Due to the frequent unauthorized access by commercial drones to Critical Infrastructures (CIs) such as airports and oil refineries, the US-based Federal Avionics Administration (FAA) recently published a new specification, namely RemoteID. The aforementioned rule mandates that all Unmanned Aerial Vehicles (UAVs) have to broadcast information about their identity and location wirelessly to allow for immediate invasion attribution. However, the enforcement of such a rule poses severe concerns on UAV operators, especially in terms of location privacy and tracking threats, to name a few. Indeed, by simply eavesdropping on the wireless channel, an adversary could know the precise location of the UAV and track it, as well as obtaining sensitive information on path source and destination of the UAV. In this paper, we investigate the trade-off between location privacy and data utility that can be provided to UAVs when obfuscating the broadcasted location through differential privacy techniques. Leveraging the concept of Geo-Indistinguishability (Geo-Ind), already adopted in the context of Location-Based Services (LBS), we show that it is possible to enhance the privacy of the UAVs without preventing CI operators to timely detect unauthorized invasions. In particular, our experiments showed that when the location of an UAV is obfuscated with an average distance of 1.959 km, a carefully designed UAV detection system can detect 97.9% of invasions, with an average detection delay of 303.97 msec. The UAVs have to trade-off such enhanced location privacy with a non-negligible probability of false positives, i.e., being detected as invading while not really invading the no-fly zone. UAVs and CI operators can solve such ambiguous situations later on through the help of the FAA, being this latter the only one that can unveil the actual location of the UAV.
翻译:由于商业无人驾驶飞机经常擅自进入机场和炼油厂等关键基础设施,美国联邦航空管理局(美联储)最近公布了一个新的规格,即远程识别。上述规则规定,所有无人驾驶航空飞行器(无人驾驶飞行器)都必须无线广播关于其身份和位置的信息,以便立即确定入侵归属;然而,执行这一规则对无人驾驶飞行器运营商提出了严重关切,特别是在地点隐私和跟踪威胁方面,仅举几个例子。事实上,只要在无线频道上偷听,一个对手就可以知道无人驾驶飞行器的确切位置并跟踪它,并获得关于无人驾驶飞行器的路径来源和目的地的敏感信息。在本文件中,我们调查所有无人驾驶飞行器(无人驾驶飞行器)在通过不同隐私技术模糊广播地点时,可以向无人驾驶飞行器提供其身份和地点之间的交易。 利用地标服务局(Geo-Ind)的定位变异性概念,在无线频道上已经采用了更清晰的变现,对手可以仔细地识别和追踪无人驾驶飞行器的不精确位置,而我们无法及时探测其定位。