Abstract
The proliferation of unmanned aerial vehicle (UAV) swarms in mission-critical applications for 6G and the Internet of Things (IoT) introduces significant security vulnerabilities stemming from their dynamic, distributed, and resource-constrained nature. Traditional security paradigms are often inadequate for these complex cyber-physical systems. This paper proposes a novel, cross-layer security framework that ensures robust and lightweight operation for UAV swarms. The framework is founded on a novel Entropy-Derived Physically Unclonable Function (EPUF) based on DRAM, which employs a data-driven characterization process designed to achieve near 100% reliability in simulation through a data-driven characterization process, which is validated through extensive simulation, addressing a critical limitation of conventional PUFs. To counteract sophisticated threats, we formulate the key management problem as a Markov Decision Process (MDP) and introduce a deep reinforcement learning (DRL) agent that dynamically optimizes key update frequency, balancing security posture against energy consumption. Furthermore, we leverage a lightweight, permissioned blockchain as a decentralized trust anchor for public key management, providing an immutable and resilient ledger and enhancing the principles of distributed and edge intelligence. The core authentication protocol’s security is formally verified using the ProVerif tool and Belief Logic, proving its robustness against a Dolev–Yao adversary. Experimental simulations demonstrate that our framework significantly outperforms conventional methods, reducing authentication latency and energy consumption by over 95% compared to PKI-based schemes while effectively mitigating replay and impersonation attacks.
Similar content being viewed by others
Data availability
The datasets generated and/or analysed during the current study are available from the corresponding author on reasonable request.
Code availability
The custom code and mathematical algorithms used in this study, including the EPUF simulation model and the DRL-based key management framework, are available from the corresponding author upon reasonable request. The formal verification models conducted via ProVerif are also available for review.
References
Hua, M. et al. UAV-Assisted Intelligent Reflecting Surface Symbiotic Radio System. IEEE Trans. Wirel. Commun. 20, 6023–6037 (2021).
Wang, Z. et al. A survey on cybersecurity attacks and defenses for unmanned aerial systems. J. Syst. Archit. 138, 102870 (2023).
Essaky, S., Raja, G., Dev, K. & Niyato, D. ARReSVG: Intelligent multi-UAV navigation in partially observable spaces using adaptive deep reinforcement learning approach. IEEE Trans. Veh. Technol. 74, 100–115 (2025).
Zhou, Y. et al. QoE-Driven Adaptive Deployment Strategy of Multi-UAV Networks Based on Hybrid Deep Reinforcement Learning. IEEE Internet Things J. 9, 5868–5881 (2022).
Bai, J., Huang, G., Zhang, S., Zeng, Z. & Liu, A. GA-DCTSP: An intelligent active data processing scheme for UAV-enabled edge computing. IEEE Internet Things J. 10, 4891–4906 (2023).
Zhou, Y., Jin, Z., Shi, H., Shi, L. & Lu, N. Flying IRS: QoE-driven trajectory optimization and resource allocation based on adaptive deployment for WPCNs in 6G IoT. IEEE Internet Things J. 11, 9031–9046 (2024).
Blanchet, B. Modeling and verifying security protocols with the applied pi calculus and ProVerif. Found. Trends Priv. Secur. 1, 1–135 (2016).
Burrows, M., Abadi, M. & Needham, R. A logic of authentication. ACM Trans. Comput. Syst. (TOCS) 8, 18–36 (1990).
Mozaffari, M., Saad, W., Bennis, M., Nam, Y. H. & Debbah, M. A tutorial on UAVs for wireless networks: Applications, challenges, and open problems. IEEE Commun. Surv. Tutor. 21, 2334–2360 (2019).
Tan, J. et al. A survey: When moving target defense meets game theory. Comput. Sci. Rev. 48, 100544 (2023).
Zhou, Y., Cheng, G., Du, K., Chen, Z., Qin, T., Zhao, Y. From Static to Adaptive Defense: Federated Multi-Agent Deep Reinforcement Learning-Driven Moving Target Defense Against DoS Attacks in UAV Swarm Networks. (2025) arXiv arXiv:2506.07392.
Mnih, V. et al. Human-level control through deep reinforcement learning. Nature 518, 529–533 (2015).
Wireless blockchain meets 6g. IEEE Communications Surveys & Tutorials.
Lightweight anonymous authentication for IoT. IEEE Access.
Bi, Y., Wang, X., Zhao, C., Jin, Z. & Li, H. DRAM-based intrinsic physically unclonable functions for system-level security and authentication. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 24, 3144–3156 (2016).
Rahmani, R., Firouzi, R. & Kanter, T. Distributed adaptive formation control for multi-UAV to enable connectivity. IJCSI Int. J. Comput. Sci. Issues 17, 10–18 (2020).
Dong, L., Liu, Z., Jiang, F. & Wang, K. Joint optimization of deployment and trajectory in UAV and IRS-assisted IoT data collection system. IEEE Internet Things J. 9, 21583–21593 (2022).
Min, Z., Zhang, X., Zhang, X., Lei, T., Gao, Q. A Data-Driven MPC Energy Optimization Management Strategy for Fuel Cell Distributed Electric Propulsion UAV, in: Proceedings of the 2022 4th Asia Energy and Electrical Engineering Symposium (AEEES), Chengdu, China, 25–28 March 2022; pp. 1–6, (2022).
Tse, D. & Viswanath, P. Fundamentals of Wireless Communication 1–715 (Cambridge University Press, 2005).
Yu, Y. et al. Distributed Multi-Agent Target Tracking: A Nash-Combined Adaptive Differential Evolution Method for UAV Systems. IEEE Trans. Veh. Technol. 70, 8122–8133 (2021).
Chaudhry, S. A., Al-shehri, M. H., Al-Sodairi, K. A. & Das, M. L. A lightweight and provably secure anonymous authentication and key agreement scheme for IoT-based cloud environment. IEEE Access 9, 71110–71123 (2021).
Ardeshir-Larijani, A.G., McGoldrick, C.P.T., Martin, E. PUF-based authentication protocols for resource-constrained devices, in: Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust (HOST), Washington, DC, USA, 30 April–4 May 2018; pp. 1–6, (2018).
Olfati-Saber, R., Fax, J. A. & Murray, R. M. Consensus and cooperation in networked multi-agent systems. Proc. IEEE 95, 215–233 (2007).
Acknowledgements
This work was supported by the 2026 research fund of the Korea Military Academy (Hwarangdae Research Institute) (RN 26-AI-06).
Funding
This work was supported by the 2026 research fund of the Korea Military Academy (Hwarangdae Research Institute) (RN 26-AI-06).
Author information
Authors and Affiliations
Contributions
H.K. conceptualized the initial framework, performed the simulations, wrote the initial draft, designed the novel EPUF-based authentication protocol, formulated the DRL-based key management model, and S.K. (Sungdo Kim) guided the formal security analysis, and substantially revised the manuscript. Both authors read and approved the final manuscript.
Corresponding author
Ethics declarations
Competing interests
The authors declare no competing interests.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
A Hardware validation testbed for EPUF
A Hardware validation testbed for EPUF
This appendix outlines a detailed plan for a hardware-based validation of the EPUF to provide stronger empirical justification for the high reliability claim, which was primarily supported by simulation results in this paper. This validation will quantitatively assess the Bit Error Rate (BER) of the EPUF under varying environmental conditions, such as temperature and voltage fluctuations.
A.1 Testbed configuration
The hardware validation will be performed on a dedicated FPGA-based testbed designed to accurately measure the EPUF’s performance in a controlled environment. The key components of the testbed are as follows:
FPGA Board: A commercial FPGA board, such as the Xilinx Artix-7 or Intel Cyclone V, will be used to implement the EPUF logic. The FPGA’s integrated DDR3 memory will serve as the physical entropy source for the EPUF, eliminating the need for an external DRAM module. The FPGA’s logic fabric will host the EPUF controller, the fuzzy extractor, and the communication interface for data logging.
Environmental Chamber: A programmable temperature and humidity chamber (e.g., from Thermotron or Espec) will be used to subject the FPGA board to a controlled range of operating temperatures, from −40 \(^\circ\)C to 85 \(^\circ\)C. This range is chosen to cover the typical military and industrial temperature grades for electronics.
Voltage Controller: A precision programmable DC power supply will be used to control the voltage supplied to the EPUF circuitry, enabling us to test its stability under voltage variations within a ±10% range of the nominal value (e.g., 1.5 V or 1.2 V).
Measurement and Control System: A host PC running a control script (e.g., in Python with an API for the power supply and environmental chamber) will automate the entire experiment. This system will program the environmental chamber, send challenges to the FPGA, receive the generated EPUF responses, and log all relevant data, including timestamp, temperature, voltage, challenge, response, and calculated BER.
A.2 Validation procedure and metrics
The reliability of the EPUF will be rigorously validated through the following steps and evaluated using the Bit Error Rate (BER) metric. The BER will be defined as the number of differing bits between the generated response and the golden response, divided by the total number of bits compared.
- 1.
Initial Profiling (Enrollment): At a nominal reference condition (e.g., 25 \(^\circ\)C, nominal voltage), the EPUF response will be generated and captured over one million times. These data will be used to create the a ‘golden profile’ for subsequent comparisons. The fuzzy extractor’s helper data, which assists in correcting minor bit flips, will also be generated during this phase.
- 2.
Environmental Stress Testing: The FPGA board will be placed inside the environmental chamber. The temperature will be varied across the specified range (−40 \(^\circ\)C to 85 \(^\circ\)C) in 10 \(^\circ\)C increments. At each temperature point, the voltage will be swept across its ±10% range in 0.1 V increments. At each temperature/voltage combination, the EPUF will be challenged multiple times.
- 3.
Response Regeneration and Analysis: The EPUF responses captured under these stress conditions will be compared against the golden profile to calculate the BER. Any discrepancies (errors) will be logged with their corresponding environmental parameters.
- 4.
Data Visualization and Interpretation: The final analysis will involve plotting the BER as a function of both temperature and voltage. These empirical data will serve to either validate the 100% reliability claim of the EPUF or quantify the precise error rates, allowing for further refinement of the fuzzy extractor parameters.
The results of this hardware validation will provide a strong empirical basis for our claim of high EPUF reliability and offer critical insights into its performance under real-world operating conditions.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.
About this article
Cite this article
Kim, H., Kim, S. An intelligent and adaptive security framework for UAV swarms: a cross-layer approach integrating highly reliable EPUF, DRL-based key management, and distributed ledger technology. Sci Rep (2026). https://doi.org/10.1038/s41598-026-46456-3
Received:
Accepted:
Published:
DOI: https://doi.org/10.1038/s41598-026-46456-3
