Cross-Domain Authentication Technology of UAV Based on Alliance Chain

As the application scope of UAV expands, the demand for the cross-domain mission execution capability of UAV is increasing, which also puts forward higher requirements for the cross-domain certication capability of UAV. is paper proposes and veries a cross-domain authentication scheme based on alliance chain technology. e experimental results show that compared with the original scheme, it greatly improves the eciency of cross-domain authentication while solving the problem of trust between control stations.


Introduction
As technology advances, drones can carry a variety of sensors that collaborate to complete related tasks [1,2]. Various applications [3] and the ability to work e ciently have increased the demand for the ability of drones to work across domains. In order to achieve the trust between the control stations and ensure the e cient cross-domain authentication of the UAV, this paper designs a cross-domain authentication scheme based on the alliance chain technology.

Related Work.
With the development of science and technology, more demands are raised for the ability of UAV to perform missions across domains. In order to ensure the capability of cross-eld work, the design of cross-eld certi cation mechanism with high certi cation e ciency and high-security guarantee has become the focus of UAV safety technology research.
At present, there are three main cross-domain authentication technologies used for drones, as shown in Table 1.
Literature [4] uses hash and other algorithms to realize the identity information protection of cross-domain authentication UAV, and literature [5] uses the Dijkstra algorithm to improve the transmission e ciency between the registration domain and the receiving domain. However, both have two problems. One is the low authentication e ciency because the communication between the distant two-side domain control stations needs to pass through the relay station, and it is extended and easy for interference. Second, the success rate of certi cation cannot be guaranteed. When the registration domain control station is invaded or damaged or the communication between the control stations is strongly disturbed, the relevant legal UAV will fail temporarily or even permanently certi cation.
Long-term authorization of cross-domain authentication means that one CA stores the standardized information provided by the other CA as login information for a long time. In this case, there are often overdue information caused by delayed update problems [6]. is method cannot quickly reach a consensus between control stations and meet the requirements of low latency and high credibility between UAV control stations, so it is not suitable for cross-domain authentication.
Blockchain technology is a new application mode of computer technology such as consensus mechanism, distributed data storage, and encryption algorithm. It has the characteristics of decentralization, tamper-proof, antiforgery prevention and high reliability and can be divided into public chain, alliance chain, and private chain. e characteristics of high efficiency, strong scalability, and small power consumption meet the efficiency and power needs of UAV cross-domain certification. At present, the research of blockchain in the field of cross-domain authentication has attracted more attention. On the basis of changing the blockchain certificate format, document [7] proposes an efficient cross-domain authentication scheme based on blockchain technology. Literature [8] proposes a blockchain-based authentication scheme across a heterogeneous domain. Document [9] applies blockchain technology to the cross-domain certification of cars. However, the above three methods all lack the protection mechanism of node privacy. Literature [10] proposes an anonymous identity and access control based on the alliance chain. However, in this design, for the calculation of every cross-domain request on the chain, the communication overhead is too expensive, and the authentication nodes need to store too much authentication data, which does not meet the needs of lightweight UAV nodes. is paper will improve the real-time crossdomain authentication technology (such as literature [4]) based on the alliance chain technology and design an efficient and high-security UAV cross-domain authentication scheme.

Motivations.
Due to the wireless communication between drones and control stations, there are urgent security challenges in the cross-domain process. Specifically, UAV communication networks are vulnerable to man-in-themiddle attacks, replay attacks, and other attack methods [11]. erefore, a secure cross-domain authentication scheme is needed that enables the registered and authorized UAVs to safely communicate with the control stations in the nonregistered domain, thereby protecting their privacy and security. In particular, the identity of the communicating party can be verified by mutual authentication between the UAV and the control station before exchanging secret and sensitive information on the insecure communication channel. Several important factors need to be considered in designing cross-domain identity authentication schemes. First, the proposed scheme should be robust to different types of attacks, including middleman attacks, replay attacks, and eavesdropping attacks. In addition, due to the limited resources available for drones, expensive authentication (such as digital certificates) is necessary. Finally, it is necessary to achieve mutual trust between the different control stations to facilitate the information transmission between the control stations. Drones have limited energy resources [12], so need lightweight authentication solutions. erefore, the method of carrying alliance chain certificate at the authentication node is not applicable for drones, such as literature [7][8][9]. Traditional cross-domain authentication schemes represented by the literature [4] do not solve the problem of mutual trust between control stations, and they are also not applicable to the cross-domain certification of UAV. Blockchain technology can create a trust environment [13] and effectively address trust issues in the crossdomain process. Combining the two methods is a good choice. Alliance chain technology is used between the control stations to achieve mutual trust, and the traditional methods of authentication between the UAV and the control stations can achieve the trust between the control stations, and there is no need to store the expensive data such as digital certificates on the UAV.

Contributions.
In order to achieve the trust between the control stations and ensure the efficient cross-domain authentication of the UAV, this paper designs a cross-domain authentication scheme based on the alliance chain technology. e main work is as follows: (1) A cross-domain authentication scheme for UAV is designed based on alliance chain technology. e scheme adopts alliance chain technology between control stations to achieve mutual trust environment and the identity authentication of secret information between drones and control stations.
(2) Security analysis was performed based on the Dolev-Yao threat model to demonstrate the security of this cross-domain authentication scheme. (3) In order to prove the high authentication efficiency of this scheme, the cross-domain authentication scheme proposed by literature [4] is compared through simulation experiments, and the authentication efficiency of the proposed authentication scheme is improved compared with the UAV crossdomain authentication scheme represented by literature [4]. Temporary cross-domain authentication means to verify the validity of the authenticator identity by transmitting relevant data to the registration domain.
Literature [4] and literature [5] Long-term authorized cross-domain authentication mechanism Long-term authorization of cross-domain authentication means that one CA stores the standardized information provided by the other CA as login information for a long time.

None
Cross-domain authentication mechanism based on blockchain It refers to the cross-domain authentication technology based on blockchain technology. Blockchain technology is a new application mode of computer technology such as consensus mechanism, distributed data storage, and encryption algorithm.

Design of the UAV Cross-Domain Authentication Scheme Based on Alliance Chain
Drawing on the cross-domain authentication method of the Internet of ings, compared with the forwarding and authentication of the UAV authentication information in the authentication process, the secret information such as identification information can be directly distributed in the initialization stage.
is can both reduce one round of communication and improve the robustness of the scheme. Based on this idea, this paper designs a cross-domain UAV authentication scheme based on the alliance chain technology. e cross-domain authentication scheme based on alliance chain technology designed in this paper can complete the transmission and endorsement of identity authentication information in the initialization stage, reduce the number of communication rounds, and improve the cross-domain authentication efficiency of UAV on the premise of ensuring the security of cross-domain authentication.

Parameter Representation.
In this paper, the parameters and their corresponding meanings are shown in Table 2.

Initialization.
e initialization stage of this scheme mainly includes the initialization of the alliance chain between the control stations and the UAV.

Alliance Chain Initialization.
After the CA authentication of each control station, the nodes peer0.org1, peer0.org2, peer0.org3, and peer0.org4 corresponding to the UAV control stations in different domains add the same channels corresponding to the control station requiring cross-domain authentication, such as peer0.org1 and peer0.org2 accession channel channnel1 and peer0.org2 and peer0.org4 accession channel channnel2. is paper illustrates the examples of peer0.org1 and channel channnel1 added by peer0.org3 in Figure 1. Call the official supplied Smart contract in the channel, and the corresponding chain code is packaged and installed.

Initialization of the UAV Identity Information.
e initialization of UAV identity information in this scheme is divided into two parts: the upper link of identity authentication and related information in the registration domain.
Identity authentication in the registration domain selects the identity authentication scheme based on the ECC algorithm. reg station selects G � (x, y)as the basis of the E. Generate the random numbers ran d 0 , rand 1 , rand 2 · · · rand n ∈ [1, n − 1] as the private key, and calculate P 0 � (x 0 , y 0 ) � [d 0 ](x, y), P 1 � (x 1 , y 1 ) � [d 1 ] (x, y) · · · as the corresponding public key.
Subsequently, reg station generates six random numbers RAND n for each pair of public-private key as its in d in the key table, selects [P 0 , d 0 ] as the public-private key of reg station, selects the public-private key in the remaining public-private key pairs, and passes the parameters RAND, n, E, G, H(.), P 0 , pku, sku . Transfer to the reg station and other UAVs into the network authentication and two-way identity authentication and obtain generation.
e upper chain of the relevant information is mainly implemented by using the way of calling the chain code, and the reg station in the corresponding channel call chainco de will give ID n pku to the in d. e specific steps are shown in Figure 1.
e reg station creates the proposal as a transaction and signs the signed proposal generation. e signed proposal is sent to the peer0.org1 node for endorsement processing, which returns the proposal response message after successfully successful chain code call transaction.
Create a signed transaction sigenedTX based on the message returned by the peer0.org1 node.
Transaction information is sent to the order node for network sorting and broadcasting to all the peer nodes of the channel (such as the peer0.org1 and peer0.org3 nodes listed in this article) for confirmation.

Cross-Domain Authentication.
e main steps of the cross-domain authentication process are shown in Figure 2.
UAV transfers to acc station {T u , ID n }. acc station verifies the parameter T u . if T c -T u < ∆t, and then queries the information according to the in d in ID n corresponding chain code on the alliance chain in.
If acc station successfully obtains pku||ID n from the chain code, and if it is the same, the authentication is successful.
acc station generates ID n+1 and updates the chain code on the corresponding channel by using pku||ID n+1 , then ID n+1 calculation is acc station uses pku building secure communication channels with UAV.
After the UAV has successfully communicated with the accstation, the UAV updates the local machine ID n to generate ID n+1 in the same calculation way.

Safety Analysis
Data transmitted over wireless channels is vulnerable to theft [14,15], so UAV communication networks using wireless communications face serious security threats. e Dolev-Yao model [16] is an analytical model widely recognized by the industry, and this chapter will demonstrate the security for cross-domain authentication schemes based on this model (because the security of alliance chain technology has been widely recognized by the industry, and this default control stations are in a secure communication environment).

Antireplay Attack Analysis.
e current time stamp is enclosed in the message structure transmitted between the Mobile Information Systems UAV, acc station, and reg station during authentication. e control station and the UAV can test the time stamp, that is, whether the inequality T c -T u <∆t is satis ed. Because the attacker consumes more time to forward the message, they can judge whether a replay attack.

Antimiddleman Attack.
During the authentication process, after each veri cation process, it needs to be updated, namely, ID n+1 in dH(ID n , IV). erefore, in the case of intermediate interception, the same can only complete a single authentication and cannot be used for the second authentication and can guarantee the security of the channel.

Forward Safety and Backward Safety of ID n .
e identity information ID n of this scheme has forward security and backward security, ID n+1 in dH(ID n , IV). e unidirectional of SM3 algorithm ensures that the attacker cannot infer ID n through ID n+1 in polynomial time.Since IV is a parameter that the attacker cannot obtain, the attacker can also not get ID n+1 through ID n .

Experimental Design and Analysis
After the initialization of UAV, acc station, and reg station, the alliance chain-based cross-domain authentication scheme and the traditional temporary cross-domain authentication scheme were conducted, respectively.

Experimental Environment.
e experimental environment is mainly divided into UAV environment and acc station environment and communication environment. e UAV is con gured as Intel (R) Core (TM) i7-7700HQ CPU @ 2.80 GHz 2.81 GHz with 3 GB memory, Linux version 4.15.0-171-generic operating system with the ight control module and communication module. Among them, the ight control system module adopts the four-rotor UAV simulation model built based on the gazebo platform, and the communication module is built based on the PyCharm Public key obtained by the UAV at the registration domain control station sku Private key obtained by the UAV at the registration domain control station reg station e control station for identity registration participates in the consensus of the alliance chain as node peer 0.org 1 and stores some ledger data.
acc station e control station that receives cross-domain requests participates in the consensus of the alliance chain as node peer 0.org2 and stores some ledger data IV e registration domain gives the certi cation direction to the UAV ID n e identity information given to the drone by the control station CA e digital certi cate certi cation center in the alliance chain system is mainly responsible for user information registration, digital certi cate issuance, and the extension and revocation of digital certi cate ind e index of the UAV identity information on the chain is the random number RAND h generated by the registration domain peer x.org y Where x and y are all integers and peer x.org y is the alliance chain node corresponding to each UAV control station

Smart contract
Alliance chain smart contract based on go language, including encrypted smart contract and access control smart contract, realizes the encryption of upper link identi cation information, and the access control of shared data T u Corresponding system time when the UAV sends the information peer x.org y e x node of the y organization under the alliance chain (both x and y are integers) channel Channel involves private communication layers between speci c organizations. Each channel consists of separate ledgers that can only be read and written by members in the channel.   [4]. Since the relevant experiments were not conducted in the original literature, the comparison scheme is run in the experimental environment of this paper. e steps are shown in Figure 3.

Experimental Content and Results.
e initialization of the drone and the alliance chain needs to be completed rst before conducting all the tests. e standby screenshot of the UAV completed after initialization is shown in Figure 4. e screenshot of the alliance chain after its initialization is shown in Figure 5.

Certi cation Time Test Comparison.
e operation UAV communication module initiates cross-domain identity authentication to the acc station. After the authentication reception, the operation screenshot after the UAV model receives the take-o command, as shown in Figure 6: e two schemes are run ten times each, and the output time of the UAV communication module is recorded. e results are shown in Figure 7.   Mobile Information Systems e main di erence between the scheme and the document [4] process is that the scheme does not require data transmission between control stations. Since reg station uploads and endorses the UAV information in the process of building the chain code between reg station and acc station, acc station can query the UAV information on the chain code    locally. In contrast, the scheme adopted by document [4] needs to transmit information to reg station to judge the process. e information transmission mode between the control stations is also wifi communication. In the case of relay without using the satellite system, the wireless signal transmission in the atmosphere can be negligible, but the signal decoding and coding process of the control station consumes more time. If the control station environment is more complex or remote, we need to borrow the satellite system for relay transmission, transmission distance, and satellite signal processing between the control station data transmission time cost which will be greatly increased; in this case, using the scheme proposed in this paper, the certification efficiency will be far more than expected in this paper.

Communication Overhead Comparison.
is paper mainly compares the traffic in the cross-domain authentication stage after the initialization of the UAV and other equipment. To ensure the validity of experimental comparison, IDn of both experiments uses the same string, time stamp length T, IDn length ID, control station return command c, and reg station return to acc station result r, and the results are shown in Table 3.
It can be seen from the table that the scheme communication overhead adopted in this paper can reduce the communication overhead between control stations, and the IDn can still be verified when the acc station and reg station are interrupted to complete cross-domain authentication.

Conclusion
In this paper, we propose a UAV cross-domain authentication scheme based on alliance chain technology. Under the premise of completing the security analysis of the scheme, the simulation experiments prove that the scheme has the advantages of small communication cost and high authentication efficiency, which meets the expectations of the cross-domain authentication scheme. However, due to the small number of UAVs, the large-scale UAV communication network cannot be simulated, and the complex network electromagnetic environment cannot be simulated due to the limitations of computer simulation experiments. e later work is mainly to study the multithreaded processing process of multiple drones for cross-domain authentication, and the simulation aspects of the complex environment is based on the artificial intelligence technology.

Data Availability
e data used to support the findings of this study are included within the article.

Conflicts of Interest
e authors declare that they have no conflicts of interest.