CAPSID: A Private Session ID System for Small UAVs

Yueshen Li; Jianli Jin; Kirill Levchenko

doi:10.1145/3658644.3690324

CAPSID: A Private Session ID System for Small UAVs

Yueshen Li, Jianli Jin, Kirill Levchenko

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The US Federal Aviation Administration (FAA) has recently mandated that small unmanned aerial vehicles (UAVs) be equipped with a transmitter that broadcasts the UAV’s serial number, location, and altitude. The inclusion of a unique identifier in the form of a UAV serial number has stoked fears that the identifier will be used to track UAV operators and has even led some UAV perators to file a lawsuit against the FAA. In this paper, we propose CAPSID, an implementation of the FAA session ID concept that provides message authentication—something current Remote ID implementations lack—and strong operator anonymity. The FAA (or its equivalent in other jurisdictions) retains the ability to de-anonymize operators, but only in circumstances prescribed by law. To make this possible, CAPSID introduces a partially trusted third party, the Custodian, that serves as the bridge between anonymous identifiers and true operator identity. The Custodian ensures that the legal requirements for de-anonymization are met, preventing unnecessary mass collection of personally identifying information by a government agency. We formally verify the message authentication property of CAPSID using a cryptographic protocol checker and provide a formal proof of identifier non-linkability, even in the presence of corrupt (but non-colluding) authorities.

Original language	English (US)
Title of host publication	CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	1791-1805
Number of pages	15
ISBN (Electronic)	9798400706363
DOIs	https://doi.org/10.1145/3658644.3690324
State	Published - Dec 9 2024
Event	31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024 - Salt Lake City, United States Duration: Oct 14 2024 → Oct 18 2024

Publication series

Name	CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

Conference

Conference	31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024
Country/Territory	United States
City	Salt Lake City
Period	10/14/24 → 10/18/24

Keywords

Anonymity
Authentication
Privacy
Remote ID
UAV

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Software

Online availability

10.1145/3658644.3690324

Library availability

Discover UIUC Full Text

Cite this

Li, Y., Jin, J., & Levchenko, K. (2024). CAPSID: A Private Session ID System for Small UAVs. In CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (pp. 1791-1805). (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3658644.3690324

CAPSID: A Private Session ID System for Small UAVs. / Li, Yueshen; Jin, Jianli; Levchenko, Kirill.
CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2024. p. 1791-1805 (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Li, Y, Jin, J & Levchenko, K 2024, CAPSID: A Private Session ID System for Small UAVs. in CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, pp. 1791-1805, 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024, Salt Lake City, United States, 10/14/24. https://doi.org/10.1145/3658644.3690324

Li Y, Jin J, Levchenko K. CAPSID: A Private Session ID System for Small UAVs. In CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery. 2024. p. 1791-1805. (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security). Epub 2024 Dec 9. doi: 10.1145/3658644.3690324

@inproceedings{97997913cd99462fbc6d4486b7180842,

title = "CAPSID: A Private Session ID System for Small UAVs",

abstract = "The US Federal Aviation Administration (FAA) has recently mandated that small unmanned aerial vehicles (UAVs) be equipped with a transmitter that broadcasts the UAV{\textquoteright}s serial number, location, and altitude. The inclusion of a unique identifier in the form of a UAV serial number has stoked fears that the identifier will be used to track UAV operators and has even led some UAV perators to file a lawsuit against the FAA. In this paper, we propose CAPSID, an implementation of the FAA session ID concept that provides message authentication—something current Remote ID implementations lack—and strong operator anonymity. The FAA (or its equivalent in other jurisdictions) retains the ability to de-anonymize operators, but only in circumstances prescribed by law. To make this possible, CAPSID introduces a partially trusted third party, the Custodian, that serves as the bridge between anonymous identifiers and true operator identity. The Custodian ensures that the legal requirements for de-anonymization are met, preventing unnecessary mass collection of personally identifying information by a government agency. We formally verify the message authentication property of CAPSID using a cryptographic protocol checker and provide a formal proof of identifier non-linkability, even in the presence of corrupt (but non-colluding) authorities.",

keywords = "Anonymity, Authentication, Privacy, Remote ID, UAV",

author = "Yueshen Li and Jianli Jin and Kirill Levchenko",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s).; 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024 ; Conference date: 14-10-2024 Through 18-10-2024",

year = "2024",

month = dec,

day = "9",

doi = "10.1145/3658644.3690324",

language = "English (US)",

series = "CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "1791--1805",

booktitle = "CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security",

address = "United States",

}

TY - GEN

T1 - CAPSID

T2 - 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024

AU - Li, Yueshen

AU - Jin, Jianli

AU - Levchenko, Kirill

PY - 2024/12/9

Y1 - 2024/12/9

N2 - The US Federal Aviation Administration (FAA) has recently mandated that small unmanned aerial vehicles (UAVs) be equipped with a transmitter that broadcasts the UAV’s serial number, location, and altitude. The inclusion of a unique identifier in the form of a UAV serial number has stoked fears that the identifier will be used to track UAV operators and has even led some UAV perators to file a lawsuit against the FAA. In this paper, we propose CAPSID, an implementation of the FAA session ID concept that provides message authentication—something current Remote ID implementations lack—and strong operator anonymity. The FAA (or its equivalent in other jurisdictions) retains the ability to de-anonymize operators, but only in circumstances prescribed by law. To make this possible, CAPSID introduces a partially trusted third party, the Custodian, that serves as the bridge between anonymous identifiers and true operator identity. The Custodian ensures that the legal requirements for de-anonymization are met, preventing unnecessary mass collection of personally identifying information by a government agency. We formally verify the message authentication property of CAPSID using a cryptographic protocol checker and provide a formal proof of identifier non-linkability, even in the presence of corrupt (but non-colluding) authorities.

AB - The US Federal Aviation Administration (FAA) has recently mandated that small unmanned aerial vehicles (UAVs) be equipped with a transmitter that broadcasts the UAV’s serial number, location, and altitude. The inclusion of a unique identifier in the form of a UAV serial number has stoked fears that the identifier will be used to track UAV operators and has even led some UAV perators to file a lawsuit against the FAA. In this paper, we propose CAPSID, an implementation of the FAA session ID concept that provides message authentication—something current Remote ID implementations lack—and strong operator anonymity. The FAA (or its equivalent in other jurisdictions) retains the ability to de-anonymize operators, but only in circumstances prescribed by law. To make this possible, CAPSID introduces a partially trusted third party, the Custodian, that serves as the bridge between anonymous identifiers and true operator identity. The Custodian ensures that the legal requirements for de-anonymization are met, preventing unnecessary mass collection of personally identifying information by a government agency. We formally verify the message authentication property of CAPSID using a cryptographic protocol checker and provide a formal proof of identifier non-linkability, even in the presence of corrupt (but non-colluding) authorities.

KW - Anonymity

KW - Authentication

KW - Privacy

KW - Remote ID

KW - UAV

UR - http://www.scopus.com/inward/record.url?scp=85215526641&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85215526641&partnerID=8YFLogxK

U2 - 10.1145/3658644.3690324

DO - 10.1145/3658644.3690324

M3 - Conference contribution

AN - SCOPUS:85215526641

T3 - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

SP - 1791

EP - 1805

BT - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

Y2 - 14 October 2024 through 18 October 2024

ER -

CAPSID: A Private Session ID System for Small UAVs

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this