UAS Operator Privacy for RemoteID Messages
draft-moskowitz-drip-operator-privacy-06

Document Type Active Internet-Draft (individual)
Authors Robert Moskowitz  , Stuart Card  , Adam Wiethuechter 
Last updated 2020-10-23
Stream (None)
Intended RFC status (None)
Formats plain text html xml pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
DRIP                                                        R. Moskowitz
Internet-Draft                                            HTT Consulting
Intended status: Standards Track                                 S. Card
Expires: April 26, 2021                                  A. Wiethuechter
                                                           AX Enterprize
                                                        October 23, 2020

               UAS Operator Privacy for RemoteID Messages
                draft-moskowitz-drip-operator-privacy-06

Abstract

   This document describes a method of providing privacy for UAS
   Operator/Pilot information specified in the ASTM UAS Remote ID and
   Tracking messages.  This is achieved by encrypting, in place, those
   fields containing Operator sensitive data using a hybrid ECIES.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 26, 2021.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Simplified BSD License text
   as described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Simplified BSD License.

Moskowitz, et al.        Expires April 26, 2021                 [Page 1]
Internet-Draft              Operator Privacy                October 2020

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terms and Definitions . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Requirements Terminology  . . . . . . . . . . . . . . . .   3
     2.2.  Definitions . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  The Operator - USS Security Relationship  . . . . . . . . . .   4
     3.1.  ECIES Shared Secret Generation  . . . . . . . . . . . . .   4
   4.  System Message Privacy  . . . . . . . . . . . . . . . . . . .   5
     4.1.  Rules for encrypting System Message content . . . . . . .   5
     4.2.  Rules for decrypting System Message content . . . . . . .   6
   5.  Operator ID Message Privacy . . . . . . . . . . . . . . . . .   6
     5.1.  Rules for encrypting Operator ID Message content  . . . .   6
     5.2.  Rules for decrypting Operator ID Message content  . . . .   7
   6.  Cipher choices for Operator PII encryption  . . . . . . . . .   7
     6.1.  Using AES-CFB32 . . . . . . . . . . . . . . . . . . . . .   7
     6.2.  Using a Feistel scheme  . . . . . . . . . . . . . . . . .   8
     6.3.  Using AES-CTR . . . . . . . . . . . . . . . . . . . . . .   8
   7.  DRIP Requirements addressed . . . . . . . . . . . . . . . . .   8
   8.  ASTM Considerations . . . . . . . . . . . . . . . . . . . . .   8
   9.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
   10. Security Considerations . . . . . . . . . . . . . . . . . . .   9
     10.1.  CFB32 Risks  . . . . . . . . . . . . . . . . . . . . . .   9
     10.2.  Crypto Agility . . . . . . . . . . . . . . . . . . . . .   9
     10.3.  Key Derivation vulnerabilities . . . . . . . . . . . . .   9
     10.4.  KMAC Security as a KDF . . . . . . . . . . . . . . . . .   9
   11. Normative References  . . . . . . . . . . . . . . . . . . . .  10
   12. Informative References  . . . . . . . . . . . . . . . . . . .  10
   Appendix A.  Feistel Scheme . . . . . . . . . . . . . . . . . . .  11
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  12
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  12

1.  Introduction

   This document defines a mechanism to provide privacy in the ASTM
   Remote ID and Tracking messages [F3411-19] by encrypting, in place,
   those fields that contain sensitive UAS Operator/Pilot information.
   Encrypting in place means that the ciphertext is exactly the same
   length as the cleartext, and directly replaces it.

   An example of and an initial application of this mechanism is the 8
   bytes of UAS Operator/Pilot (hereafter called simply Operator)
Show full document text