Cross-Platform UAV Swarm Key Management in Denied Environments

Featured Application

The proposed key management scheme provides a solution to the communication security problems of UAV swarms in denied environments, which achieves secure establishment and update of keys of UAV swarms in denied environments.

Abstract

As resources provided by single unmanned aerial vehicles (UAVs) are limited, we propose a cross-platform UAV swarm key management scheme for task scenarios in denied environments. In denied environments where the communication link is open and the UAV nodes may go invalid, secure communication is often at stake. To solve this problem, we propose a key management scheme which, based on the Chinese remainder theorem (CRT) and the Hash function, constructs a swarm key by combining the local key and the session key to reduce the overhead of individual UAV nodes in the swarm. Meanwhile, the swarm head node constructs broadcast messages according to the key update needs, which reduces the overhead of the member nodes, improves the efficiency of key updating, and fulfills the key establishment and updating of the UAV swarm. Experiments show that our proposed scheme has forward and backward security and can defend against collusion attacks and replay attacks; our method was compared with other methods on the MIRACL cryptographic library in Visual Studio 2019, and it was found that our method has a lower computing and communication overhead, provides a solution to cross-platform key management of UAV swarms in denied environments, and ensures safe communication of UAVs in the swarm.

1. Introduction

With advances in defense systems, unmanned aerial vehicles (UAVs) performing tasks under intensive firepower and strong electromagnetic interference have become a hot research topic. However, singular platforms and UAV nodes, because of limited computing and load capacity, are subject to influences from distance, landform, and the environment when performing tasks, and hence suffer low efficiency and cannot fulfill long-distance remote tasks [1]. In December 2020, DARPA released the test results of its dynamic adaptive network in the Air Force Research Laboratory, and in the test, the uninterrupted connection of datalinks like LNK16, Tactical Targeting Networking Technology (TTNT), Common Data Link (CDL), and Wi-Fi networks was achieved in the simulated competing environment [2]. In 2020, France tested the collaborations between five Rafale aircrafts, one airborne early-warning aircraft, and a UAV; in January 2021, France developed the “Mosquito” UAV, which is scheduled to fly in late 2023, for combat in collaboration with the manned “loyal wingman” crafts [3]. In real-world scenarios, there is a trend towards clustering, automation, and intelligence of UAVs in performing tasks [4]; through ad-hoc networks, UAVs collaborate intelligently in complex environments to complete assigned tasks, which effectively extends the task scenarios and the efficiency of UAVs.

In denied environments, there are two types of communication links for UAV swarms: control links and data links [5], both of which rely on wireless communication channels for message transmission. In addition, because of the limited resources of individual UAV nodes, the UAVs are delivered through the delivery platform to exchange information and regroup into a new task swarm according to the environment and task demand. However, the UAV swarm is susceptible to security threats and attacks [6,7] in the open, wireless, and denied environment in the sky. In particular, during cross-platform regrouping and variations in the network topology, the attackers can easily launch attacks by intercepting, tampering with or forging data. Therefore, it is crucial to encrypt the communication links of UAVs to ensure security and confidentiality of data transmission when the UAV swarm is performing tasks in a denied environment [8]. Therefore, here we propose a cross-platform key management scheme for a UAV swarm in denied environments, with a vision to achieve secure and efficient management of UAV keys in the denied environment and improve the efficiency of the UAV swarm in fulfilling tasks.

2. Preliminaries and Definitions

2.1. Preliminaries

This section introduces two notions that will be used in our scheme: the Chinese remainder theorem (CRT) and the Hash function [9]:

2.1.1. Hash Function

The Hash function [10] is a popular encryption algorithm widely used in security applications and network protocols like message authentication, digital signature, password protection, intrusion detection, virus detection, and construction of pseudorandom functions. The security requirements of the Hash function h(·) are as follows:

• Unidirectionality (preimage resistance): $\forall x\Rightarrow y=h\left(x\right)$, and $y,h^{-1}\left(y\right)\nRightarrow x$ is given.
• Weak collision resistance (second preimage resistance): for $\forall x$, it is computationally impossible to find $y\ne x$ with $h\left(x\right)=h\left(y\right)$.
• Strong collision resistance (collision resistance): it is computationally impossible to find some pair (x, y) such that H(x) = H(y).

2.1.2. Chinese Remainder Theorem (CRT)

The Chinese remainder theorem (CRT) is a crucial theorem in the number theory, which performs recovery and construction through congruences, described as follows: let $\left(m_1,m_2,\cdots ,m_n\right)\in Z_M$ such that $gcd\left(m_i,m_j\right)=1$, and for any tuple $n$ $x\leftrightarrow \left(a_1,a_2,\cdots ,a_n\right)$, where $x\in Z_M, a_i\in Z_{m_i}$, construct a system of congruences $x\equiv a_i\hspace{0.33em}\left(mod\hspace{0.33em}{m}_i\right)\left(1\le i\le n\right)$; let $M={\displaystyle \prod _{i=1}^n{m}_i},M_i=M/m_i,c_i=M_i\cdot \left(M_i^{-1}\hspace{0.33em}mod\hspace{0.33em}{m}_i\right)$, such that $x$ has a unique solution, i.e., $x\equiv {\displaystyle \sum _{i=1}^n{a}_i{c}_i}\hspace{0.33em}\left(mod\hspace{0.33em}M\right)$.

2.2. Definitions

For the sake of clear description and interpretation, the symbols used in the paper are defined, as shown in

Table 1. Definitions of symbols used in this study.

Parameter	Meaning
$KM{C}_j$	Key management center of the $j$-th delivery platform $\left(1\le j\le m\right)$
$K_0$	Global key
$K_G$	$\left\{KM{C}_1,KM{C}_2,\cdots KM{C}_m\right\}$/ the set of the delivery platforms (KMCs)
$P_m$	$\left\{I{D}_1,I{D}_2,\dots I{D}_m\right\}$/the set of identity labels of delivery platforms
$C_k$	$\left\{s_{k1}, s_{k2}, s_{k3}\cdots s_{km}\right\}$/the set of private keys of delivery platforms
$s_{kj}$	Private key of the $j$-th delivery platform $\left(1\le j\le m\right)$
$UA{V}_{j_i}$	The UAV $i$ launched from the $j$-th delivery platform $\left(1\le i\le n\right)$
$UA{V}_{-}I{D}_{j_i}$	The identity label of UAV $i$ launched from the $j$-th platform
$UA{V}_{-}S{K}_{j_i}$	Private key of UAV node $i$ launched from the $j$-th platform
$p_i$	Private key parameter of $UA{V}_{j_i}$
$G_m{}_{-}key$	Group key of UAV nodes launched from the $j$-th platform
$G_{m^{\prime }}{}_{-}key$	The intra-group session key of the $m^{\prime }$ group after regrouping/$\left(m^{\prime }\in Z^{\divideontimes }\right)$
$m^{\prime }$	The $m^{\prime }$ group after regrouping
$t$	The $t$-th stage of the task
$U_t$	The set of UAVs at the $t$-th stage of the task $\left(1\le t\le n\right)$
$M_t$	Broadcast message of the $t$-th stage of the task
$I_t$	Identity verification factor at the $t$-th stage of the task
$seed$	Private key update seed
$S_{UA{V}_{-}I{D}_{j_i}},S_{ID}$	Preset parameter validation factor
${\alpha }_t^1,{\beta }_t^2,$	Key creation factor
$B$	$\left\{{\displaystyle \sum _{j_i}^{}{b}_{j_i}}\right\}$ prime number set
$h\left(\cdot \right)$	Hash function

.

2.3. Division of Task Stages

The denied environment is characterized by long-distance combat, fierce confrontation in the electromagnetic and physical fields, and high risks to manned equipment, making it impossible for most UAVs to fulfill tasks. According to DARPA’s Collaborative Operations in Denied Environment (CODE) program [11], the UAV swarm’s task execution in a denied environment is divided into three stages: the transport and delivery stage, the UAV arrival and regrouping stage, and the collaboration stage. Stage 1 starts as the delivery platform departs from the base and ends as the platform arrives at the safe region and finishes the delivery of the UAV; Stage 2 starts as the new UAV swarm is constructed and ends as the UAV arrives at the target region; Stage 3 starts as the UAV arrives at the target region and ends as the UAV completes the automatic collaboration tasks, as shown in Figure 1.

In denied environments, the UAV swarms often face both geographic and physical denial. The major denial conditions and denial intensity in different stages of a task (as shown in Figure 1) are analyzed, and the specifics are shown in

Table 2. Denial intensity at different stages of a task.

	Denial Disturbances	Geographic Denial	Communication Denial	Weapon Denial
Task Stages
Stage 1		+++		+
Stage 2		+	++	++
Stage 3			+++	+++

+ indicates weak denial, ++ indicates medium denial, and +++ indicates strong denial. Weak denial represents common denied environments, medium denial represents conventional antagonism, and strong denial represents strong antagonism in the electromagnetic and physical fields.

.

3. Cross-Platform Key Management of UAV Swarms in Denied Environments

3.1. Key Parameter Presetting in the Transport and Delivery Stage

The network model in this study consists of the transport and delivery platform and UAV nodes. The delivery platform can be a mother ship, a large-scale transport plane, or a land-based launcher truck with strong capacities for computing, communication, and storage, which presets the key parameters and initializes the system as a top-level key management center (KMC), as shown in Figure 2.

The UAV swarms are initialized before being launched to the sky. Suppose there are m delivery platforms engaged in a given task; the key management center of the j-th platform is $KM{C}_j\left(1\le j\le m\right)$, and the identification label of $KM{C}_j$ is $I{D}_j$. In the delivery stage, $KM{C}_j$ presets a private key $UA{V}_{-}S{K}_{j_i}$$\left(1\le i\le n\right)$ to the $n$ UAVs $UA{V}_{-}I{D}_{j_i}$ delivered from the same delivery platform. Security channels between platforms are created through shared keys before execution of a task; $KM{C}_1$ selects the node update key seed $seed$, the global key $K_0$, and the set of prime numbers $B$, which are transmitted to the delivery platform $KM{C}_j$ engaged in the task through the security channel, where $b_{j_i}\in B$, and for any $b_{j_i}, {b^{\prime }}_{j_i}$, $gcd\left(b_{j_i},{b^{\prime }}_{j_i}\right)=1$ is satisfied; then, the $KM{C}_j$ configures the key parameters for its UAV swarm. The specific step of the algorithm is as follows (Algorithm 1):

Algorithm 1 System Initialization

$1.\hspace{0.33em}Initialization:(m:number\hspace{0.33em}of\hspace{0.33em}delivery\hspace{0.33em}platforms,n:number\hspace{0.33em}of\hspace{0.33em}UAVs\hspace{0.33em}delivered\hspace{0.33em}from\hspace{0.33em}the\hspace{0.33em}j,t:Task\hspace{0.33em}stage)$ $2.\hspace{0.33em}Procedure\hspace{0.33em}preset\hspace{0.33em}key\hspace{0.33em}parameter$ $3.\hspace{0.33em}For\hspace{0.33em}\left(j=1;\hspace{0.33em}j<=m; j++\right)$ $4.\hspace{0.33em}\hspace{0.33em}\left\{\right.$ $5.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}KM{C}_1\hspace{0.33em}Generate:\left(seed, K_0, M\right)\to KM{C}_j$ $6.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}KM{C}_j\hspace{0.33em}compute:\hspace{0.33em}{S}_{ID}=h\left(I{D}_j\right)$ $7.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}For\hspace{0.33em}\left(i=1;\hspace{0.33em}i<=n; i++\right)$ $8.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\left\{\right.$ $9.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}KM{C}_j\hspace{0.33em}Generate: UA{V}_{-}S{K}_{j_i}//Generate\hspace{0.33em}private\hspace{0.33em}key\hspace{0.33em}for\hspace{0.33em}UAV\hspace{0.33em}node$ $10.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}KM{C}_j\hspace{0.33em}Generate:UA{V}_{-}I{D}_{j_i}=h\left(UA{V}_{-}I{D}_{j_i}\right)$ $11.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}KM{C}_j\hspace{0.33em}\to UA{V}_{j_i}:p_i=\left(K_0, seed, UA{V}_{-}S{K}_{j_i}, I{D}_j, S_{ID}, UA{V}_{-}I{D}_{j_i}, b_{j_i},P_m,M\right)$ $12.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}UA{V}_{j_i}\hspace{0.33em}compute:{S^{\prime }}_{ID}=h\left(I{D}_j\right),{S^{\prime }}_{UA{V}_{-}I{D}_{j_i}}^{}=h\left(UA{V}_{-}I{D}_{j_i}\right)$ $13.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}If\hspace{0.33em}Compare, \left(S_{ID}{}^{\prime },S_{ID}\right)\left({S^{\prime }}_{UA{V}_{-}I{D}_{j_i}}^{},S_{UA{V}_{-}I{D}_{j_i}}\right) Then\hspace{0.33em}$ $14.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}UA{V}_{j_i}\hspace{0.33em}compute: S_1^{NK}=h\left(seed\right)$ $15.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}Return “Presetcorrect,readyforlaunch”; //Presetting\hspace{0.33em}succeeded;ready\hspace{0.33em}to\hspace{0.33em}launch\hspace{0.33em}UAVs$ $16.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}Else\hspace{0.33em}If$ $17.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}“Presetfailed, Exit”. //Presetting\hspace{0.33em}failed;exit\hspace{0.33em}and\hspace{0.33em}requestre-presetting$ $18.\left.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\right\}$ $19.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}End//i$ $20.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\left.\right\}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}End//j$ $21.\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}End\hspace{0.33em}Procedure$

3.2. Private Key Establishment in the Regrouping and Arrival Stage

In the denied environment, UAVs transported by different platforms vary in their model and load module. Normally, heterogeneous UAVs are reorganized into a full-featured UAV swarm to fulfill specific tasks, as shown in Figure 3.

For the process of regrouping and private key establishment, this study puts forth a scheme in which the regrouped UAVs select a swarm head as per specific rules; and for the scenario of a cross-platform UAV swarm performing tasks in a denied environment, the improved LEACH algorithm is employed for the swarm head selection in this study. The new swarm selects the swarm head in the order of priority: the priority level of the UAV nodes from the same platform is determined by their ID, and a smaller ID indicates higher priority. Before the swarm head is identified, the UAV node sends its ID information $UA{V}_{-}I{D}_{j_i}$ to other nodes in the same swarm through the global key $K_0$; after receiving the ID information, other nodes compute to identify whether it is the node of the highest priority in the swarm according to the steps of swarm head selection. After that, the swarm head is identified to construct the private key establishment factor. The steps for swarm head selection are as follows:

Step 1: every UAV node in the swarm broadcasts their ID information $UA{V}_{-}I{D}_{j_i}$;

Step 2: each UAV node, after receiving the ID information of other nodes in the swarm, determines whether it is the minimal j ($j_{\min }$) in the swarm through comparison;

Step 3: find the minimal $i$ from the $j_{\min }$ in the swarm, which is denoted as $i_{\min }$.

Step 4: identify the UAV with the highest priority in the swarm according to the rules: $UA{V}_{-}I{D}_{j_{\min }{i}_{\min }}$.

Figure 4 visualizes the specific steps:

$UA{V}_{-}I{D}_{j_{\min }{i}_{\min }}$ is the highest-priority UAV node identified through the swarm head selection after UAV reorganization; the node $UA{V}_{j_{\min }{i}_{\min }}$ selects the key creation factor ${\gamma }_t$ and a random number ${\epsilon }_t$, formulates, and passes on the group key $K_0$ to other UAVs. Other UAV swarms follow the same steps in Figure 4 to identify the swarm head to broadcast messages. The algorithm is specified as follows, with the $m^{\prime }$ swarm as an example (Algorithm 2):

Algorithm 2 Key Distribution

$1. Initialization:\hspace{0.33em}\hspace{0.33em}$ $2. Procedure//Generate\hspace{0.33em}broadcast\hspace{0.33em}message$ $3. UA{V}_{-}I{D}_{j_{\min }{i}_{\min }}:Cenrand\hspace{0.33em}\left({\epsilon }_{m^{\prime }t}, {\gamma }_{m^{\prime }t}\right); //random\hspace{0.33em}generation$ $4. Compute\hspace{0.33em}{S}_{m^{\prime }t}^{MK}=h({\gamma }_{m^{\prime }t}^{},S_{m^{\prime }t}^{NK})$ $5. S_{m^{\prime }t}^{NK}=h^{t-1}\left(seed\right)//compute\hspace{0.33em}the\hspace{0.33em}local\hspace{0.33em}update\hspace{0.33em}key$ $6. Construct\hspace{0.33em}{G}_{m\prime t_{-}key}=(S_{m^{\prime }t}^{NK},S_{m\prime t}^{MK}); //Construct\hspace{0.33em}the\hspace{0.33em}private\hspace{0.33em}key\hspace{0.33em}for\hspace{0.33em}the\hspace{0.33em}m’swarm$ $7. Compute\hspace{0.33em}{I}_{m\prime t}\equiv [{\epsilon }_{{}_{m\prime t}}\oplus h\left(I{D}_j\right)]\left(mod\hspace{0.33em}{b}_{j_i}\right)//validation\hspace{0.33em}factor\hspace{0.33em}for\hspace{0.33em}the\hspace{0.33em}m’swarm$ $8. Compute\hspace{0.33em}{\alpha }_{m^{\prime }t}^1 \equiv {\gamma }_{m^{\prime }t}\oplus K_0 \mathrm{mod}\hspace{0.33em}{b}_{j_i}$ $9. {\beta }_{m^{\prime }t}^2 \equiv ⌊({\gamma }_{m^{\prime }t}\oplus K_0)/K_0⌋\mathrm{mod}\hspace{0.33em}{b}_{j_i}$ $10. Construct\hspace{0.33em}{M}_{m^{\prime }t}=\{{\alpha }_{m^{\prime }t}^1,{\beta }_{m^{\prime }t}^2,I_{m^{\prime }t},{\epsilon }_{m^{\prime }t},j_{\min }, b_{j_i}\}//broadcast\hspace{0.33em}message\hspace{0.33em}for\hspace{0.33em}key\hspace{0.33em}generation$ $11. UA{V}_{-}I{D}_{j_{\min }{i}_{\min }}\to UA{V}_{j_i}; //broadcast\hspace{0.33em}message\hspace{0.33em}for\hspace{0.33em}key\hspace{0.33em}generation\hspace{0.33em}parameters$ $12. End\hspace{0.33em}Procedure$

The legitimate UAV extracts ${\beta }_{m^{\prime }t}^2$, $I_{m^{\prime }t}$ and $b_{j_i}$ from the broadcast message M_t it receives at the task stage t, and then calculates $a=I_{m^{\prime }t} \mathrm{mod}\hspace{0.33em}{b}_{j_i}$ and $a^{\prime }={\epsilon }_{m^{\prime }t}\oplus h\left(I{D}_j\right)\mathrm{mod}\hspace{0.33em}{b}_{j_i}$ using $(I{D}_j,b_j)$. If $a=a^{\prime }$, the message is validated to be a legitimate message in the reorganized swarm, and the key $G_{m^{\prime }{t}_{-}key}$ is constructed for secure communication; if $a\ne a^{\prime }$, the message is not validated and will be discarded as an error message. Algorithm 3 shows the specific procedures for key establishment:

Algorithm 3 Key Establishment

$1. Initialization:$ $2. Procedure//\hspace{0.33em}key\hspace{0.33em}establishment$ $3. UA{V}_{j_{\min }{i}_{\min }}:Compute\hspace{0.33em}a=I_{m\prime t}\mathrm{mod}\hspace{0.33em}{b}_{j_i}$ $4. h^{\prime }=h\left(I{D}_j\right)$ $5. UA{V}_{j_{\min }{i}_{\min }}\stackrel{M_{m^{\prime }t}}{\to }UA{V}_{j_i}//UA{V}_{j_i}\hspace{0.33em}in\hspace{0.33em}the\hspace{0.33em}m’sswarm\hspace{0.33em}receives\hspace{0.33em}the\hspace{0.33em}message\hspace{0.33em}Mm\prime t$ $6. UA{V}_{j_i}:Compute\hspace{0.33em}{a}^{\prime }=[{\epsilon }_{m\prime t}\oplus h\left(I{D}_j\right)]\mathrm{mod}\hspace{0.33em}{b}_{j_i}$ $7. If\hspace{0.33em}Compare\left(a, a^{\prime }\right)\hspace{0.33em}\hspace{0.33em}Then\hspace{0.33em}//\hspace{0.33em}verify\hspace{0.33em}the\hspace{0.33em}legitmacy\hspace{0.33em}of\hspace{0.33em}the\hspace{0.33em}message$ $8. Compute\hspace{0.33em}{\gamma }_{m\prime t}=\left(\right({\alpha }_{{}_{m\prime t}}^1\mathrm{mod}{K}_0)+({\beta }_{{}_{m\prime t}}^2\mathrm{mod}{K}_0)*K_0)\oplus b_{j_i}$ $9. S_{m\prime t}^{MK}=h({\gamma }_{m\prime t}^{},S_t^{NK})$ $10. G_{m\prime t_{-}key}=(S_t^{NK},S_{m\prime t}^{MK})//establish\hspace{0.33em}the\hspace{0.33em}key\hspace{0.33em}for\hspace{0.33em}the\hspace{0.33em}reorganized\hspace{0.33em}swarm$ $11. ElseIf“Authenticationfailure.Discarded”;//verification\hspace{0.33em}failed,and\hspace{0.33em}discard\hspace{0.33em}the\hspace{0.33em}message$ $12. \hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\}$ $13. \hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}End$ $14. \hspace{0.33em}Procedure$

3.3. Key Update at Collaboration Stage

The cross-platform key management for UAV swarms in the denied environment consists of four stages: system initialization, key distribution, key establishment, and key update. The key parameter presetting, key distribution, and key establishment procedures have already been detailed in Section 3. When introduced to the denied environment with strong electromagnetic radiation and intense firepower, the UAVs are likely to suffer loss of communication signals and damages, resulting in changes in the topology of the UAV swarm network, as shown in Figure 5.

It is necessary to update the key for the UAV swarm to ensure secure communication between the member UAVs. Figure 6 displays the procedures for UAV swarm key update in the denied environment.

3.3.1. Broadcast Update

The original swarm head UAV identifies during patrolling changes in the number of UAVs in the swarm and broadcasts to generate a random number $({\epsilon }_{m^{\prime }\left(t+i\right)},{\gamma }_{m^{\prime }\left(t+i\right)})$. The legitimate UAV nodes extract $({\epsilon }_{m^{\prime }\left(t+i\right)},{\gamma }_{m^{\prime }\left(t+i\right)})$ from the broadcast message to construct a new swarm key. The procedures are shown in Algorithms 2 and 3.

3.3.2. Mutual-healing Update

If a UAV in the swarm fails to receive the broadcast message because of strong electromagnetic interferences in the denied environment at the t task stage, it can request a neighboring UAV (UAV-_Neighbor) to help recover the swarm key. This process is called mutual-healing, as shown in Figure 7. The algorithm process is shown in Algorithm 4. The $({\epsilon }_{m^{\prime }t},{\gamma }_{m^{\prime }t})$ randomly selected by the swarm head against forgery attacks is combined with the local hash chain and CRT to complete the mutual-healing update. Figure 7 shows the mutual-healing update process, with the m′ swarm as an example:

Algorithm 4 Key Mutual-Healing
1:	Initialization: (t: task stage)
2:	Procedure Key mutual-healing
3:	$UA{V}_{j_i}$ $\to$ $*.UA{V}_{-}{}_{Neighbor}$: $\mathrm{Re}quest:\hspace{0.33em}{M}_{m^{\prime }t}=\left\{{\alpha }_{m^{\prime }t}^1,{\beta }_{m^{\prime }t}^2,I_{m^{\prime }t},{\epsilon }_{m^{\prime }t},j_{\min },h\left(I{D}_{j_{\min }}\right),b_{j_i}\right\}$;//broadcast request to $UA{V}_{-}{}_{Neighbor}$
4:	$UA{V}_{-}{}_{Neighbor}$: Compute $h^{\prime }\left(I{D}_{j_{\min }}\right)$;
5:	If Compare $\left(h^{\prime }\left(I{D}_{j_{\min }}\right),h\left(I{D}_{j_{\min }}\right)\right)$ Then // identity authentication
6:	$UA{V}_{-}{}_{Neighbor}$ $\to$ $UA{V}_{j_i}$:$Response=\{UA{V}_{-}I{D}_{-Neighbor},M_{m^{\prime }t}\}$; // authenticated, unicast response to $UA{V}_{j_i}$
7:	Else If “Illegal message, delete”;// authentication failed, delete the illegitimate message
8:	$UA{V}_{j_i}$: Select $Response=\{UA{V}_{-}I{D}_{-Neighbor},M_{m^{\prime }t}\}$;// select response that arrives first
9:	Invoking Key Recovery; //call Algorithm 3
10:	$UA{V}_{j_i}$ $\to$ $*.UA{V}_{-}{}_{Neighbor}$: $Confirm=h\left(UA{V}_{-}I{D}_{Neighbor},G_{m^{\prime }}{}_{t_{-}key}\right)$;// send key confirmation message
11:	$UA{V}_{Neighbor}$: Compute $h^{\prime }\left(UA{V}_{-}I{D}_{Neighbor},G_{m^{\prime }}{}_{t_{-}key}\right)$;
12:	If Compare $h^{\prime }\left(UA{V}_{-}I{D}_{Neighbor},G_{m^{\prime }}{}_{t_{-}key}\right)=h\left(UA{V}_{-}I{D}_{Neighbor},G_{m^{\prime }}{}_{t_{-}key}\right)$ Then
13:	Return “mutual healing key succeeded.”; // confirm success in mutual healing
14:	Else If Return “mutual healing key failure.”; // return mutual-healing failure
15	End Procedure

4. Scheme Analysis

For the sake of convenient analysis and proof, the symbols for proving are defined, as shown in

Table 3. Definitions of symbols for proof.

Symbol	Meaning
A,B	Communication user node
X,Y	Symbol or expression
$A|\equiv X$	$A$ believes $X$
$A\succcurlyeq X$	$A$ has $X$
$A\stackrel{X}{\to }*.$	$A$ broadcasts $X$
$A⊲X$	$A$ receives $X$
$A\stackrel{K}{\leftrightarrow }KB$	$A$ and $B$ establish a shared key $K$

.

4.1. Correctness Analysis

Lemma 1.

The ACPKMS scheme satisfies the basic attributes of key distribution. At the task stage t, the specific proof process is as follows:

(1) 

$\forall UA{V}_{j_i}\in U_t$$\Rightarrow$$\forall UA{V}_{j_i}\succcurlyeq \left\{I{D}_j,K_0\right\}$;

(2) 

$UA{V}_{j_{\min }, i_{\min }}\stackrel{M_t}{\to }*.m^{\prime }$ $\Rightarrow$ $UA{V}_{j_i}⊲m_t$ $\Rightarrow$

$UA{V}_{j_i}⊲M_{m^{\prime }t}=\left\{{\alpha }_{m^{\prime }t}^1,{\beta }_{m^{\prime }t}^2,I_{m^{\prime }t},{\epsilon }_{m^{\prime }t},j_{\min },b_{j_i}\right\};$

(3) 

$\forall UA{V}_{j_i}\succcurlyeq \left\{I{D}_j,K_0\right\}$ $\Rightarrow$ ${{\alpha }^{\prime }}_{m^{\prime }t}^{}={\alpha }_{m^{\prime }t}^{}$ $\Rightarrow$ $UA{V}_{j_i}|\equiv M_{m^{\prime }t}$;

(4) 

$UA{V}_{j_i}\succcurlyeq \left\{I{D}_j,K_0,h\left(\cdot \right),S_t^{NK},M_t, j_{\min }, b_{j_i}\right\}$$\Rightarrow$${\gamma }_{t{m}^{\prime }}$$\Rightarrow$$G_t{}_{{m^{\prime }}_{-}key}$;

Q.E.D., $H\left(G_{m^{\prime }{t}_{-}key}\mid M_{m^{\prime }t},p_i\right)=0$ is satisfied.

(5) 

If $\exists UA{V}_{j_i}\notin {m_t}^{\prime }$, $UA{V}_{j_i}⋪M_{m^{\prime }t}$ $\Rightarrow$ $UA{V}_i\succcurlyeq p_i$, and $UA{V}_{j_i}⋡M_{m^{\prime }t}$ $\Rightarrow$ $UA{V}_{j_i}⋡ \left\{{\alpha }_{m^{\prime }t}^1,{\beta }_{m^{\prime }t}^2\right\}$ $\nRightarrow$ ${\gamma }_{t{m}^{\prime }}$ $\nRightarrow$ $G_{t{m^{\prime }}_{-}key}$,

Q.E.D. The ACPKMS scheme has the basic attributes and satisfies the condition: $H\left(G_{t{m^{\prime }}_{-}key}\mid M_{t{m}^{\prime }}\right)=H\left(G_{t{m^{\prime }}_{-}key}\mid p_i\right)=H\left(G_{t{m^{\prime }}_{-}key}\right)$. Given all stated above, the ACPKMS scheme satisfies the task requirements and has good capacity for key establishment.

Lemma 2.

The ACPKMS scheme has the mutual-healing mechanism. If $UA{V}_i\in U_{t+i}$ ($1\le i$) and fails to receive the broadcast message at the t stage $UA{V}_i⋪M_{m^{\prime }t}$, the communication is recovered at the t + i stage, and the key $G_t{}_{{m^{\prime }}_{-}key}$ can be recovered through mutual healing. The proving process is as follows:

(1) 

$UA{V}_{j_i}\stackrel{Request}{\to }*.$$UA{V}_{Neigh}$: $\mathrm{Re}quest:\hspace{0.33em}{M}_{m^{\prime }\left(t+i\right)}=\left\{{\alpha }_{m^{\prime }t}^1,{\beta }_{m^{\prime }t}^2,I_{m^{\prime }t},{\epsilon }_{m^{\prime }t},j_{\min },h\left(I{D}_{j_{\min }}\right),b_{j_i}\right\}$;

(2) 

$UA{V}_{Neigh}⊲Request$ $\Rightarrow$ $h^{\prime }\left(I{D}_{j_{\min }}\right)=h\left(I{D}_{j_{\min }}\right)$ $\Rightarrow$ $UA{V}_{Neigh}|\equiv Request$ $\Rightarrow$ $UA{V}_{Neigh}\succcurlyeq \left(I{D}_{j_{\min }},M_{m^{\prime }t}\right)$;

(3) 

$UA{V}_{Neigh}$$\stackrel{Response}{\to }$$UA{V}_{j_i}$: $\{i{d}_{Neigh},M_{m^{\prime }\left(t+i\right)}\}$$\Rightarrow$$UA{V}_{Neigh}⊲Response$$\Rightarrow$$UA{V}_i⊲M_{m^{\prime }\left(t+i\right)}$;

(4) 

$\forall UA{V}_{j_i}\succcurlyeq \left\{K_0,b_{j_i}\right\}$ $\Rightarrow$ ${a^{\prime }}_{}=a_{}$ $\Rightarrow$ $UA{V}_{j_i}|\equiv M_{m^{\prime }\left(t+i\right)}$ $\Rightarrow$ $UA{V}_{j_i}\succcurlyeq M_{m^{\prime }\left(t+i\right)}$ $\Rightarrow$ $UA{V}_{j_i}\succcurlyeq \left\{{\alpha }_{m^{\prime }t}^1,{\beta }_{m^{\prime }t}^2,I_{m^{\prime }t},{\epsilon }_{m^{\prime }t},j_{\min },h\left(I{D}_{j_{\min }}\right),b_{j_i}\right\}$ $\Rightarrow$ $G_{m^{\prime }{t}_{-}key}$ $\Rightarrow$ $G_{m^{\prime }{t}_{-}key}=\left(S_{j_2}^{NK},S_{j_2}^{MK}\right)$.

Q.E.D., the EHGKM scheme has the mutual-healing mechanism.

4.2. Security Analysis

Lemma 3.

The ACPKMS scheme has forward security (FWS). If $UA{V}_{j_i}$ joins UAVGN at the t stage, i.e., $UA{V}_{j_i}\notin U_{m^{\prime }}{}_{1,m^{\prime }2,\cdots ,m^{\prime }\left(t-1\right)},UA{V}_{j_i}\in U_{m^{\prime }t}$. The specific proving process is as follows:

(1) 

$UA{V}_{j_i}\notin U_{m^{\prime }}{}_{1,m^{\prime }2,\cdots ,m^{\prime }\left(t-1\right)},UA{V}_{j_i}\in U_{m^{\prime }t}$ $\Rightarrow$ $UA{V}_{j_i}\succcurlyeq \left\{I{D}_j,K_0,h\left(\cdot \right),S_t^{NK}\right\}$;

(2) 

If $UA{V}_{j_i}⊲M_{m^{\prime }t},M_{m^{\prime }\left(t+1\right)},\cdots M_{m^{\prime }\left(t+n\right)}$ and $UA{V}_{j_i}|\equiv M_{m^{\prime }t},M_{m^{\prime }\left(t+1\right)},\cdots M_{m^{\prime }\left(t+n\right)}$ $\Rightarrow$ $UA{V}_{j_i}\succcurlyeq M_{m^{\prime }t},M_{m^{\prime }\left(t+1\right)},\cdots M_{m^{\prime }\left(t+n\right)}$;

(3) 

$M_{m^{\prime }t}\notin \left\{M_{m^{\prime }1},M_{m^{\prime }2},\cdots ,M_{m^{\prime }\left(t-1\right)}\right\}$ $\nRightarrow$ $\left\{{\gamma }_{m^{\prime }1},{\gamma }_{m^{\prime }2},\cdots ,{\gamma }_{m^{\prime }\left(t-1\right)}\right\}$ $\nRightarrow$ $\left\{G_{m^{\prime }{1}_{-}key},G_{m^{\prime }{2}_{-}key},\dots ,G_{m^{\prime }{\left(t-1\right)}_{-}key}\right\}$.

Q.E.D., the ACPKMS scheme has forward security, the $UA{V}_{j_i}$ cannot obtain the key $\left\{G_{m^{\prime }{1}_{-}key},G_{m^{\prime }{2}_{-}key},\dots ,G_{m^{\prime }{\left(t-1\right)}_{-}key}\right\}$ before it joins the swarm.

Lemma 4.

The ACPKMS scheme has backward security (BWS). If $UA{V}_{j_i}$ exits UAVGN at the session stage t, i.e., $UA{V}_{j_i}\in U_{m^{\prime }}{}_{1,m^{\prime }2,\cdots ,m^{\prime }\left(t-1\right)},$ $UA{V}_{j_i}\notin U_{m^{\prime }t+}{}_{m^{\prime }\left(t+1\right),m^{\prime }\left(t+2\right),\cdots ,m^{\prime }\left(t+n\right)}$. The specific proving process is as follows:

(1) 

$UA{V}_{j_i}\notin U_{m^{\prime }t+}{}_{m^{\prime }\left(t+1\right),m^{\prime }\left(t+2\right),\cdots ,m^{\prime }\left(t+n\right)}$ $UA{V}_{j_i}\in U_{m^{\prime }}{}_{1,m^{\prime }2,\cdots ,m^{\prime }\left(t-1\right)}$ $\Rightarrow$ $UA{V}_{j_i}\succcurlyeq \left\{I{D}_j,K_0,h\left(\cdot \right),S_t^{NK}\right\}$;

(2) 

If $UA{V}_{j_i}⊲M_{m^{\prime }1},M_{m^{\prime }2},\cdots M_{m^{\prime }\left(t-1\right)}$ and $UA{V}_{j_i}|\equiv M_{m^{\prime }1},M_{m^{\prime }2},\cdots M_{m^{\prime }\left(t-1\right)}$ $\Rightarrow$ $UA{V}_{j_i}\succcurlyeq M_{m^{\prime }1},M_{m^{\prime }2},\cdots M_{m^{\prime }\left(t-1\right)}$;

(3) 

$M_{m^{\prime }t}\notin \left\{M_{m^{\prime }t},M_{m^{\prime }\left(t+1\right)},\cdots M_{m^{\prime }\left(t+n\right)}\right\}$ $\nRightarrow$ $\left\{{\gamma }_{m^{\prime }t},{\gamma }_{m^{\prime }\left(t+1\right)},\cdots {\gamma }_{m^{\prime }\left(t+n\right)}\right\}$ $\nRightarrow$ $\left\{G_{m^{\prime }{t}_{-}key},G_{m^{\prime }{\left(t+1\right)}_{-}key},\cdots G_{m^{\prime }{\left(t+n\right)}_{-}key}\right\}$;

Q.E.D., the ACPKMS scheme has backward security, and the UAV cannot obtain the key $\left\{G_{m^{\prime }{t}_{-}key},G_{m^{\prime }{\left(t+1\right)}_{-}key},\cdots G_{m^{\prime }{\left(t+n\right)}_{-}key}\right\}$ after it leaves the swarm.

Lemma 5.

The ACPKMS scheme can resist replay attacks (RRA). During the distribution and update of keys, the task label random number ${\epsilon }_t$ is introduced. When $\forall UA{V}_{j_i}\in U_{m^{\prime }t}$ receives the key update message $M_{m^{\prime }t}$, it checks the freshness of ${\epsilon }_{m^{\prime }t}$. The ${\epsilon }_{m^{\prime }t}$ has already been used in previous sessions, then $M_{m^{\prime }t}$ is discarded to prevent the attacker (AT) from replaying the broadcast message in previous sessions. Suppose that the t session broadcast message replayed by the attacker is ${M^{\prime }}_{m^{\prime }t}$, the proving process is as follows:

(1) 

$\forall UA{V}_{j_i}\in U_{m^{\prime }t}$ $\Rightarrow$ $UA{V}_{j_i}⊲M_{m^{\prime }t}$ $\Rightarrow$ $UA{V}_{j_i}|\equiv M_{m^{\prime }t}$ $\Rightarrow$ $UA{V}_{j_i}\succcurlyeq M_{m{t}^{\prime }}=\{{\alpha }_{ m^{\prime }t}^1,{\beta }_{ m^{\prime }t}^2,I_{m^{\prime }t},{\epsilon }_{m^{\prime }t},j\}$;

(2) 

$AT\stackrel{{M^{\prime }}_{m^{\prime }t}}{\to }UA{V}_{j_i}:$ $UA{V}_{j_i}⊲{M^{\prime }}_{m^{\prime }t}=\{{{\alpha }^{\prime }}_{ m^{\prime }t}^1,{{\beta }^{\prime }}_{ m^{\prime }t}^2,{I^{\prime }}_{m^{\prime }t},{{\epsilon }^{\prime }}_{m^{\prime }t},j^{\prime }\}$ $\Rightarrow$ ${\epsilon }_{m^{\prime }t}={{\epsilon }^{\prime }}_{m^{\prime }t}$ $\Rightarrow$ Replay Attack;

Therefore, $\forall UA{V}_{j_i}\in U_{m^{\prime }t}$ receives the replayed message $M_{m^{\prime }t}$ and cannot pass the message legitimacy test.

Lemma 6.

The ACPKMS scheme can resist impersonation attacks (RIA).

Impersonation node attacks: suppose the attacker forges $\forall UA{V}_{j_i}\in U_{m^{\prime }t}$ $AT⋡UA{V}_{-}S{K}_{j_i}$ to join UAVGN and needs to obtain $G_{m^{\prime }{t}_{-}key}$ to establish communication, i.e., $AT\succcurlyeq G_{m^{\prime }{t}_{-}key}$. The proving process is $AT\succcurlyeq G_{m^{\prime }{t}_{-}key}$ $\Rightarrow$ $AT\succcurlyeq \{pi,M_{m^{\prime }t}\}$ $\Rightarrow$ $AT\succcurlyeq \{UA{V}_{-}I{D}_{j_i},UA{V}_{-}S{K}_{j_i},,h\left(\cdot \right),S_t^{NK},M_{m^{\prime }t}\}$, which does not hold and conflicts with $AT⋡s_i$, as the forged $UA{V}_i$ needs to obtain the private key of $UA{V}_{j_i}$ to join UAVGN.

Table 4. Performance of different UAV swarm key management schemes.

Scheme	Broadcast Verification	Mutual-Healing Mechanism	FWS	BWS	RIA	RRA
Scheme in [10]	√	×	√	√	—	×
Scheme in [12]	×	×	√	√	—	×
Scheme in [13]	√	×	√	√	$mt$	×
Scheme in [14]	—	×	—	—	—	√
Scheme in [15]	—	×	√	√	$any$	√
Our scheme	√	√	√	√	$any$	√

In the table, √ means “have”, × means “not have”—means “not mentioned in reference”.

shows the performance of different UAV key management schemes. As the table shows, our scheme has forward and backward security, and can resist replay attacks and impersonation attacks. Compared with other schemes, ours uses the hash function for verification, which ensures legitimacy of the requests and responses, and avoids malicious attacks. “malicious attacks” Our approach establishes keys by constructing broadcast messages, has good security and efficiency, and hence is applicable to cross-platform UAV swarm key management.

4.3. Efficiency Analysis

Because of the limited communication and computing capacity of UAVs, it is necessary to minimize the computing time and information exchange to reduce the computing and communication overhead [16]. In this study, the efficiency of our scheme is analyzed from the computing overhead, communication overhead, and storage overhead, with focus on the first two aspects.

Table 5. Definitions of signs of operation.

Symbol	Definition
$T_h$	Hash operation
$T_{mul}$	Multiply
$T_{\exp }$	exponentiation
$T_{xor}$	XOR operation
$T_{mod}$	Mod operation
$T_e$	AES encryption
$T_d$	AES decryption
$T_{bp}$	Bilinear Pairing
$T_{matrix-m}$	Matrix calculation time
$T_{sv}$	Asymmetric signature/verification
$T_l$	Solve the system of linear equations

shows the definitions of the signs of operations.

According to the simulation tests and the efficiency analysis in Section 4.3, the performance of our scheme using the cryptographic library MIRACL is tested in an environment of the following settings: Intel (R) Core (TM), 2 i5-7500CPU, 3.40GHz processor, Windows 10. The results are shown in

Table 6. Computing time on the 256-bit experiment data.

256-Bit Data	Experiment Data	Computing Time (ms)
Time consumed for 1,000,000 HASH-256 operations: 534.000000 ms	534	0.0005340000
Time consumed for 1,000,000 times of 256-bit XOR operations: 3431.000000 ms	3431	0.0034310000
Time consumed for 1,000,000 times of AES 256-digit key encryption: 1215.000000 ms	1215	0.0012150000
Time consumed for 1,000,000 times of AES 256-digit key decryption: 1219.000000 ms	1219	0.0012190000
Time consumed for 10,000 times of bilinear pairing operations: 499,067.000000 ms	499,067	49.9067000000

.

4.3.1. Computing Overhead

In this section, the computing overhead of the swarm head and $UA{V}_{j_i}$ in the ACPKMS scheme is analyzed. During key establishment, the swarm head node CHN performs the hash operation two times, with the time consumed marked as $2T_h$; the broadcast receiving node $UA{V}_{j_i}$ performs the hash operation three times, taking $3T_h$. Though theoretically, our scheme has a computing overhead $3T_h$ higher than the scheme proposed in [17], part of the key is updated locally, which reduces the overhead and prevents the $G_{m_{-}key}$ from directly engaging in the construction of congruences; the attacker must know all the parameters of $UA{V}_{j_i}$, i.e., $p_i=(K_0,seed,UA{V}_{-}S{K}_{j_i},I{D}_j,S_{ID},S_{UAV-I{D}_{j_i}},P_m)$ before it can crack $G_{m_{-}key}$, which enhances the key security and cuts the computing overhead during key establishment. Figure 8 shows the computing overhead of the nodes during the key establishment process.

In our scheme, the key update process is divided into the local key update and the session key update to reduce the computing workload. For convenient comparison, the data processed in this paper are set to be half that in [17,18], and the key establishment broadcast message is only one session stage, that is, to solve $G_{m^{\prime }{\left(t+1\right)}_{-}key}$ with a given $G_{m^{\prime }{t}_{-}key}$. Normally, 12 UAVs create a formation. The Visual Studio 2019 is employed to call the MIRACL cryptographic library to measure the computing overhead of different schemes, and the mean value of multiple tests is used for measurement and comparison. Figure 9 shows the key establishment process. In our proposed scheme, the swarm head UAV and the receiver UAV take an average of 1.068 µs in the key establishment process, which is lower than other schemes, so our scheme is applicable to the fast-moving UAVGN with limited resources.

4.3.2. Communication Overhead

As UAVGN is a wireless network, the communication overhead is an important indicator in key management. During the key establishment process in the ACPKMS scheme, the requestor node $UA{V}_i$ needs to send messages including $Request$ and $Confirm$, which incurs $4\log p$ communication overhead; the response node $UA{V}_{Neighbor}$ needs to send $Response$, incurring $5\log p$ communication overhead.

Table 7. Communication and storage overheads of nodes during key construction of different schemes.

Schemes	Communication Overhead		Storage Overhead
	Request Node	Response Node
ACPKMS	$5\log p$	$5\log p$	$7\log p$
Scheme in [16]	$3\log p$	$[(2n_t+3)t+2]\log p$	$\begin{array}{l}(2n_{t}t+2t+7)\log p+\\ 2n_t\log p+16(n_t^2+n_t)\end{array}$
Scheme in [17]	$8\log p$	$[(2n_t+3)+4]\log p$	$(2n_{t}t+2t+7)\log p$
Scheme in [18]	$5\log p$	$[5(t-t_1)+3]\log p$	$4\log p$

t represents the stage of the task, and n is the number of UAVs.

displays the communication overhead of various schemes. According to the performance of several mainstream UAVs analyzed in [19], “RQ-23 Tigershark”, “MQ-9 Reaper”, and “MQ-1 Predator” can fly above 24 h. In this study, we set the UAV flying time as 24 h, and the task cycle is 2 h, that is, $m=12$. For the convenience of comparison, the transmitted data are set to be 256-bit. Table 7 shows the communication overheads during the key establishment process in different schemes.

4.3.3. Storage Overhead

In the ACPKMS scheme, the $UA{V}_{j_i}$ usually needs to store $UA{V}_{\_}params$:$p_i=\left(K_0,seed,UA{V}_{-}S{K}_{j_i},I{D}_j,S_{ID},S_{UAV-I{D}_{j_i}},P_m\right)$. For the sake of more convenient comparison, the size of the transmitted data is set at 256 bit; that is, the seven parameters have the same size, so the storage overhead is $7\log p$. Though the ACPKMS scheme has a higher storage overhead and is slightly higher than schemes in [20], the computing and communication overheads are reduced, which has sound security and is more applicable to the dynamic UAVGN featured by instability and unreliability [21].

5. Conclusions

A simple but efficient swarm key management scheme based on the hash chain and the Chinese Remainder Theorem (CRT), termed ACPKMS, is proposed here as a solution to secure communication of UAV swarms across platforms. The proposed scheme, by combining the node update key and the session update key, achieves the local static update and the session dynamic update, which enhances the key update efficiency and reduces the communication overhead. Meanwhile, the simple swarm head selection method in the scheme further enhances the flexibility of cross-platform key establishment of UAV swarms. The scheme is compared with other schemes through experiments, and it is found that the EHGKM has good security and high efficiency: the requestor node takes 1.18 µs in the key establishment stage to acquire the key establishment broadcast message and 3.36 µs to recover the key; the ACPKMS scheme can meet the requirements for the UAV swarm key management. In future works, we will study the key management solutions for multiple UAV swarms and design a key management scheme for multiple UAV swarms, thereby providing more efficient and secure key management solutions to the intelligent and integrated development of UAV swarms.