ARID: Anonymous Remote IDentification of Unmanned Aerial Vehicles

Pietro Tedeschi; Savio Sciancalepore; Roberto Di Pietro

doi:10.1145/3485832.3485834

ARID: Anonymous Remote IDentification of Unmanned Aerial Vehicles

Pietro Tedeschi, Savio Sciancalepore, Roberto Di Pietro

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

25 Citations (Scopus)

Abstract

To enable enhanced accountability of Unmanned Aerial Vehicles (UAVs) operations, the US-based Federal Avionics Administration (FAA) recently published a new dedicated regulation, namely RemoteID, requiring UAV operators to broadcast messages reporting their identity and location. The enforcement of such a rule, mandatory by 2022, generated significant concerns on UAV operators, primarily because of privacy issues derived by the indiscriminate broadcast of the plain-text identity of the UAV on the wireless channel.

In this paper, we propose ARID, a solution enabling RemoteID-compliant Anonymous Remote Identification of UAVs. The adoption of ARID allows UAVs to broadcast RemoteID-compliant messages using ephemeral pseudonyms that only a Trusted Authority, such as the FAA, can link to the long-term identifier of the UAV and its operator. Moreover, ARID also enforces UAV message authenticity, to protect UAVs against impersonation and spoofed reporting, while requiring an overall minimal toll on the battery budget. Furthermore, ARID generates negligible overhead on the Trusted Authority, not requiring the secure maintenance of any private database.

While the security properties of ARID are thoroughly discussed and formally verified with ProVerif, we also implemented a prototype of ARID on a real UAV, i.e., the 3DR-Solo drone, integrating our solution within the popular Poky Operating System, on top of the widespread MAVLink protocol. Our experimental performance evaluation shows that the most demanding configuration of ARID takes only ≈ 11.23 ms to generate a message and requires a mere 4.72 mJ of energy. Finally, we also released the source code of ARID to foster further investigations and development by Academia, Industry, and practitioners.

Original language	English
Title of host publication	Proceedings - 37th Annual Computer Security Applications Conference, ACSAC 2021
Subtitle of host publication	Annual Computer Security Applications Conference
Publisher	Association for Computing Machinery, Inc
Pages	207-218
Number of pages	12
ISBN (Electronic)	9781450385794
DOIs	https://doi.org/10.1145/3485832.3485834
Publication status	Published - 6 Dec 2021
Event	37th Annual Computer Security Applications Conference, ACSAC 2021 - Virtual, Online, United States Duration: 6 Dec 2021 → 10 Dec 2021

Conference

Conference	37th Annual Computer Security Applications Conference, ACSAC 2021
Country/Territory	United States
City	Virtual, Online
Period	6/12/21 → 10/12/21

Bibliographical note

Publisher Copyright:
© 2021 Copyright held by the owner/author(s).

Funding

The authors would like to thank the anonymous reviewers, that helped improving the quality of the paper. This publication was partially supported by awards NPRP-S-11-0109-180242 from the QNRF-Qatar National Research Fund, a member of The Qatar Foundation, and NATO Science for Peace and Security Programme - MYP G5828 project “SeaSec: DronNets for Maritime Border and Port Security”. This work has been partially supported also by the INTERSCT project, Grant No. NWA.1162.18.301, funded by Netherlands Organisation for Scientific Research (NWO). The findings reported herein are solely responsibility of the authors.

Funders	Funder number
Nederlandse Organisatie voor Wetenschappelijk Onderzoek

Keywords

Anonymity
Authentication
Prototyping
Remote identification
Unmanned aerial vehicles

Access to Document

10.1145/3485832.3485834

Cite this

@inproceedings{62d89b70949549b7b16759098f1db5fc,

title = "ARID: Anonymous Remote IDentification of Unmanned Aerial Vehicles",

abstract = "To enable enhanced accountability of Unmanned Aerial Vehicles (UAVs) operations, the US-based Federal Avionics Administration (FAA) recently published a new dedicated regulation, namely RemoteID, requiring UAV operators to broadcast messages reporting their identity and location. The enforcement of such a rule, mandatory by 2022, generated significant concerns on UAV operators, primarily because of privacy issues derived by the indiscriminate broadcast of the plain-text identity of the UAV on the wireless channel.In this paper, we propose ARID, a solution enabling RemoteID-compliant Anonymous Remote Identification of UAVs. The adoption of ARID allows UAVs to broadcast RemoteID-compliant messages using ephemeral pseudonyms that only a Trusted Authority, such as the FAA, can link to the long-term identifier of the UAV and its operator. Moreover, ARID also enforces UAV message authenticity, to protect UAVs against impersonation and spoofed reporting, while requiring an overall minimal toll on the battery budget. Furthermore, ARID generates negligible overhead on the Trusted Authority, not requiring the secure maintenance of any private database.While the security properties of ARID are thoroughly discussed and formally verified with ProVerif, we also implemented a prototype of ARID on a real UAV, i.e., the 3DR-Solo drone, integrating our solution within the popular Poky Operating System, on top of the widespread MAVLink protocol. Our experimental performance evaluation shows that the most demanding configuration of ARID takes only ≈ 11.23 ms to generate a message and requires a mere 4.72 mJ of energy. Finally, we also released the source code of ARID to foster further investigations and development by Academia, Industry, and practitioners.",

keywords = "Anonymity, Authentication, Prototyping, Remote identification, Unmanned aerial vehicles",

author = "Pietro Tedeschi and Savio Sciancalepore and {Di Pietro}, Roberto",

note = " Publisher Copyright: {\textcopyright} 2021 Copyright held by the owner/author(s).; 37th Annual Computer Security Applications Conference, ACSAC 2021 ; Conference date: 06-12-2021 Through 10-12-2021",

year = "2021",

month = dec,

day = "6",

doi = "10.1145/3485832.3485834",

language = "English",

pages = "207--218",

booktitle = "Proceedings - 37th Annual Computer Security Applications Conference, ACSAC 2021",

publisher = "Association for Computing Machinery, Inc",

address = "United States",

}

Tedeschi, P, Sciancalepore, S & Di Pietro, R 2021, ARID: Anonymous Remote IDentification of Unmanned Aerial Vehicles. in Proceedings - 37th Annual Computer Security Applications Conference, ACSAC 2021: Annual Computer Security Applications Conference. Association for Computing Machinery, Inc, pp. 207-218, 37th Annual Computer Security Applications Conference, ACSAC 2021, Virtual, Online, United States, 6/12/21. https://doi.org/10.1145/3485832.3485834

ARID: Anonymous Remote IDentification of Unmanned Aerial Vehicles. / Tedeschi, Pietro; Sciancalepore, Savio; Di Pietro, Roberto.
Proceedings - 37th Annual Computer Security Applications Conference, ACSAC 2021: Annual Computer Security Applications Conference. Association for Computing Machinery, Inc, 2021. p. 207-218.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - ARID

T2 - 37th Annual Computer Security Applications Conference, ACSAC 2021

AU - Tedeschi, Pietro

AU - Sciancalepore, Savio

AU - Di Pietro, Roberto

PY - 2021/12/6

Y1 - 2021/12/6

N2 - To enable enhanced accountability of Unmanned Aerial Vehicles (UAVs) operations, the US-based Federal Avionics Administration (FAA) recently published a new dedicated regulation, namely RemoteID, requiring UAV operators to broadcast messages reporting their identity and location. The enforcement of such a rule, mandatory by 2022, generated significant concerns on UAV operators, primarily because of privacy issues derived by the indiscriminate broadcast of the plain-text identity of the UAV on the wireless channel.In this paper, we propose ARID, a solution enabling RemoteID-compliant Anonymous Remote Identification of UAVs. The adoption of ARID allows UAVs to broadcast RemoteID-compliant messages using ephemeral pseudonyms that only a Trusted Authority, such as the FAA, can link to the long-term identifier of the UAV and its operator. Moreover, ARID also enforces UAV message authenticity, to protect UAVs against impersonation and spoofed reporting, while requiring an overall minimal toll on the battery budget. Furthermore, ARID generates negligible overhead on the Trusted Authority, not requiring the secure maintenance of any private database.While the security properties of ARID are thoroughly discussed and formally verified with ProVerif, we also implemented a prototype of ARID on a real UAV, i.e., the 3DR-Solo drone, integrating our solution within the popular Poky Operating System, on top of the widespread MAVLink protocol. Our experimental performance evaluation shows that the most demanding configuration of ARID takes only ≈ 11.23 ms to generate a message and requires a mere 4.72 mJ of energy. Finally, we also released the source code of ARID to foster further investigations and development by Academia, Industry, and practitioners.

AB - To enable enhanced accountability of Unmanned Aerial Vehicles (UAVs) operations, the US-based Federal Avionics Administration (FAA) recently published a new dedicated regulation, namely RemoteID, requiring UAV operators to broadcast messages reporting their identity and location. The enforcement of such a rule, mandatory by 2022, generated significant concerns on UAV operators, primarily because of privacy issues derived by the indiscriminate broadcast of the plain-text identity of the UAV on the wireless channel.In this paper, we propose ARID, a solution enabling RemoteID-compliant Anonymous Remote Identification of UAVs. The adoption of ARID allows UAVs to broadcast RemoteID-compliant messages using ephemeral pseudonyms that only a Trusted Authority, such as the FAA, can link to the long-term identifier of the UAV and its operator. Moreover, ARID also enforces UAV message authenticity, to protect UAVs against impersonation and spoofed reporting, while requiring an overall minimal toll on the battery budget. Furthermore, ARID generates negligible overhead on the Trusted Authority, not requiring the secure maintenance of any private database.While the security properties of ARID are thoroughly discussed and formally verified with ProVerif, we also implemented a prototype of ARID on a real UAV, i.e., the 3DR-Solo drone, integrating our solution within the popular Poky Operating System, on top of the widespread MAVLink protocol. Our experimental performance evaluation shows that the most demanding configuration of ARID takes only ≈ 11.23 ms to generate a message and requires a mere 4.72 mJ of energy. Finally, we also released the source code of ARID to foster further investigations and development by Academia, Industry, and practitioners.

KW - Anonymity

KW - Authentication

KW - Prototyping

KW - Remote identification

KW - Unmanned aerial vehicles

UR - http://www.scopus.com/inward/record.url?scp=85121597587&partnerID=8YFLogxK

U2 - 10.1145/3485832.3485834

DO - 10.1145/3485832.3485834

M3 - Conference contribution

SP - 207

EP - 218

BT - Proceedings - 37th Annual Computer Security Applications Conference, ACSAC 2021

PB - Association for Computing Machinery, Inc

Y2 - 6 December 2021 through 10 December 2021

ER -

ARID: Anonymous Remote IDentification of Unmanned Aerial Vehicles

Abstract

Conference

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this