Privacy-Preserving Authentication Framework for UAS Traffic Management Systems

In 2015, the Federal Aviation Administration (FAA) has announced the integration of unmanned aerial vehicles (UAV) into the national airspace via a traffic management system – called UAS Traffic Management (UTM) – dedicated to Unmanned Aircraft Systems (UAS) to support advanced UAV operations such as autonomous and beyond visual line of sight (BVLOS) flight missions. The UTM incorporates an identification framework called Remote ID which mandates all UAS operators to continuously identify themselves while on flight. However, the current version of the framework lacks security features and its design has raised privacy concerns among UAS operators. This paper extends the Remote ID framework to include a Privacy-Preserving Authentication Framework that anonymously verifies the authenticity of flying UAVs. Moreover, the framework authenticates the UAV’s flight permissions without revealing neither the identity of its operator nor its entire flight path, while at the same time keeping any identifying information accessible to the authorities in case of a dispute. To satisfy the proposed security and privacy requirements, a UAV’s flight plan that is represented as a series of waypoints is transformed into localized UAV trajectories which create a set of contiguous flight zones, each with its own flight permission. This framework utilizes the Boneh–Gentry-Lynn–Shacham (BGLS) digital signature scheme to sign and transform each zone information into a flight permission and aggregate a set of signatures into a single signature along with additional attributes used to construct a Remote-ID message that anonymously authenticates flying UAVs.