$A^ 2RID$--Anonymous Direct Authentication and Remote Identification of Commercial Drones

Abstract

The recent worldwide introduction of RemoteID (RID) regulations forces all unmanned aircrafts (UAs), also known as drones, to broadcast in plaintext on the wireless channel their identity and real-time location, for accounting and monitoring purposes. Although improving drones’ monitoring and situational awareness, the RID rule also generates significant privacy concerns for UAs’ operators, threatened by the ease of tracking of UAs and related confidentiality and privacy concerns connected with the broadcasting of plaintext identity information. In this article, we propose anonymous direct authentication and remote identification ( A2RID ), a protocol suite for A2RID of heterogeneous commercial UAs. A2RID integrates and adapts protocols for anonymous message signing to work in the UA domain, coping with the constraints of commercial drones and the tight real-time requirements imposed by the RID regulation. Overall, the protocols in the A2RID suite allow a UA manufacturer to pick the configuration that best suits the capabilities and constraints of the drone, i.e., either a processing-intensive but memory-lightweight solution (namely, CS−A2RID ) or a computationally friendly but memory-hungry approach (namely, DS−A2RID ). Besides formally defining the protocols and formally proving their security in our setting, we also implement and test them on real heterogeneous hardware platforms, i.e., the Holybro X-500 and the ESPcopter, releasing open-source the produced code. For all the protocols, we demonstrated experimentally the capability of generating anonymous RemoteID messages well below the time bound of 1 s required by RID, while at the same time having quite a limited impact on the energy budget of the drone.

Publication
IEEE Internet of Things Journal
Pietro Tedeschi
Pietro Tedeschi
Head of Cyber Electromagnetic Warfare Research

My research interests include Unmanned Aerial Vehicles Security, Maritime Security, Wireless Security, Internet of Things (IoT), Applied Cryptography, Privacy Preserving Systems, and Cyber-Physical Systems Security.