Certificateless unmanned aerial vehicle cluster identity authentication method
By using a certificateless authentication method, each drone generates its own public and private keys locally, and the registration information is bound to a public form. This solves the complexity and security issues of identity authentication for drone clusters that rely on KGC, and achieves an efficient and secure identity authentication process.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- 10TH RES INST OF CETC
- Filing Date
- 2026-02-02
- Publication Date
- 2026-06-16
AI Technical Summary
In dynamic resource-constrained scenarios, drone swarm authentication relies on a centralized key generation center (KGC), which suffers from complex certificate management, high latency, and insufficient security. In particular, system security is threatened when the KGC is attacked.
A certificate-free authentication method is adopted. Security parameters and public parameters are initialized through the management module. Each drone generates a public key and a private key locally. Registration information is bound to a public form. In subsequent authentication processes, only encryption and verification based on the registration information are required, thus avoiding KGC dependency.
It achieves efficient and secure drone cluster identity authentication, avoids the trust bottleneck and security risks of centralized key management, simplifies the information interaction logic between drones and management modules, and facilitates rapid system updates.
Smart Images

Figure CN121619574B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of information security technology, and in particular to a certificateless drone swarm authentication method. Background Technology
[0002] With the rapid evolution of drone swarm technology, it has shown broad application prospects in key areas such as military strikes, emergency rescue, environmental monitoring, and agricultural production. Frequent data exchange occurs between drones and between drones and ground control centers, carrying information that often includes mission instructions, flight paths, and highly sensitive perception data. If the identity authentication process of a drone swarm is illegally stolen, tampered with, or forged, it can lead to mission failure, system paralysis, and even security incidents.
[0003] Currently, drone swarm authentication widely adopts PKI (Public Key Infrastructure)-based authentication mechanisms. However, in highly dynamic and resource-constrained drone swarm scenarios, the distribution and management of certificates is complex and struggles to meet the requirements of low latency and lightweight operation. While Certificateless Public Key Cryptography (CL-PKC) schemes avoid certificate management in PKI authentication systems, some keys for all devices in the network are generated entirely by a Key Generation Center (KGC). If the KGC is attacked, devices in the system will be at risk of having their identities forged.
[0004] Chinese patent document CN117998360A discloses a certificateless authentication method and system for unmanned aerial vehicles (UAVs). This method is based on the SM2 algorithm, a certificateless public-key cryptographic authentication algorithm that enables bidirectional authentication between the UAV ground terminal and the UAV airborne terminal through timestamp signature authentication. However, this scheme relies on a Key Generation Center (KGC) to generate partial private keys for each terminal, still presenting a centralized trust problem. Once the KGC is attacked or leaked, it can forge device identities, and the overall system security is partially dependent on the trustworthiness and availability of the KGC.
[0005] Chinese patent document CN120186608A discloses a method for drone swarm authentication based on certificateless homomorphic network encoded signatures. In this scheme, the authentication server recovers the original authentication message after receiving a sufficient number of valid packets and sends authentication success information back to the source node. However, this scheme has a complex authentication path, requiring multiple intermediate nodes to collaborate in forwarding signatures and reconstructing data. Furthermore, each device's key is still generated and distributed by the KGC, leading to authentication link latency and the inability to escape the centralized KGC's single-point control over system security. This makes it difficult to efficiently scale and maintain in dynamic topologies or scenarios with frequent node additions / removals. Summary of the Invention
[0006] The purpose of this invention is to provide a certificate-free drone swarm authentication method to address all or part of the aforementioned problems, thereby eliminating the reliance on a centralized KGC for drone swarm authentication and ensuring the security of drone swarm authentication.
[0007] The technical solution adopted in this invention is as follows:
[0008] A certificate-free drone swarm authentication method includes the following steps:
[0009] S1. Management module initializes security parameters. Common parameters and auxiliary information Based on the security parameters Generate global reference information ; Publish the security parameters Common parameters and global reference information ;
[0010] S2. The drone to be registered is based on the security parameters. Generate matching public keys locally. and private key ;
[0011] S3. The drone to be registered submits a registration request to the management module, the registration request carrying an identity identifier. and its own public key The management module is based on the identity identifier. and public key Generate registration information To generate operation updates to the auxiliary information. Upload to a public form;
[0012] S4, the management module is based on the registration information. and the identity identifier Generate updated data To generate operation update auxiliary information Upload to the aforementioned public form;
[0013] S5. In the authentication process, the drone to be authenticated sends an authentication request to the target drone, the authentication request carrying authentication information. and signature information The signature information The drone to be authenticated is based on its own private key Regarding the authentication information The signature is obtained so that the target drone can obtain the corresponding registration information from the public form. and updating data Regarding the signature information Verification is performed, and the identity of the drone to be certified is determined based on the verification results.
[0014] Furthermore, initialize the common parameters. ,include:
[0015] Generate the bilinear group parameters and the pairing function e, and select a common hash function; where,
[0016] The bilinear group parameters include the source group. and target group order and generator ;
[0017] The pairing function e indicates the source group and target group Mapping relationship: ;
[0018] The public hash function includes features for mapping identity identifiers. First hash function to group elements The second hash function used to generate the key stream , The key stream length, and the third hash function used for signing or updating operations. , To match The mapping space.
[0019] Furthermore, based on the aforementioned security parameters Generate matching public keys locally. and private key ,include:
[0020] S21. Invoke the pre-configured key generation algorithm. ;
[0021] S22, with the aforementioned safety parameters The key generation algorithm is executed using the given input. The public key is generated locally. and private key .
[0022] Furthermore, based on the identity identifier and public key Generate registration information ,include:
[0023] From the public parameters Obtain the first hash function from ;
[0024] Obtain the identity identifier and public key Construct the first string Using the first hash function The first string is hashed to generate an identifier specific to the identity. and public key Registration information .
[0025] Furthermore, based on the registration information and the identity identifier Generate updated data ,include:
[0026] S41, from the common parameters Obtain the third hash function ;
[0027] S42. Obtain the registration information. and the identity identifier Construct the second string ; using the third hash function The second string is hashed to generate an identity identifier. The associated updated data .
[0028] Furthermore, based on their own private key Regarding the authentication information Methods for signing include:
[0029] From the public parameters Obtain the second hash function from ;
[0030] Obtain the authentication information Construct a third string ; using the second hash function The third string is hashed to obtain the corresponding key stream. Based on the key stream Generate signature information .
[0031] Furthermore, obtain the corresponding registration information from the public form. and updating data Regarding the signature information Verification of signatures includes:
[0032] According to the registration information and updating data Regarding the authentication information The signature information is reconstructed and compared with the received signature information for verification.
[0033] Furthermore, based on the updated data Regarding the authentication information The signature information is reconstructed and compared with the received signature information for verification, including:
[0034] Obtain the authentication information from the authentication request. Signature information and the identification of the drone to be certified ;
[0035] According to the identity identifier Obtain the corresponding registration information from the public form. and updating data ;
[0036] According to the auxiliary information Instructions based on the registration information and updating data Obtain the identity identifier Corresponding public key ;
[0037] Construct the fourth string From the common parameters Obtain the second hash function from And the pairing function e, using the second hash function The fourth string is hashed to obtain the corresponding key stream. ;
[0038] verify and Check if they are equal. If they are equal, authentication is successful; otherwise, authentication fails.
[0039] Furthermore, based on the aforementioned security parameters Generate global reference information ,include:
[0040] Generate a random string of a predetermined length as the global reference information. The predetermined length is This indicates that the security parameters are met. The polynomial relation.
[0041] Furthermore, the public form is located on a blockchain.
[0042] In summary, due to the adoption of the above technical solution, the beneficial effects of the present invention are:
[0043] The certificate-free drone swarm authentication method provided in this application allows each drone in the swarm to register once with the management module, binding its identity to a public form. Subsequent authentication only requires encrypting and verifying the authentication information based on this public form, thus achieving the legitimacy authentication of anonymous drone identities without relying on any centralized key management mechanism. Each drone generates its public and private keys locally, rather than having them distributed by the management module, avoiding the risk of key theft or impersonation and mitigating the trust bottlenecks and security risks of centralized key management. Both drone registration and authentication are based on public parameter configuration information, resolving the issue of consistency in information exchange logic between drones and the management module, or between drones themselves, facilitating rapid system-level updates. The hash-based authentication method offers higher authentication efficiency compared to decryption-based authentication methods. Attached Figure Description
[0044] The present invention will be described by way of example and with reference to the accompanying drawings, wherein:
[0045] Figure 1 This is a flowchart of one embodiment of a certificate-free drone swarm authentication method.
[0046] Figure 2 This is a flowchart of the target drone certification process in one embodiment. Detailed Implementation
[0047] All features disclosed in this specification, or all steps in all disclosed methods or processes, may be combined in any way, except for mutually exclusive features and / or steps.
[0048] Any feature disclosed in this specification (including any appended claims and abstract) may be replaced by other equivalent or similar features, unless specifically stated otherwise. That is, unless specifically stated otherwise, each feature is merely one example of a series of equivalent or similar features.
[0049] To address the issues of strong central dependency and high system security risks associated with KGC-based authentication methods, this application provides a certificateless drone swarm authentication method. By applying an Efficient Registration-Based Encryption (RBE) scheme, drones only need to register once, binding their identity to a public form. Subsequent communication authentication only requires encryption and verification based on the registration information from the RBE scheme, thereby eliminating the dependence of drone swarm authentication on KGC and avoiding central trust bottlenecks and security risks.
[0050] like Figure 1 As shown in the embodiments of this application, the certificateless drone swarm authentication method includes the following steps:
[0051] S1. The management module (or key manager KC) initializes security parameters. Common parameters and auxiliary information Based on the security parameters Generate global reference information (Common Random String); Publish the security parameters. Common parameters and global reference information .
[0052] Safety parameters Used to generate public keys for drones to be registered. and private key At the same time, restrict global reference information Length. Common parameters Indicates the relevant parameters and algorithms involved in the registration and authentication process. (Auxiliary Information) Records the data and operations involved in the registration process of the drone to be registered, to assist in the identity authentication process. Global Reference Information This is used to indicate the beginning of data interaction.
[0053] As an optional implementation, step S1 includes the following sub-steps:
[0054] S11, Setting security parameters in the management module Initialize common parameters and auxiliary information It is an empty set.
[0055] S12. The management module generates bilinear group parameters and pairing function e, and selects a common hash function. .in:
[0056] Bilinear group parameters include source group and target group order , It is a prime number; and a generator. .
[0057] The pairing function e indicates the source group and target group Mapping relationship: .
[0058] Public hash functions include those used to map identity identifiers. First hash function to group elements The second hash function used to generate the key stream , Here is the key stream length, and the third hash function used for signing or updating operations (including generation operations). , To match The mapping space.
[0059] drone identification Typically in string format, the first hash function This identity identifier Mapped to a binary bitstream (group elements) to facilitate data matching or comparison. Based on the properties of the bilinear group, the target group... The elements in the hash table are relatively long, so a second hash function is used. Mapping elements to a bitstream of a specific length facilitates data management and saves storage resources.
[0060] Common parameters include Therefore, the above sub-step S12 is to initialize the common parameters based on the empty set. The process.
[0061] S13, The management module, based on the set security parameters... Generate global reference information .
[0062] Global Reference Information A random string (bitstream) is used, with randomness enhanced, and its length satisfies the security parameters. The polynomial relation is expressed as This global reference information It can be publicly released from a public random source or a trusted third party.
[0063] S14. Release security parameters Common parameters and global reference information .
[0064] S2, Unregistered drones based on security parameters Generate matching public keys locally. and private key .
[0065] The information published by the management module includes the configured security parameters. Each drone to be registered is determined based on this security parameter. Generate your own public key locally and private key It should be noted that the public key generated by the drone... Or private key It is not a key used for encrypting or decrypting data, but rather a key used to indicate or associate an identity. .
[0066] As an optional implementation, step S2 includes the following sub-steps:
[0067] S21. Invoke the pre-configured key generation algorithm. .
[0068] Any key generation algorithm capable of generating public and private keys can be used, and this application does not restrict the specific key generation algorithm used.
[0069] S22, with safety parameters As input, execute the key generation algorithm. Generate a public key locally and private key .
[0070] Each drone to be registered generates its own public key locally. and private key By eliminating the dependence on KGC, it can effectively prevent illegal theft or spoofing, ensure system reliability, and avoid the security risks that KGC may be attacked or have its data intercepted.
[0071] S3. The drone to be registered submits a registration request to the management module. This registration request carries an identity identifier. and its own public key The management module is based on identity verification. and public key Generate registration information To generate operation update auxiliary information Upload it to the public form.
[0072] Different drone identification Different, its registration information It will also be different. Generate registration information. Information for subsequent authentication processes (public key) Matching. Auxiliary information. Record registration information The generation process is designed to facilitate subsequent adjustments based on registration information. Public key parsing Use this information for reference.
[0073] As an optional implementation, step S3 includes the following sub-steps:
[0074] S31. The drone to be registered will identify itself. and public key Write a registration request and send it to the management module. (UAV identification identifier) It is unique and can be the device's MAC (Media Access Control Address) address or SN (Serial Number) number, etc.
[0075] S32, Management module from common parameters Obtain the first hash function Obtain the identity identifier from the received registration request. and public key Construct the first string Using the first hash function The first string is hashed to generate an identity identifier. and public key Registration information Update auxiliary information. Write the registration information The generation process.
[0076] For example, the format of a registration request is: The management module executes the registration algorithm of the RBE scheme. With the support of reading and writing auxiliary information (aux), registration information is generated. .
[0077] In one alternative implementation, the management module executes... The process includes: the management module detecting... Afterwards, continue monitoring for subsequent data until complete reception. Then, common parameters are parsed from them. Identity identification and public key ; and from public parameters The first hash function is extracted from the data. Construct the first string. Using the first hash function Hash the first string to generate registration information. .
[0078] S33, The management module will register information. and updated auxiliary information Record the identity information obtained from the registration request in a public form. and public key Linked to a public form. This public form is not confidential; any drone can request access to it.
[0079] Since public forms can be accessed at will, to ensure their security and reliability, in a preferred embodiment, the public form is located on a blockchain to prevent tampering.
[0080] S4, Management module based on registration information and identity identifier Generate updated data To generate operation update auxiliary information Upload it to the public form.
[0081] Update data Used to assist in the parsing and authentication process of authentication information, it will include registration information. and identity identifier Bind it to a public form.
[0082] For example, the management module executes the update algorithm of the RBE scheme. This allows us to obtain updated data.
[0083] As an optional implementation, the management module executes in step S4. The process includes the following sub-steps:
[0084] S41, From common parameters Obtain the third hash function .
[0085] S42. Obtain registration information and identity identifier Construct the second string Using a third hash function The second string is hashed to generate an identity identifier. Related updated data Update auxiliary information. Write updated data The generation process.
[0086] S43, The management module will update the data. and updated auxiliary information Recorded in a public form, thereby enabling identity verification. and registration information Bind to a public form.
[0087] Registration Information Identity verification was implemented With public key The binding, and the updated data further realizes the registration information. With identity markers The binding thus achieves identity identification. With public key The dual binding enhances the verification process by improving the parsing of the public key. Credibility and reliability.
[0088] S5. During the authentication process, the drone to be authenticated sends an authentication request to the target drone, and the authentication request carries authentication information. and signature information Signature information The drone to be authenticated is based on its own private key Authentication information The signature is obtained so that the target drone can retrieve the corresponding registration information from a public form. and updating data For signature information Verification is performed, and the identity of the drone to be certified is determined based on the verification results.
[0089] Step S5 is divided into two stages: stage one is when the drone to be certified initiates the certification request, and stage two is when the target drone authenticates the identity of the drone to be certified.
[0090] Phase One includes the following processes:
[0091] The drone to be authenticated is based on its own private key Authentication information Perform a signature and obtain signature information. And generate a file containing authentication information. and signature information (represented as) The authentication request is sent to the target drone. The target drone is the drone that is being authenticated.
[0092] Specifically, Phase One includes the following sub-steps:
[0093] S51, Uncertified drone from public parameters Obtain the second hash function .
[0094] S52, Obtaining certification information for drones awaiting certification. Construct a third string Using the second hash function The third string is hashed to obtain the corresponding keystream. Based on this key stream Generate signature information .
[0095] It should be noted that, Still the same as the one generated during drone registration The distinction is made here solely to differentiate between the registration process and the authentication process. These are the private and public keys used by the drone during the authentication process.
[0096] For example, the drone to be certified generates a string. The signature algorithm of the RBE scheme is invoked. Generate signature information As an optional implementation, the Sign algorithm takes this string as input and uses it based on detected global reference information. and registration information , obtain Construct a third string Using the second hash function The third string is hashed to obtain the key stream. Based on key stream and private key Generate signature information .
[0097] S53, the uncertified drone will carry The authentication request is sent to the target drone.
[0098] Phase Two includes the following processes:
[0099] The target drone extracts authentication information from the authentication request. and signature information Obtain the identity identifier of the drone to be authenticated from a public form. Registration information (carried in the authentication request) and updating data For signature information According to the registration information and updating data Authentication information The signature information is reconstructed and compared with the received signature information for verification. The identity of the drone to be authenticated is determined based on the verification result.
[0100] Specifically, such as Figure 2 As shown, Phase Two includes the following sub-steps:
[0101] S54. The target drone receives the authentication request and extracts authentication information from the authentication request. Signature information and the identification of the drone to be certified .
[0102] S55, target drone based on identification Retrieve the corresponding registration information from the public form. and updating data .
[0103] S56, the target drone based on auxiliary information Instructions based on registration information and updating data Obtain identity verification Corresponding public key .
[0104] Auxiliary information Recorded updated data The generation process involves the target drone updating data. The reverse operation can parse out the registration information. The target drone will parse the registration information. Registration information obtained from public forms A consistency comparison is performed. After the consistency comparison passes, the target drone uses auxiliary information... Recorded registration information The generation process is based on the registration information. The reverse operation can parse out the identity identifier. Public Key .
[0105] S57, Target UAV constructs the fourth string From common parameters Obtain the second hash function And the pairing function e, using the second hash function The fourth string is hashed to obtain the corresponding key stream. .
[0106] S58, Target UAV Verification and Check if they are equal. If they are equal, authentication is successful; otherwise, authentication fails.
[0107] For example, the target drone obtains registration information from a public form. and updating data Then, generate a string. The Verify algorithm of the RBE scheme is called. This completes the signature verification of the authentication request. As an optional implementation, the signature verification algorithm verifies the input string based on detected global reference information. , obtain ,Depend on Analysis , and the acquired Perform a consistency comparison; after the consistency comparison passes, [the process will proceed as follows] Analysis Construct the fourth string. Using the second hash function The fourth string is hashed to obtain the corresponding key stream. Based on the pairing relationship between the source and target groups in a bilinear group, the verification is performed. and Whether they are equal, expressed using regular expressions, is a verification. Is the authentication successful? If successful, authentication is successful; otherwise, authentication fails.
[0108] The above method can achieve authentication of the identity of a certificateless drone swarm. Each drone only needs to register once, completely eliminating the dependence on KGC and eliminating the security risks of KGC being compromised or leaked. The method has extremely high reliability.
[0109] This invention is not limited to the specific embodiments described above. The invention extends to any new feature or combination disclosed in this specification, as well as any new method or process step or combination disclosed herein.
Claims
1. A certificateless unmanned aerial vehicle (UAV) cluster identity authentication method, characterized in that, Includes the following steps: S1, the management module initializes the security parameters ; Initializing common parameters , the common parameters indicate related parameters and algorithms involved in the registration and authentication process; initializing the common parameters include: initializing the common parameters empty set; Generate the bilinear group parameters and the pairing function e, and select a common hash function; where, The bilinear group parameters include the source group. and target group order and generator ; The pairing function e indicates the mapping relationship of the source group and the target group : ; The public hash function comprises a first hash function for mapping an identity to a group element , a second hash function for generating a key stream , a key stream length, and a third hash function for a signature or update operation , matching a mapping space of ; Initialize auxiliary information The auxiliary information is an empty set. Record the data and operations involved in the registration process of the drone to be registered, in order to assist in the identity authentication process; Based on the security parameters Generate global reference information This includes: generating a random string of a predetermined length as the global reference information. The predetermined length is This indicates that the security parameters are met. Polynomial relations; Release the security parameters Common parameters and global reference information ; S2. The drone to be registered is based on the security parameters. Generate matching public keys locally. and private key ; S3. The drone to be registered submits a registration request to the management module, the registration request carrying an identity identifier. and its own public key The management module is based on the identity identifier. and public key Generate registration information Update the auxiliary information Write the registration information The generation process is then uploaded to a public form; S4, the management module is based on the registration information. and the identity identifier Generate updated data Update the auxiliary information Write updated data The generation process is then uploaded to the public form; S5. In the authentication process, the drone to be authenticated sends an authentication request to the target drone, the authentication request carrying authentication information. and signature information The signature information The drone to be authenticated is based on its own private key Regarding the authentication information The signature is obtained so that the target drone can obtain the corresponding registration information from the public form. and updating data Regarding the signature information Verification is performed, and the identity of the drone to be certified is determined based on the verification result; wherein: Based on their own private key Regarding the authentication information Methods for signing include: From the public parameters Obtain the second hash function from ; Obtain the authentication information Construct a third string ; using the second hash function The third string is hashed to obtain the corresponding key stream. Based on the key stream Generate signature information ; Obtain the corresponding registration information from the public form. and updating data Regarding the signature information Verification of signatures includes: Obtain the authentication information from the authentication request. Signature information and the identification of the drone to be certified ; According to the identity identifier Obtain the corresponding registration information from the public form. and updating data ; According to the auxiliary information Instructions based on the registration information and updating data Obtain the identity identifier Corresponding public key ; Construct the fourth string From the common parameters Obtain the second hash function from And the pairing function e, using the second hash function The fourth string is hashed to obtain the corresponding key stream. ; verify and Check if they are equal. If they are equal, authentication is successful; otherwise, authentication fails.
2. The certificate-free drone swarm authentication method as described in claim 1, characterized in that, Based on the security parameters Generate matching public keys locally. and private key ,include: S21. Invoke the pre-configured key generation algorithm. ; S22, with the aforementioned safety parameters The key generation algorithm is executed using the given input. The public key is generated locally. and private key .
3. The certificate-free drone swarm authentication method as described in claim 1, characterized in that, Based on the identity identifier and public key Generate registration information ,include: From the public parameters Obtain the first hash function from ; Obtain the identity identifier and public key Construct the first string Using the first hash function The first string is hashed to generate an identifier specific to the identity. and public key Registration information .
4. The certificate-free drone swarm authentication method as described in claim 1, characterized in that, Based on the registration information and the identity identifier Generate updated data ,include: S41, from the common parameters Obtain the third hash function ; S42. Obtain the registration information. and the identity identifier Construct the second string ; using the third hash function The second string is hashed to generate an identity identifier. The associated updated data .
5. The certificate-free drone swarm authentication method as described in any one of claims 1-4, characterized in that, The public form is located on the blockchain.