Control Layer Security: Exploiting Unobservable Cooperative States of Autonomous Systems for Secret Key Generation

The rapid growth of autonomous systems (ASs) with data sharing means new cybersecurity methods have to be developed for them. Existing computational complexity-based cryptography does not have information-theoretical bounds and poses threats to superior computational attackers. This post-quantum cryptography issue indeed motivated the rapid advances in using common physical layer properties to generate symmetrical cipher keys (known as PLS). However, PLS remains sensitive to attackers (e.g., jamming) that destroy its prerequisite wireless channel reciprocity. When ASs are in cooperative tasks (e.g., rescuing searching, and formation flight), they will behave cooperatively in the control layer. Inspired by this, we propose a new security mechanism called control layer security (CLS), which exploits the correlated but unobservable states of cooperative ASs to generate symmetrical cipher keys. This idea is then realized in the linearized UAV cooperative control scenario. The theoretical correlation coefficients between Alice's and Bob's states are computed, based on which common feature selection and key quantization steps are designed. The results from simulation and real UAV experiments show i) an approximately 90% key agreement rate is achieved, and ii) even an Eve with the known observable states and systems fails to estimate the unobservable states and the secret keys relied upon, due to the multiple-to-one mapping from unobservable states (pitch, roll and yaw angles) to the observable states (3D trajectory). This demonstrates CLS as a promising candidate to secure the communications of ASs, especially in the adversarial radio environment with attackers that destroys the prerequisite for current PLS.

include but are not limited to autonomous vehicles, aerial drones, robots, and maritime vessels.Typically ASs cooperate to achieve a common purpose, or have to cooperate because they share a common space (e.g., a road or air corridor) [1].Examples of cooperative ASs include platoon driving [2], swarm robotics [3], collision avoidance [4], [5], formation flying [6].In all these cooperative cases, ASs observe each other via direct sensing or data exchange to achieve synchronized behaviour.

A. Review of Cybersecurity
Cybersecurity for wireless communications is important to secure the knowledge exchange between ASs and other stakeholders.Examples of wireless data transfer include the sensor data collected by ASs to map an environment, the positionnavigation-timing signals to ensure safe navigation, and the federated gradient knowledge.Several wireless security approaches exist and we attempt to summarize them below in different categories.We then differentiate the proposed control layer security (CLS) from them.
1) Mathematical Complexity-Based Cryptography: Cryptography relies on mathematical and computational complexity to pursue secret key generation, key management and key distribution [7].The challenge lies in the lack of informationtheoretically security [8], as most of the popular algorithms leverage the complexity of mathematical problems, e.g., the integer factorization problem, the discrete logarithm problem, and the elliptic-curve discrete logarithm problem.However, most of these security algorithms could be compromised by eavesdroppers (Eve) equipped with powerful quantum computers [9], [10].
2) Physical Mechanism-Based Cipher Key: To achieve the information-theoretically security, an increasing effort has been spent on studying and exploiting the physics mechanism for symmetric cipher key generation.The most well-known example is the quantum key distribution (QKD), which leverages the quantum mechanisms (e.g., entanglement and indeterminacy) to create linked quantum states of two legitimate parties for symmetrical secret key generation [11], [12].The main challenge is the extremely high cost of the devices for quantum entanglement and state measuring, and the prerequisite of existing authenticated channels.
3) Physical Layer to Graph Layer Security: Physical layer security (PLS) broadly covers a range of techniques in using physical attributes of the radio channel to secure data.At the very basic level, key-less PLS tries to maintain the superiority of legitimate channels by maximizing the secrecy rate in terms of the signal-to-interference-and-noise ratio (SINR).The corresponding works can be listed as the optimizations of beam steering/forming [13], AS's trajectory [13], anti-jamming artificial noise [14], or even leveraging the reconfigurable intelligent surface (RIS) to manipulate channels [15], [16].The drawback of key-less PLS is the high dependency of Eve's channel statistics and the lack of guarantee of a feasible solution especially when combined with real-world constraints (e.g., from control and mission layers).
Another family of PLS leverages the wireless channel randomness that is reciprocal and unique at two legitimate parties to generate symmetrical secret keys (known as the physical layer secret key generation, PL-SKG) [17], [18], [19], [20], [21].In this case, two legitimate parties (e.g., Alice and Bob) are required to send public pilot sequences to each other and pursue channel estimations to acquire this common channel state information (CSI) [22], [23], which will then be passed to the key quantization [24], [25], key reconciliation [26] and privacy amplification [27] modules for key generation.However, as PL-SKG derives its security from the very radio channel it is trying to protect, it remains sensitive to jamming [28], [29], secrecy leakage [30], high noise, poor channel entropy or reciprocity, and poor channel estimation quality.
Graph Layer Security (GLS) advances PLS to common sensed network states to encrypt digital data [31].For example, two robots monitoring a sewage network can use commonalities in water flow to generate symmetrical cipher keys.This removes the prerequisite of channel reciprocity and the channel estimation dependency of PLS, pushing the burden to physical sensor accuracy.However, ASs do not usually share a common physical network (e.g., water or gas pipelines), and must seek other common states to exploit.

B. Motivation
As the aforementioned vulnerability of PLS to maintain channel reciprocity (under jamming) for ASs, this work aims to explore the common source from the cooperative control layer to generate symmetrical cipher keys.When ASs are in cooperative tasks (e.g., rescuing searching, platoon driving, and formation flight), they will behave cooperatively in the control layer.This yields the potential to exploit the mutual states of legitimate ASs to generate symmetric secret keys.In this work, we will study the existence of correlated states via cooperative control, and provide a secret key generation scheme relying on the cooperative control layer.

C. Novelty and Organisation
In this work, we show for the first time a new security mechanism called control layer security (CLS).In essence, CLS first creates state correlations between two legitimate ASs by cooperative but distributed control, and then exploits the unobservable & correlated states to generate symmetrical secret keys.The main contributions are listed in the following.show high correlation coefficients (≈ 1) and promising secret key capacity (in terms of mutual information) of the selected Alice's and Bob's states, under cm to m levels of observing errors.As such, our proposed CLS provides a promising candidate to secure the data exchange of ASs, especially in the adversarial radio environment where the prerequisite of PL-SKG (channel reciprocity, rich entropy) does not hold.The rest of this work is structured as follows.In Section II, we provide related works and background.In Section III, we describe the dynamic and cooperative control model of ASs, and how it would be used for cipher key designs.In Section IV, we elaborate on the idea and implementation of CLS, and analyze its capability on defending against potential Eves.In Section V, the simulation and real experimental results are illustrated.We finally conclude this work in Section VI.

II. RELATED WORKS & BACKGROUND
To secure wireless communication between legitimate autonomous systems, recent studies focus on physical layer key generation methods, which avoid the computational complexitybased cryptography.In essence, PL-SKG exploits the reciprocal and random wireless channel properties (e.g., received signal strength RSS [18], [24] and CSI [22], [23], [32]) estimated at Alice and Bob for secret key generation, which are unique and different from those estimated at any Eve (that is halfwavelength from Alice and Bob) [17], [18].In the context of AS communications, PL-SKG can be pursued by using either the time-varying distance, or the reciprocal small-scale scatteringbased Rayleigh CSI between Alice and Bob.
Distance-based PL-SKG treats the time-varying distancebased RSS between Alice and Bob as the common features [24], and feeds them into the key quantization method for symmetrical secret key generation.The drawback lies in that the positions of Alice and Bob can be observed by Eve (e.g., equipped with camera [33] or thermal camera [34] technologies).Given the LoS channel property among UAVs, Eve can easily reconstruct the legitimate distance-based RSS feature via their positions, and then crack the secret keys relied upon.
CSI-based PL-SKG leverages the small-scale scatteringinduced Rayleigh CSIs that are reciprocal at Alice and Bob as the common features, and feeds them into the key quantization method to generate symmetrical secret keys.From the existing works, the channel estimation results at Alice and Bob, denoted as ĥ(a) and ĥ(b) , are written as ĥ(a) = h ba + (a) , and ĥ(b) = h ab + (b) [32], [35], where (a) , (b) are the estimating noises at Alice and at Bob, respectively.h ab and h ba are the small-scale scattering components of Alice to Bob and Bob to Alice channels.The threats for CSI-based PL-SKG are categorized as the following two main aspects.First, the channel reciprocity (i.e., h ab = h ba ) serves as the prerequisite for secret key generation, since it guarantees the commonality between Alice's and Bob's channel estimation results.This therefore suggests that the CSI-based PL-SKG is sensitive to attacks such as jamming [28], [29], [36], which destroys the channel reciprocity, i.e., making h ab = h ba .Second, even if the channel reciprocity holds, the channels between Alice and Bob (e.g., UAVs) are dominated mostly by LoS channel, which suggests the insufficient randomness of the NLoS small-scale channel scattering for key generation.
Given the aforementioned challenges of PLS to secure the legitimate AS channel, this work aims to explore the common source from the cooperative control layer to generate symmetrical cipher keys.To the best of our knowledge, this is the first paper to propose the concept of control layer security.Autonomous systems (e.g., UAV, UGV, and robotics) are generally modelled as the differential equations that describe the evolution of states [37], [38].When ASs are in cooperative tasks (e.g., cooperative control exists for a wide range of tasks, e.g., rescuing searching, platoon driving, formation flight, swarm tasking... etc), they will be cooperative in the control layer, which leads to the mutual states of legitimate ASs for symmetric cipher key generation.In the following of this work, we will show the existence of correlated states via cooperative control, and propose a CLS-based symmetrical cipher generation scheme.

III. SYSTEM MODEL
In this work, we consider two legitimate ASs (Alice and Bob) which are cooperatively and distributed controlled by themselves for a given task.Alice and Bob here aim to generate symmetrical secret keys to protect their communication from eavesdropping by a potential Eve.In this work, rather than exploiting the wireless channel properties between Alice and Bob, we propose a novel symmetrical secret key generation scheme using their correlated and unobservable states that are cooperatively controlled.As such, the system modelling is composed of (i) the dynamic & control model for secret key generation, and (ii) the wireless communication model whose data is encrypted by the CLS-based secret key.

A. Dynamic & Control Model
1) Dynamic Model: Two legitimate ASs, Alice and Bob, are modelled as two discrete identical ordinary differential equation (ODE) systems, i.e., In (1), x k ∈ R N is the N -stacked state of AS i at discrete timestep k, which is assumed to be obtained by AS i via embedding corresponding sensors on its own system.A of size N × N is the dynamic evolution matrix.B of size N × J is to transform the control signal u Here, we assume y k is observable to other legitimate ASs and Eves (i.e., the observable states are shared information among all ASs).ε Here, we assume C < N, e.g., the trajectory of a UAV can be easily observed by others, but its pitch, roll, and yaw angles are hard to be measured by others, e.g., due to the distance and geometric symmetry of a quadcopter.As such, we denote the remained states in x k as the unobservable states.In Section IV-C, we will evaluate the security under three types of Eves, with the increase of the knowledge of Alice's and Bob's observable states and systems.
2) Control Signal Model: In cooperative and distributed control, we assign the control signals at two ASs by involving each other's observable states, i.e., where g φ 1 ,φ 2 ,φ 3 (•, •, •) is determined by specific control algorithms, and r (i,ref ) is the reference that is required to be achieved by the states.One implementation of ( 2) is provided in the experimental and simulation section.
From ( 1)-( 2), we emphasize three facts that will be used for further secret key generation.First, the AS's state has randomness, induced by (i) the distribution of initial states, (ii) the introduced observing noise from control signals, and (iii) the adjusted references given the random changes of the environment (e.g., an obstacle appears/disappears).Second, there exist correlations between the states of Alice and Bob, due to the involvement of other's observable states in their control signals (further deduced by (6) and illustrated by Fig. 1(b)).Third, the unobservable states create security to potential Eves, since Eve cannot estimate them via observable states, given the multiple-to-one mapping from unobservable to observable states (e.g., the UAV with forward trajectory can be pursued either by direct pitch angle controlling or by clockwise yawing ±90 • and rolling).These three thereby render the potentials to exploit the cooperatively controlled ASs' state to generate random & symmetrical cipher keys.

B. Communication Model
After the secret key generated from the control layer, such cipher key will be used to secure the data transmitted between legitimate ASs.Here, different from PLS which requires the specification of communication models, control layer based secret keys do not involve any communication channel property, but can be used to encrypt the binary stream for further transmission.

IV. THEORY & IMPLEMENTATION OF CONTROL LAYER SECURITY
In this section, we elaborate on our CLS-based symmetrical secret key generation, and analyze its potential to defend against Eves.The schematic flow of CLS is provided in Fig. 1(a), whereby Alice's and Bob's correlated and unobservable states are created by cooperative control, and selected as common features, to feed into the further key quantization, reconciliation, and privacy amplification steps for final cipher keys generations.

A. Theory of Correlated States by Cooperative Control
We first compute the element-wise theoretical correlation coefficient of x k , which is defined as: where diag(•) is to make a vector using the diagonal elements of a matrix, is the element-wise division, and is the elementwise multiplication.The definitions of R k and k are provided as follows: where E(•) represents the expectation.
To facilitate the computation of ρ k , we approximate the control signal using the first-order Taylor expansion, i.e., (5) where k .Here, the reason to choose the first-order Taylor expansion is to show that the linear part of cooperative control signals can generate correlated states of legitimate ASs, which corresponds to examples of linear controllers such as linear quadratic regulator (LQR).Further studies will focus on designing and analyzing nonlinear cooperative controllers (e.g., from reinforcement learning), and the Runge-Kutta method will be used for analyzing.
Then, R k and k can be iteratively computed as: where 1 the covariance matrix of AS Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
i's initial state.The detailed deduction is provided in Supplementary, available online.
The proof of concept of CLS is provided in the following, where the control signal in ( 5) is implemented by the cooperative LQR.The quadratic objective functions for Alice and Bob are assigned as: where Q is a predefined semi-positive matrix, and λ serves as the cooperation parameter (configured in Supplementary, available online).Here, the cooperative term in (7) does not serve any specific mission purpose, but an illustrative form of Alice and Bob cooperation.Other realistic and sophisticated forms can be designed and added into (7).In (7), it is noticed that the controllers of Alice and Bob are distributed at each side, and dependent only on the observations of each other, i.e., y k .By solving (7), the control signals can be specified as: with where P is the solution of Riccati function, i.e., P = Q + A T PA − A T PB(I J + B T PB) −1 B T PA.The detailed deduction are displayed in Supplementary, available online.Under the control signal designed in ( 8)-( 9), the theoretical correlation coefficients of Alice's and Bob's states are plotted in Fig. 1(b).It is seen that in the process of the cooperative controlling of Alice and Bob, the correlation coefficients of their states (the absolute value) reach 1.This suggests that we can select a set of correlated states, whose correlation coefficients approach 1.Then, such selected states can be used as the common feature to generate the symmetrical cipher keys.

B. Common Feature Selection & Secret Key Generation
Leveraging the theoretical computation of the correlation coefficients ρ k between Alice's and Bob's states, the secret key generation process can be provided.We first assign M ∈ N + referenced destinations (i.e., 3D positions) for Alice and Bob, i.e., r , i ∈ {a, b}, whereby Alice and Bob are required to be cooperatively controlled to these destinations one-by-one.Then, we define m-th key generation round as the K controlling time-steps from last destination r m+1 .The detailed secret key generation relies on how to select common features, and how to generate keys from the common features.
1) Common Feature Index Set: After the computations of the theoretical correlation coefficients of Alice's and Bob's states, i.e., ρ 1 , . . ., ρ K from (3) and ( 6), a set of indices where Alice's and Bob's states that are theoretically proved to have high correlations can be constructed as: where ρ s,k is the sth element of ρ k , and ι [1, . . ., N] T .In (10), is a threshold to guarantee the large correlation coefficients of selected Alice's and Bob's states.s = C • ι is to ensure the selected states cannot be observed by potential Eve (Further details will be provided in Section IV-C).Then, common features can be selected separately at Alice and Bob as the states whose indices belong to this common feature index set.
2) Common Feature Selection: For each mth key generation round, Alice and Bob construct common features at both sides as: where g l is the lth element of set G. With g l = (s, k), x (a) k ), and sgn(ρ g l ) is the sign of ρ s,k , in order to make the same signs of Alice's and Bob's features.
3) Secret Keys From Common Feature: Given the constructed features, the secret key, denoted as L ] T , can be generated via the key quantization method, i.e., where f is the lth element of vector f (i) .γ l,± are the upper and lower quantization thresholds, which are assigned as [25]: In (13), β is the quantization parameter.
k ), which can be computed as follows: After the key generation at Alice and Bob, key reconciliation [26] and privacy amplification [27] can be done to derive the final secret key.In brief, key reconciliation can be pursued by one legitimate node sending the redundant part of its errorcorrection coded keys to the other to achieve high probability key agreement.Then, privacy amplification can be adopted to further Algorithm 1: CLS-Based Secret Key Generation (Take Alice as an Example).
remove the revealed information and enhance the key lengths.For example, one privacy amplification method is based on the digital chaotic system [39], i.e., ϕ t+1 = α • ϕ t (1 − ϕ t ), where t ∈ N + represents the tth iteration, and α ∈ [3.574, 4] denotes the bifurcation parameter.By being equipped with the same chaotic system, Alice and Bob can feed their reconciled keys as the initial input (i.e., ϕ 1 ), and the output chaotic results can be used as the final key with compatible lengths to communication streaming.In this work, we mainly focus on the control layer feature construction and key quantization steps, since the feature space serves as the only source of common randomness for further key generation steps, and the key quantization by which features are transformed into binary keys enables the evaluation of our CLS design.

4) Overall Algorithm Flow:
The overall algorithm flow for CLS-based secret key generation is provided in Algorithm IV-B4.Here, we take Alice as an example.The inputs are the system and control signal models, i.e., A, B, C, Θ 1 , Θ 2 , and Θ 3 in (1), and ( 8)- (9), and the M referenced destination points for Alice UAV to achieve.Steps 1-3 are initialization to compute the theoretical correlation coefficients of Alice's and Bob's states, and the common feature index set G for further feature selection.
The number of reference destinations determines the number of key generation rounds.In each mth key generation round, we have K discretized controlling time-steps to control the state to achieve the mth reference destination r (a) m .In each controlling time step, step 6 is to obtain Alice's own states via sensor reading, step 7 is to observe Bob's observable states, step 8 is to create distributed control signals via Alice's state and Bob's observable state, and step 9 is to control Alice UAV via the computed control signal.Next, step 11 is to select the common feature via the common feature index set, and step 12 is to generate secret keys via the common features.

C. Defending Potential Eves
After the elaboration of the CLS-based secret key generation, we study how secure the proposed key is against different types of Eves.Here, the Eves we considered only contain those aiming to use the observable states of Alice and Bob to reconstruct their unobservable states, from which they can regenerate the legitimate cipher keys.Other types of attackers (e.g., spoofing one of the legitimate users) are out of the scope of this work, as they do not attack the theory of CLS directly.To evaluate the security performance of our proposed CLS-based secret key, we consider three types of Eves, with the increase of the knowledge of Alice's and Bob's observable states and systems.
1) Type-1 Eve With Brute-Force: The brute-force Eve is assumed to be the simplest Eve without any knowledge of the Alice's and Bob's systems, i.e., (1), nor their observable states (3D positions and speeds), i.e., y K , i ∈ {a, b}.In this case, the control-layer common features of Alice and Bob, i.e., f (a) and f (b) , cannot be estimated by Eve, so do the generated secret keys relied upon.

2) Type-2 Eve With Alice's and Bob's Observable States:
We then consider if the Eve can obtain the observable of Alice and Bob, i.e., the 3D positions and the speeds shown in y (i) 1 , . . ., y (i) K , i ∈ {a, b}.In this case, Eve will use the observed states as Alice's and Bob's selected states for key generation.So, to evaluate the security of the CLS-based secret key, we test the correlation coefficients between the observable and the selected states of Alice and Bob.For a given g l = (s, k) ∈ G, such correlation can be computed as: where c s is the N × 1 vector where only sth element is 1 and others are 0.Then, the correlation coefficients can be computed as: where k , and Σ is the covariance matrix of observing errors, i.e., ε (1).The security of our proposed CLS when defending Type-2 Eve comes from three points.First, from (1), the correlation between observable and unobservable states is weakened by the observing noise, which contains the position measuring error and the enhanced speed estimation error from noisy positioning Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
observations.Second, Type-2 Eve does not know which states are selected, as she does not know the dynamic & control model.Third, even if she can know which states are selected, in UAV control, there exists a multiple-to-one mapping from the unobservable pitch, roll and yaw angles to the observable trajectories (e.g., going forward can be pursued either by direct pitch angle controlling or by clock wisely yawing ±90 • and rolling).This means the existence of information entropy loss (in terms of the low correlation coefficients) from observable to unobservable states.We further evaluate the correlation coefficients between the observable and unobservable states and the mentioned entropy loss in Figs. 4 and 5 in simulation section.

3) Type-3 Eve With Dynamic Models & Observable States:
We next consider a strong Eve with (i) the knowledge of AS's dynamic & control model, i.e., A, B, C, Θ 1 , Θ 2 and Θ 3 in ( 1) and ( 5), (ii) the observations of Alice and Bob, i.e., y k which represents the ASs' 3D positions and their corresponding velocities, and (iii) the required destinations of all M key generation rounds, i.e., r . It is noteworthy that these assumptions are extremely strong (even if guessing the modelling and intention is a separate research flow), but we will show that even so, Eve still cannot estimate the CLS-based secret key generated at Alice and Bob.
From Eve's perspective, the derivation of the secret key can be converted to estimate Alice's and Bob's states, i.e., x 1 , and (ii) taking the estimated initial states into the sequential state estimation algorithms (e.g., Kalman filter [40], [41] or Bayesian filter [42], [43]) for further state estimation.
Next, we show that the estimation of the initial state from observed states cannot be successful.An intuitive reason is that there are multiple combinations of yaw, pitch, and roll angles that can map to the same UAV trajectory, which renders the difficulty for Eve to estimate them via the observed trajectory.From mathematical perspectives, we take Alice as an example.The relation between Eve's observation of Alice and Alice's initial state x (a) 1 is expressed by the following linear equation, i.e., In (17), z  (a) .n (a) [(n (a) 1 ) T , . . ., (n (a) K−1 ) T ] T is the stacked control noise which cannot be known by Eve.Ã and B are defined as: .

TABLE I SIMULATION PARAMETERS
The detailed deduction of ( 17) is provided in Supplementary, available online.
Then, leveraging (17), the estimation of Alice's initial state can be pursued by the least-square (LS) method, i.e., where (•) † represents the pseudo-inverse operator.From (18), the estimation error can be further expressed as x(a) 2 , whose magnitude is dependent on the condition number of Ã.This therefore provides an insight to defend Type-3 Eve, i.e., the design of control signals should make cond( Ã) large.In this work, our CLS will not go into that further, but provide a proper control signal design which gives a 10 7 level of cond( Ã).The detailed evaluation is provided in the following simulation section.

V. SIMULATION & EXPERIMENTAL RESULTS
In this section, we evaluate the security performance of our proposed CLS on the distributed cooperative control of two quad-copters (Alice and Bob).Here, both simulation and real UAV experiments are performed.

1) Environmental Setting:
In the simulation part, the model and the CLS scheme are coded and tested via MATLAB.The simulation setting is summarized in Table I.The stacked state in (1), i.e., x (i) k , has N = 12 states, which are the 3D positions of x, y and z axes (unit m), the corresponding velocities (unit m/s), the roll, pitch and yaw angles (unit rad), and the corresponding roll, pitch and yaw speed (unit rad / s).Given the linearized model in [37], we configure the dynamic model Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
For the secret key generation, we randomly assign M = 1000 3D destination points for Alice and Bob, respectively.For any m ∈ {0, . . ., M}, r , where d = [50, 50, 0] T with unit m, and σ p = 10m.r represents the initial positions of Alice and Bob.As such, M = 1000 key generation rounds are considered in our simulation, and we assign K = 800 discrete time steps in each round.
2) Illustration of CLS Performance: One illustration of our proposed CLS is presented via Figs. 2 and 3, where the observing error is assigned as σ = 0.1m.It is shown from Fig. 2 that our designed cooperative control in ( 8)-( 9) can achieve the referenced destination points.Then, from Fig. 3, it is seen that under our designed control signal, Alice and Bob can have highly correlated unobservable states in yaw angles, which then can be exploited to generate the symmetrical binary secret keys with very low mismatch rate.
3) Performance of CLS Against Eves: In this part, we evaluate the performance of our proposed CLS when defending potential Eves.Here, we select the Type-2 and Type-3 Eves described in Sections IV-C2 and IV-C3, where Type-2 Eve  , A, B, C, Θ 1 , Θ 2 and Θ 3 , the reference destinations, i.e.,r , m ∈ {0, . . ., M}, and Alice's and Bob's observed states.
Fig. 4 provides the comparison of correlations between Alice and Bob (blue curve), Type-2 Eve and Alice (red curve), Type-3 Eve and Alice (yellow curve), where the x-coordinate is the observing error σ (with unit m), and y-coordinate is the correlation coefficient.It is first observed that with the observing error increases (e.g., from 0.01 m to 10 m), the correlation coefficients between Alice-Bob and Alice-Eve are all decreased (e.g., from 1 to 0.4 for Alice-Bob).This is because when involving Bob's observed states in Alice's control signal, the observing noise does not provide extra correlation between Alice's and Bob's states but extra variance, thereby rendering the reduction of the correlation coefficients.
Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.Then, it is seen that the correlation coefficient between Alice and Bob is greatly larger than that between Eve and Alice.The gap is approximately 1 − 0.1 = 0.9 for Type-2 Eve, and 1 − 0.2 = 0.8 for Type-3 Eve.The reason is categorized into three aspects.First, the large correlation coefficient between Alice and Bob is attributed to the cooperative control.The control signals of Alice and Bob involve each other's observed states, which evolved by the dynamic model, leads to highly correlated states for common features and further secret key generation (as is theoretically deduced in (6) and depicted by Fig. 1(b)).Second, for Type-2 Eve that tries to steal the legitimate common features by Alice's and Bob's observed states, the selected correlated states of Alice and Bob for feature construction are unobservable and less correlated from the observable states, thereby giving rise to low correlation coefficients between the features of Type-2 Eve and Alice.Third, for Type-3 Eve with knowledge of the dynamic & control model and Alice's and Bob's observable states, the difficulty lies in that it is intractable to estimate the initial state from the observable states, since amounts of initial states can map to the same observable states.For example, one can imagine that there are multiple combinations of yaw, pitch, and roll angles that can lead to the same UAV trajectory (e.g., the UAV with forward trajectory can be pursued either by direct pitch angle controlling or by clockwise yawing ±90 • and rolling).This can be also reflected by the condition number of Ã in (17), which is too large (e.g., cond( Ã) = 9.12 × 10 7 ) to give an accurate estimation of the initial state, i.e., x (a) 1 .We next evaluate mutual information between features of Alice and Bob (blue curve), Type-2 Eve and Alice (red curve), Type-3 Eve and Alice (yellow curve) in Fig. 5, where xcoordinate is the observing error σ and y-coordinate is the mutual information (with unit bits / feature).It is noteworthy that in the theoretical point, if the feature is Gaussian distributed, the mutual information can be computed by the correlation coefficients as MI = −0.5 log 2 (1 − ρ 2 ).Here, we simulate the mutual information via the ITE toolbox [44].It is seen from Fig. 5. Performance of CLS against two types Eves, where x-coordinate is the different levels of observing noises and y-coordinate is the mutual information.Fig. 6. Results of proposed CLS after key quantization.The numbers of match keys, of remained features (not discard by two quantization thresholds), and of total selected features are provided, under different quantization thresholds determined by quantization parameter β in (13) and different observing error σ.Fig. 7. Secret key rate after key quantization of our proposed CLS.
Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
Fig. 5 that the mutual information has the same trends with correlation coefficient in Fig. 4, due to the same monotonicity as the latter in terms of observing error.
Then, we calculate and depict the secret key capacity via the gap of mutual information between Alice and Bob and between Alice and Eves.It is seen from Fig. 5 that the secret key capacity of our proposed CLS is promising with the level of observing errors ranging from cm to m.This is attributed to the cooperative but distributed control of Alice and Bob, whereby the control signals involve each other's states and lead to high correlations of their unobserved states after dynamic evolution.
4) Secret Key Rate After Quantization: After the analysis of the secret key capacity of the proposed CLS in Fig. 5, we give one realization of the binary secret key generation via the twothresholds based key quantization in (13).It is noteworthy that other more sophisticated key quantization techniques also can be adopted based on the common features provided by the proposed CLS.
Fig. 6 shows the numbers of matched keys, of remaining features, and of total features, under different quantization parameters beta in (13) and observing errors σ.As is provided in (13) and in Fig. 2, one matched key refers to as the feature of Alice and Bob are larger (lesser) than the upper (lower) threshold, and one remaining feature is when it is outside the area covered by upper and lower thresholds.The total features are selected by the set G in (10), with the correlation coefficient threshold set as = 0.8.
It is first observed from Fig. 6 that with the increase of observing error σ (from 0.01 m to 10 m), the total number of selected features decreases (from 5.2 × 10 5 to 1.4 × 10 5 ).This is because the correlation coefficients between Alice's and Bob's states decrease with extra observation noises added into their control signals, which thereby leads to the reduction of the number of selected states whose correlation coefficients are larger than threshold .Such a decrease of the selected features further makes the reduction of the number of match keys (e.g., from an average of 4 × 10 5 to 1 × 10 5 ), with the growth of the observing noises.
Second, it is seen from Fig. 6 that with the increase of the quantization parameter β, both numbers of the remained features and the matched keys decrease.This is because a larger quantization parameter β results in a larger gap between the upper and lower thresholds.As a consequence, the number of features that fall into this gap and are discarded increases, rendering the smaller numbers of the remained features and the matched keys.It seems that the large threshold gap can decrease the number of matched keys, however, it helps reduce the burden of the further key reconciliation step.To be specific, when the correlations of Alice's and Bob's common features are low, a large upper/lower threshold gap can effectively discard the uncorrelated features, leaving the number of remained keys equals (approximately) that of matched keys.This further makes the further key reconciliation easier to design forward error correction (FEC) code to achieve the same keys at Alice and Bob.
We finally provide the secret key rate after the key quantization step in (12), which is defined as the number of matched keys in one second.In Fig. 7, secret key rates under three quantization parameters β = 0, 0.2, 0.4 are provided with different observing error σ.It is observed that the secret key rates reduce (averagely from 25 bps to 5 bps) as the observing noises increase from cm level to m level.This seems less attractive as opposed to the existing CSI-based PL-SKG (about 10 3 bps key rate) with reciprocal channel randomness and reliable channel estimation.However, it is noteworthy that the secrecy performance of the proposed CLS does not rely on the strict requirement of wireless channels (e.g., randomness, reciprocity and precise CSI estimator), which therefore makes the proposed CLS a promising candidate in the radio adversarial (e.g., jamming and LoS) scenarios to generate distributed and symmetrical secret keys between legitimate parties.

B. Real UAV Experiment
In this part, real UAV experiments are performed in the Indoor Flight Arena Lab of Cranfield University, which is an L-shape area equipped with VICON system to determine the 3D positions of UAVs, seen by Fig. 8(a).The UAVs for Alice and Bob are hand-made constructed via T-1045 frame, and motors with type AIR 2216/KV920, seen by Fig. 8(b).The CPU is chosen as Beagle-Bone-Blue with Debian system, and the controller in ( 8)-( 9) are coded with C++.Similar to the simulation, for key generation, two referenced paths are set for Alice and Bob to achieve.Eve is considered as someone who hacks the VICON system, and obtains all the observable states (i.e., x, y, z positions, and the corresponding velocities) of Alice and Bob.
The result is provided in Fig. 8(c).The measurement metrics are key agreement/disagreement rates, which are counted as the ratio of the matched/mismatched keys to the total generated keys.The models and parameters of the quadcopters are the same as the simulation setting.It is illustrated that the features and cipher keys generated by Alice and Bob have large commonalities and randomness, which makes them difficult for a brute-force Eve to guess/estimate.Then, we can see that the key disagreement rates from Type-2 and Type-3 Eves are very high (approximated 0.5), indicating that neither of them could successfully reconstruct the cipher keys, although Type-3 Eve is aware of the knowledge of all observable states and systems.The real-experimental results match the simulation results and analysis in the previous subsection.The full video is attached by the media resource (or online), which shows the potential of our proposed CLS to secure the wireless communications among cooperative ASs.

C. Discussion
In this part, we make a pros-and-cons analysis of choosing our proposed CLS or existing PLS for securing AS communications.As is listed in Table II, the prerequisite of PLS is the existence of channel reciprocity and randomness, otherwise, the key disagreement rate and randomness cannot be guaranteed.This suggests that PLS is more suitable for the dense urban area with strong small-scale scattering-induced channel randomness, and for the scenarios where channel reciprocity destruction attacks are absent.

TABLE II COMPARISON BETWEEN PLS AND PROPOSED CLS APPROACHES
Then in the aerospace scenarios where LoS channels between legitimate ASs are dominated, or in scenarios with channel jamming attacks, PLS is unable to extract reciprocal channel randomness for cipher key generation.In these cases, when ASs are in cooperative tasks, CLS in this work is proposed to uncover and exploit the common control layer features, and has been demonstrated by experiments to show potential to generate cipher keys.
One limitation of CLS lies in the secret key leakage from the estimation of the unobservable states by Eve.For currently, the CLS is implemented on the cooperative control of the geometric symmetry quadcopters, whose yaw angles are hard to be estimated by GNSS or imaging-based Eves, and thereby serve as the unobservable states for secret key generation.Indeed, if Eve is very close to one legitimate quadcopter, it may be possible to estimate the changes in the yaw angle by image processing techniques, which then leads to secret key leakage issue.This should be further studied especially via real experiments, by taking into account the system design, image resolution, the sampling time-interval, and the physical safe distance (for now we are using the air-gear 450 quadcopter, which does not allow any object to be close at 1 m or there will be a destroy of the propellers).

VI. CONCLUSION
The concerns of cybersecurity in ASs have been increasing, due to the disparity between the computation capability of an AS platform versus a powerful premeditated external attacker (e.g., quantum computer).This post-quantum cryptography issue indeed motivated the rapid advances in PLS in recent years.However, PLS remains sensitive to attackers (e.g., jamming) that destroy its prerequisite channel properties (e.g., reciprocity).
In this work, we proposed a new security mechanism called control layer security.The idea of CLS is to exploit the correlated and unobservable states between cooperative ASs to generate cipher keys.We then realized this idea in the linearized UAV cooperative control scenario.The theoretical correlation coefficients between Alice's and Bob's states were computed, based on which common feature selection and key quantization steps were designed.We evaluated the security of our proposed CLS, and showed that even if the Eve with full knowledge of observable states and systems cannot estimate the unobservable states and the secret key relied upon, due to the multiple-to-one mapping from unobservable states (pitch, roll and yaw angles) to the observable states (3D trajectory).Simulation results showed the promising secret key capacity of our proposed CLS.This demonstrates a promising candidate to secure the communications of ASs, especially in the adversarial radio environment with attackers that destroys the prerequisite for current PLS.

Fig. 1 .
Fig. 1.Illustration of proposed CLS.(a) provides the schematic flow by (1) cooperative control to generate correlated states, (2) feature construction at Alice and Bob via their unobservable and correlated states, (3) key quantization, (4) key reconciliation and privacy amplification, and (5) securing the wireless communication via the derived secret key.(b) shows the theoretical correlation coefficients of Alice's and Bob's unobservable states (e.g., roll, pitch, yaw angles and their angular speeds) in (6), by cooperative control.

Fig.
Fig. Performance of CLS against two types Eves, where x-coordinate is the different levels of observing noises and y-coordinate is the correlation coefficients.

Fig. 8 .
Fig. 8. Real UAV experiment on CLS-based cipher key generation.(a) shows the Area Indoor Flight Lab; (b) is the UAVs of Alice and Bob; and (c) is the features and cipher keys generated by our proposed CLS.By counting the ratio of matched and the total number of the generated binary keys, an approximately 90% key agreement rate is achieved between Alice and Bob.

1 )
We propose the basic idea of CLS, which aims to generate secured cipher keys at Alice and Bob.The commonality for cipher keys comes from the highly correlated states of two ASs by cooperative but distributed control.The security leverages Alice's (Bob's) secured states, which are unobservable and inestimable to Eves, due to the multipleto-one mappings, e.g., UAV's different yaw, pitch, and roll angles (difficult to be measured by Eves) can reach the same trajectory (easily observed by Eves).2) We then realize this idea and provide a schematic flow to implement CLS in linearized UAV dynamics with cooperative and distributed controls.The theoretical expression of correlation coefficients is deduced in an iterative form, and further adds evidence to our CLS concept.Leveraging this, Alice and Bob can pursue selections of highly correlated and unobservable states, which then serve as the control layer common features for further key quantization, reconciliation and privacy amplification steps.
3) We next propose and analyze three types of potential Eves, with the increasing knowledge of Alice's and Bob's observable states and dynamic & control model.Especially, a model-awareness Eve with the full knowledge of models and Alice's and Bob's 3D trajectories is considered.Neither of them can successfully estimate the unobservable states and the secret keys relied upon, due to the multiple-to-one mapping from unobservable states (e.g., pitch, roll, and yaw angles) to the observed trajectory states.4) We evaluate our proposed CLS via simulations.The results