A Blockchain-Based Cross-Domain Authentication Scheme for Unmanned Aerial Vehicle-Assisted Vehicular Networks

Abstract

With the rapid increase in the number of vehicles and the growing demand for low-latency and reliable communication, traditional vehicular network architectures face numerous challenges. Unmanned Aerial Vehicle (UAV)-assisted vehicular networks provide an innovative solution for real-time data transmission and efficient cross-domain communication, significantly enhancing resource allocation efficiency and traffic safety. However, these networks also raise privacy and security concerns. Traditional symmetric key and Public Key Infrastructure (PKI)-based authentication schemes suffer from issues such as key management, certificate verification, and data leakage risks. While blockchain technology has been explored to address these problems, it still suffers from inefficiencies and high computational overhead. This paper proposes a UAV-assisted vehicular network architecture that leverages UAVs as trusted intermediaries for cross-domain authentication, effectively reducing authentication delays and improving scalability. Through ProVerif security proofs and detailed theoretical analysis, the proposed scheme is demonstrated to meet the security requirements of vehicular networks and withstand a broader range of attacks. Performance evaluation results show that the proposed scheme achieves at least a 20% reduction in computational and communication overhead compared to existing schemes, highlighting its significant advantages. Additionally, the average consensus time for the proposed scheme is at least 40% lower than existing schemes. The novelty of the proposed scheme lies in the integration of UAVs as trusted intermediaries with blockchain technology, addressing key management and privacy issues, and providing an efficient and secure solution for high-density vehicular networks.

1. Introduction

In recent years, vehicular networks have gained significant attention from governments, enterprises, and academia due to their potential to enhance traffic efficiency, driving safety, and overall system value [1,2,3]. However, the rapid growth in vehicle numbers, increasing concerns about privacy, and rising demands for low-latency, highly reliable communication have posed significant challenges to traditional vehicular network architectures [4,5,6]. Consequently, designing novel architectures to address these limitations and improve network performance is crucial.

As a crucial foundation of intelligent transportation, the UAV-assisted vehicular networks play an important role in daily life. By enabling real-time data transmission and efficient communication, they assist users in making informed decisions, thereby enhancing traffic efficiency and safety [7,8,9,10]. For instance, in cross-domain scenarios such as traffic coordination between urban and suburban areas or data sharing across regions, UAV-assisted networks further optimize resource allocation and communication efficiency [11,12]. Nevertheless, the involvement of sensitive information, such as driving trajectories and habits, introduces substantial privacy and security challenges. In such scenarios, authentication mechanisms are particularly critical. These mechanisms ensure the authenticity of communication entities, prevent data tampering and unauthorized access, and safeguard the security and reliability of the network [13,14].

To achieve cross-domain authentication, solutions can leverage symmetric key-based schemes or Public Key Infrastructure (PKI)-based approaches, depending on the nature of the sensitive information [15]. Symmetric key-based schemes face challenges related to key management, while PKI-based solutions encounter high certificate management costs, including certificate status verification, path construction, and distribution. Both approaches, however, risk data leakage and single points of failure, which makes it difficult to guarantee secure cross-domain authentication.

Blockchain, as an emerging technology, has gradually been employed to address these challenges. Its distributed architecture provides flexible network connectivity for vehicles and ensures a high level of security during data sharing and collaboration [16,17]. By establishing a decentralized and immutable distributed ledger, blockchain reduces the risk of partial damage or loss and mitigates single points of failure. However, existing blockchain-based solutions face limitations [18,19]. For instance, they often suffer from low efficiency in cross-domain authentication due to multiple communication rounds, resulting in high computational overhead. Additionally, the time required for blockchain consensus mechanisms makes it challenging to meet the real-time demands of vehicular networks.

To tackle these issues, a promising solution is to adopt a UAV-assisted vehicular network architecture, where UAVs serve as nodes for collecting and disseminating messages [20]. With their high flexibility and mobility, UAVs facilitate faster communication and provide dynamic network topologies, significantly reducing delays and network congestion in cross-domain scenarios. Furthermore, UAVs can act as trusted intermediaries to manage authentication across different domains, addressing the inefficiencies and high overhead associated with traditional blockchain-based approaches [21,22]. Nevertheless, implementing an effective cross-domain authentication solution remains challenging. A unified authentication mechanism must be developed to operate across multiple autonomous domains with varying trust models and security policies. This mechanism must address the issue of interoperability, consistency of security policies, and computational efficiency, while meeting the real-time performance requirements of dynamic vehicular environments. Therefore, a solution that balances security, scalability, and low latency is critical for advancing vehicular network performance.

In the past decade, some cross-domain authentication schemes have provided many innovative ideas for vehicular networks, but they still have some limitations [11,12,23]. Zhu et al. [11] involved the TA in multiple steps of the authentication process, resulting in significant computational and communication overheads. In addition, the centralized architecture adopted by Zhong et al. [12] also faces a single point of failure—once the TA is compromised, the security of the entire system will be threatened. Zhu et al. [23] overlooked privacy protection, leading to the disclosure of vehicle identity or traffic information, which could have serious consequences.

To address the aforementioned limitations and reduce the pressure on the TA side as well as ensure privacy and security, we design a cross-domain authentication scheme for UAV-assisted vehicular networks based on Blockchain in this paper. The main contributions are summarized as follows.

• This work proposed a cross-domain authentication architecture that integrates blockchain technology with UAV-assisted vehicular networks. This architecture leverages blockchain’s decentralized trust mechanism to enhance security and eliminate single points of failure, while UAVs dynamically manage cross-domain communications, significantly improving the efficiency and scalability of the authentication process.
• The proposed scheme incorporates biometric information (e.g., user’s biometric keys) and Physical Unclonable Functions (PUF) to enhance privacy protection and resistance against attacks. By utilizing encryption, hashing, and anonymization techniques, the scheme effectively safeguards user identities and defends against common security threats such as identity forgery and data tampering.
• The proposed scheme adopts Elliptic Curve Cryptography (ECC). This protocol significantly reduces computational and communication overhead, making it suitable for resource-constrained vehicular devices. Moreover, the protocol adopts a dynamic key agreement mechanism that meets real-time requirements and ensures robust scalability and security in vehicular environments.
• The proposed scheme demonstrates the security using the ROR model. Detail security analysis and experimental comparisons show that our proposed scheme offers better communication efficiency and security than other related schemes.

The structure of the rest of this paper is as follows. Section 2 provides a review and analysis of the existing literature. Related preliminaries are introduced in Section 3. Section 4 presents the details of the proposed scheme. Security proof and analysis are included in Section 5. Section 6 presents the performance evaluation, and the paper is concluded in Section 7.

2. Related Work

UAV-assisted vehicular networks have emerged as a promising architectural approach to improving traffic efficiency, driving safety, and overall network performance. By combining the mobility of UAVs with the connectivity of vehicular systems, these networks offer advantages such as real-time data collection, resource optimization, and dynamic topology management. However, the highly dynamic and open nature of these networks introduces significant privacy and security challenges, especially in cross-domain scenarios involving multiple autonomous systems with different trust models and security policies. These challenges necessitate robust authentication mechanisms to ensure the secure and efficient operation of UAV-assisted vehicular networks.

Authentication is a fundamental component of vehicular network security, ensuring that only legitimate vehicles and entities can participate in the network. To address this need, various authentication schemes have been proposed [13,14,24,25]. Rajput et al. [13] proposed a privacy-preserving hierarchical authentication scheme, but it requires multiple identity authentications, reducing efficiency for frequent requests. Jiang et al. [14] improved upon PKI-based approaches by adopting timestamp signatures for anonymous authentication, simplifying the process and enhancing efficiency for high-frequency scenarios. Canetti et al. [24] proposed a Public Key Infrastructure (PKI)-based method for validating vehicle legitimacy through certificate verification. While effective, this approach suffers from increased computational and communication overhead as the number of vehicles grows, due to the complexity of key management. However, these schemes still impose significant computational burdens on vehicles, especially in resource-constrained environments.

To alleviate these burdens, lightweight authentication schemes have been explored. Sahu et al. [26] used hash operations and the Elliptic Curve Digital Signature Algorithm (ECDSA) to optimize computational efficiency, while Tahir et al. [27] introduced a lightweight multi-factor authentication mechanism that simplifies the process and reduces communication overhead. Despite these advancements, most existing schemes focus only on the authentication process itself and overlook the broader challenges of vehicular environments.

As vehicular networks extend across boundaries, cross-domain authentication becomes crucial for secure interactions among vehicles from different domains. Chen et al. [28] proposed a certificate-based cross-domain authentication scheme that uses batch verification to handle multiple requests, reducing computational overhead compared to individual verification. Zhu et al. [11] proposed a lightweight cross-domain direct identity authentication protocol for VANETs. This method minimizes computational delays but faces scalability issues when handling large volumes of requests.

Blockchain technology, with its decentralized, transparent, and secure characteristics, has emerged as a transformative solution for cross-domain authentication in vehicular networks. By distributing trust across multiple nodes, blockchain reduces reliance on centralized authorities, making it suitable for dynamic and high-frequency authentication scenarios. Although many cross-domain authentication schemes for vehicular networks have been proposed [11,12,18,19,23,28,29], these schemes still face several issues and limitations [30]. Zhong et al. [12] proposed a blockchain-based cross-domain batch authentication scheme for VANETs, CD-BASA, which combines blockchain with accumulator technology to facilitate rapid cross-domain authentication, decentralize the management of authentication records, and reduce the size of cryptographic proofs for efficiency. Phan et al. [18] proposed an integrated solution for connected vehicles and IoT based on 5G communication technology and edge computing, addressing the issues of insufficient communication bandwidth and high latency in high-density vehicular environments, while enhancing system security and privacy protection through blockchain technology. Danjuma Maiwada et al. [19] proposed a blockchain scalability optimization scheme based on a hierarchical architecture, Dynamic Proof of Stake (DPoS), and sharding technology, addressing the issues of low throughput and high latency in blockchain networks under high-density transaction environments in 5G networks. Yang et al. [29] utilized blockchain to establish distributed trust, enabling secure and verifiable information exchanges among multiple management domains. While this enhances trustworthiness, relying on individual verification rather than batch verification increases the computational burden on the TA, leading to scalability challenges.

Furthermore, Li et al. [31] developed a blockchain-assisted privacy-preserving authentication scheme designed for cross-domain electric vehicle charging. While it strengthens privacy protection, its adaptability to dynamic vehicular environments, where batch processing and communication efficiency are critical, remains limited. Gao et al. [32] proposed a blockchain-based privacy-aware cross-domain device authentication scheme for IoT, emphasizing privacy protection and decentralized trust. Although promising, its application in vehicular networks would require addressing the unique high-frequency and low-latency demands of such environments. These schemes highlight the potential of blockchain to address computational and communication overheads while ensuring robust security. However, challenges remain in optimizing communication efficiency and achieving scalable batch processing in dynamic vehicular scenarios. Additionally, the comparison with existing schemes is shown in

Table 1. Comparison of security properties among different schemes.

Scheme	[11]	[12]	[22]	[26]	[27]	Our Scheme
Integrity and Authenticity	✓	✓	✓	✓	✓	✓
Non-repudiation	✓	×	×	×	×	✓
Traceability	✓	✓	✓	✓	✓	✓
Replay Attacks	✓	✓	✓	✓	✓	✓
Collusion Attacks	×	×	×	×	×	✓

Note: ✓ and × denote support and nonsupport, respectively.

.

3. Preliminaries

In this section, we first introduce basic knowledge, system model, attack model of the proposed scheme, and then list the scheme symbol definition in the proposed scheme for ease of later illustration.

3.1. System Model

The system model of our proposed scheme is shown in Figure 1, which consists of four types of entities: TA, UAVs (drones), vehicles, and blockchain.

TA: TA serves as the core trusted entity of the system, primarily responsible for initialization and security management to ensure the legitimacy and safety of all participating entities. Specifically, during the system initialization phase, the TA generates secure parameters, including elliptic curve parameters, hash functions, and generators, for subsequent key and authentication operations. The TA assigns unique identities (IDs) and corresponding key pairs (public/private keys and shared keys) to vehicles and UAVs, securely storing this critical information in smart contracts on the blockchain for later verification. Moreover, the TA verifies the uniqueness of registered entities and provides a reliable foundation for distributed authentication processes throughout the system.

UAVs: UAVs act as regional assisting nodes, primarily responsible for edge computing and serving as intermediaries for cross-domain authentication. UAVs first generate and store secure credentials using Physical Unclonable Functions (PUFs) to ensure the security of their own identities. During operation, UAVs function as intermediate nodes in the distributed network, alleviating the load on the TA. In cross-domain communication, UAVs interact with the blockchain to verify the identity information of vehicles from external regions and assist in completing cross-regional authentication operations.

Vehicles: Vehicles register with the TA to obtain unique identity identifiers and key pairs, storing biometric information (e.g., fingerprints) in the On-Board Unit (OBU) to enhance local authentication security. During communication, vehicles generate encrypted messages using random numbers and key pairs to verify the identities of both parties and prevent man-in-the-middle attacks. In cross-domain authentication scenarios, vehicles collaborate with regional UAVs and blockchain-based smart contracts to complete identity verification and session key negotiation.

Blockchain: Blockchain uses smart contracts to store the registration information of vehicles and UAVs, including unique identity identifiers (IDs), public keys, and related pointers (ptr). This information, stored on the chain, is immutable and traceable, providing a foundation for subsequent identity verification.

3.2. Attack Model

We adopt the extended Canetti-Krawczyk model [33] as the attack model. The wireless communication channel between the TA, UAVs, and vehicles is considered public. Attackers can control message transmission on the wireless communication channel. For example, they can intercept messages on the channel, modify messages, or impersonate other vehicles to relay false messages. Additionally, attackers can launch session hijacking attacks to expose information about long-term session keys.

3.3. Scheme Symbol Definition

To aid in later discussions,

Table 2. Scheme symbol definition.

Symbols	Descriptions
P	Long-term secret value
p	Generators of G
$P_{pub}$	System public key
$V_i$	The i-th vehicle
$D_j$	The j-th UAV
$I{D}_i$	Identity information of vehicle
$I{D}_j$	Identity information of UAV
$s{k}_i$	Private key of vehicle
$p{k}_i$	Private key and public key of vehicle
$s{k}_j$	Private key of UAV
$p{k}_j$	Private key and public key of UAV
$T_i$	Timestamp
$E\left(\right)$	Symmetric encryption
$D\left(\right)$	Symmetric decryption
$H\left(\right)$	Hash function
⊕	Exclusive-OR operation

presents the scheme symbol definition in the scheme.

4. Proposed Scheme

This paper presents a secure framework for UAV-assisted vehicular networks. The framework emphasizes three key components: system initialization, entity registration, and cross-domain authentication, as illustrated in Figure 2.

In the system initialization phase, the TA establishes cryptographic parameters, including elliptic curve-based groups and hash functions, forming the foundation for secure interactions. During entity registration, vehicles and UAVs register securely with the TA. Vehicles are assigned unique identities and keys, stored on a blockchain-integrated smart contract, which avoids the single point of failure and high key management overhead associated with traditional approaches. UAVs utilize PUFs to enhance identity security. The cross-domain authentication process ensures secure communication between vehicles across domains. Vehicles exchange cryptographic proofs, verified by the receiving vehicle and a regional UAV using blockchain-stored data. This framework addresses the challenges of low latency, scalability, and security in vehicular networks, offering robust privacy protection and efficient cross-domain authentication for UAV-assisted systems.

4.1. System Initialization

• The TA selects a secure parameter k for the generation of prime numbers q and p.
• The parameters $Z_p^{*}$ and E represent the multiplicative group and the elliptic curve, respectively, while G denotes the additive cyclic group.
• P serves as a generator of the group G.
• The TA randomly chooses $s\in Z_p^{*}$ as the system’s main secret key and calculates the system public key $P_{pub}=s·P$.
• The TA selects one secure one-way hash function $H:{\{0,1\}}^{*}\times G\to Z_p^{*}$. The system’s public parameters are then made public and are defined as $pp=\{E,Z_p^{*},G,F_q,p,q,P_{pub},$$P,H\}$.

4.2. Entity Registration

In our scheme, there are two kinds of entities that need to register to TA through a secure channel, including UAVs and vehicles. This kind of registration is prerequisite to the subsequent authentication.

(a) Vehicle Registration

• Vehicle users provide their identity ${ID}_i$ to the TA.
• The TA receives the vehicle’s real identity ${ID}_i$ and checks if the identity is unique. If it is not unique, the TA requires the vehicle to choose a new real identity ${ID}_i$. If it is unique, the TA proceeds as follows:
  • Compute the private key $s{k}_i=H(s\Vert I{D}_i)$.
  • Compute the public key $p{k}_i=s{k}_i·P$.
  • Compute $A_i=s{k}_i=H(s\Vert I{D}_i)$ as the shared secret key between the TA and the vehicle.
• The ${ID}_i$ is securely stored on the smart contract via a secure channel. After storing ${ID}_i$, the parameter $ptr$ is broadcasted to the TA, where $ptr$ serves as the pointer for the TA to check the index of ${ID}_i$ in the smart contract.
• The pointer $ptr$ and the public key $p{k}_i$ are sent to the blockchain.
• The vehicle inputs the real identity ${ID}_i$ and the biometric information $bi{o}_i$ into the On-Board Unit (OBU). The OBU then performs the following calculations:
  • $(a_i,b_i)=\mathrm{Gen}\left(bi{o}_i\right)$.
  • $B_i=A_i\oplus H(a_i\Vert I{D}_i)$.
• The OBU stores $C_i=H(I{D}_i\Vert a_i)$ in its memory and replaces $A_i$ with $B_i$.

(b) UAV (Drone) Registration

• The TA selects $I{D}_j$ as the unique identifier for the drone. The drone’s private key is computed as $s{k}_j=H(s\Vert I{D}_j)$. The public key $p{k}_j$ is then calculated as $p{k}_j=s{k}_j·P$ and stored in the smart contract.
• The drone selects a challenge value $c_j$ and computes $r_j=\mathrm{PUF}\left(c_j\right)$, where PUF represents a Physical Unclonable Function. The response $R_j$ is calculated as $R_j=r_j\oplus s{k}_j$. The drone stores the tuple $\{I{D}_j,c_j,R_j\}$.

4.3. Cross-Domain Authentication and Key Agreement

Vehicle $V_i^a$ in region A wants to access vehicle $V_j^b$ in region B, sending its identity $I{D}_i^a$ and public key $p{k}_i^a$ to the blockchain. The following is a detailed explanation of cross-domain authentication, which is shown in Figure 3.

• Vehicle $V_i^a$ initiates authentication request to $V_i^b$: The OBU of $V_i^a$ generates a random number $m_1$ and a timestamp $T_1$, computes $Q_1=m_1·G$, $M_1=H(I{D}_i^a\Vert p{k}_i^a\Vert Q_1\Vert T_1)$, and $M_2=s{k}_i^a·M_1+Q_1$. The OBU sends message $M{S}_1=\{I{D}_i^a,p{k}_i^a,Q_1,M_1,M_2,T_1\}$ to vehicle $V_i^b$.
• $V_i^b$ verifies identity: Upon receiving $M{S}_1$, the OBU of $V_i^b$ checks the timestamp’s validity. If $|T_1^{*}-T_1|>\Delta T$, the session terminates. Otherwise, it verifies $M_2·P\stackrel{?}{=}p{k}_i^a·M_1+Q_1$. If the verification succeeds, the OBU of $V_i^b$ sends a query request to the drone $D_j^b$.
• $D_j^b$ queries Blockchain: Upon receiving the query request, $D_j^b$ computes $pt{r}^{\prime }=M_2\oplus H(s{k}_i^b·M_1)$ and checks if $pt{r}^{\prime }$ is on the blockchain. If not, the session terminates. Otherwise, the drone $D_j^b$ uses $pt{r}^{\prime }$ to query and retrieve vehicle $V_i^a$’s information $(I{D}_i^a,p{k}_i^a)$ from the smart contract. It generates a timestamp $T_2$ and computes $M_3=E_{p{k}_i^b}(I{D}_i^a\Vert p{k}_i^a)$. The message $M{S}_2=\{I{D}_j^b,p{k}_j^b,Q_1,M_1,M_3,T_1,T_2\}$ is sent to vehicle $V_i^b$.
• Generates session key $S{K}_i^b$: Upon receiving $M{S}_2$, the OBU of $V_i^b$ checks the timestamp’s validity. If $|T_2^{*}-T_2|>\Delta T$, the session terminates. Otherwise, it computes $M_4=D_{s{k}_i^b}\left(E_{p{k}_i^b}(I{D}_i^a\Vert p{k}_i^a)\right)$ and verifies $M_1^{\prime }\stackrel{?}{=}H(I{D}_i^a\Vert p{k}_i^a\Vert Q_1\Vert T_1)$. If incorrect, the session terminates. Otherwise, it selects a random number $m_2$ and a timestamp $T_3$, computes $Q_2=m_2·G$, and the session key $S{K}_i^b=H(I{D}_i^a\Vert m_2·Q_1)$. The message $M{S}_3=\{Q_2,M_4,S{K}_i^b,T_3\}$ is sent to vehicle $V_i^a$.
• Confirms session key $S{K}_i^a$ and $S{K}_i^b$: Upon receiving $M{S}_3$, the OBU of $V_i^a$ checks the timestamp’s validity. If $|T_3^{*}-T_3|>\Delta T$, the session terminates. Otherwise, it computes $M_4^{\prime }\stackrel{?}{=}H(I{D}_i^a\Vert p{k}_i^a)$. If incorrect, the session terminates. Otherwise, it calculates the session key $S{K}_i^a=H(I{D}_i^a\Vert m_1·Q_2)$ and verifies if $S{K}_i^a\stackrel{?}{=}S{K}_i^b$. If correct, vehicles $V_i^a$ and $V_i^b$ successfully negotiate session keys $S{K}_i^a$ and $S{K}_i^b$, and the authentication is complete.

Figure 3. Cross-domain authentication and key agreement.

Figure 3. Cross-domain authentication and key agreement.

5. Security Proof and Analysis

In this section, we describe the detailed theoretical analysis for the security proof and security analysis in our scheme, respectively.

5.1. Security Proof

To demonstrate the security of our proposed scheme, we perform a formal analysis under the Real-Or-Random (ROR) model [34]. This proof confirms the semantic security of the session key and resilience against common attacks, such as eavesdropping, replay attacks, and corruption queries.

The protocol involves three main participants: vehicle, drone, and TA. Each participant can run multiple instances, denoted as ${\kappa }^{t_i}$, where $t_i$ refers to the i-th instance. For example, ${\kappa }_V^{t_1}$, ${\kappa }_D^{t_2}$, and ${\kappa }_{TA}^{t_3}$ represent the $t_1$-th, $t_2$-th, and $t_3$-th instances of the vehicle, drone, and TA, respectively.

We define several types of queries available to the adversary $\mathcal{A}$ in the ROR model to simulate various attack scenarios:

• $Execute({\kappa }_V^{t_1},{\kappa }_D^{t_2},{\kappa }_{TA}^{t_3})$: Simulates passive eavesdropping by allowing $\mathcal{A}$ to intercept all messages exchanged between participants.
• $Corrupt\left({\kappa }_V^{t_1}\right)$: Models the compromise of sensitive data stored on the vehicle, allowing $\mathcal{A}$ to access internal parameters such as private keys.
• $Send({\kappa }^t,m)$: Simulates active attacks, such as replay or man-in-the-middle attacks, by letting $\mathcal{A}$ send a message m to a participant instance ${\kappa }^t$ and receive its response.
• $Reveal\left({\kappa }^t\right)$: Grants $\mathcal{A}$ access to the session key established by the instance ${\kappa }^t$.
• $Test\left({\kappa }^t\right)$: Evaluates the semantic security of the session key. If a session key is established and is fresh, $\mathcal{A}$ receives either the real session key or a random string, determined by a randomly chosen bit $e\in \{0,1\}$. The adversary wins if it guesses e correctly with a probability exceeding $0.5$.

Theorem 1.

Let $\mathcal{A}$ be a probabilistic polynomial-time adversary attempting to compromise the semantic security of the session key in the proposed protocol κ. The advantage of $\mathcal{A}$ in winning the game is bounded by the following:

$${\mathsf{Adv}}_{\mathcal{A}}\left(\kappa \right)\le {\displaystyle \frac{q_H^2+2q_s}{\left|\mathit{Hash}\right|}},$$

(1)

where $q_H$ and $q_s$ denote the number of hash and send queries, respectively, and $\left|\mathit{Hash}\right|$ represents the range space of the hash function.

Proof. 

We define a sequence of four games $G_i(i=0,1,2,3)$ and analyze the adversary’s success probability in each game:

• Game $G_0$ (Real Protocol Execution): This represents the real protocol under attack. The adversary $\mathcal{A}$ guesses the random bit e. By definition of semantic security,

  $${\mathsf{Adv}}_{\mathcal{A}}\left(\kappa \right)=|2Pr\left[\mathcal{A}\mathrm{wins}{G}_0\right]-1|.$$

  (2)
• Game $G_1$ (Eavesdropping Query): In this game, $\mathcal{A}$ can issue $Execute$ queries to observe all transmitted messages. However, parameters like $s{k}_i$, $s{k}_j$, and session keys are computed using secure cryptographic operations (e.g., elliptic curve operations and hash functions). Without knowledge of the private keys, $\mathcal{A}$ cannot derive the session key. Thus,

  $${\mathsf{Adv}}_{\mathcal{A}}\left(G_1\right)={\mathsf{Adv}}_{\mathcal{A}}\left(G_0\right).$$

  (3)
• Game $G_2$ (Hash Query Collision): $\mathcal{A}$ attempts to distinguish between the session key and a random value by querying the hash function. A successful attack requires finding a collision in the hash function, which occurs with probability proportional to ${\displaystyle \frac{q_H^2}{\left|\mathrm{Hash}\right|}}$. Therefore,

  $$|{\mathsf{Adv}}_{\mathcal{A}}\left(G_2\right)-{\mathsf{Adv}}_{\mathcal{A}}\left(G_1\right)|\le {\displaystyle \frac{q_H^2}{2\left|\mathrm{Hash}\right|}}.$$

  (4)
• Game $G_3$ (Corruption and Replay): In this game, $\mathcal{A}$ can use $Send$ and $Corrupt$ queries to manipulate messages or access stored data. However, the session keys depend on the private keys and unique parameters (e.g., timestamps, random numbers) that are infeasible to guess within polynomial time. Thus,

  $$|{\mathsf{Adv}}_{\mathcal{A}}\left(G_3\right)-{\mathsf{Adv}}_{\mathcal{A}}\left(G_2\right)|\le {\displaystyle \frac{q_s}{\left|\mathrm{Hash}\right|}}.$$

  (5)

By combining the above equations, the overall advantage of $\mathcal{A}$ is

$${\mathsf{Adv}}_{\mathcal{A}}\left(\kappa \right)\le {\displaystyle \frac{q_H^2}{\left|\mathrm{Hash}\right|}}+{\displaystyle \frac{2q_s}{\left|\mathrm{Hash}\right|}}={\displaystyle \frac{q_H^2+2q_s}{\left|\mathrm{Hash}\right|}}.$$

(6)

Thus, the proposed protocol ensures the session key’s security within the ROR model. □

5.2. Security Analysis

Security features are crucial for evaluating the performance and reliability of the proposed cross-domain authentication and key agreement scheme. In this section, we analyze the security properties of the proposed scheme based on its design. The results demonstrate that the scheme provides robust security while addressing the limitations of existing approaches.

• Privacy Protection: The proposed scheme ensures the privacy of vehicle and drone identity information. During the entity registration phase, the real identity $I{D}_i$ of vehicles and $I{D}_j$ of drones is transformed into pseudonyms or processed values using secure hash functions, such as $AI{D}_i=H(I{D}_i\Vert a_i)$ and $R_j=r_j\oplus s{k}_j$. Since the hash functions are one-way and computationally secure, attackers cannot derive real identities from the pseudonyms, even if they gain access to intermediate data on the blockchain. This guarantees privacy protection throughout the system.
• Integrity and Authenticity: Message integrity and authenticity are ensured using cryptographic mechanisms. During cross-domain authentication, vehicles compute message signatures (e.g., $M_2=s{k}_i^a·M_1+Q_1$) and verify them through elliptic curve cryptography (ECC). The inability to derive the private key $s{k}_i^a$ from the public key $p{k}_i^a$ ensures that adversaries cannot forge valid signatures or tamper with messages. For instance, verifying $M_2·P\stackrel{?}{=}p{k}_i^a·M_1+Q_1$ guarantees the integrity and authenticity of the transmitted data.
• Non-repudiation: Non-repudiation is achieved through the use of vehicle-specific cryptographic keys. When a vehicle $V_i^a$ transmits its message $M{S}_1$, the corresponding signature $M_2$ is uniquely tied to its private key $s{k}_i^a$. The verification process ensures that only the legitimate vehicle could have generated the signature. Furthermore, the TA can use stored information (e.g., $ptr$ and $AI{D}_i$) to trace the actual identity $I{D}_i$ of the vehicle, ensuring accountability for all transmitted data.
• Traceability: The TA securely tracks the real identity of vehicles and drones by maintaining a mapping between pseudonyms and real identities. For example, $AI{D}_i=H(I{D}_i\Vert a_i)$ is derived using a secret parameter known only to the TA, ensuring that no unauthorized entity can reverse-engineer the mapping. This enables the TA to trace malicious or misbehaving entities while preserving privacy for legitimate users.
• Resistance to Replay Attacks: The scheme employs timestamps (e.g., $T_1$, $T_2$, $T_3$) to prevent replay attacks. Each timestamp is checked for validity before proceeding with the protocol. If a received timestamp deviates from the current time by more than the allowed threshold $\Delta T$, the session is terminated. This ensures that old or intercepted messages cannot be reused by adversaries.
• Resistance to Collusion Attacks: The use of unique session keys and pseudonyms for each entity prevents collusion attacks. Revoked vehicles or drones cannot participate in the system due to the removal of their corresponding identifiers (e.g., $ptr$) from the blockchain. Additionally, the shared secrets (e.g., $A_i=s{k}_i=H(s\Vert I{D}_i)$) remain inaccessible to colluding entities, further enhancing system resilience.

5.3. Formal Verification Using ProVerif

ProVerif is a simulation tool used to verify the confidentiality and authentication properties of application protocols. Based on process algebra and symbolic model checking, ProVerif automates the analysis and verification of security properties in protocols. To verify whether the proposed protocol meets the appropriate security properties, we selected the latest version 2.05 of ProVerif to validate the security of the proposed scheme. From Figure 4, it can be seen that the session key is secure and attackers cannot obtain vehicle identities, authentication keys.

6. Performance Evaluation

In this section, we describe the experimental environment of the proposed scheme, present the model results, and compare and analyze the performance of the proposed solution with the current state-of-the-art schemes.

6.1. Computation Overhead

To simulate real-world environments, computation overhead in our proposed scheme is often measured by the execution time of basic operations. Our experimental environment is based on a 13th Gen Intel(R) Core(TM) i7-13700H @ 2.40 GHz processor, 16.0 GB DDR4 memory, running on a 64-bit Windows 11 operating system. We use PyTorch 1.8.1, Python 3.7, and MATLAB R2023a for the experimental simulations. The experiments simulated 1000 vehicles and 10 UAVs, with each vehicle initiating 10 authentication requests. We utilize the renowned JPBC cryptographic library to test the basic operations of cryptography. The symbols and execution times for each operation are summarized in

Table 3. Running time of cryptographic operation.

Notation	Description	Time (ms)
$T_{bp}$	Time cost of a bilinear pairing operation	11.751 ms
$T_{bpa}$	Time cost of a bilinear group exponential operation	0.298 ms
$T_{sm}$	Time cost of an elliptic curve multiplication operation	1.592 ms
$T_{pa}$	Time cost of an elliptic curve point addition operation	0.011 ms
$T_h$	Time cost of a hash function operation	0.002 ms
$T_{dec}$	Time cost of a decryption algorithm	0.029 ms
$T_{enc}$	Time cost of an encryption algorithm	6.041 ms
$T_{re}$	Time cost of an exponentiation based on RSA accumulator	18.3512 ms
$T_{mp}$	Scalar multiplication based on bilinear pairing	5.1330 ms
$T_e$	Time cost of a module exponential operation	0.048 ms
$T_m$	Time cost of a module multiplication operation	0.0016 ms
$T_{\oplus }$	Time cost of an XOR operation	0.0005 ms

, with the time unit in milliseconds (ms).

In our proposed scheme, we have conducted a detailed calculation of the computational overhead for vehicles, drones, and the TA to ensure optimization of efficiency and performance. The computational overhead for vehicles during the registration process is $T_{sm}+T_m+2T_h+T_{\oplus }$. During the cross-domain authentication and key negotiation process, the computational overhead for vehicles is $T_{sm}+T_e+T_h$. The computational overhead for drones during the registration process is $T_{sm}+T_h+T_{\oplus }$. The computational overhead for TA during the system initialization and registration process are $T_{sm}+T_e+T_h$ and $T_{sm}+T_h$. During the cross-domain authentication and key negotiation process, the computational overhead for TA is $T_{dec}+T_{enc}+T_{pa}+3T_h$. Since our proposed scheme used only basic XOR and hash operation during authentication and key negotiation, it minimizes computation overhead, ensuring a lightweight and efficient authentication process. In Jiang et al.’s scheme [14], vehicles face an overhead of $2T_{bp}+7T_{mp}$, RSU encounter $2T_{bp}+7T_{mp}$, and the TA has an overhead of $T_{mp}+6T_h$. This is due to the use of bilinear pairing operations resulting in significantly higher total computation cost of $4T_{bp}+15T_{mp}+6T_h$.

In Zhong et al.’s scheme [12], vehicles face an overhead of $8T_{sm}+2T_{pa}$, RSU encounter $3T_{re}+2T_{sm}+2T_{pa}$, and the TA has an overhead of $5T_{bpa}+3T_{mp}+9T_h$.

Table 4. Communication overhead.

Scheme	Vehicles	RSU/MEC/UAV	TA
Zhong [12]	$8T_{sm}+2T_{pa}$	$3T_{re}+2T_{sm}+2T_{pa}$	$5T_{bpa}+3T_{mp}+9T_h$
Jiang [14]	$2T_{bp}+7T_{mp}$	$2T_{bp}+7T_{mp}$	$T_{mp}+6T_h$
Our	$T_m+2T_{sm}+3T_h$+ $T_{\oplus }+T_e$	$T_{sm}+T_{\oplus }+T_h$	$2T_{sm}+T_e+T_{dec}$+ $T_{enc}+T_{pa}+5T_h$

shows a comparison of our proposed scheme’s computation overhead with Jiang’s scheme [14] and Zhong’s scheme [12]. The comparison of computation overhead for different entities between our proposed scheme and other schemes is demonstrated in Figure 5. After a comparative analysis of the computation overheads of different schemes, our scheme exhibits significant advantages in terms of computation efficiency on vehicles, TA, and RSU/MEC/Drone. Specifically, vehicles bear significantly lower computational costs in our scheme, much lower than the schemes of Jiang [14] and Zhong [12]. Similarly, the computational overhead of our scheme on TAs also exhibits high efficiency, which is slightly higher than that of the Jiang [14] scheme but significantly lower than that of the Zhong [12] scheme. In terms of RSU/MEC/Drone, our scheme also achieves the lowest computational overhead, significantly better than the other two schemes. Taken together, our scheme achieves an overall reduction in computational overhead on all three entities through well-designed computational task allocation.

6.2. Communication Overhead

When evaluating the communication overhead of the proposed scheme compared to other schemes, the cryptographic parameters are selected based on the security and computational efficiency of vehicular networks. To ensure fairness and consistency in comparison, we make the following assumptions. The size of the elements on the elliptic curve and the bilinear group is 128 bytes (IEEE 1609.2 and PBC compliant), the size of the elements on the multiplicative group and hash function output is 20 bytes (SHA-1/SHA-256), and the size of the timestamp is 4 bytes, ensuring robustness against replay attacks. In our proposed scheme, TA receives the vehicle’s registration request: $M{S}_{reg\_vehicle}=\{I{D}_i,bi{o}_i\}$, assuming $bi{o}_i$ is hashed to 20 bytes, the total size is $4+20=24$ bytes. Vehicle $v_i^a$ sends a cross-domain communication request to vehicle $v_i^b$: $M{S}_1=\{I{D}_i^a,p{k}_i^a,Q_1,M_1,M_2,T_1\}$, where $p{k}_i^a$ and $Q_1$ are 128 bytes each, and $M_1$ and $M_2$ are 20 bytes each, resulting in a total size of $4+128+128+20+20+4=304$ bytes. Vehicle $v_i^b$ sends a query request to drone $D_j^b$: $M{S}_2=\{I{D}_j^b,p{k}_j^b,Q_1,M_1,M_3,T_1,T_2\}$, where $p{k}_j^b$ and $Q_1$ are 128 bytes each, and $M_1$ and $M_3$ are 20 bytes each, resulting in a total size of $4+128+128+20+20+4+4=$ 308 bytes. Drone $D_j^b$ sends a response to vehicle $v_i^b$: $M{S}_3=\{Q_2,M_4,S{K}_i^b,T_3\}$, where $Q_2$ is 128 bytes, $M_4$ is 20 bytes, and $S{K}_i^b$ is 64 bytes, resulting in a total size of $128+20+64+4=$ 216 bytes. Vehicle $v_i^b$ sends a session key to vehicle $v_i^a$: $M{S}_4=\left\{S{K}_i^a\right\}$, with $S{K}_i^a$ being 64 bytes, resulting in a total size of 64 bytes. The comparison of communication overhead between our proposed scheme and other similar schemes is shown in Figure 6. The comparison in

Table 5. Communication overhead.

Schemes	Number of Messages	Messages Transmission Among Various Entities	Size (Bytes)
Zhong [12]	4	$TA\stackrel{136}{\to }MEC\stackrel{144}{\to }{V}_i\stackrel{668}{\to }MEC\stackrel{264}{\to }{V}_i$	1212
Jiang [14]	3	$TA\stackrel{516}{\to }RSU\stackrel{664}{\to }{V}_i\stackrel{664}{\to }RSU$	1844
Our	5	$TA\stackrel{24}{\to }{V}_i^a\stackrel{304}{\to }{V}_i^b\stackrel{308}{\to }{D}_j^b\stackrel{216}{\to }{V}_i^b\stackrel{64}{\to }{V}_i^a$	916

indicates that our proposed scheme has lower communication overhead compared to the scheme in Jiang’s scheme [14] and Zhong’s scheme [12]. Our scheme demonstrates significant advantages in terms of communication overhead among vehicles, TA, and total entities.

6.3. Consensus Times

The comparison of consensus time distributions among our proposed PBFT scheme and other schemes (PoW and PoS) in scenarios with 100, 500, and 1000 vehicles are shown in Figure 7. As the vehicle density increases, the consensus time of our scheme remains consistently low (approximately 113.24 ms for 100 vehicles, 110.13 ms for 500 vehicles, and 110.43 ms for 1000 vehicles), while Zhong’s scheme [12] was around 377.09 ms for 1000 vehicles, and Jiang’s scheme [14] was around 205.18 ms in the consensus time. This demonstrates the significant advantage of our scheme in high-density, low-latency scenarios, effectively meeting the real-time communication demands of large-scale vehicular networks. Furthermore, the consensus time distribution of our scheme is more concentrated with smaller fluctuations, further highlighting its stability and reliability. Through comparative experimental data, our proposed scheme outperforms existing solutions in terms of communication efficiency, latency, and scalability, providing an efficient and secure solution for cross-domain authentication in UAV-assisted vehicular networks.

7. Conclusions

In this work, the proposed UAV-assisted vehicular network architecture offers a novel and efficient solution to cross-domain authentication by utilizing UAVs as trusted intermediaries. This approach effectively reduces authentication delays and enhances communication efficiency, making it highly suitable for high-density, low-latency environments. Through comprehensive security proofs, including ProVerif verification, and detailed theoretical analyses, the scheme has been demonstrated to meet the security requirements of vehicular networks and withstand a wide range of potential attacks. Performance evaluations further indicate that the proposed solution significantly reduces both communication and computation overheads, achieving at least a 20% reduction compared to existing authentication schemes. Additionally, the average consensus time for the proposed scheme is at least 40% lower than existing schemes. This work provides a promising direction for future research and development in vehicular networks, particularly in integrating UAV technology to enhance security, privacy, and overall system performance in dynamic, cross-domain scenarios. In the future, we will focus on achieving efficient privacy protection and identity management in more complex multi-domain environments. Additionally, integrating 5G and IoT technologies to further improve the communication efficiency and security of UAV-assisted vehicular networks will be a critical area of exploration.