--- 1/draft-ietf-drip-arch-12.txt 2021-05-27 13:13:11.044042270 -0700 +++ 2/draft-ietf-drip-arch-13.txt 2021-05-27 13:13:11.092043467 -0700 @@ -1,220 +1,216 @@ drip S. Card Internet-Draft A. Wiethuechter Intended status: Informational AX Enterprize -Expires: November 11, 2021 R. Moskowitz +Expires: 28 November 2021 R. Moskowitz HTT Consulting S. Zhao (Editor) Tencent A. Gurtov - Linkoeping University - May 10, 2021 + Linköping University + 27 May 2021 Drone Remote Identification Protocol (DRIP) Architecture - draft-ietf-drip-arch-12 + draft-ietf-drip-arch-13 Abstract This document describes an architecture for protocols and services to support Unmanned Aircraft System Remote Identification and tracking - (UAS RID), plus RID-related communications, conforming to proposed - and final regulations plus external technical standards, satisfying - the requirements listed in the companion requirements document - [I-D.ietf-drip-reqs]. + (UAS RID), plus RID-related communications. This architecture + satisfies the requirements listed in the DRIP requirements document. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on November 11, 2021. + This Internet-Draft will expire on 28 November 2021. Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal - Provisions Relating to IETF Documents - (https://trustee.ietf.org/license-info) in effect on the date of - publication of this document. Please review these documents - carefully, as they describe your rights and restrictions with respect - to this document. Code Components extracted from this document must - include Simplified BSD License text as described in Section 4.e of - the Trust Legal Provisions and are provided without warranty as - described in the Simplified BSD License. + Provisions Relating to IETF Documents (https://trustee.ietf.org/ + license-info) in effect on the date of publication of this document. + Please review these documents carefully, as they describe your rights + and restrictions with respect to this document. Code Components + extracted from this document must include Simplified BSD License text + as described in Section 4.e of the Trust Legal Provisions and are + provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 - 1.1. Overview of Unmanned Aircraft System (UAS) Remote ID - (RID) and Standardization . . . . . . . . . . . . . . . . 3 + 1.1. Overview of Unmanned Aircraft System (UAS) Remote ID (RID) + and Standardization . . . . . . . . . . . . . . . . . . . 3 1.2. Overview of Types of UAS Remote ID . . . . . . . . . . . 4 1.2.1. Broadcast RID . . . . . . . . . . . . . . . . . . . . 4 1.2.2. Network RID . . . . . . . . . . . . . . . . . . . . . 5 1.3. Overview of USS Interoperability . . . . . . . . . . . . 6 1.4. Overview of DRIP Architecture . . . . . . . . . . . . . . 7 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 9 3. Definitions and Abbreviations . . . . . . . . . . . . . . . . 9 3.1. Additional Definitions . . . . . . . . . . . . . . . . . 9 3.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 9 3.3. Claims, Assertions, Attestations, and Certificates . . . 10 4. HHIT for DRIP Entity Identifier . . . . . . . . . . . . . . . 11 4.1. UAS Remote Identifiers Problem Space . . . . . . . . . . 11 4.2. HIT as A Trustworthy DRIP Entity Identifier . . . . . . . 12 4.3. HHIT for DRIP Identifier Registration and Lookup . . . . 13 - 4.4. HHIT for DRIP Identifier Cryptographic . . . . . . . . . 13 + 4.4. HHIT for DRIP Identifier Cryptographic . . . . . . . . . 14 5. DRIP Identifier Registration and Registries . . . . . . . . . 14 5.1. Public Information Registry . . . . . . . . . . . . . . . 14 5.1.1. Background . . . . . . . . . . . . . . . . . . . . . 14 5.1.2. Proposed Approach . . . . . . . . . . . . . . . . . . 14 5.2. Private Information Registry . . . . . . . . . . . . . . 15 5.2.1. Background . . . . . . . . . . . . . . . . . . . . . 15 5.2.2. Proposed Approach . . . . . . . . . . . . . . . . . . 15 6. Harvesting Broadcast Remote ID messages for UTM Inclusion . . 15 6.1. The CS-RID Finder . . . . . . . . . . . . . . . . . . . . 16 6.2. The CS-RID SDSP . . . . . . . . . . . . . . . . . . . . . 16 7. Privacy for Broadcast PII . . . . . . . . . . . . . . . . . . 16 8. Security Considerations . . . . . . . . . . . . . . . . . . . 17 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 17 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 10.1. Normative References . . . . . . . . . . . . . . . . . . 17 10.2. Informative References . . . . . . . . . . . . . . . . . 18 Appendix A. Overview of Unmanned Aircraft Systems (UAS) Traffic - Management (UTM) . . . . . . . . . . . . . . . . . . 20 - A.1. Operation Concept . . . . . . . . . . . . . . . . . . . . 20 + Management (UTM) . . . . . . . . . . . . . . . . . . . . 20 + A.1. Operation Concept . . . . . . . . . . . . . . . . . . . . 21 A.2. UAS Service Supplier (USS) . . . . . . . . . . . . . . . 21 - A.3. UTM Use Cases for UAS Operations . . . . . . . . . . . . 21 + A.3. UTM Use Cases for UAS Operations . . . . . . . . . . . . 22 A.4. Automatic Dependent Surveillance Broadcast (ADS-B) . . . 22 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23 1. Introduction This document describes an architecture for protocols and services to support Unmanned Aircraft System Remote Identification and tracking - (UAS RID), plus RID-related communications, conforming to proposed - and final regulations plus external technical standards, satisfying - the requirements listed in the companion requirements document - [I-D.ietf-drip-reqs]. + (UAS RID), plus RID-related communications. The architecture takes + into account both current (including proposed) regulations and non- + IETF technical standards. - This document assumes the reader is familiar with - [I-D.ietf-drip-reqs]. + The architecture adheres to the requirements listed in the DRIP + requirements document [I-D.ietf-drip-reqs]. 1.1. Overview of Unmanned Aircraft System (UAS) Remote ID (RID) and Standardization UAS Remote Identification (RID) is an application enabler for a UAS to be identified by Unmanned Aircraft Systems Traffic Management (UTM) and UAS Service Supplier (USS) (Appendix A) or third parties - entities such as law enforcement. Many safety and other - considerations dictate that UAS be remotely identifiable. Civil - Aviation Authorities (CAAs) worldwide are mandating UAS RID. The + entities such as law enforcement. Many considerations (e.g., safety) + dictate that UAS be remotely identifiable. Civil Aviation + Authorities (CAAs) worldwide are mandating UAS RID. For example, the European Union Aviation Safety Agency (EASA) has published [Delegated] and [Implementing] Regulations. CAAs currently promulgate performance-based regulations that do not specify techniques, but rather cite industry consensus technical standards as acceptable means of compliance. Federal Aviation Administration (FAA) The FAA published a Notice of Proposed Rule Making [NPRM] in 2019 - and whereafter published the Final Rule [FAA_RID] in 2021. In - FAA's final rule, it is clearly stating that Automatic Dependent + and whereafter published the "Final Rule" in 2021 [FAA_RID]. In + FAA's final rule, it is clearly stated that Automatic Dependent Surveillance Broadcast (ADS-B) Out and transponders can not be - used to serve the purpose of an remote identification. (More - about ADS-B in Appendix A.4) + used to serve the purpose of an remote identification. More + details about ADS-B can be found in Appendix A.4. American Society for Testing and Materials (ASTM) ASTM International, Technical Committee F38 (UAS), Subcommittee F38.02 (Aircraft Operations), Work Item WK65041, developed the ASTM [F3411-19] Standard Specification for Remote ID and Tracking. ASTM defines one set of RID information and two means, MAC-layer - broadcast and IP-layer network, of communicating it. If a UAS + broadcast and IP-layer network, of communicating it. If an UAS uses both communication methods, the same information must be - provided via both means. The [F3411-19] is cited by FAA in its - RID final rule [FAA_RID] as "a potential means of compliance" to a + provided via both means. [F3411-19] is cited by FAA in its RID + final rule [FAA_RID] as "a potential means of compliance" to a Remote ID rule. The 3rd Generation Partnership Project (3GPP) - With release 16, 3GPP completed the UAS RID requirement study - [TS-22.825] and proposed use cases in the mobile network and the - services that can be offered based on RID. Release 17 - specification works on enhanced UAS service requirements and - provides the protocol and application architecture support which - is applicable for both 4G and 5G network. + With release 16, the 3GPP completed the UAS RID requirement study + [TS-22.825] and proposed a set of use cases in the mobile network + and the services that can be offered based on RID. Release 17 + specification focuses on enhanced UAS service requirements and + provides the protocol and application architecture support that + will be applicable for both 4G and 5G network. 1.2. Overview of Types of UAS Remote ID 1.2.1. Broadcast RID A set of RID messages are defined for direct, one-way, broadcast transmissions from the UA over Bluetooth or Wi-Fi. These are currently defined as MAC-Layer messages. Internet (or other Wide Area Network) connectivity is only needed for UAS registry information lookup by Observers using the locally directly received UAS RID as a key. Broadcast RID should be functionally usable in situations with no Internet connectivity. - The Broadcast RID is illustrated in Figure 1 below. + The Broadcast RID is illustrated in Figure 1. x x UA xxxxx | | | app messages directly over | one-way RF data link (no IP) | | + x xxxxx x x x x Observer's device (e.g. smartphone) x x Figure 1 With Broadcast RID, an Observer is limited to their radio "visible" - airspace for UAS awareness and information. With Internet queries - using harvested RID (see Section 6), the Observer may gain more - information about those visible UAS. + airspace for UAS awareness and information. With queries sent over + the Internet using harvested RID (see Section 6), the Observer may + gain more information about those visible UAS. 1.2.2. Network RID A RID data dictionary and data flow for Network RID are defined in - [F3411-19]. This data flow is emitted from a UAS via unspecified + [F3411-19]. This data flow is emitted from an UAS via unspecified means (but at least in part over the Internet) to a Network Remote ID - Service Provider (Net-RID SP). These Net-RID SPs provide the RID - data to Network Remote ID Display Providers (Net-RID DP). It is the - Net-RID DP that responds to queries from Network Remote ID Observers + Service Provider (Net-RID SP). A Net-RID SP provides the RID data to + Network Remote ID Display Providers (Net-RID DP). It is the Net-RID + DP that responds to queries from Network Remote ID Observers (expected typically, but not specified exclusively, to be web-based) specifying airspace volumes of interest. Network RID depends upon connectivity, in several segments, via the Internet, from the UAS to the Observer. - The Network RID is illustrated in Figure 2 below: + The Network RID is illustrated in Figure 2: x x UA xxxxx ******************** | \ * ------*---+------------+ | \ * / * | NET_RID_SP | | \ * ------------/ +---*--+------------+ | RF \ */ | * | * INTERNET | * +------------+ | /* +---*--| NET_RID_DP | | / * +---*--+------------+ @@ -224,26 +220,26 @@ x +------- x x x x x Operator (GCS) Observer x x x x x x Figure 2 Command and Control (C2) must flow from the GCS to the UA via some path, currently (in the year of 2021) typically a direct RF link, but with increasing BVLOS operations expected often to be wireless links - at either end with the Internet between. For all but the simplest + at either end with the Internet between. For all, but the simplest hobby aircraft, telemetry (at least position and heading) flows from the UA to the GCS via some path, typically the reverse of the C2 - path. Thus RID information pertaining to both the GCS and the UA can - be sent, by whichever has Internet connectivity, to the Net-RID SP, - typically the USS managing the UAS operation. + path. Thus, RID information pertaining to both the GCS and the UA + can be sent, by whichever has Internet connectivity, to the Net-RID + SP, typically the USS managing the UAS operation. The Net-RID SP forwards RID information via the Internet to subscribed Net-RID DP, typically a USS. Subscribed Net-RID DP forward RID information via the Internet to subscribed Observer devices. Regulations require and [F3411-19] describes RID data elements that must be transported end-to-end from the UAS to the subscribed Observer devices. [F3411-19] prescribes the protocols only between the Net-RID SP, Net- RID DP, and the Discovery and Synchronization Service (DSS). DRIP @@ -289,25 +285,24 @@ \ / \ / +------+ | DSS | +------+ Figure 3 1.4. Overview of DRIP Architecture - The requirements document [I-D.ietf-drip-reqs] also provides an - extended introduction to the problem space, use cases, etc. Only a - brief summary of that introduction will be restated here as context, - with reference to the general UAS RID usage scenarios shown in - Figure 4 below. + The requirements document [I-D.ietf-drip-reqs] provides an extended + introduction to the problem space and use cases. Only a brief + summary of that introduction is restated here as context, with + reference to the general UAS RID usage scenarios shown in Figure 4. General x x Public Public xxxxx xxxxx Safety Observer x x Observer x x x x ---------+ +---------- x x x x | | x x | | UA1 x x | | +------------ x x UA2 xxxxx | | | xxxxx @@ -325,46 +320,45 @@ | | | +----------+ | | | +----------+ | |------+ | +-------| | | Public | | | Private | | Registry | +-----+ | Registry | | | | DNS | | | +----------+ +-----+ +----------+ Figure 4 - DRIP will enable leveraging existing Internet resources (standard - protocols, services, infrastructure, and business models) to meet UAS - RID and closely related needs. DRIP will specify how to apply IETF - standards, complementing [F3411-19] and other external standards, to - satisfy UAS RID requirements. DRIP will update existing and develop - new protocol standards as needed to accomplish the foregoing. + DRIP is meant to leverage existing Internet resources (standard + protocols, services, infrastructures, and business models) to meet + UAS RID and closely related needs. DRIP will specify how to apply + IETF standards, complementing [F3411-19] and other external + standards, to satisfy UAS RID requirements. - This document will outline the UAS RID architecture into which DRIP - must fit and the architecture for DRIP itself. This includes - presenting the gaps between the CAAs' Concepts of Operations and - [F3411-19] as it relates to the use of Internet technologies and UA - direct RF communications. Issues include, but are not limited to: + This document outlines the UAS RID architecture into which DRIP must + fit and the architecture for DRIP itself. This includes presenting + the gaps between the CAAs' Concepts of Operations and [F3411-19] as + it relates to the use of Internet technologies and UA direct RF + communications. Issues include, but are not limited to: - * Design of trustworthy remote ID and trust in RID messages + - Design of trustworthy remote ID and trust in RID messages (Section 4) - * Mechanisms to leverage Domain Name System (DNS: [RFC1034]), + - Mechanisms to leverage Domain Name System (DNS: [RFC1034]), Extensible Provisioning Protocol (EPP [RFC5731]) and Registration Data Access Protocol (RDAP) ([RFC7482]) to provide - for private (Section 5.2) and public (Section 5.1) Information - Registry. + for private (Section 5.2) and public (Section 5.1) information + registry. - * Harvesting broadcast remote ID messages for UTM inclusion - (Section 6) + - Harvesting broadcast RID messages for UTM inclusion + (Section 6). - * Privacy in RID messages (PII protection) (Section 7) + - Privacy in RID messages (PII protection) (Section 7). 2. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown above. 3. Definitions and Abbreviations @@ -418,32 +412,26 @@ around X.509 certificates. These types of certificates and Public Key Infrastructure invoke more legal and public policy considerations than probably any other electronic communication sector. It emerged as a governmental platform for trusted identity management and was pursued in intergovernmental bodies with links into treaty instruments. Claims: A claim in DRIP is a predicate (e.g., "X is Y", "X has property - Y", and most importantly "X owns Y" or "X is owned by Y"). One - basic use case of a claim is an entity using an HHIT as an - identifier, e.g., a UAS using an HHIT as a UAS ID. + Y", and most importantly "X owns Y" or "X is owned by Y"). Assertions: An assertion in DRIP is a set of claims. This definition is - borrowed from JWT/CWT. An HHIT of itself can be seen as an - assertion: a claim that the identifier is a handle to an - asymmetric keypair owned by the entity, and a claim that the - identifier is in the registry specified by the HID embedded in the - identifier. + borrowed from JWT [RFC7519] and CWT [RFC8392]. Attestations: An attestation in DRIP is a signed assertion. The signer may be a claimant or a third party. Under DRIP this is normally used when an entity asserts a relationship with another entity, along with other information, and the asserting entity signs the assertion, thereby making it an attestation. Certificates: @@ -762,64 +750,66 @@ volunteers who have contributed to this draft include Amelia Andersdotter and Mohamed Boucadair. 10. References 10.1. Normative References [I-D.ietf-drip-reqs] Card, S. W., Wiethuechter, A., Moskowitz, R., and A. Gurtov, "Drone Remote Identification Protocol (DRIP) - Requirements", draft-ietf-drip-reqs-10 (work in progress), - April 2021. + Requirements", Work in Progress, Internet-Draft, draft- + ietf-drip-reqs-12, 23 May 2021, + . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . 10.2. Informative References - [CTA2063A] - ANSI, "Small Unmanned Aerial Systems Serial Numbers", + [CTA2063A] ANSI, "Small Unmanned Aerial Systems Serial Numbers", 2019. [Delegated] European Union Aviation Safety Agency (EASA), "EU Commission Delegated Regulation 2019/945 of 12 March 2019 on unmanned aircraft systems and on third-country operators of unmanned aircraft systems", 2019. - [F3411-19] - ASTM, "Standard Specification for Remote ID and Tracking", + [F3411-19] ASTM, "Standard Specification for Remote ID and Tracking", 2019. [FAA_RID] United States Federal Aviation Administration (FAA), "Remote Identification of Unmanned Aircraft", 2021, . [FAA_UAS_Concept_Of_Ops] United States Federal Aviation Administration (FAA), "Unmanned Aircraft System (UAS) Traffic Management (UTM) Concept of Operations (V2.0)", 2020, . [I-D.ietf-drip-rid] Moskowitz, R., Card, S. W., Wiethuechter, A., and A. - Gurtov, "UAS Remote ID", draft-ietf-drip-rid-07 (work in - progress), January 2021. + Gurtov, "UAS Remote ID", Work in Progress, Internet-Draft, + draft-ietf-drip-rid-07, 28 January 2021, + . [Implementing] European Union Aviation Safety Agency (EASA), "EU Commission Implementing Regulation 2019/947 of 24 May 2019 on the rules and procedures for the operation of unmanned aircraft", 2019. [LAANC] United States Federal Aviation Administration (FAA), "Low Altitude Authorization and Notification Capability", n.d., . [RFC7484] Blanchet, M., "Finding the Authoritative Registration Data (RDAP) Service", RFC 7484, DOI 10.17487/RFC7484, March 2015, . + [RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token + (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015, + . + [RFC8002] Heer, T. and S. Varjonen, "Host Identity Protocol Certificates", RFC 8002, DOI 10.17487/RFC8002, October 2016, . [RFC8004] Laganier, J. and L. Eggert, "Host Identity Protocol (HIP) Rendezvous Extension", RFC 8004, DOI 10.17487/RFC8004, October 2016, . [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital Signature Algorithm (EdDSA)", RFC 8032, DOI 10.17487/RFC8032, January 2017, . + [RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig, + "CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392, + May 2018, . + [RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object Representation (CBOR)", STD 94, RFC 8949, DOI 10.17487/RFC8949, December 2020, . [TS-22.825] 3GPP, "UAS RID requirement study", n.d., . @@ -989,44 +987,45 @@ Understanding these technical shortcomings, regulators worldwide have ruled out the use of ADS-B for the small UAS for which UAS RID and DRIP are intended. Authors' Addresses Stuart W. Card AX Enterprize 4947 Commercial Drive - Yorkville, NY 13495 - USA + Yorkville, NY, 13495 + United States of America Email: stu.card@axenterprize.com Adam Wiethuechter AX Enterprize 4947 Commercial Drive - Yorkville, NY 13495 - USA + Yorkville, NY, 13495 + United States of America Email: adam.wiethuechter@axenterprize.com + Robert Moskowitz HTT Consulting - Oak Park, MI 48237 - USA + Oak Park, MI, 48237 + United States of America Email: rgm@labs.htt-consult.com Shuai Zhao Tencent 2747 Park Blvd - Palo Alto 94588 - USA + Palo Alto, 94588 + United States of America Email: shuai.zhao@ieee.org Andrei Gurtov - Linkoeping University + Linköping University IDA - Linkoeping SE-58183 Linkoeping + SE-58183 Linköping Linköping Sweden Email: gurtov@acm.org