralized control	Dual-chain collaborative
Key Management	Identity chain key exchange	Certificate-free key negotiation	Centralized key negotiation	Accumulator + distributed ledger
Handover Capability	Weak	Support but high latency	Support but high latency	Strong
Security	Replay attack resistance	Anti-forgery	Fault tolerance	Anti-spoofing, anti-forgery, anonymity
Application Scenario	Small scale networks	Multi-domain modeled networks	Hybrid networks	High dynamic networks

Table 2

Symbol Meanings.

Notation	Definition
P	Generator of the cyclic addition group $G_{1}$
$C H_{i}$	Cluster head node of UAV i
$A C A_{i}$	Air command aircraft i
$I D_{i}^{A}$	UAV i within UAV cluster A
$P I D_{C H_{A}}$	Pseudo-identity of cluster head node A
$P I D_{A C A_{i}}$	Pseudo-identity of Air Command Aircraft i
$P K_{C H_{A}}$	Public key of the cluster head node A
$S K_{C H_{A}}$	Private key of the cluster head ndoe A
T	Timestamp used to record and synchronize event occurrences
$D_{A}$	Public value used by the cluster head node A to sign handover messages
$A c c X_{A}$	Accumulated value of UAV cluster A
$S K_{A - C}$	Shared secret key between the ACA and the cluster head node
$I D C$	Identity chain
$A U C$	Authentication chain
$W i t_{I D_{i}^{A}}$	Identity credential of UAV i in UAV cluster A
$s i g n a l$	ACA handover signal

Table 3

Ledger format.

Pseudo Identity	Cumulative	Status
$P I D_{C H_{j}}$	$A c c X_{j}$	True
$P I D_{C H_{k}}$	$A c c X_{k}$	True
…	…	…
$P I D_{C H_{n}}$	$A c c X_{n}$	True

Table 4

Basic terms of BAN logic.

Term	Meaning
$P ∣ \equiv X$	P believes X is trustworthy
$P ∣ \sim X$	P has sent a message containing X at some point in time
$P ∣ \Rightarrow X$	P has arbitration rights over X
#(X)	X is fresh
${X}_{k}$	Encrypt X using key k
$\overset{K}{P \leftrightarrow Q}$	P and Q share K

Table 5

Computational cost of major operations.

Pseudo Identity	Cumulative
$T_{S E}$	Symmetric encryption/decryption
$T_{A E}$	Asymmetric encryption/decryption
$T_{H S}$	Hash-based signature computation
$T_{H K}$	Hash-based key agreement computation
$T_{M}$	Modular multiplication
$T_{S M}$	Scalar multiplication on elliptic curves
$T_{X O R}$	XOR operation
$T_{V}$	Verification operation

Table 6

Computational overhead for completing access authentication.

Scheme	Time
BCA	$2 T_{S E} + 4 T_{A E} + 3 T_{S M} + 1 T_{H K} + 5 T_{V}$
ABA	$4 T_{S M} + 2 T_{H K} + 6 T_{A E} + 6 T_{H S} + 1 T_{S E} + 1 T_{V}$
SAKA	$3 T_{S M} + 2 T_{S E} + 1 T_{H K} + 5 T_{H S} + 3 T_{V}$
Ours (Stage 1)	$2 T_{M} + T_{H K} + 2 T_{S E} + 3 T_{X O R} + 2 T_{V}$
Ours (Stage 2)	$T_{H K} + 2 T_{H S} + 3 T_{X O R} + 2 T_{V}$

Table 7

Lengths of relevant cryptographic elements.

Element	Length
TimeStamps	32 bytes
Randoms	64 bytes
Hash	256 bytes
G_Element	256 bytes
PID	64 bytes

Table 8

Communication overhead.

Scheme	Communication Overhead
BCA	2056 bytes
ABA	1952 bytes
SAKA	2656 bytes
Ours (Stage 1)	1312 bytes
Ours (Stage 2)	1088 bytes

© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.

Dual-Chain-Based Dynamic Authentication and Handover Mechanism for Air Command Aircraft in Multi-UAV Clusters

Content area