Skip to content

Secure Communications for UAS

Problem

Unmanned Aerial Systems (UAS) are increasingly relied upon for ISR, logistics, and precision missions. These platforms depend on continuous, reliable command-and-control (C2) and telemetry links—even when operating in contested environments with degraded or denied communications.

Traditional VPNs and public key infrastructure (PKI) approaches are not designed for these conditions. They require persistent connectivity, certificate management, and are vulnerable to “harvest now, decrypt later” (HNDL) attacks, where adversaries record encrypted data today and decrypt it using quantum computing in the future.

A compromised C2 link risks more than data exposure—it threatens full mission integrity and operational safety.

Crux VPN in action

Crux VPN provides post-quantum encrypted tunnels between airborne UAS and ground control stations (GCS). Each Crux agent is enrolled during system integration or manufacturing and can initiate secure tunnels without requiring pre-shared keys or internet-based trust models.

Using ML-KEM-1024 (a NIST-approved post-quantum key encapsulation mechanism), Crux performs a one-time handshake. Key material is then continuously rotated using Arqit’s Symmetric Key Agreement (SKA) Platform, avoiding the risks and complexity of public certificates.

The result is a lightweight, resilient VPN tunnel suitable for both low-bandwidth and high-assurance environments—designed to keep UAS operations secure against today’s threats and tomorrow’s quantum breakthroughs.

Example deployment

Crux VPN is embedded on the UAS flight controller or onboard compute module and configured with a unique identity. Ground systems, including mission control terminals or mobile command posts, are provisioned similarly.

Once the flight system is active and a network link is available (radio, LTE, or SATCOM), the Crux agent initiates a secure session. This protects all traffic:

  • Command-and-control (C2) messages
  • Real-time telemetry and flight data
  • Sensor payload streams (e.g., EO/IR video, RF data)
  • Remote diagnostics and update operations

Design highlights

  • Post-quantum encryption using ML-KEM-1024 and symmetric key rotation
  • Zero-trust authentication without certificates or shared secrets
  • Built for airborne links over RF, SATCOM, and LTE
  • Lightweight agent designed for low-power flight computers

Benefits

Area Advantage
Security Post-quantum encryption with no reliance on PKI or pre-shared keys.
Simplicity Lightweight agent, zero internet dependency, and minimal setup.
Compatibility Works across all UAS types and comms links (RF, LTE, SATCOM).
Resilience Handles link loss and degraded networks with automatic recovery.
Operational Fit Embedded at manufacture, managed via Crux Console in the field.

When to use Crux VPN

Use Crux VPN to protect UAS operations when:

  • C2 and telemetry links traverse contested or untrusted networks
  • Internet access is unavailable, unreliable, or not permitted
  • Long-term secrecy is critical, even against future quantum threats
  • Managing PKI or pre-shared keys is operationally impractical
  • Payload integrity and flight safety cannot be compromised