Mutual Identity Authentication Based on Dynamic Identity and Hybrid Encryption for UAV–GCS Communications

Abstract

In order to solve the problems of identity solidification, key duration, and lack of anonymity in communications between unmanned aerial vehicles (UAVs) and ground control stations (GCSs), a mutual secure communication scheme named Dynamic Identity and Hybrid Encryption is proposed in this paper. By constructing an identity update mechanism and a lightweight hybrid encryption system, the anonymity and untraceability of the communicating parties can be realized within a resource-limited environment, and threats such as man-in-the-middle (MITM) attacks, identity forgery, and message tampering can be effectively resisted. Dynamic Identity and Hybrid Encryption (DIHE) uses a flexible encryption strategy to balance security and computing cost and satisfies security attributes such as mutual authentication and forward security through formal verification. Our experimental comparison shows that, compared with the traditional scheme, the calculation and communication costs of DIHE are lower, making it especially suitable for the communication environment between UAVs and GCSs with limited computing power, thus providing a feasible solution for secure low-altitude Internet of Things (IoT) communication.

1. Introduction

The rapid development of Internet of Things (IoT) technology has propelled the widespread use of unmanned aerial vehicles (UAVs), demonstrating significant application potential across multiple industrial sectors, including but not limited to power transmission line inspection, emergency rescue operations, and intelligent logistics management [1,2,3,4]. However, the security of communication channels between UAVs and ground control stations (GCSs) has emerged as a critical issue requiring urgent attention. UAVs in an unsecure communication environment face risks like signal jamming, GPS spoofing, and man-in-the-middle attacks, leading to hijacking, crashes, or data interception. Transmitting sensitive data over unencrypted channels risks exposure to cyber espionage or sabotage. In military operations, unsecure communication can jeopardize missions, endanger personnel, or lead to strategic information being leaked. In civilian use, communication insecurity may cause accidents, financial losses, or delayed aid. Among these challenges, effective mutual authentication mechanisms for mutual communication and secure message transmission protocols constitute essential prerequisites for ensuring mission-critical operations.

Current implementations predominantly employ open wireless networks combined with single-factor authentication protocols for UAV–GCS communications; this kind of configuration is particularly vulnerable to various cyber threats [5]. Through radio channel monitoring, malicious actors are capable of not only intercepting sensitive operational data but also launching spoofing attacks to manipulate mission parameters [6,7]. Consequently, security deficiencies in these systems probably pose significant risks to both military and civilian domains where mission integrity is paramount. Additionally, the inherent constraints of UAV systems, characterized by limited computational resources and restricted hardware capabilities, necessitate the implementation of optimized cryptographic solutions that carefully balance security robustness with operational efficiency [8].

To address the above security challenges, this paper proposes a security scheme named Dynamic Identity and Hybrid Encryption (DIHE) based on the elliptic curve Diffie–Hellman (ECDH) key exchange protocol for dynamic authentication and hybrid key negotiation. This scheme achieves a balance between security and efficiency through the following innovative actions: pre-sharing security parameters in the initialization stage, implementing temporary key negotiation between air and ground mutual communication entities by using ECDH, and implementing a static and dynamic mixed session key for communication content encryption. To effectively resist forged identities and communication tracking, updated identity parameters are used for every message exchange. In this scheme, through the optimization of the protocol process and finally through experimental demonstration, the balanced and efficient security information encryption requirements of UAVs and GCSs can be achieved. The main contributions of this paper are as follows:

(1) This paper implements a dynamic identity authentication mechanism that fulfills the requirements regarding updating authentication parameters per communication cycle.

(2) Based on ECDH to achieve temporary session key negotiation, this paper combines the initialization of shared keys to achieve mixed-state key negotiation and a mutual synchronization mechanism to protect private data security. The authentication hash function is combined to improve message immutability, reduce the calculation costs, and provide a verification process for traditional public key digital signatures.

(3) The formal security analysis tool ProVerif is used for security analysis to verify DIHE’s ability to fight against various potential attacks and verify the scheme’s security.

(4) By referring to the computing characteristics of the UAV-embedded platform, the computational power of our scheme is further measured to determine the actual computing costs, and the results for computing costs and communication overheads are compared with those of a number of studies.

In recent years, schemes have relied on cryptographic algorithms such as Rivest–Shamir–Adleman (RSA) [9], elliptic curve cryptography (ECC) [10,11], and bilinear pairing calculations [12] to fulfill the high security requirements of network identity authentication and key generation. Fernandez et al. [13] used an elliptic curve digital signature algorithm and RSA for encryption in a case where a UAV network was attacked, causing dangerous collisions. This can ensure the secure identification of GCS identities and the encryption of command data.

Chen et al. [14] used a bilinear asymmetric pairing algorithm to achieve the direct anonymous authentication of a UAV network. However, a trusted platform module (TPM) needs to be added to it, and the bilinear calculation requires too much computing power from the UAV. Tian et al. [15] argued that the location and task data of each UAV are sensitive data, and so proposed a predictive UAV authentication and privacy protection scheme using the mobile edge computing (MEC) framework, but they did not consider mutual authentication requirements. K. Rahman et al. [16] used a hyperelliptic curve (HECC) to reduce the key size so as to implement a UAV authentication and network access control protocol. However, the standardization ability and popularity of the HECC algorithm are still lower than those of the ECC encryption algorithm.

Other researchers have integrated ECC, digital signatures, hash functions, and other technologies into protocol designs to achieve the privacy protection of communication networks. Chen et al. [17] designed a traceable privacy protection protocol for UAVs used in airports or militarily sensitive areas that uses digital signature technology to realize a protection mechanism in which sensitive data cannot be forged, but the calculation overheads and communication costs are slightly higher. Xia et al. [18] combined the ECDH key negotiation mechanism with message authentication code (MAC) to achieve mutual authentication and session key negotiation between UAVs and GCSs, but the real ID of the communicating party was not protected, so the attacker was more likely to implement forged identity attacks. Yongho et al. [19] combined ECDH with unique identity certificates for UAVs to achieve key negotiation, and the session key is difficult to tamper with, which can reduce the possibility of Denial of Service (DOS) attacks. However, additional certificate authorities introduce more certificate passing steps, which increase the communication overheads and the possibility of attack. Aiming to address the lack of flexibility and backward security in ECC, Zhang et al. [20] proposed a new UAV identity authentication and key update protocol combined with the zero-knowledge proof protocol. Although the authentication process is very efficient, complex interactive authentication processes add additional network latency and the possibility of packet loss. In their scheme, Bera et al. [21] used ECC for key exchange and identity authentication combined with the hash function to construct the pseudo-identity of the UAV. To further enhance the security of this protocol, digital signature and certificate mechanisms were also introduced to ensure the security of communication identities during the data transmission process.

With the progress in technology and the updating of application requirements, research on identity authentication and dynamic key updates for anonymous communication is still being optimized. The scholars in [22] designed an effective global key update scheme based on the hash chain and the ECC algorithm, allowing all nodes in the network to generate point-to-point update keys through update messages broadcast by the GCS. Han M. et al. [23] generated chain signatures through the hash algorithm and then used authentication technology to sign data streams in batches, which can significantly reduce the signature overheads. Huang QL et al. [24] proposed a new hash chain structure consisting of multiple hash functions of different output lengths to authenticate mobile devices in an event-based one-time cryptosystem. Hakeem et al. [25] generated a key hash chain based on pre-shared key parameters combined with the hash function to realize key updates and management. The salt hash algorithm is used to encrypt the original key into different forms to avoid physical attacks on the device. In some studies [26,27,28], the randomness of UAV hardware attributes, combined with the Physically Unclonable Function (PUF), is used to achieve UAV dynamic identity generation so as to resist the possibility of attackers forging identities. Yuan et al. [29] applied China’s Residual Theorem (CRT) and PUF to transfer the computing load to server nodes with greater computing power and replaced part of the hash operation with an XOR operation, thus reducing the burden of UAV verification, identification, and key computing. However, multi-stage authentication and higher hardware requirements may increase the complexity of implementation and operation. In the schemes in [30,31], it is also pointed out that the scheme combining the XOR operation and the hash function is more in line with the actual needs regarding lightweight computing and efficient identity authentication of the unmanned aerial vehicle platform.

Based on the prior research and optimization considerations, this paper proposes an improved mutual identity authentication protocol based on DIHE for UAV–GCS communications and a key negotiation scheme between UAVs and GCSs, which can realize dynamic identity anonymous communication, resistance to various potential attacks, and balanced computational efficiency and low communication overheads.

2. Scheme Overview

This section describes the primary system architecture of DIHE. In addition, it outlines the relevant threat scenarios and possible attack paths to better demonstrate the security design concept and response capabilities of the solution.

2.1. Communication Nodes

The application scenario of DIHE, as described in this paper, is shown in Figure 1. It consists of two mission nodes, the GCS and UAV, which carry out mutual identity authentication and encrypted message transmission via point-to-point communication.

(1) GCS: Consisting of a secure and reliable central control server, the GCS completes the initial configuration of the UAV, generating and distributing initial system parameters and encryption keys. The encrypted mission commands are sent to the UAV using an open channel to ensure the confidentiality and integrity of the commands. Simultaneously, it can decrypt the data messages returned by the UAV and analyze the data to determine the mission status.

(2) UAV: As the primary mission node, the UAV receives control commands from the GCS and returns mission-related messages. It proactively initiates and responds to GCS authentication prior to the start of the task and completes the mission in an open network environment according to the instructions from the GCS. Once the task is completed, the encrypted data are sent back to the GCS for analysis and processing.

Compared with the GCS, the UAV is more vulnerable to electromagnetic interception or man-in-the-middle (MITM) attacks due to its inherent characteristics, such as the high level of exposure of its communication links and its limited computing resources. Therefore, it is necessary to strengthen the data encryption capabilities of the UAV and establish an efficient dynamic key negotiation and identity authentication mechanism to reduce the communication risks. This paper establishes a mutual authentication mechanism to ensure that the UAV and the GCS negotiate a consistent encrypted communication key before the transmission of mission messages. Then, the message can be encrypted as ciphertext that cannot be deciphered by attackers; this can reduce the risk of data leakage.

2.2. Attack Model

In practice, an attacker may attempt to eavesdrop or tamper with the authentication request of a node to derive a key or other critical data. The Dolev–Yao threat model is a widely used attacker model in current security protocol analysis. Its core lies in simulating an attacker with a strong attack ability to verify the security of the protocol under the worst conditions [32]. In this model, the attacker is given the ability to completely monitor the entire network’s communication and can intercept, tamper with, forge, delete, or replay messages at will, deriving privacy parameters from unencrypted portions of the protocol to obtain information. Based on the Dolev–Yao model, this paper will expand and optimize the traditional attacker model by combining the communication characteristics between UAVs and GCSs and build an attack model that is more suitable for the actual environment and task requirements.

(1) Identity Forgery Attack: By monitoring plaintext messages on the open channel, the attacker can intercept messages that are not encrypted so as to try to forge identity data through logical deduction. Identity forgery attackers might exploit the identity information in historical communications or infer the generation rules of identity data and then impersonate a legitimate UAV or GCS to launch attacks. DIHE ensures that the communication party can use the updated identity for authentication every time a message is exchanged, enhancing the ability to defend against identity forgery. Attackers cannot obtain legal authentication by simply intercepting and forging historical identity data and then tampering with communication content.

(2) Man-in-the-Middle Attack: The attacker inserts themselves as a middleman, intercepting and modifying authentication requests or responses, misleading trusted communication parties into using the forged identity and key information. MITM attackers can pretend to be legitimate UAVs or GCSs to send authentication requests to each other, control the communication process through the role of intermediaries, and ultimately induce trusted nodes to communicate with forged key information. In DIHE, pre-shared security parameters and a temporary key negotiation mechanism are adopted to ensure the secure exchange of identities and keys between two parties.

(3) Replay Attacks: The attacker repeatedly sends a packet that has been received by the destination host to deceive the system. The packet is used in the identity authentication process and damages the correctness of the authentication. The core threat of replay attacks lies in the fact that attackers do not need to crack encrypted data and do not pose a threat to the actual data. However, attackers can induce UAVs to deviate from the established flight path by forwarding forged positioning data. DIHE adopts a bilateral dynamic authentication mechanism to prevent unilateral deception, which can ensure the credibility of the communication identities of both parties and prevent the malicious retransmission of historical data.

(4) Eavesdropping Attack: During data transmission between the UAV and GCS, the attacker listens to network communication and intercepts unencrypted sensitive information. The attacker can then analyze the intercepted data to acquire keys, identity information, or other confidential details, which could be used for further malicious actions. DIHE’s combination of temporary key negotiation and a fixed key to generate a session key ensures the security of the encryption key, and the transmitted message will be securely encrypted during communication. In addition, the use of MAC ensures that tampered messages sent by attackers without valid keys and identities cannot be received by legitimate communication parties.

3. Process of DIHE

This section will analyze the specific implementation process and technical details of mutual authentication and mixed key negotiation.

3.1. Notations

To facilitate a clear understanding of the content of DIHE’s scheme, all the mathematical symbols involved in this scheme and their meanings have been concentratedly listed in the following chart. The specific content can be seen in

Table 1. Symbols in DIHE.

Symbols	Meaning
${ID}_{Ui},{ID}_{Gi}$	UAV and GCS identities (i indicates the ID used for the i message)
$VK$	Shared initial key
$G$	Base point of elliptic curve
$\ast$	The scalar multiplication symbol of an elliptic curve.
$D_U,D_G$	Temporary private keys for UAV and GCS
$R_U,R_G$	Temporary public keys for UAV and GCS
$MAC$	Message authentication code
$HMAC$	Hash-based message authentication code
$hash$	Hash function
$XOR$	XOR operation
$tmpkey$	Temporary key
$Sk$	Final key
$id\text{-}data$	Identity data
$data1$	Result of the XOR operation between $id\text{-}data$ and $tmpkey$
$data2$	Result of the XOR operation between $data1$ and $Sk$
$Message$	Message identification

.

3.2. Authentication Workflow

The authentication process designed in DIHE is divided into four stages, which include a UAV-initiated request, GCS authentication and reply, a UAV authentication and reply to the GCS, and finally, mutual authentication and key negotiation.

The identities ${ID}_{U1}$, ${\mathit{ID}}_{G1}$ and the shared initial key ($VK$) to verify the integrity of the initial authentication messages of the two parties must be saved in the local environment of the UAV and GCS before the UAV initiates the authentication request. In this stage, the attacker cannot obtain valid information. The workflow chart of this scheme is shown in Figure 2.

• Stage 1: UAV initiates an authentication request.

UAVs are often in a mobile state, and the communication link with the GCS may be interrupted due to obstructions and interference. If the GCS initiates the request first, it is necessary to ensure that the UAV is in a connectable state first, which incurs a high fault-tolerance cost. Instead, the UAV initiates the request, which can improve the connection success rate and provide a foundation for successful authentication. Therefore, in Stage 1, the UAV initiates the identity authentication request first and waits for the GCS to verify its identity and reply to the authentication request.

(1)

Step 1: Generate a Temporary Key Parameter.

In this scheme, all key information (except the initial shared key, $VK$) used for encrypting private data adopts a temporary negotiation mechanism. The purpose of this is to ensure that the current temporary generation of security parameters has a limited impact on the next encrypted session and to further ensure the forward security of the scheme by reducing the use of fixed security parameters and thus the risk of being attacked. In the initial phase, the UAV and GCS generate and save the key parameters used by the current temporary session. The UAV and GCS randomly generate their own temporary private keys—the private key is a random integer in the range $[1,\mathrm{n}-1]$, where $n$ is the order of an elliptic curve.

The base point $G$ serves as the generator of the elliptic curve group, determining the security and efficiency of the cryptographic system. In ECC, the order $n$ of the base point $G$ must be a large prime number such that $n * G$ equals the point at infinity, the range for $n$ is $[1,\mathrm{n}-1]$, and the curve parameters must undergo rigorous verification. Through the elliptic curve base point $G$ and the temporary private key, the corresponding temporary public key can be calculated as follows:

$$R_U=D_U * G$$

(1)

$$R_G=D_G * G$$

(2)

(2)

Step 2: Send Authentication Message.

In each message sent, a message authentication code is included to ensure that the message is unique and complete. Before the UAV sends the first authentication message, the $VK$ is used as the key value of the hash-based message authentication code (HMAC) to calculate the authentication code, and the relevant parameters are sent to the GCS. In Formula (3), the parentheses on the right side of the equation include the key and specific parameters necessary to ensure the integrity of the content. Two parameters, namely ${\mathit{ID}}_{U1}$ and $R_U$, are encoded and input during execution to satisfy the input requirements of the HMAC function. The relevant process is shown in the following equation:

MAC_U1 = HMAC ((ID_U1, R_U), VK)

(3)

Message1 = {ID_U1, R_U, MAC_U1}

(4)

• Stage 2: GCS authentication and reply.

At this stage, the GCS verifies the legal identity and message immutability from the UAV, then generates updated identity parameters and sends its own temporary key parameters to the UAV after completing the generation of the temporary key and the final session key.

(1)

Step 1: Identity Authentication and Key Negotiation.

After receiving Message1, GCS verifies the legal identity by comparing it with the initial locally stored UAV identity parameters and combines the MAC recalculation and integrity verification. After completing the above initial works, the GCS starts the temporary key negotiation process, which combines the ECDH key exchange principle to generate a temporary key (tmpkey) from a randomly generated temporary private key (${\mathbf{D}}_{\mathbf{G}}$) and UAV temporary public keys ($R_U$) for mutual security information exchange and the iteration of fixed parameter functions. The calculation process is as follows:

$$\mathit{tmpkey}= D_G * R_U$$

(5)

However, tmpkey is not directly used for the final encryption of private data, and the final session key is generated after the hash value is obtained with $VK$. This strategy combines temporary and fixed keys to achieve mixed security key protection, as shown below:

$$Sk=\mathit{hash}(\mathit{VK}, \mathit{tmpkey})$$

(6)

(2)

Step 2: Identity Updating.

Static identifiers are transmitted directly over an open network in clear text, making it easy for attackers to forge legitimate identities. Therefore, the GCS combines the session key ($\mathit{Sk}$) with the original static identity (${ID}_{U1}$,${ID}_{G1}$) and generates the updated mutual identity for identity authentication, combining the new identity data of both sides into $id\text{-}\mathit{data}$. Based on the consideration of limited UAV resources, the calculation of identity information is completed by the GCS alone, and the UAV is only responsible for receiving and using it. A more detailed identity generation process is described in the next section.

(3)

Step 3: GCS Reply Authentication.

Compared with the traditional scheme, that is, generating ciphertext through symmetric encryption of the key and plaintext, symmetric encryption will increase the computational complexity. Based on the content of the previous design, we hope to minimize the computational burden of the UAV platform while ensuring the security of identity authentication. Therefore, the XOR operation is considered. One advantage of XOR is that it can operate directly on each bit without handling the load, which makes it highly efficient in hardware implementation. Considering other encryption methods, such as addition and multiplication, addition requires considering the load, while multiplication requires multiple shifts and additions. Both of these require more steps or involve more complex circuits. However, XOR is merely a simple bitwise comparison without carrying over or other complex operations. Therefore, the burden of adopting XOR on the UAV platform is relatively low.

${ID}_{U2}$ and ${ID}_{G2}$ represent the brand-new identity tags used by UAV and GCS, respectively, when sending the second message. The purpose of implementing these tags is that, through updated identity information, the risk of identity forgery and communication tracking of the UAV and GCS can be reduced. Furthermore, the identity data segment $id\text{-}\mathit{data}$ is the combined field of the new identity data ${ID}_{U2}$ and ${ID}_{G2}$ of both sides. In this part, $id\text{-}\mathit{data}$ first performs an XOR operation with the tmpkey to generate the intermediate parameter data1, as follows:

$$\mathit{data}1=\mathit{XOR}(\mathit{id}\text{-}\mathit{data}, \mathit{tmpkey})$$

(7)

On this basis, data1 is then XOR with the key $SK$, and the final generated data2 represents the data sent to the UAV; the specific computation process is shown as follows:

$$\mathit{data}2=\mathit{XOR}(\mathit{data}1, \mathit{Sk})$$

(8)

Based on the above information, GCS calculates the ${\mathit{MAC}}_{G1}$ of this message by using $VK$, and then finally forms the authentication reply Message2 and sends it back to the UAV; the specific process of generating the relevant parameters is as follows:

$${\mathit{MAC}}_{G1}=\mathit{HMAC}\left(\right({\mathit{ID}}_{G1}, {\mathit{R}}_{\mathit{G}}, \mathit{data}2), \mathit{VK})$$

(9)

$$\mathit{Message}2=\{{\mathit{ID}}_{G1}, R_G, \mathit{data}2, {\mathit{MAC}}_{G1}\}$$

(10)

• Stage 3: UAV authentication and reply.

After receiving $\mathit{Message}2$, the UAV executes the same process as the GCS in Stage 2, authenticating the identity and authentication code and calculating the $\mathit{tmpkey}$ and session key ($\mathit{Sk}$); the process is as follows:

$$\mathit{tmpkey}= D_{U }* R_G$$

(11)

After generating the relevant key parameters, the UAV uses XOR to compute $\mathit{data}1$ and data2, respectively. It then generates the updated identity information for both itself and the GCS, which is contained in the $\mathit{id}\text{-}\mathit{data}$, as shown in the following formula:

$$\mathit{data}1=\mathit{XOR}(\mathit{data}2, \mathit{tmpkey})$$

(12)

$$\mathit{id}\text{-}\mathit{data}=\mathit{XOR}(\mathit{data}2, \mathit{Sk})$$

(13)

Finally, the authentication code ${\mathit{MAC}}_{U2}$ of the corresponding message is calculated by using the obtained $\mathit{Sk}$ and the latest ${\mathit{ID}}_{U2}$ and the GCS is replied to in the form of $\mathit{Message}3$; the process is as follows:

$${\mathit{MAC}}_{U2 }=\mathit{HMAC}({\mathit{ID}}_{U2}, \mathit{Sk})$$

(14)

$$\mathit{Message}3=\{{\mathit{ID}}_{U2}, {\mathit{MAC}}_{U2}\}$$

(15)

At this point, after receiving the reply message, the GCS confirms that the dynamic new identity of the UAV from the reply message meets the update expectations of ${\mathit{MAC}}_{U2}$, which means that the UAV and GCS realize the synchronization requirements of mutual temporary key negotiation and dynamic ID code.

3.3. Dynamic Identity Updating

Based on initial public parameters stored locally by both parties, the UAV and GCS can achieve mutual authentication of the first message. However, as mentioned above, the risk of static identity being easily imitated and misused by attackers cannot be ignored. Using common message serial numbers or timestamps can indeed prove the freshness of messages to a certain extent, but attackers can also capture a large amount of historical data, analyze the serial number generation rules, and generate false information based on these rules, thereby invalidating the continuous communication function that relies on timestamps and serial numbers. Ultimately, this disrupts normal message processing. Therefore, DIHE introduces a dynamic update mechanism for mutual identity information between the UAV and GCS.

${\mathit{ID}}_{U2}$ and ${ID}_{G2}$ represent the brand-new identity tags used by the UAV and GCS, respectively, when sending the second message. The purpose of implementing these tags is that, through updated identity information, the risk of identity forgery and communication tracking of the UAV and GCS can be reduced. Furthermore, the identity data segment id-data is the combined field of the new identity data ${ID}_{U2}$ and ${ID}_{G2}$ of both sides.

Meanwhile, establishing how to update each other’s identity synchronously between the UAV and GCS is another one of the difficulties to be addressed in DIHE. For the UAV, if the process of dynamic identity updating requires additional computing or decryption operations, this will further consume its computing power. Therefore, this paper considers that the calculation process of dynamic identity parameter updating should be completed by the GCS, while the UAV completes the updating of identity parameters only through storage and queries.

As shown in Figure 3, GCS uses the key $Sk$, calculated by the hash function and the initial identity information ${ID}_{U1}$ and ${ID}_{G1}$ of both parties stored locally, to generate new identity information for the UAV and GCS, namely ${ID}_{U2}$ and ${ID}_{G2}$. The subsequent dynamic new identities will also be generated according to a similar chain calculation process. Due to the one-way security and non-collidability of the hash function, combined with the temporary key generation process designed earlier, the new identity parameters generated at this time are secure and dynamic. Even if an attacker captures the ${\mathrm{ID}}_{\mathrm{U}1}$ and ${ID}_{G1}$ used during the initial identity authentication, they are unable to infer the specific parameters and key $\mathrm{Sk}$ of the dynamic identity. In order to reduce the complexity of local computing and updating for the UAV, DIHE combines the new identity information used in the second communication into $\mathrm{id}\text{-}\mathrm{data}$ through splicing and sends it to the UAV.

The UAV can obtain its own dynamic new identity ${\mathrm{ID}}_{\mathrm{U}2}$ and the new identity ${\mathrm{ID}}_{\mathrm{G}2}$ of the GCS through sequential queries. With the new identity ${\mathrm{ID}}_{\mathrm{U}2}$, the UAV can obtain the GCS’s identity authentication function for the corresponding UAV in $\mathrm{Message}3$, completing a new round of mutual identity authentication.

Before carrying out the formal mission, the UAV will also wait for the private information from the real GCS. At this time, the new identity information of the real GCS is ${\mathrm{ID}}_{\mathrm{G}2}$, and the UAV can obtain it by sequentially querying the $\mathrm{id}\text{-}\mathrm{data}$. During formal mutual encrypted communication, both parties use Sk to symmetrically encrypt and decrypt private data. A new round of identity information will also be generated by the GCS according to the same operation rules and sent back by the GCS as part of the privacy message.

4. Security Analysis

In this paper, ProVerif (version 2.05) is used to verify the security of DIHE against common network attacks, such as forged identity attacks, key theft attacks, and MITM attacks launched by attackers. ProVerif, a formalized security protocol verification tool, has been widely used to analyze and verify the security of communication protocols in recent years. Communication assertion, observation equivalence, and protocol reachability attributes can be verified through the symbolic analysis of the protocol [33].

4.1. ProVerif Code Process

In this section, we present the protocol process of the ProVerif code of the GCS and UAV in Figure 4 and Figure 5, respectively.

Firstly, in the GCS code process shown in Figure 4, the GCS receives the authentication parameters sent by the UAV as in line 2, where parameter c represents that the current communication process is implemented in the public channel. An if-condition statement is used to verify whether the received initial identity from the sender is its own locally stored UAV legal identity; these parameters should also be integrity-protected using MAC. After that, GCS will generate $\mathrm{tmpkey}$ and the new identities used by both parties for the second message exchange. In the code, we represent these as “IDu_new” and “IDg_new”. As previously discussed in Section 3.3, the GCS incurs a higher computational load than the UAV. This is primarily due to GCS generating the new identities for both parties using two hash functions, whereas the UAV performs only two XOR operations, which are computationally less demanding. A detailed comparison of the computational times is provided in Section 5.1. Then, the GCS generates the final session key as $Sk$, which is represented as “session_key” in the code. It should be noted that the first event, namely “event_accept_GCS()”, will be triggered only if the GCS successfully generates $Sk$. On this basis, the GCS continues to generate new identity parameters for both parties and sends the relevant information to the UAV to assist it in verifying its identity and completing the key negotiation. After successfully sending this information, the second event in the code will be triggered, which is “event GCS_generated_new_id()” in line 19 of the code. Finally, as in the initial verification of the UAV identity, when a new message is received, the GCS will also verify the sender’s identity and MAC, and only after confirming that there is no error will $Sk$ be used to start the formal message encryption.

Figure 5 shows the detailed code implementation process of communication between the UAV and GCS, which is similar to the corresponding process on the GCS side. In the local environment at the initial stage, UAV pre-generates the temporary key parameters such as $\mathit{ID}\_u$ and $R\_u$ and the authentication code $\mathit{mac}\_u$ and then sends them to the GCS. After receiving the reply message from the GCS, UAV first verifies that this identity $\mathit{IDg}$ is the same as its own locally saved identity of the GCS and that the $\mathit{mac}\_g1$ is consistent with its own computed value. It is determined through the if-condition statement that both of these conditions must be met before the next step of temporary key negotiation can be carried out. After that, the UAV uses the received temporary GCS key parameter $R\_g$ to generate the corresponding $\mathit{tmpkey}$ and $\mathit{Sk}$. As with the GCS side, the UAV will trigger the event corresponding to line 13, which is specifically expressed as “event accept_UAV(session_key)”. Through two XOR operations, when the UAV receives the new identity sent by the real GCS, it will also trigger the second event, as in line 18, which is specifically expressed as “event UAV_generated_new_id()”. Only when the UAV and the GCS successfully complete the initial two-way identity authentication process in accordance with the protocol process can the UAV successfully receive the new identity parameters and complete the update of its own and the GCS’s identity parameters through the dynamic identity update process described earlier. Finally, the received new identity $\mathit{ID}u\_2$ is used to send a reply message to the GCS, and $\mathit{Sk}$ is used to encrypt and decrypt the message.

4.2. ProVerif Verification Procedures

In ProVerif, the security events are the core basis for formally verifying the security attributes of the protocol, such as confidentiality, integrity, and authentication. The security events are defined as presented in

Table 2. Key node event.

Security Event Definitions
event accept_GCS(key)
event accept_UAV(key)
event GCS_generated_new_id()
event UAV_generated_new_id()

.

The first two events concern the successful establishment of the session key and the successful exchange of each party’s real identity. Specifically, “event accept_GCS(key)” and “event accept_UAV(key)” indicate that the GCS and UAV have both received and accepted $\mathit{Sk}$, which is a fundamental step in ensuring secure communication and preventing any unauthorized party from being involved in the communication. These events are triggered only once both parties have verified each other’s identity and the integrity of the exchanged messages through the protocol, establishing the necessary trust between the GCS and UAV for subsequent secure communication.

The last two events, namely “event GCS_generated_new_id()” and “event UAV_generated_new_id()”, are designed to ensure the freshness and reality of the identities used in the communication. These events signify that both the GCS and UAV have successfully generated new identity values, helping to protect against replay attacks and ensuring that the identities used in the current session are not maliciously reused from a previous session.

In the query and security attribute verification section, as shown in

Table 3. Query statements.

Query Statements
query attacker(secrecy)
query attacker(session_key)
query attacker(IDu)
query attacker(IDg)
query inj-event(GCS_generated_new_id) ==> inj-event(UAV_generated_new_id) query Sk:key; inj-event(accept_GCS(Sk)) ==> inj-event(accept_UAV(Sk)) query Sk:key; inj-event(accept_UAV(Sk)) ==> inj-event(accept_GCS(Sk))

, ProVerif uses query statements to evaluate whether an attacker can obtain sensitive information or trigger specific events that could compromise the protocol’s security.

The first two queries focus on confidentiality during the communication. Specifically, the query commands “query attacker(secrecy)” and “query attacker(session_key)” check whether an attacker can gain access to the private information or session key $\mathit{Sk}$. Following this, the next two query commands, “query attacker(IDu)” and “query attacker(IDg)”, assess whether the attacker can steal the real identities before initiating the communication process and whether there is any vulnerability that allows an attacker to impersonate either the GCS or UAV, thus breaking the authentication process.

The subsequent query checks whether the UAV successfully generates a new ID, as required by the protocol. This query ensures that the protocol maintains synchronization between the two parties in terms of identity updates, further protecting against replay or impersonation attacks. The last two queries ensure that both sides establish the secure communication process and generate the same key to fulfill the consistency principle, preventing any mismatches that could lead to a security breach.

4.3. Security Analysis Results

The results of verifying the relevant security of DIHE using ProVerif in this paper are shown in Figure 6.

Regarding confidentiality, the first two query results indicate that the attacker cannot deduce the session key $\mathit{Sk}$ relying on the current communication plaintext message, and it is also difficult to steal the specific private data encrypted by the final session key $\mathit{Sk}$, which clearly confirms the confidentiality of DIHE.

The third and fourth query results provide further supporting evidence: the attacker cannot obtain the initial identity parameters, nor access the updated identities in advance. This dual protection mechanism successfully constructs an identity anonymity protection system for this scheme in dynamic environments. At the level of authentication process compliance verification, the fifth query provides the basis that the mutual identity authentication process strictly follows the sequence in which the GCS performs calculations and generation before the UAV acquires the results; this strict timing mechanism further reduces the possibility of MITM attacks. The last two queries show that the GCS and UAV complete identity authentication in strict accordance with DIHE and generate consistent session keys.

4.4. Safety Function Comparison

After a series of security event definitions and corresponding attack behavior queries, it can be concluded that the DIHE can effectively resist multiple attack means. In this section, this paper compares the security functions achieved with a number of related research schemes. The detailed comparison results are shown in

Table 4. Comparison of security functions.

Security Functions	DIHE	Sdronelig [18]	SP-D2GCS [19]	LAPEC [20]	ACPBS-IoT [21]
Mutual Authentication	YES	YES	YES	YES	YES
Anti-Man-in-the-Middle Attack	YES	YES	YES	YES	YES
Dynamic Identity	YES	NO	YES	NO	YES
Resist Replay Attacks	YES	YES	YES	YES	YES
Data Integrity Protection	YES	YES	YES	YES	YES
Forward Safety	YES	YES	YES	YES	YES
Light Initialization	YES	NO	NO	YES	NO

.

DIHE can achieve more comprehensive security functions and effectively prevent attackers from tracing and forging trusted identities. Meanwhile, this scheme only requires pre-storing the initial identities and shared key $\mathit{VK}$ of both parties used for message exchange for the first time in the initialization stage, which offers the advantage of lightweight initialization. In contrast, Sdronelig [18], in order to reduce the tedious calculation process during the actual protocol execution on the UAV, stores multiple key parameters, real IDs, and the message authentication code (MAC) in the offline initialization stage and uses static identity for communication authentication, which cannot effectively defend against attacks involving the transmission of a large number of false messages after forging identities. SP-D2GCS [19] and ACPBS-IoT [21] need to calculate and store digital certificates for authentication in addition to storing certain security key parameters; LAPEC [20] reduces the use of public key certificates for both parties, but both parties still need to calculate hash identifiers for authentication during the pre-registration phase.

5. Results Analysis

The hardware environment used in this experiment was an Intel i7-14650HX with 16 GB RAM, and the programming language used was Python 3.9. In this section, the computational costs and communication overheads involved in key negotiation and identity authentication are compared in detail with those of relevant research schemes.

5.1. Calculate Cost

The calculation types used by DIHE include the elliptic curve dot product operations based on ECC($T_{\mathit{sm}}$), the hash operation ($T_h$), the XOR operation ($T_{\mathit{XOR}}$), and the elliptic curve secp256r1.

However, related studies [18,19,20,21] use the ECC elliptic curve dot-add operation ($T_{\mathit{add}}$), symmetric encryption/decryption ($T_{\mathit{sys}}$), the digital signature operation ($T_{\mathit{sign}}$), signature verification ($T_{\mathit{verif}}$), and digital certificate verification ($T_{\mathit{ctf}\text{-}\mathit{verif}}$). Unlike the hash function SHA-256 used in other schemes, DIHE uses BLAKE2b as the main hash algorithm.

To better simulate the computational performance of an actual UAV-embedded platform, this paper delays arithmetic execution to match the behavior of a real experimental platform. Each cryptographic operation is executed 1000 times, and the average execution time is taken in order to reduce random errors. The detailed calculations of each computation and the time consumed are presented in

Table 5. Time taken for each encryption operation.

Calculation Type	Description	Time (ms)
$T_{sm}$	Elliptic curve point multiplication	2.431
$T_{add}$	Elliptic curve point addition operation	0.883
$T_h$	Hash operation (SHA-256)	0.482
$T_h$	Hash operation (Blake2b)	0.420
$T_{XOR}$	XOR operation	0.275
$T_{sys}$	Symmetric encryption and decryption	0.727
$T_{sign}$	Digital signature generation operation	1.396
$T_{verif}$	Signature verification operation	1.036
$T_{ctf\_verif}$	Digital certificate verification	2.618

.

For the purpose of more intuitively comparing the advantages of the DIHE designed in this paper with other schemes in terms of computational efficiency, the total computational comparison results are displayed in

Table 6. Comparison of time consumed by each scheme.

Scheme	Calculation Cost	Time Cost (ms)
DIHE	$4T_{sm}+8T_h+4T_{XOR}$	11.944
Sdronelig [18]	4$T_{sm}$ + 6$T_h$ + 2$T_{add}$ + 2$T_{sys}$	12.148
SP-D2GCS [19]	4$T_{sm}$ + 11$T_h$ + 7$T_{sys}$ + 4$T_{sign}$ + 4$T_{verif}$ + 2$T_{ctf\_verif}$	35.079
LAPEC [20]	6$T_{sm}$ + 12$T_h$ + 4$T_{sys}$	23.278
ACPBS-IoT [21]	10$T_{sm}$ + 3$T_{add}$ + 18$T_h$	35.635

.

From the analysis of the results, it can be seen that compared to Sdronelig [18], DIHE uses a slightly faster BLAKE2b hash algorithm and replaces symmetric encryption algorithms with XOR operations, resulting in lower computational complexity. The improvement in computation time is mainly attributed to the fact that the temporary key parameters are randomly generated, rather than allocating this part of the computational volume to the initial preparation stage. In addition, DIHE uses MAC in combination with dynamically updated identity parameters. Compared with the schemes that use digital certificates and digital signatures of the program, such as those in [19,21], the computational burden is significantly reduced. Throughout the whole authentication and key negotiation process, DIHE utilizes fewer ECC dot product operations and hash operations, thereby achieving a shorter computation time compared to LAPEC [20], which uses zero-knowledge proofs.

5.2. Communication Overhead

As can be seen in Figure 7, the messages sent during the communication protocol of the DIHE designed in this paper occupy less memory space. The results regarding the communication overheads of the relevant comparative schemes, that is, the specific message size, can be obtained from the experimental conclusion sections of the corresponding studies [18,19,20,21].

In this paper, the entire authentication and key negotiation process from Stage 1 to the final session key generation step generates three communication messages. The first authentication request, $\mathit{Message}1$, is initiated by the UAV and specific parameters like the temporary public key $R_U$ and the message authentication code ${\mathit{MAC}}_{U1}$, which are 160, 160, and 256 bits in length, respectively. In the process of receiving the authentication request from the UAV, verifying its identity, and generating the response $\mathit{Message}2$, the GCS needs to generate 320 bits of identity information, $\mathit{data}2$, as well as ${\mathrm{ID}}_{\mathrm{G}1}$, $R_G$, and ${\mathit{MAC}}_{G1}$, corresponding to the length of $\mathit{Message}1$, and ultimately making up $\mathit{Message}2$, which is about 896 bits in length. Subsequently, the UAV completes the mutual identity authentication and generates the response $\mathit{Message}3$, with a message size of 416 bits.

Compared with the scheme that has the lowest communication overheads among the referenced schemes [21], DIHE reduces the communication overheads by about 19.18%. Furthermore, compared to LAPEC [20], which uses zero-knowledge proofs with the highest communication overheads, DIHE adopts a more flexible identity and key generation process, achieving a 33.89% reduction in communication overheads. By combining the use of XOR operations, the elliptic curve dot product, and fast hash function operations, DIHE not only improves communication efficiency but also facilitates more efficient communication interactions in the dynamic communication environment of UAVs and GCSs.

6. Conclusions

In this paper, we propose an efficient and secure authentication and key negotiation scheme for face-to-face communication between a UAV and a GCS. DIHE integrates forgery-resistant identity and ephemeral key negotiation and utilizes hash functions and XOR operations for robust mutual authentication and secure session key generation. Notably, this scheme takes into account the limited computational capabilities of UAVs by limiting the major computational overheads to elliptic curve pointwise multiplication, hash operations, and XOR computation, thus keeping the computational cost low. In terms of communication efficiency, the proposed scheme reduces the memory overheads by minimizing the amount of information transfer compared to existing alternatives, making it particularly suitable for deployment on low-power embedded devices such as UAVs. However, this study currently focuses only on point-to-point communication between a single UAV and a GCS. Future research can explore further optimization of the dynamic identity generation and update mechanism, as well as extend the applicability of the scheme to multiparty communication scenarios.