Blockchain-Enabled Zero-Trust Architecture

• Blockchain-enabled zero-trust architecture integrates distributed ledger technology with continuous authentication to secure dynamic and decentralized UAV networks.
• Smart contracts and consensus protocols, like PBFT, automate node authentication and enforce policy compliance across network interactions.
• Decentralized multi-agent reinforcement learning drives adaptive routing, reducing end-to-end delay by over 22% while isolating compromised nodes swiftly.

A blockchain-enabled zero-trust architecture combines distributed ledger technologies with the zero-trust security paradigm to address the challenges posed by highly dynamic, distributed, and adversarial network environments. This integration is exemplified by its application in Low-Altitude Intelligent Networks (LAINs), where unmanned aerial vehicle (UAV) clusters require secure, resilient, and efficient routing and node management in the presence of external and insider threats (2506.22745).

1. Foundational Concepts: Zero-Trust and Blockchain Integration

Zero-trust architecture (ZTA) embodies the principle that no node, device, or actor in a network is inherently trustworthy. Every action—including the joining or leaving of a node, and every data communication—requires active authentication and validation. Traditional trust models, which presume implicit trust inside network boundaries, are supplanted by a model in which trust is continuously evaluated and enforced by cryptographic and policy controls.

The blockchain layer serves as a distributed, tamper-resistant audit and control plane. All node management events—such as UAV joining, exit, and status updates—are immutably recorded, and access decisions are made based on consensus among distributed nodes. Smart contracts automate authentication, periodic compliance checks, and collectively enforce policy, while consensus protocols such as Practical Byzantine Fault Tolerance (PBFT) ensure that the integrity of these records is maintained unless a significant fraction of nodes are compromised.

This approach provides key security guarantees:

• Authentication of node identities and activities, enforced at each protocol step.
• Tamper-proof and consistent state across the network, eliminating single points of failure.
• Immediate revocation or isolation of misbehaving, compromised, or failed nodes.
• Resilience to arbitrary network partitions, node failures, or byzantine behaviors.

2. Secure Routing Formulation under Zero-Trust

Routing in LAINs involves selecting paths and forwarding data among highly mobile and potentially untrusted UAVs. The security objective is to ensure that only authenticated, policy-compliant UAVs participate in routing, while the operational objective is to minimize the total end-to-end (E2E) delay for data flows.

The routing optimization is formally cast as an Integer Linear Programming (ILP) problem:

$$\begin{aligned} \mathscr{P}0:\quad &\underset{\boldsymbol{\eta},\,\boldsymbol{\zeta}}{\min} \quad \mathcal{T}^r \ &\text{s.t.} \ &d_{min} \leq d_{nm}(t) \leq d_{u,max} \ &\sum_{m} \eta^r_{nm}(t) = 1 \ &\text{Buffer, flow, and link constraints} \ &\eta_{nm}^r(t),\, \zeta_n^r(t) \in \{0,1\} \end{aligned}$$

where $\eta_{nm}^r(t)$ indicates transmission of demand $r$ via link $e_{nm}$ at time $t$, and $\zeta_n^r(t)$ indicates presence of $r$ at node $n$.

Due to its NP-hardness, real-time or large-scale deployment is infeasible using centralized optimization.

3. Decentralized Solution via Multi-Agent Reinforcement Learning

The routing problem is reformulated as a Decentralized Partially Observable Markov Decision Process (Dec-POMDP):

• Agents: Each UAV is modeled as an agent, with local observations of its state and neighbors.
• Observations: $o_u(t)$ includes local and neighbor state, channel, and buffer info.
• Actions: Each agent selects next-hop neighbors for each flow.
• Reward Function: Favors actions that minimize per-hop and total E2E delay, with context encoded:

$$\mathcal{R}_u^r(t) = \frac{1}{\mathcal{T}^{tr,r}_{u\kappa}(t)+\varsigma} \cdot \frac{d_{u\kappa}(t)}{d_{u\kappa}(t) + d_{\kappa b}(t)} \eta_{u \kappa}^r(t)$$

where $d_{u\kappa}(t)$ and $d_{\kappa b}(t)$ are drone-to-neighbor and neighbor-to-destination distances.

A Soft Hierarchical Experience Replay Buffer (SHERB) is employed, organizing training samples by destination and context, enhancing learning convergence and relevance for MARL algorithms.

Each agent uses a Double Deep Q-Network (DDQN) for policy learning:

$$y_{u}(t) = \mathcal{R}_{u}(t+1) + \gamma_u Q(o_{u}(t+1), \arg\max_{a'} Q(o_{u}(t+1), a'; \theta_{u}); \theta^{-}_{u})$$

SHERB ensures that both exploration and exploitation efficiently guide the learning process, yielding adaptive and robust routing strategies.

4. Blockchain-Backed Secure Node Management

Cluster heads (full nodes) run the blockchain consensus protocol (PBFT). All relevant events—such as join/exit operations, link health reports, and potential misbehavior—initiate blockchain transactions. Smart contracts encode:

• Identity authentication for new nodes
• Historical policy compliance and behavioral logs
• Enforcement of periodic re-validation or revocation

Lightweight blockchain design and consensus only among cluster heads limit resource consumption while providing robust guarantees in the presence of faults or attacks.

5. Empirical Results and Security/Performance Impact

Simulations in the paper show that the SHERB-enhanced MARL approach, under the blockchain-enabled zero-trust architecture, achieves:

• 22.38% average reduction in end-to-end delay compared to benchmark routing solutions.
• Improved adaptivity: The learnt policies dynamically accommodate node joins/failures and topological changes, with instant blockchain recertification or eviction of non-compliant nodes.
• High security: Compromised UAVs are quickly isolated; the blockchain state prevents privilege escalation, replay, or record manipulation.
• Scalability and resilience: The architecture supports dynamic scaling to large UAV clusters without a central coordinator, and is tolerant to typical faults and adversarial interventions.

A summary table from the paper’s findings:

	Traditional/Benchmark	Proposed (SHERB-MADDQN + Blockchain)
E2E Delay	High	22.38% lower
Trust/Security	Vulnerable, centralized	Authenticated, decentralized, tamper-proof
Adaptivity	Static, centralized	Distributed, real-time, self-adaptive
Resilience	Low	High (fault-tolerant, self-healing)

6. Architectural and Mathematical Summary

The architecture realizes a blockchain-enabled zero-trust model characterized by:

• PBFT-consensus management for cluster-level blockchain events
• Smart-contract-driven node auditing and revocation
• Distributed MARL routing with SHERB-enhanced experience
• Mathematical guarantees: For consensus, fewer than 1/3 faulty nodes tolerated; for policy, every data path traverses only authenticated, compliant UAVs

7. Significance and Prospects

Blockchain-enabled zero-trust architectures provide a practical solution to the multi-dimensional challenges of highly dynamic, distributed networks such as LAINs. The coupling of decentralized, tamper-evident control with adaptive, policy-compliant routing yields both security and operational efficiency improvements. The demonstrated latency reduction and resilient fault response suggest strong applicability to real-time, security-sensitive UAV networks supporting critical applications including disaster response and large-scale sensing (2506.22745).