draft-ietf-drip-reqs-04.txt   draft-ietf-drip-reqs-05.txt 
DRIP S. Card, Ed. DRIP S. Card, Ed.
Internet-Draft A. Wiethuechter Internet-Draft A. Wiethuechter
Intended status: Informational AX Enterprize Intended status: Informational AX Enterprize
Expires: 26 February 2021 R. Moskowitz Expires: 19 April 2021 R. Moskowitz
HTT Consulting HTT Consulting
A. Gurtov A. Gurtov
Linköping University Linköping University
25 August 2020 16 October 2020
Drone Remote Identification Protocol (DRIP) Requirements Drone Remote Identification Protocol (DRIP) Requirements
draft-ietf-drip-reqs-04 draft-ietf-drip-reqs-05
Abstract Abstract
This document defines the requirements for Drone Remote This document defines terminology and requirements for Drone Remote
Identification Protocol (DRIP) Working Group protocols to support Identification Protocol (DRIP) Working Group protocols to support
Unmanned Aircraft System Remote Identification and tracking (UAS RID) Unmanned Aircraft System Remote Identification and tracking (UAS RID)
for security, safety and other purposes. Complementing external for security, safety and other purposes. Complementing external
technical standards as regulator-accepted means of compliance with technical standards as regulator-accepted means of compliance with
UAS RID regulations, DRIP will: UAS RID regulations, DRIP will:
facilitate use of existing Internet resources to support UAS RID facilitate use of existing Internet resources to support UAS RID
and to enable enhanced related services; and to enable enhanced related services;
enable online and offline verification that UAS RID information is enable online and offline verification that UAS RID information is
skipping to change at page 1, line 45 skipping to change at page 1, line 45
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 26 February 2021. This Internet-Draft will expire on 19 April 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License. provided without warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction (Informative) . . . . . . . . . . . . . . . . . 2 1. Introduction (Informative) . . . . . . . . . . . . . . . . . 2
1.1. Overall Context . . . . . . . . . . . . . . . . . . . . . 3 1.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. Intended Use . . . . . . . . . . . . . . . . . . . . . . 5 1.2. Concerns and Constraints . . . . . . . . . . . . . . . . 6
1.3. DRIP Scope . . . . . . . . . . . . . . . . . . . . . . . 7 1.3. DRIP Scope . . . . . . . . . . . . . . . . . . . . . . . 7
2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 7 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 8
2.1. Requirements Terminology . . . . . . . . . . . . . . . . 8 2.1. Requirements Terminology . . . . . . . . . . . . . . . . 8
2.2. Definitions . . . . . . . . . . . . . . . . . . . . . . . 8 2.2. Definitions . . . . . . . . . . . . . . . . . . . . . . . 8
3. UAS RID Problem Space . . . . . . . . . . . . . . . . . . . . 15 3. UAS RID Problem Space . . . . . . . . . . . . . . . . . . . . 16
3.1. Network RID . . . . . . . . . . . . . . . . . . . . . . . 16 3.1. Network RID . . . . . . . . . . . . . . . . . . . . . . . 17
3.2. Broadcast RID . . . . . . . . . . . . . . . . . . . . . . 17 3.2. Broadcast RID . . . . . . . . . . . . . . . . . . . . . . 19
3.3. DRIP Focus . . . . . . . . . . . . . . . . . . . . . . . 18 3.3. DRIP Focus . . . . . . . . . . . . . . . . . . . . . . . 22
4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 19 4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 22
4.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 19 4.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.2. Identifier . . . . . . . . . . . . . . . . . . . . . . . 21 4.2. Identifier . . . . . . . . . . . . . . . . . . . . . . . 24
4.3. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 22 4.3. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.4. Registries . . . . . . . . . . . . . . . . . . . . . . . 23 4.4. Registries . . . . . . . . . . . . . . . . . . . . . . . 26
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27
6. Security Considerations . . . . . . . . . . . . . . . . . . . 23 6. Security Considerations . . . . . . . . . . . . . . . . . . . 27
7. Privacy and Transparency Considerations . . . . . . . . . . . 24 7. Privacy and Transparency Considerations . . . . . . . . . . . 29
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 25 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 29
8.1. Normative References . . . . . . . . . . . . . . . . . . 25 8.1. Normative References . . . . . . . . . . . . . . . . . . 29
8.2. Informative References . . . . . . . . . . . . . . . . . 25 8.2. Informative References . . . . . . . . . . . . . . . . . 30
Appendix A. Discussion and Limitations . . . . . . . . . . . . . 28 Appendix A. Discussion and Limitations . . . . . . . . . . . . . 32
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 29 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 33
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 29 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 34
1. Introduction (Informative) 1. Introduction (Informative)
1.1. Overall Context 1.1. Motivation
Many considerations (especially safety and security) dictate that UAS Many considerations (especially safety and security) necessitate
be remotely identifiable. Any Observer with responsibilities Unmanned Aircraft Systems (UAS) Remote Identification and tracking
involving aircraft inherently must classify Unmanned Aircraft (UA) (RID).
situationally according to basic considerations, as illustrated
notionally in Figure 1 below. An Observer who classifies an UAS: as Unmanned Aircraft (UA) may be fixed wing Short Take-Off and Landing
Taskable, can ask it to do something useful; as Low Concern, can (STOL), rotary wing (e.g., helicopter) Vertical Take-Off and Landing
reasonably assume it is not malicious, and would cooperate with (VTOL), or hybrid. They may be single- or multi-engine. The most
requests to modify its flight plans for safety reasons; as High common today are multicopters: rotary wing, multi engine. The
Concern or Unidentified, is worth focused surveillance. explosion in UAS was enabled by hobbyist development, for
multicopters, of advanced flight stability algorithms, enabling even
inexperienced pilots to take off, fly to a location of interest,
hover, and return to the take-off location or land at a distance.
UAS can be remotely piloted by a human (e.g., with a joystick) or
programmed to proceed from GNSS waypoint to waypoint in a weak form
of autonomy; stronger autonomy is coming. UA are "low observable":
they typically have small radar cross sections; they make noise quite
noticeable at short range but difficult to detect at distances they
can quickly close (500 meters in under 17 seconds at 60 knots); they
typically fly at low altitudes (for the small UAS to which RID
applies in the US, under 400 feet AGL); they are highly maneuverable
so can fly under trees and between buildings.
UA can carry payloads including sensors, cyber and kinetic weapons,
or can be used themselves as weapons by flying them into targets.
They can be flown by clueless, careless or criminal operators. Thus
the most basic function of UAS RID is "Identification Friend or Foe"
(IFF) to mitigate the significant threat they present. Numerous
other applications can be enabled or facilitated by RID: consider the
importance of identifiers in many Internet protocols and services.
The general scenario is illustrated in Figure 1.
UA1 UA2
x x x x
xxxxx xxxxx
General x x Public
Public xxxxx xxxxx Safety
Observer x x Observer
x x
x x ---------+ +---------- x x
x x | | x x
| |
+ +
xxxxxxxxxx
x x
+----------+x Internet x+------------+
| x x |
UA1 x | xxxxxxxxxx | x UA2
Pilot xxxxx + + + xxxxx Pilot
Operator x | | | x Operator
x | | | x
x x | | | x x
x x | | | x x
| | |
+----------+ | | | +----------+
| |------+ | +-------| |
| Public | | | Private |
| Registry | +-----+ | Registry |
| | | DNS | | |
+----------+ +-----+ +----------+
Figure 1: "General UAS RID Scenario"
Note the absence of any links to/from the UA in Figure 1. This is
because UAS RID and other connectivity involving the UA varies as
described below.
Inherently, any responsible Observer of UA must classify them, as
illustrated notionally in Figure 2. For basic airspace Situational
Awareness (SA), an Observer who classifies an UAS: as Taskable, can
ask it to do something useful; as Low Concern, can reasonably assume
it is not malicious, and would cooperate with requests to modify its
flight plans for safety concerns that arise; as High Concern or
Unidentified, can focus surveillance on it. These classes are not
standard, but derive from first principles.
xxxxxxx +--------------+ xxxxxxx +--------------+
x x No | | x x No | |
x ID? x+---->| UNIDENTIFIED | x ID? x+---->| UNIDENTIFIED |
x x | | x x | |
xxxxxxx +--------------+ xxxxxxx +--------------+
+ +
| Yes | Yes
v v
xxxxxxx xxxxxxx
skipping to change at page 3, line 37 skipping to change at page 5, line 26
| x x | | x x |
| xxxxxxx | | xxxxxxx |
| + | | + |
v v v v v v
+--------------+ +--------------+ +--------------+ +--------------+ +--------------+ +--------------+
| | | | | | | | | | | |
| TASKABLE | | LOW CONCERN | | HIGH CONCERN | | TASKABLE | | LOW CONCERN | | HIGH CONCERN |
| | | | | | | | | | | |
+--------------+ +--------------+ +--------------+ +--------------+ +--------------+ +--------------+
Figure 1: "Notional UAS Classification" Figure 2: "Notional UAS Classification"
Civil Aviation Authorities (CAAs) worldwide are mandating Unmanned
Aircraft System Remote Identification and tracking (UAS RID). The
European Union Aviation Safety Agency (EASA) has published
[Delegated] and [Implementing] Regulations. The United States (US)
Federal Aviation Administration (FAA) has published a Notice of
Proposed Rule Making [NPRM] and has described the key role that UAS
RID plays in UAS Traffic Management (UTM) in [FAACONOPS] (especially
Section 2.6). CAAs currently (2020) promulgate performance-based
regulations that do not specify techniques, but rather cite industry
consensus technical standards as acceptable means of compliance.
ASTM International, Technical Committee F38 (UAS), Subcommittee
F38.02 (Aircraft Operations), Work Item WK65041, developed ASTM
F3411-19 [F3411-19] Standard Specification for Remote ID and Tracking
(early drafts are freely available as [OpenDroneID] specifications).
It defines two means of UAS RID:
Network RID defines a set of information for UAS to make available
globally indirectly via the Internet, through servers that can be
queried by Observers.
Broadcast RID defines a set of messages for UA to transmit locally
directly one-way over Bluetooth or Wi-Fi, to be received in real
time by local Observers.
The same information must be provided via both means. The
presentation may differ, as Network RID defines a data dictionary,
whereas Broadcast RID defines message formats (which carry items from
that same data dictionary). The frequency with which it is sent may
differ, as Network RID can accommodate Observer queries asynchronous
to UAS updates (which generally need be sent only when information,
such as GCS location, changes), whereas Broadcast RID depends upon
Observers receiving UA messages at the time they are transmitted.
Network RID depends upon Internet connectivity in several segments
from the UAS to each Observer. Broadcast RID should need Internet
(or other Wide Area Network) connectivity only for UAS registry
information lookup using the directly locally received UAS Identifier
(UAS ID) as a key. Broadcast RID does not assume IP connectivity of
UAS; messages are encapsulated by the UA without IP, directly in
Bluetooth or WiFi link layer frames.
[F3411-19] specifies three UAS ID types:
TYPE-1 A static, manufacturer assigned, hardware serial number per
ANSI/CTA-2063-A "Small Unmanned Aerial System Serial Numbers"
[CTA2063A].
TYPE-2 A CAA assigned (presumably static) ID.
TYPE-3 A UTM system assigned UUID [RFC4122], which can but need not
be dynamic.
The EU allows only Type 1. The US allows Types 1 and 3, but requires An ID is not an end in itself; it exists to enable lookups and
Type 3 IDs (if used) each to be used only once (for a single UAS provision of services complementing mere identification.
flight, which in the context of UTM is called an "operation"). The
EU also requires an operator registration number (an additional
identifier distinct from the UAS ID) that can be carried in an
[F3411-19] optional Operator ID message. As yet apparently there are
no CAA proposals to use Type 2.
[F3411-19] Broadcast RID transmits all information as cleartext Using UAS RID to facilitate vehicular (V2X) communications and
(ASCII or binary), so static IDs enable trivial correlation of applications such as Detect And Avoid (DAA), which would impose
patterns of use, unacceptable in many applications, e.g., package tighter latency bounds than RID itself, is an obvious possibility,
delivery routes of competitors. explicitly contemplated in the United States (US) Federal Aviation
Administration (FAA) Notice of Proposed Rule Making [NPRM]. However,
applications of RID beyond RID itself, including DAA, have been
explicitly declared out of scope in ASTM International, Technical
Committee F38 (UAS), Subcommittee F38.02 (Aircraft Operations), Work
Item WK65041, working group discussions, based on a distinction
between RID as a security standard vs DAA as a safety application.
Although dynamic establishment of secure communications between the
Observer and the UAS pilot seems to have been contemplated by the FAA
UAS ID and Tracking Aviation Rulemaking Committee (ARC) in their
[Recommendations], it is not addressed in any of the subsequent
proposed regulations or technical specifications.
[Opinion1] and [WG105] cite the Direct Remote Identification [Opinion1] and [WG105] cite the Direct Remote Identification
previously required and specified, explicitly stating that whereas previously required and specified, explicitly stating that whereas
Direct RID is primarily for security purposes, "Electronic Direct RID is primarily for security purposes, "Electronic
Identification" (or the "Network Identification Service" in the Identification" (or the "Network Identification Service" in the
context of U-Space) is primarily for safety purposes (e.g. air context of U-space) is primarily for safety purposes (e.g. air
traffic management, especially hazards deconfliction) and also is traffic management, especially hazards deconfliction) and also is
allowed to be used for other purposes such as support of efficient allowed to be used for other purposes such as support of efficient
operations. These emerging standards allow the security and safety operations. These emerging standards allow the security and safety
oriented systems to be separate or merged. In addition to mandating oriented systems to be separate or merged. In addition to mandating
both Broadcast and Network one-way to Observers, they will use V2V to both Broadcast and Network one-way to Observers, they will use V2V to
other UAS (also likely to and/or from some manned aircraft). other UAS (also likely to and/or from some manned aircraft). These
reflect the broad scope of the EU U-space concept, as being developed
in the Single European Sky ATM Research (SESAR) Joint Undertaking,
whose U-space architectural principles are outlined in [InitialView].
Security oriented UAS RID regulations essentially have two goals: Security oriented UAS RID essentially has two goals: enable the
enable the general public to obtain and record an opaque ID for any general public to obtain and record an opaque ID for any observed UA,
observed UA, which they can then report to authorities; enable which they can then report to authorities; enable authorities, from
authorities, from such an ID, to look up information about the UAS such an ID, to look up information about the UAS and its operator.
and its operator, especially location. Safety oriented UAS RID has Safety oriented UAS RID has stronger requirements. Aviation
stronger requirements. Aviation community SDOs set a higher bar for community SDOs set a higher bar for safety than for security,
safety than for security, especially with respect to reliability. especially with respect to reliability.
1.2. Intended Use 1.2. Concerns and Constraints
An ID is not an end in itself; it exists to enable lookups and Disambiguation of multiple UA flying in close proximity may be very
provision of services complementing mere identification. challenging, even if each is reporting its identity, position and
velocity as accurately as it can. As the origin of all information
in UAS RID is self-reports from operators, there are possibilities
not only of unintentional error, but also of intentional
falsification, of this data.
Minimal specified information must be made available to the public; Minimal specified information must be made available to the public;
access to other data, e.g., UAS operator Personally Identifiable access to other data, e.g., UAS operator Personally Identifiable
Information (PII), must be limited to strongly authenticated Information (PII), must be limited to strongly authenticated
personnel, properly authorized per policy. The balance between personnel, properly authorized per policy. The balance between
privacy and transparency remains a subject for public debate and privacy and transparency remains a subject for public debate and
regulatory action; DRIP can only offer tools to expand the achievable regulatory action; DRIP can only offer tools to expand the achievable
trade space and enable trade-offs within that space. [F3411-19] trade space and enable trade-offs within that space. [F3411-19]
specifies only how to get the UAS ID to the Observer; how the specifies only how to get the UAS ID to the Observer: how the
Observer can perform these lookups, and how the registries first can Observer can perform these lookups, and how the registries first can
be populated with information, is unspecified. be populated with information, is unspecified.
Using UAS RID to facilitate vehicular (V2X) communications and
applications such as Detect And Avoid (DAA), which would impose
tighter latency bounds than RID itself, is an obvious possibility,
explicitly contemplated in the FAA NPRM. However, applications of
RID beyond RID itself have been omitted from [F3411-19]; DAA has been
explicitly declared out of scope in ASTM working group discussions,
based on a distinction between RID as a security standard vs DAA as a
safety application. Although dynamic establishment of secure
communications between the Observer and the UAS pilot seems to have
been contemplated by the FAA UAS ID and Tracking Aviation Rulemaking
Committee (ARC) in their [Recommendations], it is not addressed in
any of the subsequent proposed regulations or technical
specifications.
The need for near-universal deployment of UAS RID is pressing. This The need for near-universal deployment of UAS RID is pressing. This
implies the need to support use by Observers of already ubiquitous implies the need to support use by Observers of already ubiquitous
mobile devices (typically smartphones and tablets). Anticipating mobile devices (typically smartphones and tablets). Anticipating
likely CAA requirements to support legacy devices, especially in likely CAA requirements to support legacy devices, especially in
light of [Recommendations], [F3411-19] specifies that any UAS sending light of [Recommendations], [F3411-19] specifies that any UAS sending
Broadcast RID over Bluetooth must do so over Bluetooth 4, regardless Broadcast RID over Bluetooth must do so over Bluetooth 4, regardless
of whether it also does so over newer versions; as UAS sender devices of whether it also does so over newer versions; as UAS sender devices
and Observer receiver devices are unpaired, this implies extremely and Observer receiver devices are unpaired, this implies extremely
short "advertisement" (beacon) frames. short "advertisement" (beacon) frames.
UA onboard RID devices are severely constrained in Cost ($), Size, Wireless data links on the UA are challenging due to low altitude
Weight and Power ($SWaP). Cost is a significant impediment to the flight amidst structures and foliage over terrain, as well as the
necessary near-universal adoption of UAS send and Observer receive severe Cost, Size, Weight and Power (CSWaP) constraints of devices
RID capabilities. $SWaP is a burden not only on the designers of new onboard UA. CSWaP is a burden not only on the designers of new UA
UA for production and sale, but also on owners of existing UA that for production and sale, but also on owners of existing UA that must
must be retrofit. Radio Controlled (RC) aircraft modelers, "hams" be retrofit. Radio Controlled (RC) aircraft modelers, "hams" who use
who use licensed amateur radio frequencies to control UAS, drone licensed amateur radio frequencies to control UAS, drone hobbyists,
hobbyists and others who custom build UAS all need means of and others who custom build UAS, all need means of participating in
participating in UAS RID, sensitive to both generic $SWaP and UAS RID, sensitive to both generic CSWaP and application-specific
application-specific considerations. considerations.
To accommodate the most severely constrained cases, all these To accommodate the most severely constrained cases, all these
conspire to motivate system design decisions, especially for the conspire to motivate system design decisions, especially for the
Broadcast RID data link, which complicate the protocol design Broadcast RID data link, which complicate the protocol design
problem: one-way links; extremely short packets; and Internet- problem: one-way links; extremely short packets; and Internet-
disconnected operation of UA onboard devices. Internet-disconnected disconnected operation of UA onboard devices. Internet-disconnected
operation of Observer devices has been deemed by ASTM F38.02 too operation of Observer devices has been deemed by ASTM F38.02 too
infrequent to address, but for some users is important and presents infrequent to address, but for some users is important and presents
further challenges. further challenges.
As RID must often operate with limited bandwidth, short packet
payload length limits, and one-way links, heavyweight cryptographic
security protocols or even simple cryptographic handshakes are
infeasible, yet trustworthiness of UAS RID information is essential.
Under [F3411-19], even the most basic datum, the UAS ID string
(typically number) itself can be merely an unsubstantiated claim.
Observer devices being ubiquitous, thus popular targets for malware
or other compromise, cannot be generally trusted (although the user
of each device is compelled to trust that device, to some extent); a
"fair witness" functionality (inspired by [Stranger]) is desirable.
Despite work by regulators and Standards Development Organizations Despite work by regulators and Standards Development Organizations
(SDOs), there are substantial gaps in UAS standards generally and UAS (SDOs), there are substantial gaps in UAS standards generally and UAS
RID specifically. [Roadmap] catalogs UAS related standards, ongoing RID specifically. [Roadmap] catalogs UAS related standards, ongoing
standardization activities and gaps (as of early 2020); Section 7.8 standardization activities and gaps (as of early 2020); Section 7.8
catalogs those related specifically to UAS RID. catalogs those related specifically to UAS RID. DRIP will address
the most fundamental of these gaps, as foreshadowed above.
Given not only packet payload length and bandwidth, but also
processing and storage within the $SWaP constraints of very small
(e.g. consumer toy) UA, heavyweight cryptographic security protocols
are infeasible, yet trustworthiness of UAS RID information is
essential. Under [F3411-19], even the most basic datum, the UAS ID
string (typically number) itself can be merely an unsubstantiated
claim. Observer devices being ubiquitous, thus popular targets for
malware or other compromise, cannot be generally trusted (although
the user of each device is compelled to trust that device, to some
extent); a "fair witness" functionality (inspired by [Stranger]) is
desirable.
1.3. DRIP Scope 1.3. DRIP Scope
DRIP's initial goal is to make RID immediately actionable, in both DRIP's initial goal is to make RID immediately actionable, in both
Internet and local-only connected scenarios (especially emergencies), Internet and local-only connected scenarios (especially emergencies),
in severely constrained UAS environments, balancing legitimate (e.g., in severely constrained UAS environments, balancing legitimate (e.g.,
public safety) authorities' Need To Know trustworthy information with public safety) authorities' Need To Know trustworthy information with
UAS operators' privacy. By "immediately actionable" is meant UAS operators' privacy. By "immediately actionable" is meant
information of sufficient precision, accuracy, timeliness, etc. for information of sufficient precision, accuracy, timeliness, etc. for
an Observer to use it as the basis for immediate decisive action, an Observer to use it as the basis for immediate decisive action,
whether that be to trigger a defensive counter-UAS system, to attempt whether that be to trigger a defensive counter-UAS system, to attempt
to initiate communications with the UAS operator, to accept the to initiate communications with the UAS operator, to accept the
presence of the UAS in the airspace where/when observed as not presence of the UAS in the airspace where/when observed as not
requiring further action, or whatever, with potentially severe requiring further action, or whatever, with potentially severe
consequences of any action or inaction chosen based on that consequences of any action or inaction chosen based on that
information. For further explanation of the concept of immediate information. For further explanation of the concept of immediate
actionability, see [ENISACSIRT]. Note that UAS RID must achieve near actionability, see [ENISACSIRT]. Note that UAS RID must achieve near
universal adoption, but DRIP can add value even if only selectively universal adoption, but DRIP can add value even if only selectively
deployed, as those with jurisdiction over more sensitive airspace deployed, as those with jurisdiction over more sensitive airspace
volumes may set a higher than generally mandated RID bar for flight volumes may set a higher than generally mandated RID bar for flight
in those volumes. Potential follow-on goals may extend beyond in those volumes. Providing timely trustworthy identification data
providing timely and trustworthy identification data, to using it to is also prerequisite to identity-oriented networking.
enable identity-oriented networking of UAS.
DRIP (originally Trustworthy Multipurpose Remote Identification, TM- DRIP (originally Trustworthy Multipurpose Remote Identification, TM-
RID) potentially could be applied to verifiably identify other types RID) potentially could be applied to verifiably identify other types
of registered things reported to be in specified physical locations, of registered things reported to be in specified physical locations,
but the urgent motivation and clear initial focus is UAS. Existing but the urgent motivation and clear initial focus is UAS. Existing
Internet resources (protocol standards, services, infrastructure, and Internet resources (protocol standards, services, infrastructure, and
business models) should be leveraged. A natural Internet based business models) should be leveraged. A natural Internet based
architecture for UAS RID conforming to proposed regulations and architecture for UAS RID conforming to proposed regulations and
external technical standards is described in a companion architecture external technical standards is described in a companion architecture
document [drip-architecture] and elaborated in other DRIP documents; document [drip-architecture] and elaborated in other DRIP documents;
skipping to change at page 8, line 30 skipping to change at page 9, line 9
Aircraft System (singular) and Unmanned Aircraft Systems (plural) are Aircraft System (singular) and Unmanned Aircraft Systems (plural) are
both represented as UAS. On this and other terminological issues, to both represented as UAS. On this and other terminological issues, to
encourage comprehension necessary for adoption of DRIP by the encourage comprehension necessary for adoption of DRIP by the
intended user community, that community's norms are respected herein, intended user community, that community's norms are respected herein,
and definitions are quoted in cases where they have been found in and definitions are quoted in cases where they have been found in
that community's documents. Most of the listed terms are from that that community's documents. Most of the listed terms are from that
community (even if specific source documents are not cited); any that community (even if specific source documents are not cited); any that
are DRIP-specific or invented by the authors of this document are are DRIP-specific or invented by the authors of this document are
marked "(DRIP)". marked "(DRIP)".
$SWaP
Cost, Size, Weight and Power. (DRIP)
AAA AAA
Attestation, Authentication, Authorization, Access Control, Attestation, Authentication, Authorization, Access Control,
Accounting, Attribution, Audit, or any subset thereof (uses differ Accounting, Attribution, Audit, or any subset thereof (uses differ
by application, author and context). (DRIP) by application, author and context). (DRIP)
ABDAA ABDAA
AirBorne DAA. Accomplished using systems onboard the aircraft AirBorne DAA. Accomplished using systems onboard the aircraft
involved. Also known as "self-separation". involved. Supports "self-separation" (remaining "well clear" of
other aircraft) and collision avoidance.
ADS-B ADS-B
Automatic Dependent Surveillance - Broadcast. "ADS-B Out" Automatic Dependent Surveillance - Broadcast. "ADS-B Out"
equipment obtains aircraft position from other on-board systems equipment obtains aircraft position from other on-board systems
(typically GNSS) and periodically broadcasts it to "ADS-B In" (typically GNSS) and periodically broadcasts it to "ADS-B In"
equipped entities, including other aircraft, ground stations and equipped entities, including other aircraft, ground stations and
satellite based monitoring systems. satellite based monitoring systems.
AGL AGL
Above Ground Level. Relative altitude, above the variously Above Ground Level. Relative altitude, above the variously
skipping to change at page 9, line 43 skipping to change at page 10, line 18
B-LOS B-LOS
Beyond Line Of Sight (LOS). Term to be avoided due to ambiguity. Beyond Line Of Sight (LOS). Term to be avoided due to ambiguity.
See LOS. See LOS.
BV-LOS BV-LOS
Beyond Visual Line Of Sight (V-LOS). See V-LOS. Beyond Visual Line Of Sight (V-LOS). See V-LOS.
CAA CAA
Civil Aviation Authority. Two examples are the United States Civil Aviation Authority. Two examples are the United States
Federal Aviation Administration (FAA) and the European Union Federal Aviation Administration (FAA) and the Japan Civil Aviation
Aviation Safety Agency (EASA). Bureau.
CSWaP
Cost, Size, Weight and Power.
C2 C2
Command and Control. A set of organizational and technical Command and Control. Previously mostly used in military contexts.
attributes and processes that employs human, physical, and In the UAS context, typically refers to the RF data link over
information resources to solve problems and accomplish missions. which the GCS controls the UA.
Previously primarily used in military contexts. In the UAS
context, typically refers to the link between GCS and UA over
which the former controls the latter.
DAA DAA
Detect And Avoid, formerly Sense And Avoid (SAA). A means of Detect And Avoid, formerly Sense And Avoid (SAA). A means of
keeping aircraft "well clear" of each other for safety. keeping aircraft "well clear" of each other and obstacles for
safety. "The capability to see, sense or detect conflicting
traffic or other hazards and take the appropriate action to comply
with the applicable rules of flight." [ICAOUAS]
Direct RID Direct RID
Direct Remote Identification. Per [Delegated], "a system that Direct Remote Identification. "a system that ensures the local
ensures the local broadcast of information about a UA in broadcast of information about a UA in operation, including the
operation, including the marking of the UA, so that this marking of the UA, so that this information can be obtained
information can be obtained without physical access to the UA". without physical access to the UA". [Delegated] Corresponds
Requirement could be met with ASTM Broadcast RID: Basic ID message roughly to the Broadcast RID portion of [NPRM] Standard RID.
with UAS ID Type 1; Location/Vector message; Operator ID message;
System Message. Corresponds roughly to the Broadcast RID portion
of FAA NPRM Standard RID.
DSS DSS
Discovery and Synchronization Service. Formerly Inter-USS. The Discovery and Synchronization Service. Formerly Inter-USS. The
UTM system overlay network backbone. Most importantly, it enables UTM system overlay network backbone. Most importantly, it enables
one USS to learn which other USS have UAS operating in a given 4-D one USS to learn which other USS have UAS operating in a given 4-D
airspace volume, for deconfliction and surveillance; but it also airspace volume, for deconfliction of planned and Network RID
supports other functions. surveillance of active operations. [F3411-19]
E2E
End to End.
EUROCAE EUROCAE
European Organisation for Civil Aviation Equipment. Aviation SDO, European Organisation for Civil Aviation Equipment. Aviation SDO,
originally European, now with broader membership. Cooperates originally European, now with broader membership. Cooperates
extensively with RTCA. extensively with RTCA.
GBDAA GBDAA
Ground Based DAA. Accomplished with the aid of ground based Ground Based DAA. Accomplished with the aid of ground based
functions. functions.
skipping to change at page 10, line 50 skipping to change at page 11, line 26
uses to exercise C2 over the UA, whether by remotely exercising UA uses to exercise C2 over the UA, whether by remotely exercising UA
flight controls to fly the UA, by setting GPS waypoints, or flight controls to fly the UA, by setting GPS waypoints, or
otherwise directing its flight. otherwise directing its flight.
GNSS GNSS
Global Navigation Satellite System. Satellite based timing and/or Global Navigation Satellite System. Satellite based timing and/or
positioning with global coverage, often used to support positioning with global coverage, often used to support
navigation. navigation.
GPS GPS
Global Positioning System. A specific GNSS, but in this context, Global Positioning System. A specific GNSS, but in the UAS
the term is typically misused in place of the more generic term context, the term is typically misused in place of the more
GNSS. generic term GNSS.
GRAIN GRAIN
Global Resilient Aviation Interoperable Network. ICAO managed Global Resilient Aviation Interoperable Network. ICAO managed
IPv6 overlay internetwork per IATF, dedicated to aviation (but not IPv6 overlay internetwork per IATF, dedicated to aviation (but not
just aircraft). Currently in design. just aircraft). Currently in design.
IATF IATF
International Aviation Trust Framework. ICAO effort to develop a International Aviation Trust Framework. ICAO effort to develop a
resilient and secure by design framework for networking in support resilient and secure by design framework for networking in support
of all aspects of aviation. of all aspects of aviation.
skipping to change at page 11, line 28 skipping to change at page 12, line 6
standards relating to aviation. standards relating to aviation.
LAANC LAANC
Low Altitude Authorization and Notification Capability. Supports Low Altitude Authorization and Notification Capability. Supports
ATC authorization requirements for UAS operations: remote pilots ATC authorization requirements for UAS operations: remote pilots
can apply to receive a near real-time authorization for operations can apply to receive a near real-time authorization for operations
under 400 feet in controlled airspace near airports. US partial under 400 feet in controlled airspace near airports. US partial
stopgap until UTM comes. stopgap until UTM comes.
Limited RID Limited RID
Per the FAA NPRM, a mode of operation that must use Network RID, A mode of operation that must use Network RID, must not use
must not use Broadcast RID, and must provide pilot/GCS location Broadcast RID, and must provide pilot/GCS location only (not UA
only (not UA location). This mode is only allowed for UA that location). This mode is only allowed for UA that neither require
neither require (due to e.g. size) nor are equipped for Standard (due to e.g. size) nor are equipped for Standard RID, operated
RID, operated within V-LOS and within 400 feet of the pilot, below within V-LOS and within 400 feet of the pilot, below 400 feet AGL,
400 feet AGL, etc. etc. [NPRM]
Location/Vector Message Location/Vector Message
[F3411-19] Message Type 1. Provides UA location, altitude, [F3411-19] Message Type 1. Provides UA location, altitude,
heading and speed, only. Mandatory per [F3411-19]. heading, speed and status. Mandatory per [F3411-19].
LOS LOS
Line Of Sight. An adjectival phrase describing any information Line Of Sight. An adjectival phrase describing any information
transfer that travels in a nearly straight line (e.g. transfer that travels in a nearly straight line (e.g.
electromagnetic energy, whether in the visual light, RF or other electromagnetic energy, whether in the visual light, RF or other
frequency range) and is subject to blockage. A term to be avoided frequency range) and is subject to blockage. A term to be avoided
due to ambiguity, in this context, between RF-LOS and V-LOS. due to ambiguity, in this context, between RF-LOS and V-LOS.
MSL MSL
Mean Sea Level. Relative altitude, above the variously defined Mean Sea Level. Relative altitude, above the variously defined
mean sea level, typically of an UA (but in FAA NPRM also for a mean sea level, typically of an UA (but in [NPRM] also for a GCS),
GCS), measured in or meters. Should be explicitly specified as measured in feet or meters. Should be explicitly specified as
either barometric (pressure) or geodetic (GNSS). either barometric (pressure) or geodetic (GNSS).
Net-RID DP Net-RID DP
Network RID Display Provider. Logical entity that aggregates data Network RID Display Provider. [F3411-19] logical entity that
from Net-RID SPs as needed in response to user queries regarding aggregates data from Net-RID SPs as needed in response to user
UAS operating within specified airspace volumes, to enable display queries regarding UAS operating within specified airspace volumes,
by a user application on a user device. Potentially could provide to enable display by a user application on a user device.
not only information sent via UAS RID but also information Potentially could provide not only information sent via UAS RID
retrieved from UAS RID registries, or information beyond UAS RID, but also information retrieved from UAS RID registries, or
regarding subscribed USS. Under the FAA NPRM, not recognized as a information beyond UAS RID. Under [NPRM], not recognized as a
distinct entity, but a service provided by USS, including Public distinct entity, but a service provided by USS, including Public
Safety USS that may exist primarily for this purpose rather than Safety USS that may exist primarily for this purpose rather than
to manage any subscribed UAS. to manage any subscribed UAS.
Net-RID SP Net-RID SP
Network RID Service Provider. Logical entity that collects RID Network RID Service Provider. [F3411-19] logical entity that
messages from UAS and responds to NetRID-DP queries for collects RID messages from UAS and responds to NetRID-DP queries
information on UAS of which it is aware. Under the FAA NPRM, the for information on UAS of which it is aware. Under [NPRM], the
USS to which the UAS is subscribed ("Remote ID USS"). USS to which the UAS is subscribed ("Remote ID USS").
Network Identification Service Network Identification Service
EU regulatory requirement for Network RID. Requirement could be EU regulatory requirement for Network RID. [Opinion1] and [WG105]
met with ASTM Network RID: Basic ID message with UAS ID Type 1; Corresponds roughly to the Network RID portion of [NPRM] Standard
Location/Vector message; Operator ID message; System Message. RID.
Corresponds roughly to the Network RID portion of FAA NPRM
Standard RID.
Observer Observer
An entity (typically but not necessarily an individual human) who An entity (typically but not necessarily an individual human) who
has directly or indirectly observed an UA and wishes to know has directly or indirectly observed an UA and wishes to know
something about it, starting with its ID. An observer typically something about it, starting with its ID. An observer typically
is on the ground and local (within V-LOS of an observed UA), but is on the ground and local (within V-LOS of an observed UA), but
could be remote (observing via Network RID or other surveillance), could be remote (observing via Network RID or other surveillance),
operating another UA, aboard another aircraft, etc. (DRIP) operating another UA, aboard another aircraft, etc. (DRIP)
Operation Operation
A flight, or series of flights of the same mission, by the same A flight, or series of flights of the same mission, by the same
UAS, in the same airspace volume, separated by at most brief UAS, separated by at most brief ground intervals. (inferred from
ground intervals. UTM usage, no formal definition found)
Operator Operator
"A person, organization or enterprise engaged in or offering to "A person, organization or enterprise engaged in or offering to
engage in an aircraft operation." [ICAOUTM] engage in an aircraft operation." [ICAOUAS]
Operator ID Message Operator ID Message
[F3411-19] Message Type 5. Provides CAA issued Operator ID, only. [F3411-19] Message Type 5. Provides CAA issued Operator ID, only.
Operator ID is distinct from UAS ID. Optional per [F3411-19] but Operator ID is distinct from UAS ID. Optional per [F3411-19] but
may be required by regulations. may be required by regulations.
PIC PIC
Pilot In Command. "The pilot designated by the operator, or in Pilot In Command. "The pilot designated by the operator, or in
the case of general aviation, the owner, as being in command and the case of general aviation, the owner, as being in command and
charged with the safe conduct of a flight." [ICAOATM] charged with the safe conduct of a flight." [ICAOUAS]
PII PII
Personally Identifiable Information. In this context, typically Personally Identifiable Information. In this context, typically
of the UAS Operator, Pilot In Command (PIC) or Remote Pilot, but of the UAS Operator, Pilot In Command (PIC) or Remote Pilot, but
possibly of an Observer or other party. possibly of an Observer or other party.
Remote Pilot Remote Pilot
A pilot using a GCS to exercise proximate control of an UA. A pilot using a GCS to exercise proximate control of an UA.
Either the PIC or under the supervision of the PIC. Either the PIC or under the supervision of the PIC. "The person
who manipulates the flight controls of a remotely-piloted aircraft
during flight time." [ICAOUAS]
RF
Radio Frequency. Noun or adjective, e.g. "RF link."
RF-LOS RF-LOS
RF LOS. Typically used in describing operation of a direct radio RF LOS. Typically used in describing a direct radio link between
link between a GCS and the UA under its control, potentially a GCS and the UA under its control, potentially subject to
subject to blockage by foliage, structures, terrain or other blockage by foliage, structures, terrain or other vehicles, but
vehicles, but less so than V-LOS. less so than V-LOS.
RTCA RTCA
Radio Technical Commission for Aeronautics. US aviation SDO. Radio Technical Commission for Aeronautics. US aviation SDO.
Cooperates extensively with EUROCAE. Cooperates extensively with EUROCAE.
Self-ID Message Self-ID Message
[F3411-19] Message Type 3. Provides a 1 byte descriptor and 23 [F3411-19] Message Type 3. Provides a 1 byte descriptor and 23
byte ASCII free text field, only. Expected to be used to provide byte ASCII free text field, only. Expected to be used to provide
context on the operation, e.g. mission intent. Optional unless context on the operation, e.g. mission intent. Optional per
required by the cognizant CAA. Optional per [F3411-19] but may be [F3411-19] but may be required by regulations.
required by regulations.
Standard RID Standard RID
Per the FAA NPRM, a mode of operation that must use both Network A mode of operation that must use both Network RID (if Internet
RID (if Internet connectivity is available at the time in the connectivity is available at the time in the operating area) and
operating area) and Broadcast RID (always and everywhere), and Broadcast RID (always and everywhere), and must provide both
must provide both pilot/GCS location and UA location. This mode pilot/GCS location and UA location. This mode is required for UAS
is required for UAS that exceed the allowed envelope (e.g. size, that exceed the allowed envelope (e.g. size, range) of Limited RID
range) of Limited RID and for all UAS equipped for Standard RID and for all UAS equipped for Standard RID (even if operated within
(even if operated within parameters that would otherwise permit parameters that would otherwise permit Limited RID). [NPRM] The
Limited RID). The Broadcast RID portion corresponds roughly to EU Broadcast RID portion corresponds roughly to EU Direct RID; the
Direct RID; the Network RID portion corresponds roughly to EU Network RID portion corresponds roughly to EU Network
Network Identification Service. Identification Service.
SDO SDO
Standards Development Organization. ASTM, IETF, et al. Standards Development Organization. ASTM, IETF, et al.
SDSP SDSP
Supplemental Data Service Provider. An entity that participates Supplemental Data Service Provider. An entity that participates
in the UTM system, but provides services beyond those specified as in the UTM system, but provides services beyond those specified as
basic UTM system functions. E.g., provides weather data. basic UTM system functions. E.g., provides weather data.
[FAACONOPS]
System Message System Message
[F3411-19] Message Type 4. Provides general UAS information, [F3411-19] Message Type 4. Provides general UAS information,
including remote pilot location, multiple UA group operational including remote pilot location, multiple UA group operational
area, etc. Optional per [F3411-19] but may be required by area, etc. Optional per [F3411-19] but may be required by
regulations. regulations.
U-space U-space
EU concept and emerging framework for integration of UAS into all EU concept and emerging framework for integration of UAS into all
classes of airspace, specifically including high density urban classes of airspace, specifically including high density urban
areas, sharing airspace with manned aircraft. areas, sharing airspace with manned aircraft. [InitialView]
UA UA
Unmanned Aircraft. An aircraft which is intended to operate with Unmanned Aircraft. In popular parlance, "drone". "An aircraft
no pilot on board. In popular parlance, "drone". which is intended to operate with no pilot on board." [ICAOUAS]
UAS UAS
Unmanned Aircraft System. Composed of UA, all required on-board Unmanned Aircraft System. Composed of UA, all required on-board
subsystems, payload, control station, other required off-board subsystems, payload, control station, other required off-board
subsystems, any required launch and recovery equipment, all subsystems, any required launch and recovery equipment, all
required crew members, and C2 links between UA and control required crew members, and C2 links between UA and control
station. station. [F3411-19]
UAS ID UAS ID
UAS identifier. Although called "UAS ID", unique to the UA: UAS identifier. Although called "UAS ID", unique to the UA,
neither to the operator (as previous registration numbers have neither to the operator (as some UAS registration numbers have
been assigned), nor to the combination of GCS and UA that comprise been and for exclusively recreational purposes are continuing to
the UAS. Per [F3411-19]: maximum length of 20 bytes; see be assigned), nor to the combination of GCS and UA that comprise
Section 1.1, Paragraph 7 for currently defined values. the UAS. Maximum length of 20 bytes. [F3411-19]
UAS ID Type UAS ID Type
Identifier type index. Per [F3411-19], 4 bits, values 0-3 already UAS Identifier type index. 4 bits, see Section 3, Paragraph 5 for
specified. currently defined values 0-3. [F3411-19]
UAS RID UAS RID
UAS Remote Identification. System for identifying UA during UAS Remote Identification and tracking. System to enable
flight by other parties. arbitrary Observers to identify UA during flight.
UAS RID Verification Service UAS RID Verifier Service
System component designed to handle the authentication System component designed to handle the authentication
requirements of RID by offloading verification to a web hosted requirements of RID by offloading verification to a web hosted
service. service. [F3411-19]
USS USS
UAS Service Supplier. "A USS is an entity that assists UAS UAS Service Supplier. "A USS is an entity that assists UAS
Operators with meeting UTM operational requirements that enable Operators with meeting UTM operational requirements that enable
safe and efficient use of airspace" and "... provide services to safe and efficient use of airspace" and "... provide services to
support the UAS community, to connect Operators and other entities support the UAS community, to connect Operators and other entities
to enable information flow across the USS Network, and to promote to enable information flow across the USS Network, and to promote
shared situational awareness among UTM participants" per shared situational awareness among UTM participants" per
[FAACONOPS]. [FAACONOPS].
UTM UTM
UAS Traffic Management. Per ICAO, "A specific aspect of air UAS Traffic Management. "A specific aspect of air traffic
traffic management which manages UAS operations safely, management which manages UAS operations safely, economically and
economically and efficiently through the provision of facilities efficiently through the provision of facilities and a seamless set
and a seamless set of services in collaboration with all parties of services in collaboration with all parties and involving
and involving airborne and ground-based functions." In the US, airborne and ground-based functions." [ICAOUTM] In the US, per
per FAA, a "traffic management" ecosystem for "uncontrolled" low FAA, a "traffic management" ecosystem for "uncontrolled" low
altitude UAS operations, separate from, but complementary to, the altitude UAS operations, separate from, but complementary to, the
FAA's ATC system for "controlled" operations of manned aircraft. FAA's ATC system for "controlled" operations of manned aircraft.
V2V V2V
Vehicle-to-Vehicle. Originally communications between Vehicle-to-Vehicle. Originally communications between
automobiles, now extended to apply to communications between automobiles, now extended to apply to communications between
vehicles generally. Often, together with Vehicle-to- vehicles generally. Often, together with Vehicle-to-
Infrastructure (V2I) etc., generalized to V2X. Infrastructure (V2I) etc., generalized to V2X.
V-LOS V-LOS
Visual LOS. Typically used in describing operation of an UA by a Visual LOS. Typically used in describing operation of an UA by a
"remote" pilot who can clearly directly (without video cameras or "remote" pilot who can clearly directly (without video cameras or
any other aids other than glasses or under some rules binoculars) any other aids other than glasses or under some rules binoculars)
see the UA and its immediate flight environment. Potentially see the UA and its immediate flight environment. Potentially
subject to blockage by foliage, structures, terrain or other subject to blockage by foliage, structures, terrain or other
vehicles, more so than RF-LOS. vehicles, more so than RF-LOS.
3. UAS RID Problem Space 3. UAS RID Problem Space
UA may be fixed wing Short Take-Off and Landing (STOL), rotary wing Civil Aviation Authorities (CAAs) worldwide are mandating UAS RID.
(e.g., helicopter) Vertical Take-Off and Landing (VTOL), or hybrid. The European Union Aviation Safety Agency (EASA) has published
They may be single- or multi-engine. The most common today are [Delegated] and [Implementing] Regulations. The US FAA has described
multicopters: rotary wing, multi engine. The explosion in UAS was the key role that UAS RID plays in UAS Traffic Management (UTM) in
enabled by hobbyist development, for multicopters, of advanced flight [NPRM] and [FAACONOPS] (especially Section 2.6 of the latter). CAAs
stability algorithms, enabling even inexperienced pilots to take off, currently (2020) promulgate performance-based regulations that do not
fly to a location of interest, hover, and return to the take-off specify techniques, but rather cite industry consensus technical
location or land at a distance. UAS can be remotely piloted by a standards as acceptable means of compliance.
human (e.g., with a joystick) or programmed to proceed from GNSS
waypoint to waypoint in a weak form of autonomy; stronger autonomy is
coming. UA are "low observable": they typically have small radar
cross sections; they make noise quite noticeable at short range but
difficult to detect at distances they can quickly close (500 meters
in under 17 seconds at 60 knots); they typically fly at low altitudes
(for the small UAS to which RID applies in the US, under 400 feet
AGL); they are highly maneuverable so can fly under trees and between
buildings.
UA can carry payloads including sensors, cyber and kinetic weapons, ASTM developed a widely cited Standard Specification for Remote ID
or can be used themselves as weapons by flying them into targets. and Tracking [F3411-19] (early drafts are freely available as
They can be flown by clueless, careless or criminal operators. Thus [OpenDroneID] specifications). It defines two means of UAS RID:
the most basic function of UAS RID is "Identification Friend or Foe"
(IFF) to mitigate the significant threat they present. Numerous
other applications can be enabled or facilitated by RID: consider the
importance of identifiers in many Internet protocols and services.
Network RID from the UA itself (rather than from its GCS) and Network RID defines a set of information for UAS to make available
Broadcast RID require one or more wireless data links from the UA, globally indirectly via the Internet, through servers that can be
but such communications are challenging due to $SWaP constraints and queried by Observers.
low altitude flight amidst structures and foliage over terrain.
Disambiguation of multiple UA flying in close proximity may be very Broadcast RID defines a set of messages for UA to transmit locally
challenging, even if each is reporting its identity, position and directly one-way over Bluetooth or Wi-Fi (without IP or any other
velocity as accurately as it can. protocols between the data link and application layer), to be
received in real time by local Observers.
UAS using both means must send the same UAS RID application layer
information via each per [F3411-19] and [NPRM]. The presentation may
differ, as Network RID defines a data dictionary, whereas Broadcast
RID defines message formats (which carry items from that same data
dictionary). The interval (or rate) at which it is sent may differ,
as Network RID can accommodate Observer queries asynchronous to UAS
updates (which generally need be sent only when information, such as
location, changes), whereas Broadcast RID depends upon Observers
receiving UA messages at the time they are transmitted. Network RID
depends upon Internet connectivity in several segments from the UAS
to each Observer. Broadcast RID should need Internet (or other Wide
Area Network) connectivity only for UAS registry information lookup
using the directly locally received UAS Identifier (UAS ID) as a key.
Broadcast RID does not assume IP connectivity of UAS; messages are
encapsulated by the UA without IP, directly in Bluetooth or WiFi link
layer frames.
[F3411-19] specifies three UAS ID types:
TYPE-1 A static, manufacturer assigned, hardware serial number per
ANSI/CTA-2063-A "Small Unmanned Aerial System Serial Numbers"
[CTA2063A].
TYPE-2 A CAA assigned (generally static) ID, like the registration
number of a manned aircraft.
TYPE-3 A UTM system assigned UUID [RFC4122], which can but need not
be dynamic.
Per [Delegated], the EU allows only Type 1. Per [NPRM], the US
allows Types 1 and 3, but requires Type 3 IDs (if used) each to be
used only once as a "Session ID" (for a single UAS flight, which in
the context of UTM is called an "operation"). Per [Delegated], the
EU also requires an operator registration number (an additional
identifier distinct from the UAS ID) that can be carried in an
[F3411-19] optional Operator ID message. Per [NPRM], the US allows
but does not require that operator registration numbers be sent. As
yet apparently there are no CAA public proposals to use Type 2.
3.1. Network RID 3.1. Network RID
Network RID is essentially publish-subscribe-query. First the UAS x x UA
operator pushes an operation plan to the USS that will serve that UAS xxxxx ********************
for that operation, for deconfliction with other operations; assuming | * ------*---+------------+
the plan receives approval and the operation commences, that UAS | * / * | NET_Rid_SP |
periodically pushes location/status updates to that USS (call it | * ------------/ +---*--+------------+
USS#1), which serves as the Network RID Service Provider (Net-RID SP) | RF */ | *
for that operation. If users of any other USS (whether they be other | * INTERNET | * +------------+
UAS operators or Observers) develop an interest in any 4-D airspace | /* +---*--| NET_Rid_DP |
volume containing that UAS operation, their USS learns, via the UTM | / * +----*--+------------+
Discovery and Synchronization Service (DSS), that USS#1 has such + / * | *
operations. Observers or other interested parties can then x / ****************|*** x
subscribe, via their USS, which serves as a Network RID Display xxxxx | xxxxx
Provider (Net-RID DP) for that surveillance session. The Net-RID SP x +------- x
(USS#1) will then publish updates of the UAS position/status to all x x
subscribed Net-RID DP, which in turn will deliver the surveillance x x Operator's GCS Observer x x
information to their users via unspecified (but expected to be web x x x x
browser based) means. Figure 3: "Network RID Information Flow"
Note the data flow typically originates on or at least passes through
the Ground Control Station (GCS), rather than comes direct from the
UA as in Broadcast RID (below), and makes up to 3 trips through the
Internet, implying use of IP (and other middle layer protocols) on
those trips, but not necessarily on the UA-GCS link (if indeed the
Network RID data even flows across that link).
Network RID is essentially publish-subscribe-query. In the typical
UTM context... First the UAS operator pushes an operation plan to the
USS that will serve that UAS for that operation, for deconfliction
with other operations. Assuming the plan receives approval and the
operation commences, that UAS periodically pushes location/status
updates to that USS (call it USS#1), which serves as the Network RID
Service Provider (Net-RID SP) for that operation. If users of any
other USS (whether they be other UAS operators or Observers) develop
an interest in any 4-D airspace volume intersecting the 4-D volume
containing that UAS operation, they query their own USS (call them
USS#2 through USS#n). Their USS query, via the UTM Discovery and
Synchronization Service (DSS), all other USS in the UTM system, and
learn that USS#1 has such operations. Observers or other interested
parties can then subscribe to track updates, via their own USS, which
serve as Network RID Display Providers (Net-RID DP) for that
surveillance session. The Net-RID SP (USS#1) will then publish
updates of the UAS position/status to all subscribed Net-RID DP
(USS#2 through USS#n), which in turn will deliver the information to
their users via unspecified (but expected to be web browser based)
means.
Network RID has several variants. The UA may have persistent onboard Network RID has several variants. The UA may have persistent onboard
Internet connectivity, in which case it can consistently source RID Internet connectivity, in which case it can consistently source RID
information directly over the Internet. The UA may have intermittent information directly over the Internet. The UA may have intermittent
onboard Internet connectivity, in which case the GCS must source RID onboard Internet connectivity, in which case the GCS must source RID
information whenever the UA itself is offline. The UA may not have information whenever the UA itself is offline. The UA may not have
Internet connectivity of its own, but have instead some other form of Internet connectivity of its own, but have instead some other form of
communications to another node that can relay RID information to the communications to another node that can relay RID information to the
Internet; this would typically be the GCS (which to perform its Internet; this would typically be the GCS (which to perform its
function must know where the UA is, although C2 link outages do function must know where the UA is, although C2 link outages do
skipping to change at page 17, line 29 skipping to change at page 19, line 25
In most cases in the near term, if the RID information is fed to the In most cases in the near term, if the RID information is fed to the
Internet directly by the UA or GCS, the first hop data links will be Internet directly by the UA or GCS, the first hop data links will be
cellular Long Term Evolution (LTE) or Wi-Fi, but provided the data cellular Long Term Evolution (LTE) or Wi-Fi, but provided the data
link can support at least UDP/IP and ideally also TCP/IP, its type is link can support at least UDP/IP and ideally also TCP/IP, its type is
generally immaterial to the higher layer protocols. An UAS as the generally immaterial to the higher layer protocols. An UAS as the
ultimate source of Network RID information feeds an USS acting as a ultimate source of Network RID information feeds an USS acting as a
Network RID Service Provider (Net-RID SP), which essentially proxies Network RID Service Provider (Net-RID SP), which essentially proxies
for that and other sources; an observer or other ultimate consumer of for that and other sources; an observer or other ultimate consumer of
Network RID information obtains it from a Network RID Display Network RID information obtains it from a Network RID Display
Provider (Net-RID DP), which aggregates information from multiple Provider (Net-RID DP), which aggregates information from multiple
Net-RID SPs to offer coverage of an airspace volume of interest. Net-RID SPs to offer airspace Situational Awareness (SA) coverage of
Network RID Service and Display providers are expected to be a volume of interest. Network RID Service and Display providers are
implemented as servers in well-connected infrastructure, accessible expected to be implemented as servers in well-connected
via typical means such as web APIs/browsers. infrastructure, accessible via typical means such as web APIs/
browsers.
Network RID is the more flexible and less constrained of the defined Network RID is the more flexible and less constrained of the defined
UAS RID means, but is only partially specified in [F3411-19]. It is UAS RID means, but is only partially specified in [F3411-19]. It is
presumed that IETF efforts supporting Broadcast RID (see next presumed that IETF efforts supporting Broadcast RID (see next
section) can be easily generalized for Network RID. section) can be easily generalized for Network RID.
3.2. Broadcast RID 3.2. Broadcast RID
x x UA
xxxxx
|
|
| app messages directly over one-way RF data link (no IP)
|
|
+
x
xxxxx
x
x
x x Observer's device (e.g. smartphone)
x x
Figure 4: "Broadcast RID Information Flow"
Note the absence of the Internet from this information flow sketch.
This is because Broadcast RID is one-way direct transmission of
application layer messages over a RF data link (without IP or other
middle layer protocols) from the UA to local Observer devices.
Internet connectivity is involved only in what the Observer chooses
to do with the information received, such as verify signatures using
a web based verifier service and look up information in registries
using the UAS ID as the primary unique key.
Broadcast RID is conceptually similar to Automatic Dependent
Surveillance - Broadcast (ADS-B). However, for various technical and
other reasons, regulators including the EASA and FAA have not
indicated intent to allow, and FAA has proposed explicitly to
prohibit, use of ADS-B for UAS RID.
[F3411-19] specifies three Broadcast RID data links: Bluetooth 4.X; [F3411-19] specifies three Broadcast RID data links: Bluetooth 4.X;
Bluetooth 5.X Long Range; and Wi-Fi with Neighbor Awareness Bluetooth 5.X Long Range; and Wi-Fi with Neighbor Awareness
Networking (NAN). For compliance with [F3411-19], an UA must Networking (NAN). For compliance with [F3411-19], an UA must
broadcast (using advertisement mechanisms where no other option broadcast (using advertisement mechanisms where no other option
supports broadcast) on at least one of these; if broadcasting on supports broadcast) on at least one of these; if broadcasting on
Bluetooth 5.x, it is also required concurrently to do so on 4.x Bluetooth 5.x, it is also required concurrently to do so on 4.x
(referred to in [F3411-19] as Bluetooth Legacy). (referred to in [F3411-19] as Bluetooth Legacy). Future revisions
may allow other data links.
The selection of the Broadcast media was driven by research into what The selection of the Broadcast media was driven by research into what
is commonly available on 'ground' units (smartphones and tablets) and is commonly available on 'ground' units (smartphones and tablets) and
what was found as prevalent or 'affordable' in UA. Further, there what was found as prevalent or 'affordable' in UA. Further, there
must be an Application Programming Interface (API) for the observer's must be an Application Programming Interface (API) for the observer's
receiving application to have access to these messages. As yet only receiving application to have access to these messages. As yet only
Bluetooth 4.X support is readily available, thus the current focus is Bluetooth 4.X support is readily available, thus the current focus is
on working within the 26 byte limit of the Bluetooth 4.X "Broadcast on working within the 26 byte limit of the Bluetooth 4.X "Broadcast
Frame" transmitted on beacon channels. After nominal overheads, this Frame" transmitted on beacon channels. After nominal overheads, this
limits the UAS ID string to a maximum length of 20 bytes, and limits the UAS ID string to a maximum length of 20 bytes, and
precludes the same frame carrying position, velocity and other precludes the same frame carrying position, velocity and other
information that should be bound to the UAS ID, much less strong information that should be bound to the UAS ID, much less strong
authentication data. This requires segmentation ("paging") of longer authentication data. This requires segmentation ("paging") of longer
messages or message bundles ("Message Pack"), and/or correlation of messages or message bundles ("Message Pack"), and/or correlation of
short messages (anticipated by ASTM to be done on the basis of short messages (anticipated by ASTM to be done on the basis of
Bluetooth 4 MAC address, which is weak and unverifiable). Bluetooth 4 MAC address, which is weak and unverifiable).
3.3. DRIP Focus [F3411-19] Broadcast RID specifies several message types: Basic,
Location, Authentication, Self-ID, System and Operator ID. To
DRIP will focus on making information obtained via UAS RID satisfy EASA and FAA proposed rules, all types are needed, except
immediately usable: Authentication and Self-ID.
1. by making it trustworthy (despite the severe constraints of
Broadcast RID);
2. by enabling verification that an UAS is registered, and if so, in
which registry (for classification of trusted operators on the
basis of known registry vetting, even by observers lacking
Internet connectivity at observation time);
3. by facilitating independent reports of UA's aeronautical data [F3411-19] Broadcast RID specifies very few quantitative performance
(location, velocity, etc.) to confirm or refute the operator requirements: static information must be transmitted at least once
self-reports upon which UAS RID and UTM tracking are based; per 3 seconds; dynamic information (the Location message) must be
transmitted at least once per second and be no older than one second
when sent. [NPRM] proposes all information be sent at least once per
second.
4. by enabling instant establishment, by authorized parties, of [F3411-19] Broadcast RID transmits all information as cleartext
secure communications with the remote pilot. (ASCII or binary), so static IDs enable trivial correlation of
patterns of use, unacceptable in many applications, e.g., package
delivery routes of competitors.
Any UA can assert any ID using the [F3411-19] required Basic ID Any UA can assert any ID using the [F3411-19] required Basic ID
message, which lacks any provisions for verification. The Position/ message, which lacks any provisions for verification. The Position/
Vector message likewise lacks provisions for verification, and does Vector message likewise lacks provisions for verification, and does
not contain the ID, so must be correlated somehow with a Basic ID not contain the ID, so must be correlated somehow with a Basic ID
message: the developers of [F3411-19] have suggested using the MAC message: the developers of [F3411-19] have suggested using the MAC
addresses, but these may be randomized by the operating system stack addresses on the Broadcast RID data link, but these may be randomized
to avoid the adversarial correlation problems of static identifiers. by the operating system stack to avoid the adversarial correlation
problems of static identifiers.
The [F3411-19] optional Authentication Message specifies framing for The [F3411-19] optional Authentication Message specifies framing for
authentication data, but does not specify any authentication method, authentication data, but does not specify any authentication method,
and the maximum length of the specified framing is too short for and the maximum length of the specified framing is too short for
conventional digital signatures and far too short for conventional conventional digital signatures and far too short for conventional
certificates. The one-way nature of Broadcast RID precludes certificates. The one-way nature of Broadcast RID precludes
challenge-response security protocols (e.g., observers sending nonces challenge-response security protocols (e.g., observers sending nonces
to UA, to be returned in signed messages). An observer would be to UA, to be returned in signed messages). An observer would be
seriously challenged to validate the asserted UAS ID or any other seriously challenged to validate the asserted UAS ID or any other
information about the UAS or its operator looked up therefrom. information about the UAS or its operator looked up therefrom.
Further, [F3411-19] provides very limited choices for an observer to 3.3. DRIP Focus
communicate with the pilot, e.g., to request further information on
the UAS operation or exit from an airspace volume in an emergency. In addition to the gaps described above, there is a fundamental gap
in almost all current or proposed regulations and technical standards
for UAS RID. As noted above, ID is not an end in itself, but a
means. [F3411-19] etc. provide very limited choices for an observer
to communicate with the pilot, e.g., to request further information
on the UAS operation or exit from an airspace volume in an emergency.
The System Message provides the location of the pilot/GCS, so an The System Message provides the location of the pilot/GCS, so an
observer could physically go to the asserted GCS location to look for observer could physically go to the asserted location to look for the
the remote pilot. An observer with Internet connectivity could look remote pilot; this is at best slow, and may not be feasible -- what
up operator PII in a registry, then call a phone number in hopes if the pilot is on the opposite rim of a canyon, or there are
someone who can immediately influence the UAS operation will answer multiple UAS operators to be contacted whose GCS all lie in different
promptly during that operation. directions from the Observer? An observer with Internet connectivity
and access privileges could look up operator PII in a registry, then
call a phone number in hopes someone who can immediately influence
the UAS operation will answer promptly during that operation; this is
unreliable. Internet technologies can do much better than this.
Thus complementing [F3411-19] with protocols enabling strong Thus complementing [F3411-19] with protocols enabling strong
authentication, preserving operator privacy while enabling immediate authentication, preserving operator privacy while enabling immediate
use of information by authorized parties, is critical to achieve use of information by authorized parties, is critical to achieve
widespread adoption of a RID system supporting safe and secure widespread adoption of a RID system supporting safe and secure
operation of UAS. operation of UAS.
DRIP will focus on making information obtained via UAS RID
immediately usable:
1. by making it trustworthy (despite the severe constraints of
Broadcast RID);
2. by enabling verification that an UAS is registered for RID, and
if so, in which registry (for classification of trusted operators
on the basis of known registry vetting, even by observers lacking
Internet connectivity at observation time);
3. by facilitating independent reports of UA aeronautical data
(location, velocity, etc.) to confirm or refute the operator
self-reports upon which UAS RID and UTM tracking are based;
4. by enabling instant establishment, by authorized parties, of
secure communications with the remote pilot.
4. Requirements 4. Requirements
4.1. General 4.1. General
GEN-1 Provable Ownership: DRIP MUST enable verification that the GEN-1 Provable Ownership: DRIP MUST enable verification that the
UAS ID asserted in the Basic ID message is that of the actual UAS ID asserted in the Basic ID message is that of the actual
current sender of the message (i.e. the message is not a current sender of the message (i.e. the message is not a
replay attack or other spoof, authenticating e.g. by replay attack or other spoof, authenticating e.g. by
verifying an asymmetric cryptographic signature using a verifying an asymmetric cryptographic signature using a
sender provided public key from which the asserted ID can be sender provided public key from which the asserted ID can be
at least partially derived), even on an observer device at least partially derived), even on an observer device
lacking Internet connectivity at the time of observation. lacking Internet connectivity at the time of observation.
GEN-2 Provable Binding: DRIP MUST enable binding all other GEN-2 Provable Binding: DRIP MUST enable binding all other
skipping to change at page 20, line 18 skipping to change at page 23, line 30
time of observation; with UAS ID Type 3, the same sender may time of observation; with UAS ID Type 3, the same sender may
have multiple IDs, potentially in different registries, but have multiple IDs, potentially in different registries, but
each ID must clearly indicate in which registry it can be each ID must clearly indicate in which registry it can be
found. found.
GEN-4 Readability: DRIP MUST enable information (regulation GEN-4 Readability: DRIP MUST enable information (regulation
required elements, whether sent via UAS RID or looked up in required elements, whether sent via UAS RID or looked up in
registries) to be read and utilized by both humans and registries) to be read and utilized by both humans and
software. software.
GEN-5 Gateway: DRIP MUST enable Broadcast RID -> Network RID GEN-5 Gateway: DRIP MUST enable Broadcast RID to Network RID
application layer gateways to stamp messages with precise application layer gateways to stamp messages with precise
date/time received and receiver location, then relay them to date/time received and receiver location, then relay them to
a network service (e.g. SDSP or distributed ledger), to a network service (e.g. SDSP or distributed ledger), to
support three objectives: mark up a RID message with where support three objectives: mark up a RID message with where
and when it was actually received (which may agree or and when it was actually received (which may agree or
disagree with the self-report in the set of messages); defend disagree with the self-report in the set of messages); defend
against replay attacks; and support optional SDSP services against replay attacks; and support optional SDSP services
such as multilateration (to complement UAS position self- such as multilateration (to complement UAS position self-
reports with independent measurements). reports with independent measurements).
GEN-6 Finger: DRIP MUST enable dynamically establishing, with AAA, GEN-6 Finger: DRIP MUST enable dynamically establishing, with AAA,
per policy, E2E strongly encrypted communications with the per policy, end to end strongly encrypted communications with
UAS RID sender and entities looked up from the UAS ID, the UAS RID sender and entities looked up from the UAS ID,
including at least the remote pilot and USS. including at least the remote pilot and USS.
GEN-7 QoS: DRIP MUST enable policy based specification of GEN-7 QoS: DRIP MUST enable policy based specification of
performance and reliability parameters, such as maximum performance and reliability parameters, such as maximum
message transmission intervals and delivery latencies. message transmission intervals and delivery latencies.
GEN-8 Mobility: DRIP MUST support physical and logical mobility of GEN-8 Mobility: DRIP MUST support physical and logical mobility of
UA, GCS and Observers. DRIP SHOULD support mobility of UA, GCS and Observers. DRIP SHOULD support mobility of
essentially all participating nodes (UA, GCS, Observers, Net- essentially all participating nodes (UA, GCS, Observers, Net-
RID SP, Net-RID DP, Private Registry, SDSP). RID SP, Net-RID DP, Private Registry, SDSP).
GEN-9 Multihoming: DRIP MUST support multihoming of UA and GCS, for GEN-9 Multihoming: DRIP MUST support multihoming of UA and GCS, for
make-before-break smooth handoff and resiliency against path/ make-before-break smooth handoff and resiliency against path/
link failure. DRIP SHOULD support multihoming of essentially link failure. DRIP SHOULD support multihoming of essentially
all participating nodes. all participating nodes.
GEN-10 Multicast: DRIP SHOULD support multicast for efficient and GEN-10 Multicast: DRIP SHOULD support multicast for efficient and
flexible publish-subscribe notifications, e.g., of UAS flexible publish-subscribe notifications, e.g., of UAS
reporting positions in designated sensitive airspace volumes. reporting positions in designated airspace volumes.
GEN-11 Management: DRIP SHOULD support monitoring of the health and GEN-11 Management: DRIP SHOULD support monitoring of the health and
coverage of Broadcast and Network RID services. coverage of Broadcast and Network RID services.
Requirements imposed either by regulation or in [F3411-19] are not Requirements imposed either by regulation or [F3411-19] are not
reiterated here, but drive many of the numbered requirements listed reiterated here, but drive many of the numbered requirements listed
here. E.g. the QoS requirement currently would be satisfied here. The QoS requirement currently would be satisfied generally by
generally by ensuring information refresh rates of at least 1 Hertz, ensuring information refresh rates of at least 1 Hertz, with
with latencies no greater than 1 second, at least 80% of the time; latencies no greater than 1 second, at least 80% of the time; but
but these numbers may change, so instead the DRIP requirement is that these numbers may change, so instead the DRIP requirement is that
they be user policy specifiable. Note that the "provable binding" they be user policy specifiable (which does not imply satisfiable in
requirement addresses the MAC address correlation problem of all cases, but implies that when the specs are not met, appropriate
[F3411-19] noted above. Note that the "gateway" requirement is the parties are notified). The "provable ownership" requirement
only instance in which DRIP transports [F3411-19] messages; most of addresses the possibility that the actual sender is not the claimed
DRIP pertains to the authentication of such messages and the sender (i.e. is a spoofer). The "provable binding" requirement
addresses the MAC address correlation problem of [F3411-19] noted
above. The "provable registration" requirement may impose burdens
not only on the UAS sender and the Observer's receiver, but also on
the registry; yet it cannot depend upon the Observer being able to
contact the registry at the time of observing the UA. The
"readability" requirement may involve machine assisted format
conversions, e.g. from binary encodings. The "gateway" requirement
is the only instance in which DRIP transports [F3411-19] messages;
most of DRIP pertains to the authentication of such messages and the
identifier carried within them. identifier carried within them.
4.2. Identifier 4.2. Identifier
ID-1 Length: The DRIP (UAS) entity (remote) identifier must be no ID-1 Length: The DRIP (UAS) entity (remote) identifier must be no
longer than 20 bytes (per [F3411-19] to fit in a Bluetooth 4 longer than 20 bytes (per [F3411-19] to fit in a Bluetooth 4
advertisement payload). advertisement payload).
ID-2 Registry ID: The DRIP identifier MUST be sufficient to identify ID-2 Registry ID: The DRIP identifier MUST be sufficient to identify
a registry in which the (UAS) entity identified therewith is a registry in which the (UAS) entity identified therewith is
listed. listed.
ID-3 Entity ID: The DRIP identifier MUST be sufficient to enable ID-3 Entity ID: The DRIP identifier MUST be sufficient to enable
lookup of other data associated with the (UAS) entity lookup of other data associated with the (UAS) entity
identified therewith in that registry. identified therewith in that registry.
ID-4 Uniqueness: The DRIP identifier MUST be unique within a to-be- ID-4 Uniqueness: The DRIP identifier MUST be unique within the
defined scope. global UAS RID identifier space from when it is first
registered therein until it is explicitly de-registered
therefrom (due to e.g. expiration after a specified lifetime
such as the FAA's proposed 6 months RID data retention period,
revocation by the registry, or surrender by the operator).
ID-5 Non-spoofability: The DRIP identifier MUST be non-spoofable ID-5 Non-spoofability: The DRIP identifier MUST be non-spoofable
within the context of Remote ID broadcast messages (some within the context of Remote ID broadcast messages (some
collection of messages provides proof of UA ownership of ID). collection of messages provides proof of UA ownership of ID).
ID-6 Unlinkability: A DRIP UAS ID MUST NOT facilitate adversarial ID-6 Unlinkability: A DRIP UAS ID MUST NOT facilitate adversarial
correlation over multiple UAS operations; this may be correlation over multiple UAS operations; this may be
accomplished e.g. by limiting each identifier to a single use, accomplished e.g. by limiting each identifier to a single use,
but if so, the UAS ID MUST support well-defined scalable timely but if so, the UAS ID MUST support well-defined scalable timely
registration methods. registration methods.
Note that Registry ID and Entity ID are requirements on a single DRIP The DRIP identifier can be used at various layers: in Broadcast RID,
it would be used by the application running directly over the data
link; in Network RID, it would be used by the application running
over HTTPS (and possibly other protocols); and in RID initiated V2X
applications such as DAA and C2, it could be used between the network
and transport layers (with HIP or DTLS).
Registry ID (which registry the entity is in) and Entity ID (which
entity it is, within that registry) are requirements on a single DRIP
entity Identifier, not separate (types of) ID. In the most common entity Identifier, not separate (types of) ID. In the most common
use case, the Entity will be the UA, and the DRIP Identifier will be use case, the Entity will be the UA, and the DRIP Identifier will be
the UAS ID; however, other entities may also benefit from having DRIP the UAS ID; however, other entities may also benefit from having DRIP
identifiers, so the Entity type is not prescribed here. identifiers, so the Entity type is not prescribed here.
Whether a UAS ID is generated by the operator, GCS, UA, USS or Whether a UAS ID is generated by the operator, GCS, UA, USS or
registry, or some collaboration thereamong, is unspecified; however, registry, or some collaboration thereamong, is unspecified; however,
there must be agreement on the UAS ID among these entities. there must be agreement on the UAS ID among these entities.
4.3. Privacy 4.3. Privacy
skipping to change at page 23, line 15 skipping to change at page 27, line 4
The privacy requirements above are for DRIP, neither for [F3411-19] The privacy requirements above are for DRIP, neither for [F3411-19]
(which requires obfuscation of location to any Network RID subscriber (which requires obfuscation of location to any Network RID subscriber
engaging in wide area surveillance, limits data retention periods, engaging in wide area surveillance, limits data retention periods,
etc. in the interests of privacy), nor for UAS RID in any specific etc. in the interests of privacy), nor for UAS RID in any specific
jurisdiction (which may have its own regulatory requirements). The jurisdiction (which may have its own regulatory requirements). The
requirements above are also in a sense parameterized: who are the requirements above are also in a sense parameterized: who are the
"authorized actors", how are they designated, how are they "authorized actors", how are they designated, how are they
authenticated, etc.? authenticated, etc.?
4.4. Registries 4.4. Registries
REG-1 Public Lookup: DRIP MUST enable lookup, from the UAS ID, of REG-1 Public Lookup: DRIP MUST enable lookup, from the UAS ID, of
information designated by cognizant authority as public, and information designated by cognizant authority as public, and
MUST NOT restrict access to this information based on identity MUST NOT restrict access to this information based on identity
of the party submitting the query. or role of the party submitting the query.
REG-2 Private Lookup: DRIP MUST enable lookup of private information REG-2 Private Lookup: DRIP MUST enable lookup of private information
(i.e., any and all information in a registry, associated with (i.e., any and all information in a registry, associated with
the UAS ID, that is designated by neither cognizant authority the UAS ID, that is designated by neither cognizant authority
nor the information owner as public), and MUST, per policy, nor the information owner as public), and MUST, per policy,
enforce AAA, including restriction of access to this enforce AAA, including restriction of access to this
information based on identity of the party submitting the information based on identity or role of the party submitting
query. the query.
REG-3 Provisioning: DRIP MUST enable provisioning registries with REG-3 Provisioning: DRIP MUST enable provisioning registries with
static information on the UAS and its operator, dynamic static information on the UAS and its operator, dynamic
information on its current operation within the UTM (including information on its current operation within the U-space / UTM
means by which the USS under which the UAS is operating may be (including means by which the USS under which the UAS is
contacted for further, typically even more dynamic, operating may be contacted for further, typically even more
information), and Internet direct contact information for dynamic, information), and Internet direct contact information
services related to the foregoing. for services related to the foregoing.
REG-4 AAA Policy: DRIP MUST enable closing the AAA-policy registry REG-4 AAA Policy: DRIP MUST enable closing the AAA-policy registry
loop by governing AAA per registered policies and loop by governing AAA per registered policies and
administering policies only via AAA. administering policies only via AAA.
Registries are fundamental to RID. Only very limited information can
be Broadcast, but extended information is sometimes needed. The most
essential element of information sent is the UAS ID itself, the
unique key for lookup of extended information in registries. Beyond
designating the UAS ID as that unique key, the registry information
model is not specified herein, in part because regulatory
requirements for different registries (UAS operators and their UA,
each narrowly for UAS RID and broadly for U-space / UTM) and business
models for meeting those requirements are in flux. However those may
evolve, the essential registry functions remain the same, so are
specified herein.
5. IANA Considerations 5. IANA Considerations
This document does not make any IANA request. This document does not make any IANA request.
6. Security Considerations 6. Security Considerations
DRIP is all about safety and security, so content pertaining to such DRIP is all about safety and security, so content pertaining to such
is not limited to this section. Potential vulnerabilities of DRIP is not limited to this section. Potential vulnerabilities of DRIP
include but are not limited to: include but are not limited to:
skipping to change at page 24, line 19 skipping to change at page 28, line 19
* Malicious or malfunctioning registries * Malicious or malfunctioning registries
* Interception of (e.g. Man In The Middle attacks on) registration * Interception of (e.g. Man In The Middle attacks on) registration
messages messages
* UA impersonation through private key extraction, improper key * UA impersonation through private key extraction, improper key
sharing or carriage of a small (presumably harmless) UA, e.g. as a sharing or carriage of a small (presumably harmless) UA, e.g. as a
"false flag", by a larger (malicious) UA "false flag", by a larger (malicious) UA
It may be inferred from the Section 4.1 General requirements for
Provable Ownership, Provable Binding and Provable Registration,
together with the Section 4.2 Identifier requirements, that DRIP must
provide:
* message integrity / non-repudiation
* defense against replay attacks
* defense against spoofing
One approach to so doing involves verifiably binding the DRIP
identifier to a public key. Providing these security features,
whether via this approach or another, is likely to be especially
challenging for Observers without Internet connectivity at the time
of observation. E.g. checking the signature of a registry on a
public key certificate received via Broadcast RID in a remote area
presumably would require that the registry's public key had been
previously installed on the Observer's device, yet there may be many
registries and the Observer's device may be storage constrained, and
new registries may come on-line subsequent to installation of DRIP
software on the Observer's device. Thus there may be caveats on the
extent to which requirements can be satisfied in such cases, yet
strenuous effort should be made to satisfy them, as such cases, e.g.
firefighting in a national forest, are important.
7. Privacy and Transparency Considerations 7. Privacy and Transparency Considerations
Privacy is closely related to but not synonymous with security, and Privacy is closely related to but not synonymous with security, and
conflicts with transparency. Privacy and transparency are important conflicts with transparency. Privacy and transparency are important
for legal reasons including regulatory consistency. [EU2018] for legal reasons including regulatory consistency. [EU2018]
[EU2018] states "harmonised and interoperable national registration [EU2018] states "harmonised and interoperable national registration
systems... should comply with the applicable Union and national law systems... should comply with the applicable Union and national law
on privacy and processing of personal data, and the information on privacy and processing of personal data, and the information
stored in those registration systems should be easily accessible." stored in those registration systems should be easily accessible."
skipping to change at page 26, line 33 skipping to change at page 30, line 49
and Tracking", February 2020, and Tracking", February 2020,
<http://www.astm.org/cgi-bin/resolver.cgi?F3411>. <http://www.astm.org/cgi-bin/resolver.cgi?F3411>.
[FAACONOPS] [FAACONOPS]
FAA Office of NextGen, "UTM Concept of Operations v2.0", FAA Office of NextGen, "UTM Concept of Operations v2.0",
March 2020. March 2020.
[I-D.maeurer-raw-ldacs] [I-D.maeurer-raw-ldacs]
Maeurer, N., Graeupl, T., and C. Schmitt, "L-band Digital Maeurer, N., Graeupl, T., and C. Schmitt, "L-band Digital
Aeronautical Communications System (LDACS)", Work in Aeronautical Communications System (LDACS)", Work in
Progress, Internet-Draft, draft-maeurer-raw-ldacs-05, 14 Progress, Internet-Draft, draft-maeurer-raw-ldacs-06, 2
August 2020, October 2020,
<https://tools.ietf.org/html/draft-maeurer-raw-ldacs-05>. <https://tools.ietf.org/html/draft-maeurer-raw-ldacs-06>.
[ICAOATM] International Civil Aviation Organization, "Doc 4444: [ICAOATM] International Civil Aviation Organization, "Doc 4444:
Procedures for Air Navigation Services: Air Traffic Procedures for Air Navigation Services: Air Traffic
Management", November 2016. Management", November 2016.
[ICAOUAS] International Civil Aviation Organization, "Circular 328:
Unmanned Aircraft Systems", February 2011.
[ICAOUTM] International Civil Aviation Organization, "Unmanned [ICAOUTM] International Civil Aviation Organization, "Unmanned
Aircraft Systems Traffic Management (UTM) - A Common Aircraft Systems Traffic Management (UTM) - A Common
Framework with Core Principles for Global Harmonization, Framework with Core Principles for Global Harmonization,
Edition 2", November 2019. Edition 2", November 2019.
[Implementing] [Implementing]
European Union Aviation Safety Agency (EASA), "Commission European Union Aviation Safety Agency (EASA), "Commission
Implementing Regulation (EU) 2019/947 of 24 May 2019 on Implementing Regulation (EU) 2019/947 of 24 May 2019 on
the rules and procedures for the operation of unmanned the rules and procedures for the operation of unmanned
aircraft", May 2019. aircraft", May 2019.
[InitialView]
SESAR Joint Undertaking, "Initial view on Principles for
the U-space architecture", July 2019.
[NPRM] United States Federal Aviation Administration (FAA), [NPRM] United States Federal Aviation Administration (FAA),
"Notice of Proposed Rule Making on Remote Identification "Notice of Proposed Rule Making on Remote Identification
of Unmanned Aircraft Systems", December 2019. of Unmanned Aircraft Systems", December 2019.
[OpenDroneID] [OpenDroneID]
Intel Corp., "Open Drone ID", March 2019, Intel Corp., "Open Drone ID", March 2019,
<https://github.com/opendroneid/specs>. <https://github.com/opendroneid/specs>.
[Opinion1] European Union Aviation Safety Agency (EASA), "Opinion No [Opinion1] European Union Aviation Safety Agency (EASA), "Opinion No
01/2020: High-level regulatory framework for the U-space", 01/2020: High-level regulatory framework for the U-space",
skipping to change at page 29, line 4 skipping to change at page 33, line 27
dispatchers will be able to see UA on their control screens and take dispatchers will be able to see UA on their control screens and take
those into account. If not, a gateway translation system between the those into account. If not, a gateway translation system between the
proposed drone ID and civil aviation system should be implemented. proposed drone ID and civil aviation system should be implemented.
Again, system saturation due to large numbers of UAS is a concern. Again, system saturation due to large numbers of UAS is a concern.
Wi-Fi and Bluetooth are two wireless technologies currently Wi-Fi and Bluetooth are two wireless technologies currently
recommended by ASTM specifications due to their widespread use and recommended by ASTM specifications due to their widespread use and
broadcast nature. However, those have limited range (max 100s of broadcast nature. However, those have limited range (max 100s of
meters) and may not reliably deliver UAS ID at high altitude or meters) and may not reliably deliver UAS ID at high altitude or
distance. Therefore, a study should be made of alternative distance. Therefore, a study should be made of alternative
technologies from the telecom domain (WiMax, 5G) or sensor networks technologies from the telecom domain (WiMAX, 5G) or sensor networks
(Sigfox, LORA). Such transmission technologies can impose additional (Sigfox, LORA). Such transmission technologies can impose additional
restrictions on packet sizes and frequency of transmissions, but restrictions on packet sizes and frequency of transmissions, but
could provide better energy efficiency and range. In civil aviation, could provide better energy efficiency and range. In civil aviation,
Controller-Pilot Data Link Communications (CPDLC) is used to transmit Controller-Pilot Data Link Communications (CPDLC) is used to transmit
command and control between the pilots and ATC. It could be command and control between the pilots and ATC. It could be
considered for UAS as well due to long range and proven use despite considered for UAS as well due to long range and proven use despite
its lack of security [cpdlc]. its lack of security [cpdlc].
L-band Digital Aeronautical Communications System (LDACS) is being L-band Digital Aeronautical Communications System (LDACS) is being
standardized by ICAO and IETF for use in future civil aviation standardized by ICAO and IETF for use in future civil aviation
 End of changes. 88 change blocks. 
360 lines changed or deleted 547 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/