🤖 AI Summary
Existing cross-domain authentication schemes for unmanned aerial vehicle (UAV) internet struggle to simultaneously achieve strong security, high efficiency, and identity privacy, particularly in dynamic, resource-constrained environments. This work proposes P³CDA, a novel protocol that integrates cryptographic accumulators with a structure-enhanced Merkle hash tree to enable anonymous authentication, traceability, and efficient batch revocation. Leveraging an adaptive pseudonym management mechanism and a provably secure framework grounded in the Canetti–Krawczyk model, P³CDA supports efficient batch registration, verification, and updates. Experimental results demonstrate that, compared to the state-of-the-art schemes, P³CDA significantly reduces computational, communication, and storage overheads while fulfilling stringent security and privacy requirements.
📝 Abstract
With the rapid expansion of the Internet of Drones (IoD) and the increasing mobility of drones, cross-domain interactions among geographically distributed domains have become inevitable. Cross-domain authentication is therefore a fundamental security requirement for IoD. However, existing authentication schemes often struggle to simultaneously achieve strong security, high efficiency, and identity privacy, making them unsuitable for the stringent requirements of highly dynamic and resource-constrained IoD environments. To address this challenge, we propose $\mathrm{P}^{3}$CDA, a privacy-preserving and provably secure cross-domain authentication scheme. First, we design an efficient pseudonym management mechanism that supports adaptive pseudonym generation as well as batch registration, verification, and revocation. Second, we propose a structurally enhanced Merkle Hash Tree (MHT) that supports batch pseudonym updates, thereby reducing the pseudonym storage overhead of drones. Building on these components, we develop a cryptographic accumulator-based cross-domain authentication protocol that enables anonymous authentication with authorized pseudonyms while preserving the traceability and efficient revocation of malicious drones. We rigorously analyze the security of $\mathrm{P}^{3}$CDA and formally prove its security under the Canetti--Krawczyk (CK) adversary model. Extensive experiments demonstrate that $\mathrm{P}^{3}$CDA achieves lower computational, communication, and storage overhead than state-of-the-art schemes.