draft-ietf-drip-reqs-00.txt   draft-ietf-drip-reqs-01.txt 
DRIP S. Card, Ed. DRIP S. Card, Ed.
Internet-Draft A. Wiethuechter Internet-Draft A. Wiethuechter
Intended status: Informational AX Enterprize Intended status: Informational AX Enterprize
Expires: 19 November 2020 R. Moskowitz Expires: 26 November 2020 R. Moskowitz
HTT Consulting HTT Consulting
18 May 2020 A. Gurtov
Linköping University
25 May 2020
Drone Remote Identification Protocol (DRIP) Requirements Drone Remote Identification Protocol (DRIP) Requirements
draft-ietf-drip-reqs-00 draft-ietf-drip-reqs-01
Abstract Abstract
This document defines the requirements for Drone Remote This document defines the requirements for Drone Remote
Identification Protocol (DRIP) Working Group protocols and services Identification Protocol (DRIP) Working Group protocols to support
to support Unmanned Aircraft System Remote Identification (UAS RID). Unmanned Aircraft System Remote Identification and tracking (UAS RID)
for safety, regulatory compliance and other purposes.
Objectives include: complementing external technical standards as Complementing external technical standards as regulator-accepted
regulator-accepted means of compliance with UAS RID regulations; means of compliance with UAS RID regulations, DRIP will:
facilitating use of existing Internet resources to support UAS RID
and to enable enhanced related services; and enabling verification facilitate use of existing Internet resources to support UAS RID
that UAS RID information is trustworthy (to some extent, even in the and to enable enhanced related services;
absence of Internet connectivity at the receiving node).
enable on-line and off-line verification that UAS RID information
is trustworthy.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 19 November 2020. This Internet-Draft will expire on 26 November 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License. provided without warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 5 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 6
2.1. Requirements Terminology . . . . . . . . . . . . . . . . 5 2.1. Requirements Terminology . . . . . . . . . . . . . . . . 6
2.2. Definitions . . . . . . . . . . . . . . . . . . . . . . . 5 2.2. Definitions . . . . . . . . . . . . . . . . . . . . . . . 6
3. UAS RID Problem Space . . . . . . . . . . . . . . . . . . . . 10 3. UAS RID Problem Space . . . . . . . . . . . . . . . . . . . . 12
3.1. Network RID . . . . . . . . . . . . . . . . . . . . . . . 11 3.1. Network RID . . . . . . . . . . . . . . . . . . . . . . . 13
3.2. Broadcast RID . . . . . . . . . . . . . . . . . . . . . . 12 3.2. Broadcast RID . . . . . . . . . . . . . . . . . . . . . . 14
3.3. DRIP Focus . . . . . . . . . . . . . . . . . . . . . . . 12 3.3. DRIP Focus . . . . . . . . . . . . . . . . . . . . . . . 14
4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 13 4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 15
4.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 13 4.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.2. Identifier . . . . . . . . . . . . . . . . . . . . . . . 15 4.2. Identifier . . . . . . . . . . . . . . . . . . . . . . . 17
4.3. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 16 4.3. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 18
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 4.4. Registries . . . . . . . . . . . . . . . . . . . . . . . 18
6. Security Considerations . . . . . . . . . . . . . . . . . . . 16 5. Discussion and Limitations . . . . . . . . . . . . . . . . . 19
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 7. Security Considerations . . . . . . . . . . . . . . . . . . . 20
8.1. Normative References . . . . . . . . . . . . . . . . . . 17 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 21
8.2. Informative References . . . . . . . . . . . . . . . . . 17 References . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 Normative References . . . . . . . . . . . . . . . . . . . . . 21
Informative References . . . . . . . . . . . . . . . . . . . . 21
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23
1. Introduction 1. Introduction
Many safety and other considerations dictate that UAS be remotely Many considerations (especially safety) dictate that UAS be remotely
identifiable. Civil Aviation Authorities (CAAs) worldwide are identifiable. Any observer with responsibilities involving aircraft
mandating UAS RID. The European Union Aviation Safety Agency (EASA) inherently must classify them situationally according to basic
has published [Delegated] and [Implementing] Regulations. The United considerations, as illustrated notionally in Figure 1 below.
States (US) Federal Aviation Administration (FAA) has published a
Notice of Proposed Rule Making ([NPRM]). CAAs currently promulgate xxxxxxx +--------------+
performance-based regulations that do not specify techniques, but x x No | |
rather cite industry consensus technical standards as acceptable x ID? x+---->| UNIDENTIFIED |
means of compliance. x x | |
xxxxxxx +--------------+
+
| Yes
v
xxxxxxx
x x
+---------+x TYPE? x+----------+
| x x |
| xxxxxxx |
| + |
v v v
+--------------+ +--------------+ +--------------+
| | | | | |
| TASKABLE | | LOW CONCERN | | HIGH CONCERN |
| | | | | |
+--------------+ +--------------+ +--------------+
Figure 1
Civil Aviation Authorities (CAAs) worldwide are mandating Unmanned
Aircraft System Remote Identification and tracking (UAS RID). The
European Union Aviation Safety Agency (EASA) has published
[Delegated] and [Implementing] Regulations. The United States (US)
Federal Aviation Administration (FAA) has published a Notice of
Proposed Rule Making ([NPRM]) and has described the key role that UAS
RID plays in UAS Traffic Management (UTM [CONOPS] especially
Section 2.6). CAAs currently (2020) promulgate performance-based
regulations that do not specify techniques, but rather cite industry
consensus technical standards as acceptable means of compliance.
ASTM International, Technical Committee F38 (UAS), Subcommittee ASTM International, Technical Committee F38 (UAS), Subcommittee
F38.02 (Aircraft Operations), Work Item WK65041, developed ASTM F38.02 (Aircraft Operations), Work Item WK65041, developed ASTM
F3411-19 [F3411-19] Standard Specification for Remote ID and F3411-19 [F3411-19] Standard Specification for Remote ID and
Tracking. It defines 2 means of UAS RID. Network RID defines a set Tracking. It defines two means of UAS RID:
of information for UAS to make available globally indirectly via the
Internet. Broadcast RID defines a set of messages for Unmanned
Aircraft (UA) to transmit locally directly one-way over Bluetooth or
Wi-Fi. Network RID depends upon Internet connectivity, in several
segments, from the UAS to the observer. Broadcast RID should need
Internet (or other Wide Area Network) connectivity only for UAS
registry information lookup using the directly locally received UAS
ID as a key. It is expected that the same information will be
provided via Broadcast and Network RID; in the US, the FAA NPRM so
specifies.
[F3411-19] specifies 3 UAS ID types. Type 1 is a static, Network RID defines a set of information for UAS to make available
manufacturer assigned, hardware serial number per ANSI/CTA-2063-A globally indirectly via the Internet.
"Small Unmanned Aerial System Serial Numbers" [CTA2063A]. Type 2 is
a CAA assigned (presumably static) ID. Type 3 is a UAS Traffic Broadcast RID defines a set of messages for Unmanned Aircraft (UA)
Management (UTM) system assigned UUID [RFC4122], which can but need to transmit locally directly one-way over Bluetooth or Wi-Fi.
not be dynamic. The EU allows only Type 1; the US allows Types 1 and
3, but requires Type 3 IDs (if used) each to be used only once (for a Generally the same information must provided via both means. Network
single UAS flight, which in the context of UTM is called an RID depends upon Internet connectivity in several segments from the
"operation"). [F3411-19] Broadcast RID transmits all information in UAS to the observer. Broadcast RID should need Internet (or other
the clear as plaintext (ASCII or binary), so static IDs enable Wide Area Network) connectivity only for UAS registry information
trivial correlation of patterns of use, unacceptable in many lookup using the directly locally received UAS ID as a key.
applications, e.g. package delivery routes of competitors.
[F3411-19] specifies 3 UAS ID types:
TYPE-1 A static, manufacturer assigned, hardware serial number per
ANSI/CTA-2063-A "Small Unmanned Aerial System Serial Numbers"
[CTA2063A].
TYPE-2 A CAA assigned (presumably static) ID.
TYPE-3 A UTM system assigned UUID [RFC4122], which can but need not
be dynamic.
The EU allows only Type 1; the US allows Types 1 and 3, but requires
Type 3 IDs (if used) each to be used only once (for a single UAS
flight, which in the context of UTM is called an "operation").
[F3411-19] Broadcast RID transmits all information in the clear as
plaintext (ASCII or binary), so static IDs enable trivial correlation
of patterns of use, unacceptable in many applications, e.g., package
delivery routes of competitors.
An ID is not an end in itself; it exists to enable lookups and An ID is not an end in itself; it exists to enable lookups and
provision of services complementing mere identification. provision of services complementing mere identification.
Minimal specified information must be made available to the public; Minimal specified information must be made available to the public;
access to other data, e.g. UAS operator Personally Identifiable access to other data, e.g., UAS operator Personally Identifiable
Information (PII), must be limited to strongly authenticated Information (PII), must be limited to strongly authenticated
personnel, properly authorized per policy. The balance between personnel, properly authorized per policy. The balance between
privacy and transparency remains a subject for public debate and privacy and transparency remains a subject for public debate and
regulatory action; DRIP can only offer tools to expand the achievable regulatory action; DRIP can only offer tools to expand the achievable
trade space and enable trade-offs within that space. [F3411-19] trade space and enable trade-offs within that space. [F3411-19]
specifies only how to get the UAS ID to the observer; how the specifies only how to get the UAS ID to the observer; how the
observer can perform these lookups, and how the registries first can observer can perform these lookups, and how the registries first can
be populated with information, is unspecified. be populated with information, is unspecified.
Using UAS RID to facilitate vehicular (V2X) communications and Using UAS RID to facilitate vehicular (V2X) communications and
skipping to change at page 4, line 7 skipping to change at page 5, line 9
based on a distinction between RID as a security standard vs DAA as a based on a distinction between RID as a security standard vs DAA as a
safety application. Although dynamic establishment of secure safety application. Although dynamic establishment of secure
communications between the observer and the UAS pilot seems to have communications between the observer and the UAS pilot seems to have
been contemplated by the FAA UAS ID and Tracking Aviation Rulemaking been contemplated by the FAA UAS ID and Tracking Aviation Rulemaking
Committee (ARC) in their [Recommendations], it is not addressed in Committee (ARC) in their [Recommendations], it is not addressed in
any of the subsequent proposed regulations or technical any of the subsequent proposed regulations or technical
specifications. specifications.
The need for near-universal deployment of UAS RID is pressing. This The need for near-universal deployment of UAS RID is pressing. This
implies the need to support use by observers of already ubiquitous implies the need to support use by observers of already ubiquitous
mobile devices (smartphones and tablets). Anticipating likely CAA mobile devices (typically smartphones and tablets). Anticipating
requirements to support legacy devices, especially in light of likely CAA requirements to support legacy devices, especially in
[Recommendations], [F3411-19] specifies that any UAS sending light of [Recommendations], [F3411-19] specifies that any UAS sending
Broadcast RID over Bluetooth must do so over Bluetooth 4, regardless Broadcast RID over Bluetooth must do so over Bluetooth 4, regardless
of whether it also does so over newer versions; as UAS sender devices of whether it also does so over newer versions; as UAS sender devices
and observer receiver devices are unpaired, this implies extremely and observer receiver devices are unpaired, this implies extremely
short "advertisement" (beacon) frames. short "advertisement" (beacon) frames.
UA onboard RID devices are severely constrained in Size, Weight and UA onboard RID devices are severely constrained in Cost, Size, Weight
Power (SWaP). Cost is a significant impediment to the necessary and Power ($SWaP). Cost is a significant impediment to the necessary
near-universal adoption of UAS send and observer receive RID near-universal adoption of UAS send and observer receive RID
capabilities. To accommodate the most severely constrained cases, capabilities. $SWaP is a burden not only on the designers of new UA
all these conspire to motivate system design decisions, especially for production and sale, but also on owners of existing UA that must
for the Broadcast RID data link, which complicate the protocol design be retrofit. Radio Controlled (RC) aircraft modelers, "hams" who use
licensed amateur radio frequencies to control UAS, drone hobbyists
and others who custom build UAS all need means of participating in
UAS RID sensitive to both generic $SWaP and application-specific
considerations.
To accommodate the most severely constrained cases, all these
conspire to motivate system design decisions, especially for the
Broadcast RID data link, which complicate the protocol design
problem: one-way links; extremely short packets; and Internet- problem: one-way links; extremely short packets; and Internet-
disconnected operation of UA onboard devices. Internet-disconnected disconnected operation of UA onboard devices. Internet-disconnected
operation of observer devices has been deemed by ASTM F38.02 too operation of observer devices has been deemed by ASTM F38.02 too
infrequent to address, but for some users is important and presents infrequent to address, but for some users is important and presents
further challenges. further challenges.
Despite work by regulators and Standards Development Organizations
(SDOs), there are substantial gaps in UAS standards generally and UAS
RID specifically. [Roadmap] especially Section 7.8 catalogs UAS RID
standards, ongoing standardization activities and gaps.
Given not only packet payload length and bandwidth, but also Given not only packet payload length and bandwidth, but also
processing and storage within the SWaP constraints of very small processing and storage within the $SWaP constraints of very small
(e.g. consumer toy) UA, heavyweight cryptographic security protocols (e.g. consumer toy) UA, heavyweight cryptographic security protocols
are infeasible, yet trustworthiness of UAS RID information is are infeasible, yet trustworthiness of UAS RID information is
essential. Under [F3411-19], even the most basic datum, the UAS ID essential. Under [F3411-19], even the most basic datum, the UAS ID
string (typically number) itself can be merely an unsubstantiated string (typically number) itself can be merely an unsubstantiated
claim. Observer devices being ubiquitous, thus popular targets for claim. Observer devices being ubiquitous, thus popular targets for
malware or other compromise, cannot be generally trusted (although malware or other compromise, cannot be generally trusted (although
the user of each device is compelled to trust that device, to some the user of each device is compelled to trust that device, to some
extent); a "fair witness" functionality (inspired by [Stranger]) may extent); a "fair witness" functionality (inspired by [Stranger]) may
be desirable. be desirable.
DRIP's goal is to make RID immediately actionable, in both Internet DRIP's initial goal is to make RID immediately actionable, in both
and local-only connected scenarios (especially emergencies), in Internet and local-only connected scenarios (especially emergencies),
severely constrained UAS environments, balancing legitimate (e.g. in severely constrained UAS environments, balancing legitimate (e.g.,
public safety) authorities' Need To Know trustworthy information with public safety) authorities' Need To Know trustworthy information with
UAS operators' privacy. DRIP (originally called Trustworthy UAS operators' privacy. By "immediately actionable" is meant
Multipurpose Remote Identification, TM-RID) potentially could be information of sufficient precision, accuracy, timeliness, etc. for
applied to verifiably identify other types of registered things an observer to use it as the basis for immediate decisive action,
reported to be in specified physical locations, but the urgent whether that be to trigger a defensive counter-UAS system, to attempt
motivation and clear initial focus is UAS. Existing Internet to initiate communications with the UAS operator, to accept the
resources (protocol standards, services, infrastructure, and business presence of the UAS in the airspace where/when observed as not
models) should be leveraged. A natural Internet architecture for UAS requiring further action, or whatever, with potentially severe
RID conforming to proposed regulations and external technical consequences of any action or inaction chosen based on that
standards will be described in a companion DRIP Architecture information. Potential follow-on goals may extend beyond providing
document; this document describes only requirements. timely and trustworthy identification data, to using it to enable
identity-oriented networking of UAS.
DRIP (originally Trustworthy Multipurpose Remote Identification, TM-
RID) potentially could be applied to verifiably identify other types
of registered things reported to be in specified physical locations,
but the urgent motivation and clear initial focus is UAS. Existing
Internet resources (protocol standards, services, infrastructure, and
business models) should be leveraged. A natural Internet based
architecture for UAS RID conforming to proposed regulations and
external technical standards is described in a companion architecture
document [I-D.ietf-drip-arch]; this document describes only relevant
requirements.
2. Terms and Definitions 2. Terms and Definitions
2.1. Requirements Terminology 2.1. Requirements Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
2.2. Definitions 2.2. Definitions
This section defines a set of terms that are used in DRIP documents.
This list is meant to be the DRIP terminology reference. Some of the
terms listed below are not used in this document.
$SWaP $SWaP
Cost, Size, Weight and Power. Cost, Size, Weight and Power.
AAA AAA
Attestation, Authentication, Authorization, Access Control, Attestation, Authentication, Authorization, Access Control,
Accounting, Attribution, Audit. Accounting, Attribution, Audit.
ABDAA ABDAA
AirBorne DAA. Also known as "self-separation". AirBorne DAA. Also known as "self-separation".
ADS-B
Automatic Dependent Surveillance - Broadcast. "ADS-B Out"
equipment obtains aircraft position from other on-board systems
(typically GPS) and periodically broadcasts it to "ADS-B In"
equipped entities, including other aircraft, ground stations and
satellite based monitoring systems.
AGL AGL
Above Ground Level. Relative altitude, above the variously Above Ground Level. Relative altitude, above the variously
defined local ground level, typically of an UA, typically measured defined local ground level, typically of an UA, typically measured
in feet. in feet.
ATC ATC
Air Traffic Control. Explicit flight direction to pilots from Air Traffic Control. Explicit flight direction to pilots from
ground controllers. Contrast with ATM. ground controllers. Contrast with ATM.
ATM ATM
skipping to change at page 5, line 49 skipping to change at page 7, line 41
and/or a higher layer of abstraction than ATC. and/or a higher layer of abstraction than ATC.
Authentication Message Authentication Message
F3411 Message Type 2. Provides framing for authentication data, F3411 Message Type 2. Provides framing for authentication data,
only. only.
Basic ID Message Basic ID Message
F3411 Message Type 0. Provides UA Type, UAS ID Type and UAS ID, F3411 Message Type 0. Provides UA Type, UAS ID Type and UAS ID,
only. only.
BLOS
Beyond Line Of Sight (LOS). Term to be avoided due to ambiguity.
See LOS.
BVLOS
Beyond Visual Line Of Sight (V-LOS). See V-LOS.
CAA CAA
Civil Aviation Authority. An example is the Federal Aviation Civil Aviation Authority. Two examples are the United States
Administration (FAA) in the United States of America. Federal Aviation Administration (FAA) and the European Union
Aviation Safety Agency (EASA).
C2 C2
Command and Control. A set of organizational and technical Command and Control. A set of organizational and technical
attributes and processes that employs human, physical, and attributes and processes that employs human, physical, and
information resources to solve problems and accomplish missions. information resources to solve problems and accomplish missions.
Mainly used in military contexts. In the UAS context, typically Previously primarily used in military contexts. In the UAS
refers to the link between GCS and UA over which the former context, typically refers to the link between GCS and UA over
controls the latter. Out of scope for DRIP, even when this link which the former controls the latter.
is used to provide UA location to the GCS or vice-versa, for
subsequent RID transmission.
DAA DAA
Detect And Avoid, formerly Sense And Avoid (SAA). A means of Detect And Avoid, formerly Sense And Avoid (SAA). A means of
keeping aircraft "well clear" of each other for safety. keeping aircraft "well clear" of each other for safety.
Direct RID Direct RID
Direct Remote Identification. Per [Delegated], "a system that Direct Remote Identification. Per [Delegated], "a system that
ensures the local broadcast of information about a UA in ensures the local broadcast of information about a UA in
operation, including the marking of the UA, so that this operation, including the marking of the UA, so that this
information can be obtained without physical access to the UA". information can be obtained without physical access to the UA".
skipping to change at page 8, line 20 skipping to change at page 10, line 16
Network Identification Service Network Identification Service
EU regulatory requirement for Network RID. Requirement could be EU regulatory requirement for Network RID. Requirement could be
met with ASTM Network RID: Basic ID message with UAS ID Type 1; met with ASTM Network RID: Basic ID message with UAS ID Type 1;
Location/Vector message; Operator ID message; System Message. Location/Vector message; Operator ID message; System Message.
Corresponds roughly to the Network RID portion of FAA NPRM Corresponds roughly to the Network RID portion of FAA NPRM
Standard RID. Standard RID.
Observer Observer
Referred to in other UAS RID documents as a "user", but there are Referred to in other UAS RID documents as a "user", but there are
also other classes of UAS RID users, so we prefer "observer" to also other classes of UAS RID users, so here "observer" is
denote an individual who has observed an UA and wishes to know preferred to denote specifically an individual who has observed an
something about it, starting with its ID. UA and wishes to know something about it, starting with its ID.
Operator
UAS operator. Typically an organization that owns or leases the
UAS.
Operator ID Message Operator ID Message
F3411 Message Type 5. Provides CAA issued Operator ID, only. F3411 Message Type 5. Provides CAA issued Operator ID, only.
PII PII
Personally Identifiable Information. In this context, typically Personally Identifiable Information. In this context, typically
of the UAS operator, Pilot In Command (PIC) or remote pilot, but of the UAS operator, Pilot In Command (PIC) or remote pilot, but
possibly of an observer or other party. possibly of an observer or other party.
RF RF
skipping to change at page 9, line 9 skipping to change at page 11, line 10
RID (if Internet connectivity is available at the time in the RID (if Internet connectivity is available at the time in the
operating area) and Broadcast RID (always and everywhere), and operating area) and Broadcast RID (always and everywhere), and
must provide both pilot/GCS location and UA location. This mode must provide both pilot/GCS location and UA location. This mode
is required for UAS that exceed the allowed envelope (e.g. size, is required for UAS that exceed the allowed envelope (e.g. size,
range) of Limited RID and for all UAS equipped for Standard RID range) of Limited RID and for all UAS equipped for Standard RID
(even if operated within parameters that would otherwise permit (even if operated within parameters that would otherwise permit
Limited RID). The Broadcast RID portion corresponds roughly to EU Limited RID). The Broadcast RID portion corresponds roughly to EU
Direct RID; the Network RID portion corresponds roughly to EU Direct RID; the Network RID portion corresponds roughly to EU
Network Identification Service. Network Identification Service.
SDO
Standards Development Organization. ASTM, IETF, et al.
SDSP SDSP
Supplemental Data Service Provider. An entity that participates Supplemental Data Service Provider. An entity that participates
in the UTM system, but provides services beyond those specified as in the UTM system, but provides services beyond those specified as
basic UTM system functions. basic UTM system functions.
System Message System Message
F3411 Message Type 4. Provides general UAS information, including F3411 Message Type 4. Provides general UAS information, including
remote pilot location, multiple UA group operational area, etc. remote pilot location, multiple UA group operational area, etc.
U-space U-space
EU concept and emerging framework for integration of UAS into all EU concept and emerging framework for integration of UAS into all
classes of airspace, specifically including high density urban classes of airspace, specifically including high density urban
areas, sharing airspace with manned aircraft. areas, sharing airspace with manned aircraft.
UA UA
Unmanned Aircraft. An aircraft which is intended to operate with Unmanned Aircraft. An aircraft which is intended to operate with
no pilot on board. In popular parlance, "drone". no pilot on board. In popular parlance, "drone". Plural form of
UA is UA.
UAS UAS
Unmanned Aircraft System. Composed of UA, all required on-board Unmanned Aircraft System. Composed of UA, all required on-board
subsystems, payload, control station, other required off-board subsystems, payload, control station, other required off-board
subsystems, any required launch and recovery equipment, all subsystems, any required launch and recovery equipment, all
required crew members, and C2 links between UA and control required crew members, and C2 links between UA and control
station. station. Plural form of UAS is UAS.
UAS ID UAS ID
UAS identifier. Although called "UAS ID", unique to the UA: UAS identifier. Although called "UAS ID", unique to the UA:
neither to the operator (as previous registration numbers have neither to the operator (as previous registration numbers have
been assigned), nor to the combination of GCS and UA that comprise been assigned), nor to the combination of GCS and UA that comprise
the UAS. Per [F3411-19], maximum length of 20 bytes. the UAS. Per [F3411-19], maximum length of 20 bytes.
UAS ID Type UAS ID Type
Identifier type index. Per [F3411-19], 4 bits, values 0-3 already Identifier type index. Per [F3411-19], 4 bits, values 0-3 already
specified. specified.
skipping to change at page 10, line 6 skipping to change at page 12, line 11
UAS RID UAS RID
UAS Remote Identification. System for identifying UA during UAS Remote Identification. System for identifying UA during
flight by other parties. flight by other parties.
UAS RID Verification Service UAS RID Verification Service
System component designed to handle the authentication System component designed to handle the authentication
requirements of RID by offloading verification to a web hosted requirements of RID by offloading verification to a web hosted
service. service.
USS USS
UAS Service Supplier. Provide UTM services to support the UAS UAS Service Supplier. "A USS is an entity that assists UAS
community, to connect Operators and other entities to enable Operators with meeting UTM operational requirements that enable
information flow across the USS network, and to promote shared safe and efficient use of airspace" and "... provide services to
situational awareness among UTM participants. (From FAA UTM support the UAS community, to connect Operators and other entities
ConOps V1, May 2018). to enable information flow across the USS Network,and to promote
shared situational awareness among UTM participants." per
[CONOPS].
UTM UTM
UAS Traffic Management. Per ICAO, "A specific aspect of air UAS Traffic Management. Per ICAO, "A specific aspect of air
traffic management which manages UAS operations safely, traffic management which manages UAS operations safely,
economically and efficiently through the provision of facilities economically and efficiently through the provision of facilities
and a seamless set of services in collaboration with all parties and a seamless set of services in collaboration with all parties
and involving airborne and ground-based functions." In the US, and involving airborne and ground-based functions." In the US,
per FAA, a "traffic management" ecosystem for "uncontrolled" low per FAA, a "traffic management" ecosystem for "uncontrolled" low
altitude UAS operations, separate from, but complementary to, the altitude UAS operations, separate from, but complementary to, the
FAA's ATC system for "controlled" operations of manned aircraft. FAA's ATC system for "controlled" operations of manned aircraft.
skipping to change at page 10, line 33 skipping to change at page 12, line 40
Visual LOS. Typically used in describing operation of an UA by a Visual LOS. Typically used in describing operation of an UA by a
"remote" pilot who can clearly directly (without video cameras or "remote" pilot who can clearly directly (without video cameras or
any other aids other than glasses or under some rules binoculars) any other aids other than glasses or under some rules binoculars)
see the UA and its immediate flight environment. Potentially see the UA and its immediate flight environment. Potentially
subject to blockage by foliage, structures, terrain or other subject to blockage by foliage, structures, terrain or other
vehicles, more so than RF-LOS. vehicles, more so than RF-LOS.
3. UAS RID Problem Space 3. UAS RID Problem Space
UA may be fixed wing Short Take-Off and Landing (STOL), rotary wing UA may be fixed wing Short Take-Off and Landing (STOL), rotary wing
(e.g. helicopter) Vertical Take-Off and Landing (VTOL), or hybrid. (e.g., helicopter) Vertical Take-Off and Landing (VTOL), or hybrid.
They may be single engine or multi engine. The most common today are They may be single engine or multi engine. The most common today are
multicopters: rotary wing, multi engine. The explosion in UAS was multicopters: rotary wing, multi engine. The explosion in UAS was
enabled by hobbyist development, for multicopters, of advanced flight enabled by hobbyist development, for multicopters, of advanced flight
stability algorithms, enabling even inexperienced pilots to take off, stability algorithms, enabling even inexperienced pilots to take off,
fly to a location of interest, hover, and return to the take-off fly to a location of interest, hover, and return to the take-off
location or land at a distance. UAS can be remotely piloted by a location or land at a distance. UAS can be remotely piloted by a
human (e.g. with a joystick) or programmed to proceed from Global human (e.g., with a joystick) or programmed to proceed from Global
Positioning System (GPS) waypoint to waypoint in a weak form of Positioning System (GPS) waypoint to waypoint in a weak form of
autonomy; stronger autonomy is coming. UA are "low observable": they autonomy; stronger autonomy is coming. UA are "low observable": they
typically have a small radar cross section; they make noise quite typically have a small radar cross section; they make noise quite
noticeable at short range but difficult to detect at distances they noticeable at short range but difficult to detect at distances they
can quickly close (500 meters in under 17 seconds at 60 knots); they can quickly close (500 meters in under 17 seconds at 60 knots); they
typically fly at low altitudes (for the small UAS to which RID typically fly at low altitudes (for the small UAS to which RID
applies in the US, under 400 feet AGL); they are highly maneuverable applies in the US, under 400 feet AGL); they are highly maneuverable
so can fly under trees and between buildings. so can fly under trees and between buildings.
UA can carry payloads including sensors, cyber and kinetic weapons, UA can carry payloads including sensors, cyber and kinetic weapons,
skipping to change at page 11, line 27 skipping to change at page 13, line 35
3.1. Network RID 3.1. Network RID
Network RID has several variants. The UA may have persistent onboard Network RID has several variants. The UA may have persistent onboard
Internet connectivity, in which case it can consistently source RID Internet connectivity, in which case it can consistently source RID
information directly over the Internet. The UA may have intermittent information directly over the Internet. The UA may have intermittent
onboard Internet connectivity, in which case the GCS must source RID onboard Internet connectivity, in which case the GCS must source RID
information whenever the UA itself is offline. The UA may not have information whenever the UA itself is offline. The UA may not have
Internet connectivity of its own, but have instead some other form of Internet connectivity of its own, but have instead some other form of
communications to another node that can relay RID information to the communications to another node that can relay RID information to the
Internet; this would typically be the GCS (which to perform its Internet; this would typically be the GCS (which to perform its
function must know where the UA is). The UA may have no means of function must know where the UA is).
sourcing RID information, in which case the GCS must source it; this
is typical under FAA NPRM Limited RID proposed rules, which require The UA may have no means of sourcing RID information, in which case
providing the location of the GCS (not that of the UA). In the the GCS must source it; this is typical under FAA NPRM Limited RID
extreme case, this could be the pilot using a web browser to proposed rules, which require providing the location of the GCS (not
designate, to an UAS Service Supplier (USS) or other UTM entity, a that of the UA). In the extreme case, this could be the pilot using
time-bounded airspace volume in which an operation will be conducted; a web browser to designate, to an UAS Service Supplier (USS) or other
this may impede disambiguation of ID if multiple UAS operate in the UTM entity, a time-bounded airspace volume in which an operation will
same or overlapping spatio-temporal volumes. be conducted; this may impede disambiguation of ID if multiple UAS
operate in the same or overlapping spatio-temporal volumes.
In most cases in the near term, if the RID information is fed to the In most cases in the near term, if the RID information is fed to the
Internet directly by the UA or GCS, the first hop data links will be Internet directly by the UA or GCS, the first hop data links will be
cellular Long Term Evolution (LTE) or WiFi, but provided the data cellular Long Term Evolution (LTE) or Wi-Fi, but provided the data
link can support at least IP and ideally TCP, its type is generally link can support at least UDP/IP and ideally also TCP/IP, its type is
immaterial to the higher layer protocols. An UAS or other ultimate generally immaterial to the higher layer protocols. An UAS as the
source of Network RID information feeds an USS acting as a Network ultimate source of Network RID information feeds an USS acting as a
RID Service Provider (Net-RID SP), which essentially proxies for that Network RID Service Provider (Net-RID SP), which essentially proxies
and other sources; an observer or other ultimate consumer of Network for that and other sources; an observer or other ultimate consumer of
RID information obtains it from a Network RID Display Provider (Net- Network RID information obtains it from a Network RID Display
RID DP), which aggregates information from multiple Net-RID SPs to Provider (Net-RID DP), which aggregates information from multiple
offer coverage of an airspace volume of interest. Network RID Net-RID SPs to offer coverage of an airspace volume of interest.
Service and Display providers are expected to be implemented as Network RID Service and Display providers are expected to be
servers in well-connected infrastructure, accessible via typical implemented as servers in well-connected infrastructure, accessible
means such as web APIs/browsers. via typical means such as web APIs/browsers.
Network RID is the more flexible and less constrained of the defined Network RID is the more flexible and less constrained of the defined
UAS RID means, but is only partially specified in [F3411-19]. It is UAS RID means, but is only partially specified in [F3411-19]. It is
presumed that IETF efforts supporting Broadcast RID (see next presumed that IETF efforts supporting Broadcast RID (see next
section) can be easily generalized for Network RID. section) can be easily generalized for Network RID.
3.2. Broadcast RID 3.2. Broadcast RID
[F3411-19] specifies 3 Broadcast RID data links: Bluetooth 4.X; [F3411-19] specifies three Broadcast RID data links: Bluetooth 4.X;
Bluetooth 5.X Long Range; and WiFi with Neighbor Awareness Networking Bluetooth 5.X Long Range; and Wi-Fi with Neighbor Awareness
(NAN). For compliance with this standard, an UA must broadcast Networking (NAN). For compliance with this standard, an UA must
(using advertisement mechanisms where no other option supports broadcast (using advertisement mechanisms where no other option
broadcast) on at least one of these; if broadcasting on Bluetooth supports broadcast) on at least one of these; if broadcasting on
5.x, it is also required concurrently to do so on 4.x (referred to in Bluetooth 5.x, it is also required concurrently to do so on 4.x
[F3411-19] as Bluetooth Legacy). (referred to in [F3411-19] as Bluetooth Legacy).
The selection of the Broadcast media was driven by research into what The selection of the Broadcast media was driven by research into what
is commonly available on 'ground' units (smartphones and tablets) and is commonly available on 'ground' units (smartphones and tablets) and
what was found as prevalent or 'affordable' in UA. Further, there what was found as prevalent or 'affordable' in UA. Further, there
must be an Application Programming Interface (API) for the observer's must be an Application Programming Interface (API) for the observer's
receiving application to have access to these messages. As yet only receiving application to have access to these messages. As yet only
Bluetooth 4.X support is readily available, thus the current focus is Bluetooth 4.X support is readily available, thus the current focus is
on working within the 26 byte limit of the Bluetooth 4.X "Broadcast on working within the 26 byte limit of the Bluetooth 4.X "Broadcast
Frame" transmitted on beacon channels. After nominal overheads, this Frame" transmitted on beacon channels. After nominal overheads, this
limits the UAS ID string to a maximum length of 20 bytes, and limits the UAS ID string to a maximum length of 20 bytes, and
precludes the same frame carrying position, velocity and other precludes the same frame carrying position, velocity and other
information that should be bound to the UAS ID, much less strong information that should be bound to the UAS ID, much less strong
authentication data. This requires segmentation ("paging") of longer authentication data. This requires segmentation ("paging") of longer
messages or message bundles ("Message Pack"), and/or correlation of messages or message bundles ("Message Pack"), and/or correlation of
short messages (anticipated by ASTM to be done on the basis of short messages (anticipated by ASTM to be done on the basis of
Bluetooth 4 MAC address, which is weak and unverifiable). Bluetooth 4 MAC address, which is weak and unverifiable).
3.3. DRIP Focus 3.3. DRIP Focus
DRIP WG will focus on making information obtained via UAS RID DRIP will focus on making information obtained via UAS RID
immediately usable (for the observer to determine whether the UAS is immediately usable:
trusted to fly in the airspace volume where and when observed, to
establish communications whereby the observer can inquire of the
pilot as to intent and/or direct the pilot to exit from the volume,
etc.):
1. first by making it trustworthy (despite the severe constraints of 1. by making it trustworthy (despite the severe constraints of
Broadcast RID); Broadcast RID);
2. second by enabling verification that an UAS is registered, and if 2. by enabling verification that an UAS is registered, and if so, in
so, in which registry (for classification of trusted operators on which registry (for classification of trusted operators on the
the basis of known registry vetting, even by observers lacking basis of known registry vetting, even by observers lacking
Internet connectivity at observation time); Internet connectivity at observation time);
3. third by enabling instant establishment, by authorized parties, 3. by facilitating independent reports of UA location to confirm or
of secure communications with the remote pilot. refute the operator self-reports upon which UAS RID and UTM
tracking are based;
4. by enabling instant establishment, by authorized parties, of
secure communications with the remote pilot.
Any UA can assert any ID using the [F3411-19] required Basic ID Any UA can assert any ID using the [F3411-19] required Basic ID
message, which lacks any provisions for verification. The Position/ message, which lacks any provisions for verification. The Position/
Vector message likewise lacks provisions for verification, and does Vector message likewise lacks provisions for verification, and does
not contain the ID, so must be correlated somehow with a Basic ID not contain the ID, so must be correlated somehow with a Basic ID
message: the developers of [F3411-19] have suggested using the MAC message: the developers of [F3411-19] have suggested using the MAC
addresses, but these may be randomized by the operating system stack addresses, but these may be randomized by the operating system stack
to avoid the adversarial correlation problems of static identifiers. to avoid the adversarial correlation problems of static identifiers.
The [F3411-19] optional Authentication Message specifies framing for The [F3411-19] optional Authentication Message specifies framing for
authentication data, but does not specify any authentication method, authentication data, but does not specify any authentication method,
and the maximum length of the specified framing is too short for and the maximum length of the specified framing is too short for
conventional digital signatures and far too short for conventional conventional digital signatures and far too short for conventional
certificates. The one-way nature of Broadcast RID precludes certificates. The one-way nature of Broadcast RID precludes
challenge-response security protocols (e.g. observers sending nonces challenge-response security protocols (e.g., observers sending nonces
to UA, to be returned in signed messages). An observer would be to UA, to be returned in signed messages). An observer would be
seriously challenged to validate the asserted UAS ID or any other seriously challenged to validate the asserted UAS ID or any other
information about the UAS or its operator looked up therefrom. information about the UAS or its operator looked up therefrom.
Further, [F3411-19] provides very limited choices for an observer to Further, [F3411-19] provides very limited choices for an observer to
communicate with the pilot, e.g. to request further information on communicate with the pilot, e.g., to request further information on
the UAS operation or exit from an airspace volume in an emergency. the UAS operation or exit from an airspace volume in an emergency.
The System Message provides the location of the pilot/GCS, so an The System Message provides the location of the pilot/GCS, so an
observer could physically go to the asserted GCS location to look for observer could physically go to the asserted GCS location to look for
the remote pilot. An observer with Internet connectivity could look the remote pilot. An observer with Internet connectivity could look
up operator PII in a registry, then call a phone number in hopes up operator PII in a registry, then call a phone number in hopes
someone who can immediately influence the UAS operation will answer someone who can immediately influence the UAS operation will answer
promptly during that operation. promptly during that operation.
Thus complementing [F3411-19] with protocols enabling strong Thus complementing [F3411-19] with protocols enabling strong
authentication, preserving operator privacy while enabling immediate authentication, preserving operator privacy while enabling immediate
skipping to change at page 13, line 42 skipping to change at page 16, line 4
someone who can immediately influence the UAS operation will answer someone who can immediately influence the UAS operation will answer
promptly during that operation. promptly during that operation.
Thus complementing [F3411-19] with protocols enabling strong Thus complementing [F3411-19] with protocols enabling strong
authentication, preserving operator privacy while enabling immediate authentication, preserving operator privacy while enabling immediate
use of information by authorized parties, is critical to achieve use of information by authorized parties, is critical to achieve
widespread adoption of a RID system supporting safe and secure widespread adoption of a RID system supporting safe and secure
operation of UAS. operation of UAS.
4. Requirements 4. Requirements
4.1. General 4.1. General
GEN-1 Provable Ownership: DRIP MUST enable verification that the GEN-1 Provable Ownership: DRIP MUST enable verification that the
UAS ID asserted in the Basic ID message is that of the actual UAS ID asserted in the Basic ID message is that of the actual
current sender of the message (i.e. the message is not a current sender of the message (i.e. the message is not a
replay attack or other spoof, authenticating e.g. by replay attack or other spoof, authenticating e.g. by
verifying an asymmetric cryptographic signature using a verifying an asymmetric cryptographic signature using a
sender provided public key from which the asserted ID can be sender provided public key from which the asserted ID can be
at least partially derived). at least partially derived), even on an observer device
lacking Internet connectivity at the time of observation.
GEN-2 Provable Binding: DRIP MUST enable binding all other F3411 GEN-2 Provable Binding: DRIP MUST enable binding all other F3411
messages from the same actual current sender to the UAS ID messages from the same actual current sender to the UAS ID
asserted in the Basic ID message. asserted in the Basic ID message.
GEN-3 Provable Registration: DRIP MUST enable verification that the GEN-3 Provable Registration: DRIP MUST enable verification that the
UAS ID is in a registry and identification of which one (with UAS ID is in a registry and identification of which one, even
UAS ID Type 3, the same sender may have multiple IDs, on an observer device lacking Internet connectivity at the
potentially in different registries, but each ID should time of observation; with UAS ID Type 3, the same sender may
clearly indicate in which registry it can be found). have multiple IDs, potentially in different registries, but
each ID must clearly indicate in which registry it can be
GEN-4 Public Lookup: DRIP MUST enable lookup, from the UAS ID, of found.
information designated by cognizant authority as public.
GEN-5 Private Lookup: DRIP MUST enable lookup, with AAA, per
policy, of private information (i.e. any and all information
in a registry, associated with the UAS ID, that is designated
by neither cognizant authority nor the information owner as
public).
GEN-6 Readability: DRIP MUST enable information to be read and
utilized by both humans and software.
GEN-7 Provisioning: DRIP MUST enable provisioning registries with GEN-4 Readability: DRIP MUST enable information (regulation
static information on the UAS and its operator, dynamic required elements, whether sent via UAS RID or looked up in
information on its current operation within the UTM registries) to be read and utilized by both humans and
(including means by which the USS under which the UAS is software.
operating may be contacted for further, typically even more
dynamic, information), and Internet direct contact
information for services related to the foregoing.
GEN-8 AAA Policy: DRIP MUST enable closing the AAA-policy registry GEN-5 Gateway: DRIP MUST enable Broadcast RID -> Network RID
loop by governing AAA per registered policies and gateways to stamp messages with precise date/time received
administering policies only via AAA. and receiver location, then relay them to a network service
(e.g. SDSP or distributed ledger), to support three
objectives: mark up a RID message with where and when it was
actually received (which may agree or disagree with the self-
report in the set of messages); defend against reply attacks;
and support optional SDSP services such as multilateration
(to complement UAS position self-reports with independent
measurements).
GEN-9 Finger (placeholder name): DRIP MUST enable dynamically GEN-6 Finger (placeholder name): DRIP MUST enable dynamically
establishing, with AAA, per policy, E2E strongly encrypted establishing, with AAA, per policy, E2E strongly encrypted
communications with the UAS RID sender and entities looked up communications with the UAS RID sender and entities looked up
from the UAS ID, including at least the remote pilot and USS. from the UAS ID, including at least the remote pilot and USS.
GEN-10 QoS: DRIP MUST enable policy based specification of GEN-7 QoS: DRIP MUST enable policy based specification of
performance and reliability parameters, such as maximum performance and reliability parameters, such as maximum
message transmission intervals and delivery latencies. message transmission intervals and delivery latencies.
GEN-11 Mobility: DRIP MUST support physical and logical mobility of GEN-8 Mobility: DRIP MUST support physical and logical mobility of
UA, GCS and Observers. DRIP SHOULD support mobility of all UA, GCS and Observers. DRIP SHOULD support mobility of
participating nodes. essentially all participating nodes (UA, GCS, Observers, Net-
RID SP, Net-RID DP, Private Registry, SDSP).
GEN-12 Multihoming: DRIP MUST support multihoming of UA, for make- GEN-9 Multihoming: DRIP MUST support multihoming of UA and GCS, for
before-break smooth handoff and resiliency against path/link make-before-break smooth handoff and resiliency against path/
failure. DRIP SHOULD support multihoming of all link failure. DRIP SHOULD support multihoming of essentially
participating nodes. all participating nodes.
GEN-13 Multicast: DRIP SHOULD support multicast for efficient and GEN-10 Multicast: DRIP SHOULD support multicast for efficient and
flexible publish-subscribe notifications, e.g. of UAS flexible publish-subscribe notifications, e.g., of UAS
reporting positions in designated sensitive airspace volumes. reporting positions in designated sensitive airspace volumes.
GEN-14 Management: DRIP SHOULD support monitoring of the health and GEN-11 Management: DRIP SHOULD support monitoring of the health and
coverage of Broadcast and Network RID services. coverage of Broadcast and Network RID services.
It is highly desirable that Broadcast RID receivers be able to stamp
messages with accurate date/time received and receiver location, then
relay them to a network service (e.g. SDSP or distributed ledger).
This supports 3 objectives: mark up a RID message with where and when
it was actually received (which may agree or disagree with the self-
report in the set of messages); defend against reply attacks; and
support optional SDSP services such as multilateration (to complement
UAS position self-reports with independent measurements).
4.2. Identifier 4.2. Identifier
ID-1 Length: The DRIP [UAS] entity [remote] identifier must be no ID-1 Length: The DRIP [UAS] entity [remote] identifier must be no
longer than 20 bytes. longer than 20 bytes (per [F3411-19] to fit in a Bluetooth 4
advertisement payload).
ID-2 Registry ID: The DRIP identifier MUST be sufficient to identify ID-2 Registry ID: The DRIP identifier MUST be sufficient to identify
a registry in which the [UAS] entity identified therewith is a registry in which the [UAS] entity identified therewith is
listed. listed.
ID-3 Entity ID: The DRIP identifier MUST be sufficient to enable ID-3 Entity ID: The DRIP identifier MUST be sufficient to enable
lookup of other data associated with the [UAS] entity lookup of other data associated with the [UAS] entity
identified therewith in that registry. identified therewith in that registry.
ID-4 Uniqueness: The DRIP identifier MUST be unique within a to-be- ID-4 Uniqueness: The DRIP identifier MUST be unique within a to-be-
defined scope. defined scope.
ID-5 Non-spoofability: The DRIP identifier MUST be non-spoofable ID-5 Non-spoofability: The DRIP identifier MUST be non-spoofable
within the context of Remote ID broadcast messages (some within the context of Remote ID broadcast messages (some
collection of messages provides proof of UA ownership of ID). collection of messages provides proof of UA ownership of ID).
A DRIP UAS ID MUST NOT facilitate adversarial correlation of UAS ID-6 Unlinkability: A DRIP UAS ID MUST NOT facilitate adversarial
operational patterns; this may be accomplished e.g. by limiting each correlation over multiple UAS operations; this may be
identifier to a single use, but if so, the UAS ID MUST support accomplished e.g. by limiting each identifier to a single use,
defined scalable timely registration methods. but if so, the UAS ID MUST support well-defined scalable timely
registration methods.
Mechanisms standardized in DRIP WG MUST be capable of proving
ownership of a claimed UAS ID, and SHOULD be capable of doing so
immediately on an observer device lacking Internet connectivity at
the time of observation.
Mechanisms standardized in DRIP WG MUST be capable of verifying that
messages claiming to have been sent from a UAS with a given UAS ID
indeed came from the claimed sender.
Whether a UAS ID is generated by the operator, GCS, UA, USS or Whether a UAS ID is generated by the operator, GCS, UA, USS or
registry, or some collaboration thereamong, is unspecified; however, registry, or some collaboration thereamong, is unspecified; however,
there must be agreement on the UAS ID among these entities. there must be agreement on the UAS ID among these entities.
4.3. Privacy 4.3. Privacy
PRIV-1 Confidential Handling: DRIP MUST enable confidential handling PRIV-1 Confidential Handling: DRIP MUST enable confidential handling
of private information (i.e. any and all information of private information (i.e., any and all information
designated by neither cognizant authority nor the information designated by neither cognizant authority nor the information
owner as public, e.g. personal data). owner as public, e.g., personal data).
PRIV-2 Encrypted Transport: DRIP MUST enable selective strong PRIV-2 Encrypted Transport: DRIP MUST enable selective strong
encryption of private data in motion in such a manner that encryption of private data in motion in such a manner that
only authorized actors can recover it. If transport is via only authorized actors can recover it. If transport is via
IP, then encryption MUST be end-to-end, at or above the IP IP, then encryption MUST be end-to-end, at or above the IP
layer. layer.
PRIV-3 Encrypted Storage: DRIP SHOULD enable selective strong PRIV-3 Encrypted Storage: DRIP SHOULD enable selective strong
encryption of private data at rest in such a manner that only encryption of private data at rest in such a manner that only
authorized actors can recover it. authorized actors can recover it.
As satisfying these requirements may require that authorized actors As satisfying these requirements may require that authorized actors
have e.g. Internet connectivity to a Remote ID USS to enable have connectivity to third parties, e.g., Internet to a Remote ID
decryption, and such connectivity cannot be assured, DRIP SHOULD USS, to enable decryption, and such connectivity cannot be assured,
provide automatic fallback to plaintext transmission of safety- DRIP SHOULD provide automatic fallback to plaintext transmission of
critical information when necessary. safety-critical information when necessary.
5. IANA Considerations 4.4. Registries
It is likely that an IPv6 prefix or other namespace will be needed; REG-1 Public Lookup: DRIP MUST enable lookup, from the UAS ID, of
this will be specified in other documents. information designated by cognizant authority as public.
6. Security Considerations REG-2 Private Lookup: DRIP MUST enable lookup, with AAA, per policy,
of private information (i.e., any and all information in a
registry, associated with the UAS ID, that is designated by
neither cognizant authority nor the information owner as
public).
REG-3 Provisioning: DRIP MUST enable provisioning registries with
static information on the UAS and its operator, dynamic
information on its current operation within the UTM (including
means by which the USS under which the UAS is operating may be
contacted for further, typically even more dynamic,
information), and Internet direct contact information for
services related to the foregoing.
REG-4 AAA Policy: DRIP MUST enable closing the AAA-policy registry
loop by governing AAA per registered policies and
administering policies only via AAA.
5. Discussion and Limitations
This document is largely based on the process of one SDO, ASTM.
Therefore, it is tailored to specific needs and data formats of this
standard. Other organizations, for example in EU, do not necessary
follow the same architecture. IETF traditionally operates assuming
the source material for the standardization process is publicly
available. However, ASTM standards require a fee for download.
Therefore a double-liaison program at IETF might need to be
activated, providing free access to ASTM specifications for
contributors to IETF documents.
The need for drone ID and operator privacy is an open discussion
topic. For instance, in the ground vehicular domain each car carries
a publicly visible plate number. In some countries, for nominal cost
or even for free, anyone can resolve the identity and contact
information of the owner. Civil commercial aviation and maritime
industries also have a tradition of broadcasting plane or ship ID,
coordinates and even flight plans in plain text. Community networks
such as OpenSky and Flightradar use this open information through
ADS-B to deploy public services of flight tracking. Many researchers
also use these data to perform optimization of routes and airport
operations. Such ID information should be integrity protected, but
not necessarily confidential.
In civil aviation, aircraft identity is broadcast by a device known
as transponder. It transmits a four-digit squawk code, which is
assigned by a traffic controller to an airplane after approving a
flight plan. There are several reserved codes such as 7600 which
indicate radio communication failure. The codes are unique in each
traffic area and can be re-assigned when entering another control
area. The code is transmitted in plain text by the transponder and
also used for collision avoidance by a system known as Traffic alert
and Collision Avoidance System (TCAS). The system could be used for
UAS as well initially, but the code space is quite limited and likely
to be exhausted soon. The number of UAS far exceeds the number of
civil airplanes in operation.
The ADS-B system is utilized in civil aviation for each "ADS-B Out"
equipped airplane to broadcast its ID, coordinates and altitude for
other airplanes and ground control stations. If this system is
adopted for drone IDs, it has additional benefit with backward
compatibility with civil aviation infrastructure; then, pilots and
dispatchers will be able to see UA on their control screens and take
those into account. If not, a gateway translation system between the
proposed drone ID and civil aviation system should be implemented.
Again, system saturation due to large numbers of UAS is a concern.
Wi-Fi and Bluetooth are two wireless technologies currently
recommended by ASTM specifications due to their widespread use and
broadcast nature. However, those have limited range (max 100s of
meters) and may not reliably deliver UAS ID at high altitude or
distance. Therefore, a study should be made of alternative
technologies from the telecom domain (WiMax, 5G) or sensor networks
(Sigfox, LORA). Such transmission technologies can impose additional
restrictions on packet sizes and frequency of transmissions, but
could provide better energy efficiency and range. In civil aviation,
Controller-Pilot Data Link Communications (CPDLC) is used to transmit
command and control between the pilots and ATC. It could be
considered for UAS as well due to long range and proven use despite
its lack of security [cpdlc].
L-band Digital Aeronautical Communications System (LDACS) is being
standardized by ICAO and IETF for use in future civil aviation
[I-D.maeurer-raw-ldacs]. It provides secure communication,
positioning and control for aircraft using a dedicated radio band.
It should be analyzed as a potential provider for UAS RID as well.
This will bring the benefit of a global integrated system creating a
global airspace use awareness.
6. IANA Considerations
This document does not make any IANA request.
7. Security Considerations
DRIP is all about safety and security, so content pertaining to such DRIP is all about safety and security, so content pertaining to such
is not limited to this section. DRIP information must be divided is not limited to this section. DRIP information falls into two
into 2 classes: that which, to achieve the purpose, must be published classes: that which, to achieve the purpose, must be published openly
openly in clear plaintext, for the benefit of any observer; and that in clear plaintext, for the benefit of any observer; and that which
which must be protected (e.g. PII of pilots) but made available to must be protected (e.g., PII of pilots) but made available to
properly authorized parties (e.g. public safety personnel who properly authorized parties (e.g., public safety personnel who
urgently need to contact pilots in emergencies). Details of the urgently need to contact pilots in emergencies). This classification
protection mechanisms will be provided in other documents. must be made explicit and reflected with markings, design, etc.
Classifying the information will be addressed primarily in external Classifying the information will be addressed primarily in external
standards; herein it will be regarded as a matter for CAA, registry standards; herein it will be regarded as a matter for CAA, registry
and operator policies, for which enforcement mechanisms will be and operator policies, for which enforcement mechanisms will be
defined within the scope of DRIP WG and offered. Mitigation of defined within the scope of DRIP WG and offered. Details of the
adversarial correlation will also be addressed. protection mechanisms will be provided in other DRIP documents.
Mitigation of adversarial correlation will also be addressed.
7. Acknowledgments Acknowledgments
The work of the FAA's UAS Identification and Tracking (UAS ID) The work of the FAA's UAS Identification and Tracking (UAS ID)
Aviation Rulemaking Committee (ARC) is the foundation of later ASTM Aviation Rulemaking Committee (ARC) is the foundation of later ASTM
[F3411-19] and IETF DRIP WG efforts. The work of ASTM F38.02 in [F3411-19] and IETF DRIP WG efforts. The work of ASTM F38.02 in
balancing the interests of diverse stakeholders is essential to the balancing the interests of diverse stakeholders is essential to the
necessary rapid and widespread deployment of UAS RID. necessary rapid and widespread deployment of UAS RID.
8. References References
8.1. Normative References Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
8.2. Informative References Informative References
[CONOPS] FAA Office of NextGen, "UTM Concept of Operations v2.0",
March 2020.
[cpdlc] Gurtov, A., Polishchuk, T., and M. Wernberg, "Controller-
Pilot Data Link Communication Security", MDPI
Sensors 18(5), 1636, 2018,
<https://www.mdpi.com/1424-8220/18/5/1636>.
[CTA2063A] ANSI, "Small Unmanned Aerial Systems Serial Numbers", [CTA2063A] ANSI, "Small Unmanned Aerial Systems Serial Numbers",
September 2019. September 2019.
[Delegated] [Delegated]
European Union Aviation Safety Agency (EASA), "Commission European Union Aviation Safety Agency (EASA), "Commission
Delegated Regulation (EU) 2019/945 of 12 March 2019 on Delegated Regulation (EU) 2019/945 of 12 March 2019 on
unmanned aircraft systems and on third-country operators unmanned aircraft systems and on third-country operators
of unmanned aircraft systems", March 2019. of unmanned aircraft systems", March 2019.
[F3411-19] ASTM, "Standard Specification for Remote ID and Tracking", [F3411-19] ASTM, "Standard Specification for Remote ID and Tracking",
December 2019. December 2019.
[I-D.ietf-drip-arch]
Card, S., Wiethuechter, A., Moskowitz, R., and S. Zhao,
"Drone Remote Identification Protocol (DRIP)
Architecture", Work in Progress, Internet-Draft, draft-
ietf-drip-arch-00, 18 May 2020,
<https://tools.ietf.org/html/draft-ietf-drip-arch-00>.
[I-D.maeurer-raw-ldacs]
Maeurer, N., Graeupl, T., and C. Schmitt, "L-band Digital
Aeronautical Communications System (LDACS)", Work in
Progress, Internet-Draft, draft-maeurer-raw-ldacs-02, 1
April 2020,
<https://tools.ietf.org/html/draft-maeurer-raw-ldacs-02>.
[Implementing] [Implementing]
European Union Aviation Safety Agency (EASA), "Commission European Union Aviation Safety Agency (EASA), "Commission
Implementing Regulation (EU) 2019/947 of 24 May 2019 on Implementing Regulation (EU) 2019/947 of 24 May 2019 on
the rules and procedures for the operation of unmanned the rules and procedures for the operation of unmanned
aircraft", May 2019. aircraft", May 2019.
[NPRM] United States Federal Aviation Administration (FAA), [NPRM] United States Federal Aviation Administration (FAA),
"Notice of Proposed Rule Making on Remote Identification "Notice of Proposed Rule Making on Remote Identification
of Unmanned Aircraft Systems", December 2019. of Unmanned Aircraft Systems", December 2019.
[Recommendations] [Recommendations]
FAA UAS Identification and Tracking Aviation Rulemaking FAA UAS Identification and Tracking Aviation Rulemaking
Committee, "UAS ID and Tracking ARC Recommendations Final Committee, "UAS ID and Tracking ARC Recommendations Final
Report", September 2017. Report", September 2017.
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122, Unique IDentifier (UUID) URN Namespace", RFC 4122,
DOI 10.17487/RFC4122, July 2005, DOI 10.17487/RFC4122, July 2005,
<https://www.rfc-editor.org/info/rfc4122>. <https://www.rfc-editor.org/info/rfc4122>.
[Roadmap] American National Standards Institute (ANSI) Unmanned
Aircraft Systems Standardization Collaborative (UASSC),
"Standardization Roadmap for Unmanned Aircraft Systems
draft v2.0", April 2020.
[Stranger] Heinlein, R.A., "Stranger in a Strange Land", June 1961. [Stranger] Heinlein, R.A., "Stranger in a Strange Land", June 1961.
Acknowledgments
The work of the FAA's UAS Identification and Tracking (UAS ID)
Aviation Rulemaking Committee (ARC) is the foundation of later ASTM
[F3411-19] and IETF DRIP efforts. The work of ASTM F38.02 in
balancing the interests of diverse stakeholders is essential to the
necessary rapid and widespread deployment of UAS RID. IETF
volunteers who have contributed to this draft include Amelia
Andersdotter, Mohamed Boucadair, Toerless Eckert, Susan Hares, Mika
J&#228;rvenp&#228;&#228;, Daniel Migault, Saulo Da Silva and Shuai
Zhao.
Authors' Addresses Authors' Addresses
Stuart W. Card (editor) Stuart W. Card (editor)
AX Enterprize AX Enterprize
4947 Commercial Drive 4947 Commercial Drive
Yorkville, NY 13495 Yorkville, NY 13495
United States of America United States of America
Email: stu.card@axenterprize.com Email: stu.card@axenterprize.com
skipping to change at line 859 skipping to change at page 23, line 29
United States of America United States of America
Email: adam.wiethuechter@axenterprize.com Email: adam.wiethuechter@axenterprize.com
Robert Moskowitz Robert Moskowitz
HTT Consulting HTT Consulting
Oak Park, MI 48237 Oak Park, MI 48237
United States of America United States of America
Email: rgm@labs.htt-consult.com Email: rgm@labs.htt-consult.com
Andrei Gurtov
Link&#246;ping University
IDA
SE-58183 Link&#246;ping
Sweden
Email: gurtov@acm.org
 End of changes. 70 change blocks. 
232 lines changed or deleted 442 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/