TY - GEN
T1 - ARID
T2 - 37th Annual Computer Security Applications Conference, ACSAC 2021
AU - Tedeschi, Pietro
AU - Sciancalepore, Savio
AU - Di Pietro, Roberto
N1 - Funding Information:
The authors would like to thank the anonymous reviewers, that helped improving the quality of the paper. This publication was partially supported by awards NPRP-S-11-0109-180242 from the QNRF-Qatar National Research Fund, a member of The Qatar Foundation, and NATO Science for Peace and Security Programme - MYP G5828 project “SeaSec: DronNets for Maritime Border and Port Security”. This work has been partially supported also by the INTERSCT project, Grant No. NWA.1162.18.301, funded by Netherlands Organisation for Scientific Research (NWO). The findings reported herein are solely responsibility of the authors.
Publisher Copyright:
© 2021 Copyright held by the owner/author(s).
PY - 2021/12/6
Y1 - 2021/12/6
N2 - To enable enhanced accountability of Unmanned Aerial Vehicles (UAVs) operations, the US-based Federal Avionics Administration (FAA) recently published a new dedicated regulation, namely RemoteID, requiring UAV operators to broadcast messages reporting their identity and location. The enforcement of such a rule, mandatory by 2022, generated significant concerns on UAV operators, primarily because of privacy issues derived by the indiscriminate broadcast of the plain-text identity of the UAV on the wireless channel. In this paper, we propose ARID, a solution enabling RemoteIDcompliant Anonymous Remote Identification of UAVs. The adoption of ARID allows UAVs to broadcast RemoteID-compliant messages using ephemeral pseudonyms that only a Trusted Authority, such as the FAA, can link to the long-term identifier of the UAV and its operator. Moreover, ARID also enforces UAV message authenticity, to protect UAVs against impersonation and spoofed reporting, while requiring an overall minimal toll on the battery budget. Furthermore, ARID generates negligible overhead on the Trusted Authority, not requiring the secure maintenance of any private database. While the security properties of ARID are thoroughly discussed and formally verified with ProVerif, we also implemented a prototype of ARID on a real UAV, i.e., the 3DR-Solo drone, integrating our solution within the popular Poky Operating System, on top of the widespread MAVLink protocol. Our experimental performance evaluation shows that the most demanding configuration of ARID takes only ≈ 11.23 ms to generate a message and requires a mere 4.72 mJ of energy. Finally, we also released the source code of ARID to foster further investigations and development by Academia, Industry, and practitioners.
AB - To enable enhanced accountability of Unmanned Aerial Vehicles (UAVs) operations, the US-based Federal Avionics Administration (FAA) recently published a new dedicated regulation, namely RemoteID, requiring UAV operators to broadcast messages reporting their identity and location. The enforcement of such a rule, mandatory by 2022, generated significant concerns on UAV operators, primarily because of privacy issues derived by the indiscriminate broadcast of the plain-text identity of the UAV on the wireless channel. In this paper, we propose ARID, a solution enabling RemoteIDcompliant Anonymous Remote Identification of UAVs. The adoption of ARID allows UAVs to broadcast RemoteID-compliant messages using ephemeral pseudonyms that only a Trusted Authority, such as the FAA, can link to the long-term identifier of the UAV and its operator. Moreover, ARID also enforces UAV message authenticity, to protect UAVs against impersonation and spoofed reporting, while requiring an overall minimal toll on the battery budget. Furthermore, ARID generates negligible overhead on the Trusted Authority, not requiring the secure maintenance of any private database. While the security properties of ARID are thoroughly discussed and formally verified with ProVerif, we also implemented a prototype of ARID on a real UAV, i.e., the 3DR-Solo drone, integrating our solution within the popular Poky Operating System, on top of the widespread MAVLink protocol. Our experimental performance evaluation shows that the most demanding configuration of ARID takes only ≈ 11.23 ms to generate a message and requires a mere 4.72 mJ of energy. Finally, we also released the source code of ARID to foster further investigations and development by Academia, Industry, and practitioners.
KW - Anonymity
KW - Authentication
KW - Prototyping
KW - Remote identification
KW - Unmanned aerial vehicles
UR - http://www.scopus.com/inward/record.url?scp=85121597587&partnerID=8YFLogxK
U2 - 10.1145/3485832.3485834
DO - 10.1145/3485832.3485834
M3 - Conference contribution
AN - SCOPUS:85121597587
T3 - ACM International Conference Proceeding Series
SP - 207
EP - 218
BT - Proceedings - 37th Annual Computer Security Applications Conference, ACSAC 2021
PB - Association for Computing Machinery
Y2 - 6 December 2021 through 10 December 2021
ER -