Abstract
To enable enhanced accountability of Unmanned Aerial Vehicles (UAVs) operations, the US-based Federal Avionics Administration (FAA) recently published a new dedicated regulation, namely RemoteID, requiring UAV operators to broadcast messages reporting their identity and location. The enforcement of such a rule, mandatory by 2022, generated significant concerns on UAV operators, primarily because of privacy issues derived by the indiscriminate broadcast of the plain-text identity of the UAV on the wireless channel. In this paper, we propose ARID, a solution enabling RemoteIDcompliant Anonymous Remote Identification of UAVs. The adoption of ARID allows UAVs to broadcast RemoteID-compliant messages using ephemeral pseudonyms that only a Trusted Authority, such as the FAA, can link to the long-term identifier of the UAV and its operator. Moreover, ARID also enforces UAV message authenticity, to protect UAVs against impersonation and spoofed reporting, while requiring an overall minimal toll on the battery budget. Furthermore, ARID generates negligible overhead on the Trusted Authority, not requiring the secure maintenance of any private database. While the security properties of ARID are thoroughly discussed and formally verified with ProVerif, we also implemented a prototype of ARID on a real UAV, i.e., the 3DR-Solo drone, integrating our solution within the popular Poky Operating System, on top of the widespread MAVLink protocol. Our experimental performance evaluation shows that the most demanding configuration of ARID takes only ≈ 11.23 ms to generate a message and requires a mere 4.72 mJ of energy. Finally, we also released the source code of ARID to foster further investigations and development by Academia, Industry, and practitioners.
Original language | English (US) |
---|---|
Title of host publication | Proceedings - 37th Annual Computer Security Applications Conference, ACSAC 2021 |
Publisher | Association for Computing Machinery |
Pages | 207-218 |
Number of pages | 12 |
ISBN (Electronic) | 9781450385794 |
DOIs | |
State | Published - Dec 6 2021 |
Event | 37th Annual Computer Security Applications Conference, ACSAC 2021 - Virtual, Online, United States Duration: Dec 6 2021 → Dec 10 2021 |
Publication series
Name | ACM International Conference Proceeding Series |
---|
Conference
Conference | 37th Annual Computer Security Applications Conference, ACSAC 2021 |
---|---|
Country/Territory | United States |
City | Virtual, Online |
Period | 12/6/21 → 12/10/21 |
Bibliographical note
Funding Information:The authors would like to thank the anonymous reviewers, that helped improving the quality of the paper. This publication was partially supported by awards NPRP-S-11-0109-180242 from the QNRF-Qatar National Research Fund, a member of The Qatar Foundation, and NATO Science for Peace and Security Programme - MYP G5828 project “SeaSec: DronNets for Maritime Border and Port Security”. This work has been partially supported also by the INTERSCT project, Grant No. NWA.1162.18.301, funded by Netherlands Organisation for Scientific Research (NWO). The findings reported herein are solely responsibility of the authors.
Publisher Copyright:
© 2021 Copyright held by the owner/author(s).
Keywords
- Anonymity
- Authentication
- Prototyping
- Remote identification
- Unmanned aerial vehicles
ASJC Scopus subject areas
- Software
- Human-Computer Interaction
- Computer Vision and Pattern Recognition
- Computer Networks and Communications