rfc9575v1.txt | rfc9575.txt | |||
---|---|---|---|---|
Internet Engineering Task Force (IETF) A. Wiethuechter, Ed. | Internet Engineering Task Force (IETF) A. Wiethuechter, Ed. | |||
Request for Comments: 9575 S. Card | Request for Comments: 9575 S. Card | |||
Category: Standards Track AX Enterprize, LLC | Category: Standards Track AX Enterprize, LLC | |||
ISSN: 2070-1721 R. Moskowitz | ISSN: 2070-1721 R. Moskowitz | |||
HTT Consulting | HTT Consulting | |||
April 2024 | May 2024 | |||
DRIP Entity Tag Authentication Formats and Protocols for Broadcast | DRIP Entity Tag (DET) Authentication Formats and Protocols for Broadcast | |||
Remote Identification | Remote Identification (RID) | |||
Abstract | Abstract | |||
The Drone Remote Identification Protocol (DRIP), plus trust policies | The Drone Remote Identification Protocol (DRIP), plus trust policies | |||
and periodic access to registries, augments Unmanned Aircraft System | and periodic access to registries, augments Unmanned Aircraft System | |||
(UAS) Remote Identification (RID), enabling local real-time | (UAS) Remote Identification (RID), enabling local real-time | |||
assessment of trustworthiness of received RID messages and observed | assessment of trustworthiness of received RID messages and observed | |||
UAS, even by Observers lacking Internet access. This document | UAS, even by Observers lacking Internet access. This document | |||
defines DRIP message types and formats to be sent in Broadcast RID | defines DRIP message types and formats to be sent in Broadcast RID | |||
Authentication Messages to verify that attached and recently detached | Authentication Messages to verify that attached and recently detached | |||
messages were signed by the registered owner of the DRIP Entity Tag | messages were signed by the registered owner of the DRIP Entity Tag | |||
(DET) claimed. | (DET) claimed. | |||
Status of This Memo | Status of This Memo | |||
This is an Internet Standards Track document. | This is an Internet Standards Track document. | |||
This document is a product of the Internet Engineering Task Force | This document is a product of the Internet Engineering Task Force | |||
(IETF). It represents the consensus of the IETF community. It has | (IETF). It represents the consensus of the IETF community. It has | |||
received public review and has been approved for publication by the | received public review and has been approved for publication by the | |||
Internet Engineering Steering Group (IESG). Further information on | Internet Engineering Steering Group (IESG). Further information on | |||
Internet Standards is available in Section 2 of RFC 7841. | Internet Standards is available in Section 2 of RFC 7841. | |||
Information about the current status of this document, any errata, | Information about the current status of this document, any errata, | |||
and how to provide feedback on it may be obtained at | and how to provide feedback on it may be obtained at | |||
https://www.rfc-editor.org/info/rfc9575. | https://www.rfc-editor.org/info/rfc9575. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2024 IETF Trust and the persons identified as the | Copyright (c) 2024 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
include Revised BSD License text as described in Section 4.e of the | include Revised BSD License text as described in Section 4.e of the | |||
Trust Legal Provisions and are provided without warranty as described | Trust Legal Provisions and are provided without warranty as described | |||
in the Revised BSD License. | in the Revised BSD License. | |||
Table of Contents | Table of Contents | |||
1. Introduction | 1. Introduction | |||
1.1. DRIP Entity Tag (DET) Authentication Goals for Broadcast | 1.1. DRIP Entity Tag (DET) Authentication Goals for Broadcast | |||
RID | RID | |||
2. Terminology | 2. Terminology | |||
2.1. Required Terminology | 2.1. Required Terminology | |||
2.2. Definitions | 2.2. Definitions | |||
3. UAS RID Authentication Background and Procedures | 3. UAS RID Authentication Background and Procedures | |||
3.1. DRIP Authentication Protocol Description | 3.1. DRIP Authentication Protocol Description | |||
3.1.1. Usage of DNS | 3.1.1. Usage of DNS | |||
3.1.2. Providing UAS RID Trust | 3.1.2. Providing UAS RID Trust | |||
3.2. ASTM Authentication Message Framing | 3.2. ASTM Authentication Message Framing | |||
3.2.1. Authentication Page | 3.2.1. Authentication Page | |||
3.2.2. Authentication Payload Field | 3.2.2. Authentication Payload Field | |||
3.2.3. Specific Authentication Method (SAM) | 3.2.3. SAM Data Format | |||
3.2.4. ASTM Broadcast RID Constraints | 3.2.4. ASTM Broadcast RID Constraints | |||
4. DRIP Authentication Formats | 4. DRIP Authentication Formats | |||
4.1. UA Signed Evidence Structure | 4.1. UA-Signed Evidence Structure | |||
4.2. DRIP Link | 4.2. DRIP Link | |||
4.3. DRIP Wrapper | 4.3. DRIP Wrapper | |||
4.3.1. Wrapped Count and Format Validation | 4.3.1. Wrapped Count and Format Validation | |||
4.3.2. Wrapper over Extended Transports | 4.3.2. Wrapper over Extended Transports | |||
4.3.3. Wrapper Limitations | 4.3.3. Wrapper Limitations | |||
4.4. DRIP Manifest | 4.4. DRIP Manifest | |||
4.4.1. Hash Count and Format Validation | 4.4.1. Hash Count and Format Validation | |||
4.4.2. Manifest Ledger Hashes | 4.4.2. Manifest Ledger Hashes | |||
4.4.3. Hash Algorithms and Operation | 4.4.3. Hash Algorithms and Operation | |||
4.5. DRIP Frame | 4.5. DRIP Frame | |||
5. Forward Error Correction | 5. Forward Error Correction | |||
5.1. Encoding | 5.1. Encoding | |||
5.2. Decoding | 5.2. Decoding | |||
5.3. FEC Limitations | 5.3. FEC Limitations | |||
6. Requirements and Recommendations | 6. Requirements and Recommendations | |||
6.1. Legacy Transports | 6.1. Legacy Transports | |||
6.2. Extended Transports | 6.2. Extended Transports | |||
6.3. Authentication | 6.3. Authentication | |||
6.4. Operational | 6.4. Operational | |||
6.4.1. DRIP Wrapper | 6.4.1. DRIP Wrapper | |||
6.4.2. UAS RID Trust Assessment | 6.4.2. UAS RID Trust Assessment | |||
7. Summary of Addressed DRIP Requirements | 7. Summary of Addressed DRIP Requirements | |||
8. IANA Considerations | 8. IANA Considerations | |||
8.1. IANA DRIP Registry | 8.1. IANA DRIP Registry | |||
9. Security Considerations | 9. Security Considerations | |||
9.1. Replay Attacks | 9.1. Replay Attacks | |||
9.2. Wrapper vs Manifest | 9.2. Wrapper vs Manifest | |||
9.3. VNA Timestamp Offsets for DRIP Authentication Formats | 9.3. VNA Timestamp Offsets for DRIP Authentication Formats | |||
9.4. DNS Security in DRIP | 9.4. DNS Security in DRIP | |||
10. Acknowledgments | 10. References | |||
11. References | 10.1. Normative References | |||
11.1. Normative References | 10.2. Informative References | |||
11.2. Informative References | ||||
Appendix A. Authentication States | Appendix A. Authentication States | |||
A.1. None: Black | A.1. None: Black | |||
A.2. Partial: Gray | A.2. Partial: Gray | |||
A.3. Unsupported: Brown | A.3. Unsupported: Brown | |||
A.4. Unverifiable: Yellow | A.4. Unverifiable: Yellow | |||
A.5. Verified: Green | A.5. Verified: Green | |||
A.6. Trusted: Blue | A.6. Trusted: Blue | |||
A.7. Questionable: Orange | A.7. Questionable: Orange | |||
A.8. Unverified: Red | A.8. Unverified: Red | |||
A.9. Conflicting: Purple | A.9. Conflicting: Purple | |||
Appendix B. Operational Recommendation Analysis | Appendix B. Operational Recommendation Analysis | |||
B.1. Page Counts vs Frame Counts | B.1. Page Counts vs Frame Counts | |||
B.1.1. Special Cases | B.1.1. Special Cases | |||
B.2. Full Authentication Example | B.2. Full Authentication Example | |||
B.2.1. Raw Example | B.2.1. Raw Example | |||
Acknowledgments | ||||
Authors' Addresses | Authors' Addresses | |||
1. Introduction | 1. Introduction | |||
The initial regulations (e.g., [FAA-14CFR]) and standards (e.g., | The initial regulations (e.g., [FAA-14CFR]) and standards (e.g., | |||
[F3411]) for Unmanned Aircraft Systems (UAS) Remote Identification | [F3411]) for Unmanned Aircraft Systems (UAS) Remote Identification | |||
(RID) and tracking do not address trust. However, this is a | (RID) and tracking do not address trust. However, this is a | |||
requirement that needs to be addressed for various different parties | requirement that needs to be addressed for various different parties | |||
that have a stake in the safe operation of National Airspace Systems | that have a stake in the safe operation of National Airspace Systems | |||
(NAS). Drone Remote ID Protocol's (DRIP's) goal is to specify how | (NAS). Drone Remote ID Protocol's (DRIP's) goal is to specify how | |||
RID can be made trustworthy and available in both Internet and local- | RID can be made trustworthy and available in both Internet and local- | |||
only connected scenarios, especially in emergency situations. | only connected scenarios, especially in emergency situations. | |||
UAS often operate in a volatile environment. A small Unmanned | UAS often operate in a volatile environment. A small Unmanned | |||
Aircraft (UA) offers little capacity for computation and | Aircraft (UA) offers little capacity for computation and | |||
communication. UAS RID must also be accessible with ubiquitous and | communication. UAS RID must also be accessible with ubiquitous and | |||
inexpensive devices without modification. This limits options. Most | inexpensive devices without modification. This limits options. Most | |||
current small UAS are Internet of Things (IoT) devices even if they | current small UAS are Internet of Things (IoT) devices even if they | |||
are not typically thought of as such. Thus many IoT considerations | are not typically thought of as such. Thus many IoT considerations | |||
apply here. Some DRIP work, currently strongly scoped to UAS RID, is | apply here. Some DRIP work, currently strongly scoped to UAS RID, is | |||
likely to be applicable to some other IoT use cases. | likely to be applicable to some other IoT use cases. | |||
Generally, two communication schemes for UAS RID are considered: | Generally, two communication schemes for UAS RID are considered: | |||
Broadcast and Network. This document focuses on adding trust to | Broadcast and Network. This document focuses on adding trust to | |||
Broadcast RID (Section 3.2 of [RFC9153] and Section 1.2.2 of | Broadcast RID (Section 3.2 of [RFC9153] and Section 1.2.2 of | |||
[RFC9434]). As defined in [F3411] and outlined in [RFC9153] and | [RFC9434]). As defined in [F3411] and outlined in [RFC9153] and | |||
[RFC9434], Broadcast RID is a one-way Radio Frequency (RF) | [RFC9434], Broadcast RID is a one-way Radio Frequency (RF) | |||
transmission of Media Access Control (MAC) layer messages over | transmission of Media Access Control (MAC) layer messages over | |||
Bluetooth or Wi-Fi. | Bluetooth or Wi-Fi. | |||
Senders can make any claims the RID message formats allow. Observers | Senders can make any claims the RID message formats allow. Observers | |||
have no standardized means to assess the trustworthiness of message | have no standardized means to assess the trustworthiness of message | |||
content, nor verify whether the messages were sent by the UA | content, nor verify whether the messages were sent by the UA | |||
identified therein, nor confirm that the UA identified therein is the | identified therein, nor confirm that the UA identified therein is the | |||
one they are visually observing. Indeed, Observers have no way to | one they are visually observing. Indeed, Observers have no way to | |||
detect whether the messages were sent by a UA or spoofed by some | detect whether the messages were sent by a UA or spoofed by some | |||
other transmitter (e.g., a laptop or smartphone) anywhere in direct | other transmitter (e.g., a laptop or smartphone) anywhere in direct | |||
wireless broadcast range. Authentication is the primary strategy for | wireless broadcast range. Authentication is the primary strategy for | |||
mitigating this issue. | mitigating this issue. | |||
1.1. DRIP Entity Tag (DET) Authentication Goals for Broadcast RID | 1.1. DRIP Entity Tag (DET) Authentication Goals for Broadcast RID | |||
ASTM [F3411] Authentication Messages (Message Type 0x2), when used | ASTM [F3411] Authentication Messages (Message Type 0x2), when used | |||
with DET-based formats [RFC9374], enable a high level of trust that | with DET-based formats [RFC9374], enable a high level of trust that | |||
the content of other ASTM Messages was generated by their claimed | the content of other ASTM Messages was generated by their claimed | |||
registered source. These messages are designed to provide the | registered source. These messages are designed to provide the | |||
Observers with trustworthy and immediately actionable information. | Observers with trustworthy and immediately actionable information. | |||
Appendix A provides a high-level overview of the various states of | Appendix A provides a high-level overview of the various states of | |||
trustworthiness that may be used along with these formats. | trustworthiness that may be used along with these formats. | |||
This authentication approach also provides some error correction | This authentication approach also provides some error correction | |||
(Section 5) as mandated by the United States (US) Federal Aviation | (Section 5) as mandated by the United States (US) Federal Aviation | |||
Administration (FAA) [FAA-14CFR], which is missing from [F3411] over | Administration (FAA) [FAA-14CFR], which is missing from [F3411] over | |||
Legacy Transports (Bluetooth 4.x). | Legacy Transports (Bluetooth 4.x). | |||
These DRIP enhancements to ASTM's specification for RID and tracking | These DRIP enhancements to ASTM's specification for RID and tracking | |||
[F3411] further support the important use case of Observers who may | [F3411] further support the important use case of Observers who may | |||
be offline at the time of observation. | be offline at the time of observation. | |||
Section 7 summarizes the DRIP requirements [RFC9153] addressed | Section 7 summarizes the DRIP requirements [RFC9153] addressed | |||
herein. | herein. | |||
Note: The Endorsement (used in Section 4.2) that proves that a DET is | ||||
registered MUST come from its immediate parent in the registration | ||||
hierarchy, e.g., a DRIP Identity Management Entity (DIME) [DRIP-REG]. | ||||
In the definitive hierarchy, the parent of the UA is its HHIT Domain | ||||
Authority (HDA), the parent of an HDA is its Registered Assigning | ||||
Authority (RAA), etc. It is also assumed that all DRIP-aware | ||||
entities use a DET as their identifier during interactions with other | ||||
DRIP-aware entities. | ||||
2. Terminology | 2. Terminology | |||
2.1. Required Terminology | 2.1. Required Terminology | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
"OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in | |||
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
capitals, as shown here. | capitals, as shown here. | |||
2.2. Definitions | 2.2. Definitions | |||
This document makes use of the terms (CAA, Observer, USS, UTM, etc.) | This document makes use of the terms (CAA, Observer, USS, UTM, etc.) | |||
defined in [RFC9153]. Other terms (such as DIME) are from [RFC9434], | defined in [RFC9153]. Other terms (such as DIME) are from [RFC9434], | |||
while others (HI, DET, RAA, HDA, etc.) are from [RFC9374]. | while others (HI, DET, RAA, HDA, etc.) are from [RFC9374]. | |||
In addition, the following terms are defined for this document: | In addition, the following terms are defined for this document: | |||
Extended Transports: Use of extended advertisements (Bluetooth 5.x), | Extended Transports: Use of extended advertisements (Bluetooth 5.x), | |||
service info (Wi-Fi Neighbor Awareness Networking (NAN)), or IEEE | service info (Wi-Fi Neighbor Awareness Networking (NAN)), or IEEE | |||
802.11 Beacons with the vendor-specific information element as | 802.11 Beacons with the vendor-specific information element as | |||
specified in [F3411]. Must use ASTM Message Pack (Message Type | specified in [F3411]. Must use ASTM Message Pack (Message Type | |||
0xF). | 0xF). | |||
Legacy Transports: Use of broadcast frames (Bluetooth 4.x) as | Legacy Transports: Use of broadcast frames (Bluetooth 4.x) as | |||
specified in [F3411]. | specified in [F3411]. | |||
Manifest: An immutable list of items being transported (in this | Manifest: An immutable list of items being transported (in this | |||
specific case over wireless communication). | specific case over wireless communication). | |||
Note: For the remainder of this document, _Broadcast Endorsement: | ||||
Parent, Child_ will be abbreviated as _BE: Parent, Child_. For | ||||
example, _Broadcast Endorsement: RAA, HDA_ will be abbreviated as | ||||
_BE: RAA, HDA_. | ||||
3. UAS RID Authentication Background and Procedures | 3. UAS RID Authentication Background and Procedures | |||
3.1. DRIP Authentication Protocol Description | 3.1. DRIP Authentication Protocol Description | |||
[F3411] defines Authentication Message framing only. It does not | [F3411] defines Authentication Message framing only. It does not | |||
define authentication formats or methods. It explicitly anticipates | define authentication formats or methods. It explicitly anticipates | |||
several signature options but does not fully define those. Annex A1 | several signature options but does not fully define those. Annex A1 | |||
of [F3411] defines a Broadcast Authentication Verifier Service, which | of [F3411] defines a Broadcast Authentication Verifier Service, which | |||
has a heavy reliance on Observer real-time connectivity to the | has a heavy reliance on Observer real-time connectivity to the | |||
Internet. Fortunately, [F3411] also allows third-party standard | Internet. Fortunately, [F3411] also allows third-party standard | |||
Authentication Types using the Type 5 Specific Authentication Method | Authentication Types using the Type 0x5 Specific Authentication | |||
(SAM), several of which DRIP defines herein. | Method (SAM), several of which DRIP defines herein. | |||
The standardization of specific formats to support the DRIP | The standardization of specific formats to support the DRIP | |||
requirements in UAS RID for trustworthy communications over Broadcast | requirements in UAS RID for trustworthy communications over Broadcast | |||
RID is an important part of the chain of trust for a UAS ID. Per | RID is an important part of the chain of trust for a UAS ID. Per | |||
Section 5 of [RFC9434], Authentication formats are needed to relay | Section 5 of [RFC9434], Authentication formats are needed to relay | |||
information for Observers to determine trust. No existing formats | information for Observers to determine trust. No existing formats | |||
(defined in [F3411] or other organizations leveraging this feature) | (defined in [F3411] or other organizations leveraging this feature) | |||
provide functionality to satisfy this goal, resulting in the work | provide functionality to satisfy this goal, resulting in the work | |||
reflected in this document. | reflected in this document. | |||
3.1.1. Usage of DNS | 3.1.1. Usage of DNS | |||
Like most aviation matters, the overall objectives here are security | Like most aviation matters, the overall objectives here are security | |||
and ultimately safety oriented. Since DRIP depends on DNS for some | and ultimately safety oriented. Since DRIP depends on DNS for some | |||
of its functions, DRIP usage of DNS needs to be protected per best | of its functions, DRIP usage of DNS needs to be protected per best | |||
security practices. Many participating nodes will have limited local | security practices. Many participating nodes will have limited local | |||
processing power and/or poor, low-bandwidth QoS paths. Appropriate | processing power and/or poor, low-bandwidth QoS paths. Appropriate | |||
and feasible security techniques will be highly dependent on the UAS | and feasible security techniques will be highly dependent on the UAS | |||
and Observer situation. Therefore, specification of particular DNS | and Observer situation. Therefore, specification of particular DNS | |||
security options, transports, etc. is outside the scope of this | security options, transports, etc. is outside the scope of this | |||
document (see also Section 9.4). | document (see also Section 9.4). | |||
In DRIP, Observers MUST validate all signatures received. This | In DRIP, Observers MUST validate all signatures received. This | |||
requires that the Host Identity (HI) correspond to a DET [RFC9374]. | requires that the Host Identity (HI) correspond to a DET [RFC9374]. | |||
HI's MAY be retrieved from a local cache, if present. The local | HI's MAY be retrieved from a local cache, if present. The local | |||
cache is pre-configured with well-known HIs (such as those of CAA | cache is pre-configured with well-known HIs (such as those of CAA | |||
DIMEs) and is further populated by received Broadcast Endorsements | DIMEs) and is further populated by received Broadcast Endorsements | |||
(BEs) (Section 3.1.2.1) and DNS lookups (when available). | (BEs) (Section 3.1.2.1) and DNS lookups (when available). | |||
The Observer MUST perform a DNS query, when connectivity allows, to | The Observer MUST perform a DNS query, when connectivity allows, to | |||
obtain a previously unknown HI. If a query cannot be performed, the | obtain a previously unknown HI. If a query cannot be performed, the | |||
message SHOULD be cached by the Observer to be validated once the HI | message SHOULD be cached by the Observer to be validated once the HI | |||
is obtained. | is obtained. | |||
A more comprehensive specification of DRIP's use of DNS is out of | A more comprehensive specification of DRIP's use of DNS is out of | |||
scope for this document and can be found in [DRIP-REG]. | scope for this document and can be found in [DRIP-REG]. | |||
3.1.2. Providing UAS RID Trust | 3.1.2. Providing UAS RID Trust | |||
For DRIP, two actions together provide a mechanism for an Observer to | For DRIP, two actions together provide a mechanism for an Observer to | |||
trust in UAS RID using Authentication Messages. | trust in UAS RID using Authentication Messages. | |||
First is the transmission of an entire trust chain via Broadcast | First is the transmission of an entire trust chain via Broadcast | |||
Endorsements (Section 3.1.2.1). This provides a hierarchy of DIMEs | Endorsements (Section 3.1.2.1). This provides a hierarchy of DIMEs | |||
down to and including an individual UA's registration of a claimed | down to and including an individual UA's registration of a claimed | |||
DET and corresponding HI (public key). This alone cannot be trusted | DET and corresponding HI (public key). This alone cannot be trusted | |||
as having any relevance to the observed UA because replay attacks are | as having any relevance to the observed UA because replay attacks are | |||
trivial. | trivial. | |||
After an Observer has gathered such a complete key trust chain (from | After an Observer has gathered such a complete key trust chain (from | |||
pre-configured cache entries, Broadcast Endorsements received over | pre-configured cache entries, Broadcast Endorsements received over | |||
the air and/or DNS lookups) and verified all of its links, that | the air and/or DNS lookups) and verified all of its links, that | |||
device can trust that the claimed DET and corresponding public key | device can trust that the claimed DET and corresponding public key | |||
are properly registered, but the UA has not yet been proven to | are properly registered, but the UA has not yet been proven to | |||
possess the corresponding private key. | possess the corresponding private key. | |||
It is necessary for the UA to prove possession by dynamically signing | It is necessary for the UA to prove possession by dynamically signing | |||
data that is unique and unpredictable but easily verified by the | data that is unique and unpredictable but easily verified by the | |||
Observer (Section 3.1.2.2). Verification of this signed data MUST be | Observer (Section 3.1.2.2). Verification of this signed data MUST be | |||
performed by the Observer as part of the received UAS RID information | performed by the Observer as part of the received UAS RID information | |||
trust assessment (Section 6.4.2). | trust assessment (Section 6.4.2). | |||
3.1.2.1. DIME Endorsements of Subordinate DETs | 3.1.2.1. DIME Endorsements of Subordinate DETs | |||
Observers receive DRIP Link Authentication Messages (Section 4.2) | Observers receive DRIP Link Authentication Messages (Section 4.2) | |||
containing Broadcast Endorsements by DIMEs of child DET | containing Broadcast Endorsements by DIMEs of child DET | |||
registrations. A series of these Endorsements confirms a path | registrations. A series of these Endorsements confirms a path | |||
through the hierarchy, defined in [DRIP-REG], from the DET Prefix | through the hierarchy, defined in [DRIP-REG], from the DET Prefix | |||
Owner all the way to an individual UA DET registration. | Owner all the way to an individual UA DET registration. | |||
Note: For the remainder of this document, Broadcast Endorsement: | 3.1.2.2. UA-Signed Evidence | |||
Parent, Child will be abbreviated as BE: Parent, Child. For example, | ||||
Broadcast Endorsement: RAA, HDA will be abbreviated as BE: RAA, HDA. | ||||
3.1.2.2. UA Signed Evidence | ||||
To prove possession of the private key associated with the DET, the | To prove possession of the private key associated with the DET, the | |||
UA MUST send data that is unique and unpredictable but easily | UA MUST sign and send data that is unique and unpredictable but | |||
validated by the Observer, that is signed over. The data can be an | easily validated by the Observer. The data can be an ASTM Message | |||
ASTM Message that fulfills the requirements to be unpredictable but | that fulfills the requirements to be unpredictable but easily | |||
easily validated. An Observer receives this UA signed Evidence from | validated. An Observer receives this UA-signed Evidence from DRIP- | |||
DRIP-based Authentication Messages (Sections 4.3 or 4.4). | based Authentication Messages (Sections 4.3 or 4.4). | |||
Whether the content is true is a separate question that DRIP cannot | Whether the content is true is a separate question that DRIP cannot | |||
address, but validation performed using observable and/or out-of-band | address, but validation performed using observable and/or out-of-band | |||
data (Section 6) is possible and encouraged. | data (Section 6) is possible and encouraged. | |||
3.2. ASTM Authentication Message Framing | 3.2. ASTM Authentication Message Framing | |||
The Authentication Message (Message Type 0x2) is unique in the ASTM | The Authentication Message (Message Type 0x2) is unique in the ASTM | |||
[F3411] Broadcast standard, as it is the only message that can be | [F3411] Broadcast standard, as it is the only message that can be | |||
larger than the Legacy Transport size. To address this limitation | larger than the Legacy Transport size. To address this limitation | |||
around transport size, it is defined as a set of "pages", each of | around transport size, it is defined as a set of "pages", each of | |||
which fits into a single Legacy Transport frame. For Extended | which fits into a single Legacy Transport frame. For Extended | |||
Transports, pages are still used but they are all in a single frame. | Transports, pages are still used but they are all in a single frame. | |||
Informational Note: Message Pack (Message Type 0xF) is also larger | | Informational Note: Message Pack (Message Type 0xF) is also | |||
than the Legacy Transport size but is limited for use only on | | larger than the Legacy Transport size but is limited for use | |||
Extended Transports where is can be supported. | | only on Extended Transports where it can be supported. | |||
The following subsections are a brief overview of the Authentication | The following subsections are a brief overview of the Authentication | |||
Message format defined in [F3411] for better context on how DRIP | Message format defined in [F3411] for better context on how DRIP | |||
Authentication fills and uses various fields already defined by ASTM | Authentication fills and uses various fields already defined by ASTM | |||
[F3411]. | [F3411]. | |||
3.2.1. Authentication Page | 3.2.1. Authentication Page | |||
This document leverages Authentication Type 0x5 (Specific | This document leverages Authentication Type 0x5 (Specific | |||
Authentication Method (SAM)) as the principal authentication | Authentication Method (SAM)) as the principal authentication | |||
container, defining a set of SAM Types in Section 4. Authentication | container, defining a set of SAM Types in Section 4. Authentication | |||
Type is encoded in every Authentication Page in the Page Header. The | Type is encoded in every Authentication Page in the _Page Header_. | |||
SAM Type is defined as a field in the Authentication Payload (see | The SAM Type is defined as a field in the _Authentication Payload_ | |||
Section 3.2.3.1). | (see Section 3.2.3). | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| Page Header | | | | Page Header | | | |||
+---------------+ | | +---------------+ | | |||
| | | | | | |||
| | | | | | |||
| Authentication Payload | | | Authentication Payload | | |||
| | | | | | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
Figure 1: Standard ASTM Authentication Message Page | Figure 1: Standard ASTM Authentication Message Page | |||
Page Header: (1 octet) | _Page Header_: (1 octet) | |||
Authentication Type (4 bits) and Page Number (4 bits) | Authentication Type (4 bits) and Page Number (4 bits) | |||
Authentication Payload: (23 octets per page) | _Authentication Payload_: (23 octets per page) | |||
Authentication Payload, including headers. Null padded. See | Authentication Payload, including headers. Null padded. See | |||
Section 3.2.2. | Section 3.2.2. | |||
The Authentication Message is structured as a set of pages per | The Authentication Message is structured as a set of pages per | |||
Figure 1. There is a technical maximum of 16 pages (indexed 0 to 15) | Figure 1. There is a technical maximum of 16 pages (indexed 0 to 15) | |||
that can be sent for a single Authentication Message, with each page | that can be sent for a single Authentication Message, with each page | |||
carrying a maximum 23-octet Authentication Payload. See | carrying a maximum 23-octet _Authentication Payload_. See | |||
Section 3.2.4 for more details. Over Legacy Transports, these | Section 3.2.4 for more details. Over Legacy Transports, these | |||
messages are "fragmented", with each page sent in a separate Legacy | messages are "fragmented", with each page sent in a separate Legacy | |||
Transport frame. | Transport frame. | |||
Either as a single Authentication Message or a set of fragmented | Either as a single Authentication Message or a set of fragmented | |||
Authentication Message Pages, the structure is further wrapped by | Authentication Message Pages, the structure is further wrapped by | |||
outer ASTM framing and the specific link framing. | outer ASTM framing and the specific link framing. | |||
3.2.2. Authentication Payload Field | 3.2.2. Authentication Payload Field | |||
Figure 2 is the source data view of the data fields found in the | Figure 2 is the source data view of the data fields found in the | |||
Authentication Message as defined by [F3411]. This data is placed | Authentication Message as defined by [F3411]. This data is placed | |||
into the Authentication Payload shown in Figure 1, which spans | into the _Authentication Payload_ shown in Figure 1, which spans | |||
multiple Authentication Pages. | multiple _Authentication Pages_. | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| Authentication Headers | | | Authentication Headers | | |||
| +---------------+---------------+ | | +---------------+---------------+ | |||
| | | | | | | | |||
+---------------+---------------+ | | +---------------+---------------+ | | |||
. . | . . | |||
. Authentication Data / Signature . | . Authentication Data / Signature . | |||
. . | . . | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| ADL | | | | ADL | | | |||
+---------------+ | | +---------------+ | | |||
. . | . . | |||
. Additional Data . | . Additional Data . | |||
. . | . . | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
Figure 2: ASTM Authentication Message Fields | Figure 2: ASTM Authentication Message Fields | |||
Authentication Headers: (6 octets) | _Authentication Headers_: (6 octets) | |||
As defined in [F3411]. | As defined in [F3411]. | |||
Authentication Data / Signature: (0 to 255 octets) | _Authentication Data / Signature_: (0 to 255 octets) | |||
Opaque authentication data. The length of this payload is known | Opaque authentication data. The length of this payload is known | |||
through a field in the Authentication Headers (defined in | through a field in the _Authentication Headers_ (defined in | |||
[F3411]). | [F3411]). | |||
Additional Data Length (ADL): (1 octet - unsigned) | _Additional Data Length (ADL)_: (1 octet - unsigned) | |||
Length in octets of Additional Data. The value of ADL is | Length in octets of _Additional Data_. The value of _ADL_ is | |||
calculated as the minimum of 361 - Authentication Data / Signature | calculated as the minimum of 361 - Authentication Data / Signature | |||
Length and 255. Only present with Additional Data. | Length and 255. Only present with _Additional Data_. | |||
Additional Data: (ADL octets) | _Additional Data:_ (_ADL_ octets) | |||
Data that follows the Authentication Data / Signature but is not | Data that follows the _Authentication Data / Signature_ but is not | |||
considered part of the Authentication Data, and thus is not | considered part of the _Authentication Data_, and thus is not | |||
covered by a signature. For DRIP, this field is used to carry | covered by a signature. For DRIP, this field is used to carry | |||
Forward Error Correction (FEC) generated by transmitters and | Forward Error Correction (FEC) generated by transmitters and | |||
parsed by receivers as defined in Section 5. | parsed by receivers as defined in Section 5. | |||
3.2.3. Specific Authentication Method (SAM) | 3.2.3. SAM Data Format | |||
3.2.3.1. SAM Data Format | ||||
Figure 3 is the general format to hold authentication data when using | Figure 3 is the general format to hold authentication data when using | |||
SAM and is placed inside the Authentication Data / Signature field in | SAM and is placed inside the _Authentication Data / Signature_ field | |||
Figure 2. | in Figure 2. | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| SAM Type | | | | SAM Type | | | |||
+---------------+ | | +---------------+ | | |||
. . | . . | |||
. SAM Authentication Data . | . SAM Authentication Data . | |||
. . | . . | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
Figure 3: SAM Data Format | Figure 3: SAM Data Format | |||
SAM Type: (1 octet) | _SAM Type_: (1 octet) | |||
The following SAM Types are allocated to DRIP: | The following SAM Types are allocated to DRIP: | |||
+==========+=============================+ | +==========+=============================+ | |||
| SAM Type | Description | | | SAM Type | Description | | |||
+==========+=============================+ | +==========+=============================+ | |||
| 0x01 | DRIP Link (Section 4.2) | | | 0x01 | DRIP Link (Section 4.2) | | |||
+----------+-----------------------------+ | +----------+-----------------------------+ | |||
| 0x02 | DRIP Wrapper (Section 4.3) | | | 0x02 | DRIP Wrapper (Section 4.3) | | |||
+----------+-----------------------------+ | +----------+-----------------------------+ | |||
| 0x03 | DRIP Manifest (Section 4.4) | | | 0x03 | DRIP Manifest (Section 4.4) | | |||
+----------+-----------------------------+ | +----------+-----------------------------+ | |||
| 0x04 | DRIP Frame (Section 4.5) | | | 0x04 | DRIP Frame (Section 4.5) | | |||
+----------+-----------------------------+ | +----------+-----------------------------+ | |||
Table 1: DRIP SAM Types | Table 1: DRIP SAM Types | |||
Note: ASTM International is the owner of these code points as they | | Note: ASTM International is the owner of these code points as | |||
are defined in [F3411]. In accordance with Annex 5 of [F3411], the | | they are defined in [F3411]. In accordance with Annex 5 of | |||
International Civil Aviation Organization (ICAO) has been selected by | | [F3411], the International Civil Aviation Organization (ICAO) | |||
ASTM as the registrar to manage allocations of these code points. | | has been selected by ASTM as the registrar to manage | |||
The list is available at [ASTM-Remote-ID]. | | allocations of these code points. The list is available at | |||
| [ASTM-Remote-ID]. | ||||
SAM Authentication Data: (0 to 200 octets) | _SAM Authentication Data_: (0 to 200 octets) | |||
Contains opaque authentication data formatted as defined by the | Contains opaque authentication data formatted as defined by the | |||
preceding SAM Type. | preceding SAM Type. | |||
3.2.4. ASTM Broadcast RID Constraints | 3.2.4. ASTM Broadcast RID Constraints | |||
3.2.4.1. Wireless Frame Constraints | 3.2.4.1. Wireless Frame Constraints | |||
A UA has the option to broadcast using Bluetooth (4.x and 5.x), Wi-Fi | A UA has the option to broadcast using Bluetooth (4.x and 5.x), Wi-Fi | |||
NAN, or IEEE 802.11 Beacon; see Section 6. With Bluetooth, FAA and | NAN, or IEEE 802.11 Beacon; see Section 6. With Bluetooth, FAA and | |||
other Civil Aviation Authorities (CAA) mandate transmitting | other Civil Aviation Authorities (CAA) mandate transmitting | |||
simultaneously over both 4.x and 5.x. The same application-layer | simultaneously over both 4.x and 5.x. The same application-layer | |||
information defined in [F3411] MUST be transmitted over all the | information defined in [F3411] MUST be transmitted over all the | |||
physical-layer interfaces performing RID, because Observer transports | physical-layer interfaces performing RID, because Observer transports | |||
may be limited. If an Observer can support multiple transports, it | may be limited. If an Observer can support multiple transports, it | |||
should be assumed to use the latest data regardless of the transport | SHOULD use (display, report, etc.) the latest data regardless of the | |||
received over. | transport over which that data was received. | |||
Bluetooth 4.x presents a payload-size challenge in that it can only | Bluetooth 4.x presents a payload-size challenge in that it can only | |||
transmit 25 octets of payload per frame, while other transports can | transmit 25 octets of payload per frame, while other transports can | |||
support larger payloads per frame. However, the [F3411] message | support larger payloads per frame. As [F3411] message formats are | |||
framing dictated by Bluetooth 4.x constraints is inherited by [F3411] | the same for all media, and their framing was designed to fit within | |||
over other media. | these legacy constraints, Extended Transports cannot send larger | |||
messages; instead, the Message Pack format encapsulates multiple | ||||
messages (each of which fits within these legacy constraints). | ||||
It should be noted that Extended Transports by definition have Error | By definition Extended Transports provide FEC, but Legacy Transports | |||
Correction built in, unlike Legacy Transports. For Authentication | lack FEC. Thus over Legacy Transports, paged Authentication Messages | |||
Messages, this means that over Legacy Transport pages may not | may suffer the loss of one or more pages. This would result in | |||
received by Observers resulting in incomplete messages during | delivery to the Observer application of incomplete (typically | |||
operation, although the use of DRIP FEC (Section 5) reduces its | unusable) messages, so DRIP FEC (Section 5) is specified to enable | |||
likelihood. Authentication Messages sent using Extended Transports | recovery of a single lost page and thereby reduce the likelihood of | |||
do not suffer this issue, as the full message (all pages) is sent | receiving incompletely reconstructable Authentication Messages. | |||
using a single Message Pack. Furthermore, the use of one-way RF | Authentication Messages sent using Extended Transports do not suffer | |||
broadcasts prohibits the use of any congestion-control or loss- | this issue, as the full message (all pages) is sent using a single | |||
recovery schemes that require ACKs or NACKs. | Message Pack. Furthermore, the use of one-way RF broadcasts | |||
prohibits the use of any congestion-control or loss-recovery schemes | ||||
that require ACKs or NACKs. | ||||
3.2.4.2. Paged Authentication Message Constraints | 3.2.4.2. Paged Authentication Message Constraints | |||
To keep consistent formatting across the different transports (Legacy | To keep consistent formatting across the different transports (Legacy | |||
and Extended) and their independent restrictions, the authentication | and Extended) and their independent restrictions, the authentication | |||
data being sent is REQUIRED to fit within the page limit that the | data being sent is REQUIRED to fit within the page limit that the | |||
most constrained existing transport can support. Under Broadcast | most constrained existing transport can support. Under Broadcast | |||
RID, the Extended Transport that can hold the least amount of | RID, the Extended Transport that can hold the least amount of | |||
authentication data is Bluetooth 5.x at 9 pages. | authentication data is Bluetooth 5.x at 9 pages. | |||
As such, DRIP transmitters are REQUIRED to adhere to the following | As such, DRIP transmitters are REQUIRED to adhere to the following | |||
when using the Authentication Message: | when using the Authentication Message: | |||
1. Authentication Data / Signature data MUST fit in the first 9 | 1. _Authentication Data / Signature_ data MUST fit in the first 9 | |||
pages (Page Numbers 0 through 8). | pages (Page Numbers 0 through 8). | |||
2. The Length field in the Authentication Headers (which encodes the | 2. The _Length_ field in the _Authentication Headers_ (which encodes | |||
length in octets of Authentication Data / Signature only) MUST | the length in octets of _Authentication Data / Signature_ only) | |||
NOT exceed the value of 201. This includes the SAM Type but | MUST NOT exceed the value of 201. This includes the SAM Type but | |||
excludes Additional Data. | excludes _Additional Data_. | |||
3.2.4.3. Timestamps | 3.2.4.3. Timestamps | |||
In ASTM [F3411], timestamps are a Unix-style timestamp with an epoch | In ASTM [F3411], timestamps are a Unix-style timestamp with an epoch | |||
of 2019-01-01 00:00:00 UTC. For DRIP, this format is adopted for | of 2019-01-01 00:00:00 UTC. For DRIP, this format is adopted for | |||
Authentication to keep a common time format in Broadcast payloads. | Authentication to keep a common time format in Broadcast payloads. | |||
Under DRIP, there are two timestamps defined: Valid Not Before (VNB) | Under DRIP, there are two timestamps defined: Valid Not Before (VNB) | |||
and Valid Not After (VNA). | and Valid Not After (VNA). | |||
Valid Not Before (VNB) Timestamp: (4 octets) | Valid Not Before (VNB) Timestamp: (4 octets) | |||
Timestamp denoting the recommended time at which to start trusting | Timestamp denoting the recommended time at which to start trusting | |||
data. MUST follow the format defined in [F3411] as described | data. MUST follow the format defined in [F3411] as described | |||
above. MUST be set no earlier than the time the signature (across | above. MUST be set no earlier than the time the signature (across | |||
a given structure) is generated. | a given structure) is generated. | |||
Valid Not After (VNA) Timestamp: (4 octets) | Valid Not After (VNA) Timestamp: (4 octets) | |||
Timestamp denoting the recommended time at which to stop trusting | Timestamp denoting the recommended time at which to stop trusting | |||
data. MUST follow the format defined in [F3411] as described | data. MUST follow the format defined in [F3411] as described | |||
above. Has an additional offset to push a short time into the | above. Has an offset (relative to VNB) to avoid replay attacks. | |||
future (relative to VNB) to avoid replay attacks. The exact | The exact offset is not defined in this document. Best practice | |||
offset is not defined in this document. Best practice for | for identifying an acceptable offset should be used and should | |||
identifying an acceptable offset should be used and should take | take into consideration the UA environment, propagation | |||
into consideration the UA environment, propagation characteristics | characteristics of the messages being sent, and clock differences | |||
of the messages being sent, and clock differences between the UA | between the UA and Observers. For UA signatures in scenarios | |||
and Observers. A reasonable time would be to set VNA 2 minutes | typical as of 2024, a reasonable offset would be to set VNA | |||
after VNB. | approximately 2 minutes after VNB; see Appendix B for examples | |||
that may aid in tuning this value. | ||||
4. DRIP Authentication Formats | 4. DRIP Authentication Formats | |||
All formats defined in this section are contained in the | All formats defined in this section are contained in the | |||
Authentication Data / Signature field in Figure 2 and use the | _Authentication Data / Signature_ field in Figure 2 and use the | |||
Specific Authentication Method (SAM, Authentication Type 0x5). The | Specific Authentication Method (SAM, Authentication Type 0x5). The | |||
first octet of the Authentication Data / Signature of Figure 2 is | first octet of the _Authentication Data / Signature_ of Figure 2 is | |||
used to multiplex among these various formats. | used to multiplex among these various formats. | |||
When sending data over a medium that does not have underlying FEC, | When sending data over a medium that does not have underlying FEC, | |||
for example Legacy Transports, then Section 5 MUST be used. | for example Legacy Transports, then FEC (per Section 5) MUST be used. | |||
Examples of Link, Wrapper, and Manifest are shown as part of an | Examples of Link, Wrapper, and Manifest are shown as part of an | |||
operational schedule in Appendix B.2.1. | operational schedule in Appendix B.2.1. | |||
4.1. UA Signed Evidence Structure | 4.1. UA-Signed Evidence Structure | |||
The UA Signed Evidence Structure (Figure 4) is used by the UA during | The _UA-Signed Evidence Structure_ (Figure 4) is used by the UA | |||
flight to sign over information elements using the private key | during flight to sign over information elements using the private key | |||
associated with the current UA DET. It is encapsulated by the SAM | associated with the current UA DET. It is encapsulated by the _SAM | |||
Authentication Data field of Figure 3. | Authentication Data_ field of Figure 3. | |||
This structure is used by the DRIP Wrapper (Section 4.3), Manifest | This structure is used by the DRIP Wrapper (Section 4.3), Manifest | |||
Section 4.4), and Frame (Section 4.5). DRIP Link (Section 4.2) MUST | (Section 4.4), and Frame (Section 4.5). DRIP Link (Section 4.2) MUST | |||
NOT use it, as it will not fit in the ASTM Authentication Message | NOT use it, as it will not fit in the ASTM Authentication Message | |||
with its intended content (i.e., a Broadcast Endorsement). | with its intended content (i.e., a Broadcast Endorsement). | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| VNB Timestamp by UA | | | VNB Timestamp by UA | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| VNA Timestamp by UA | | | VNA Timestamp by UA | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| | | | | | |||
. . | . . | |||
. Evidence . | . Evidence . | |||
. . | . . | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| | | | | | |||
| UA | | | UA | | |||
| DRIP Entity Tag | | | DRIP Entity Tag | | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| UA Signature | | | UA Signature | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
Figure 4: Endorsement Structure for UA Signed Evidence | Figure 4: Endorsement Structure for UA-Signed Evidence | |||
Valid Not Before (VNB) Timestamp by UA: (4 octets) | _Valid Not Before (VNB) Timestamp by UA_: (4 octets) | |||
See Section 3.2.4.3. Set by the UA. | See Section 3.2.4.3. Set by the UA. | |||
Valid Not After (VNA) Timestamp by UA: (4 octets) | _Valid Not After (VNA) Timestamp by UA_: (4 octets) | |||
See Section 3.2.4.3. Set by the UA. | See Section 3.2.4.3. Set by the UA. | |||
Evidence: (0 to 112 octets) | _Evidence_: (0 to 112 octets) | |||
The evidence section MUST filled in with data in the form of an | The _Evidence_ field MUST be filled in with data in the form of an | |||
opaque object specified in the DRIP Wrapper (Section 4.3), | opaque object specified in the DRIP Wrapper (Section 4.3), | |||
Manifest (Section 4.4), or Frame (Section 4.5). | Manifest (Section 4.4), or Frame (Section 4.5). | |||
UA DRIP Entity Tag: (16 octets) | _UA DRIP Entity Tag_: (16 octets) | |||
This is the current DET [RFC9374] being used by the UA assumed to | This is a DET [RFC9374] currently being used by the UA for | |||
be a Specific Session ID (a type of UAS ID). | authentication; it is assumed to be a Specific Session ID (a type | |||
of UAS ID typically also used by the UA in the Basic ID Message). | ||||
UA Signature: (64 octets) | _UA Signature_: (64 octets) | |||
Signature over concatenation of preceding fields (VNB, VNA, | Signature over the concatenation of preceding fields (_VNB_, | |||
Evidence, and UA DET) using the keypair of the UA DET. The | _VNA_, _Evidence_, and _UA DET_) using the keypair of the UA DET. | |||
signature algorithm is specified by the Hierarchical Host Identity | The signature algorithm is specified by the Hierarchical Host | |||
Tags (HHIT) Suite ID of the DET. | Identity Tags (HHIT) Suite ID of the DET. | |||
When using this structure, the UA is minimally self-endorsing its | When using this structure, the UA is minimally self-endorsing its | |||
DET. The HI of the UA DET can be looked up by mechanisms described | DET. The HI of the UA DET can be looked up by mechanisms described | |||
in [DRIP-REG] or by extracting it from a Broadcast Endorsement (see | in [DRIP-REG] or by extracting it from a Broadcast Endorsement (see | |||
Sections 4.2 and 6.3). | Sections 4.2 and 6.3). | |||
4.2. DRIP Link | 4.2. DRIP Link | |||
This SAM Type is used to transmit Broadcast Endorsements. For | This SAM Type (Figure 5) is used to transmit Broadcast Endorsements. | |||
example, the BE: HDA, UA is sent (see Section 6.3) as a DRIP Link | For example, the _BE: HDA, UA_ is sent (see Section 6.3) as a DRIP | |||
message. | Link message. | |||
DRIP Link is important as its contents are used to provide trust in | DRIP Link is important as its contents are used to provide trust in | |||
the DET/HI pair that the UA is currently broadcasting. This message | the DET/HI pair that the UA is currently broadcasting. This message | |||
does not require Internet connectivity to perform signature | does not require Internet connectivity to perform signature | |||
verification of the contents when the DIME DET/HI is in the | verification of the contents when the DIME DET/HI is in the | |||
Observer's cache. It also provides the UA HI, when it is filled with | Observer's cache. It also provides the UA HI, when it is filled with | |||
a BE: HDA, UA, so that connectivity is not required when performing | a BE: HDA, UA, so that connectivity is not required when performing | |||
signature verification of other DRIP Authentication Messages. | signature verification of other DRIP Authentication Messages. | |||
Various Broadcast Endorsements are sent during operation to ensure | Various Broadcast Endorsements are sent during each UAS flight | |||
that the full Broadcast Endorsement chain is available offline. See | operation to ensure that the full Broadcast Endorsement chain is | |||
Section 6.3 for further details. | available offline. See Section 6.3 for further details. | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| VNB Timestamp by Parent | | | VNB Timestamp by Parent | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| VNA Timestamp by Parent | | | VNA Timestamp by Parent | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| | | | | | |||
| DET | | | DET | | |||
| of Child | | | of Child | | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| HI of Child | | | HI of Child | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| | | | | | |||
| DET | | | DET | | |||
| of Parent | | | of Parent | | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| Signature by Parent | | | Signature by Parent | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
Figure 5: Broadcast Endorsement / DRIP Link | Figure 5: Broadcast Endorsement / DRIP Link | |||
VNB Timestamp by Parent: (4 octets) | _VNB Timestamp by Parent_: (4 octets) | |||
See Section 3.2.4.3. Set by Parent Entity. | See Section 3.2.4.3. Set by Parent Entity. | |||
VNA Timestamp by Parent: (4 octets) | _VNA Timestamp by Parent_: (4 octets) | |||
See Section 3.2.4.3. Set by Parent Entity. | See Section 3.2.4.3. Set by Parent Entity. | |||
DET of Child: (16 octets) | _DET of Child_: (16 octets) | |||
DRIP Entity Tag of Child Entity. | DRIP Entity Tag of Child Entity. | |||
HI of Child: (32 octets) | _HI of Child_: (32 octets) | |||
Host Identity of Child Entity. | Host Identity of Child Entity. | |||
DET of Parent: (16 octets) | _DET of Parent_: (16 octets) | |||
DRIP Entity Tag of Parent Entity in DIME Hierarchy. | DRIP Entity Tag of Parent Entity in DIME Hierarchy. | |||
Signature by Parent: (64 octets) | _Signature by Parent_: (64 octets) | |||
Signature over concatenation of preceding fields (VNB, VNA, DET of | Signature over concatenation of preceding fields (_VNB_, _VNA_, | |||
Child, HI of Child, and DET of Parent) using the keypair of the | _DET of Child_, _HI of Child_, and _DET of Parent_) using the | |||
Parent DET. | keypair of the Parent DET. | |||
This DRIP Authentication Message is used in conjunction with other | This DRIP Authentication Message is used in conjunction with other | |||
DRIP SAM Types (such as the Manifest or the Wrapper) that contain | DRIP SAM Types (such as the Manifest or the Wrapper) that contain | |||
data (e.g., the ASTM Location/Vector Message, Message Type 0x2) that | data (e.g., the ASTM Location/Vector Message, Message Type 0x2) that | |||
is guaranteed to be unique, unpredictable, and easily cross-checked | is guaranteed to be unique, unpredictable, and easily cross-checked | |||
by the receiving device. | by the receiving device. | |||
A hash of the final link (BE: HDA on UA) in the Broadcast Endorsement | A hash of the final link (BE: HDA on UA) in the Broadcast Endorsement | |||
chain MUST be included in each DRIP Manifest (Section 4.4). | chain MUST be included in each DRIP Manifest (Section 4.4). | |||
Note: The Endorsement that proves a DET is registered MUST come from | ||||
its immediate parent in the registration hierarchy, e.g., a DRIP | ||||
Identity Management Entity (DIME) [DRIP-REG]. In the definitive | ||||
hierarchy, the parent of the UA is its HHIT Domain Authority (HDA), | ||||
the parent of an HDA is its Registered Assigning Authority (RAA), | ||||
etc. It is also assumed that all DRIP-aware entities use a DET as | ||||
their identifier during interactions with other DRIP-aware entities. | ||||
4.3. DRIP Wrapper | 4.3. DRIP Wrapper | |||
This SAM Type is used to wrap and sign over a list of other [F3411] | This SAM Type is used to wrap and sign over a list of other [F3411] | |||
Broadcast RID messages. | Broadcast RID messages. | |||
The evidence section of the UA Signed Evidence Structure | The _Evidence_ field of the _UA-Signed Evidence Structure_ | |||
(Section 4.1) is populated with up to four ASTM Messages [F3411] in a | (Section 4.1) is populated with up to four ASTM Messages [F3411] in a | |||
contiguous octet sequence. Only ASTM Message Types 0x0, 0x1, 0x3, | contiguous octet sequence. Only ASTM Message Types 0x0, 0x1, 0x3, | |||
0x4, and 0x5 are allowed and must be in Message Type order as defined | 0x4, and 0x5 are allowed and must be in Message Type order as defined | |||
by [F3411]. These messages MUST include the Message Type and | by [F3411]. These messages MUST include the Message Type and | |||
Protocol Version octet and MUST NOT include the Message Counter octet | Protocol Version octet and MUST NOT include the Message Counter octet | |||
(thus are fixed at 25 octets in length). | (thus are fixed at 25 octets in length). | |||
4.3.1. Wrapped Count and Format Validation | 4.3.1. Wrapped Count and Format Validation | |||
When decoding a DRIP Wrapper on a receiver, a calculation of the | When decoding a DRIP Wrapper on a receiver, a calculation of the | |||
number of messages wrapped and a validation MUST be performed by | number of messages wrapped and a validation MUST be performed by | |||
using the number of octets (defined as wrapperLength) between the VNA | using the number of octets (defined as wrapperLength) between the | |||
Timestamp by UA and the UA DET as shown in Figure 6. | _VNA Timestamp by UA_ and the _UA DET_ as shown in Figure 6. | |||
<CODE BEGINS> | <CODE BEGINS> | |||
if (wrapperLength MOD 25) != 0 { | if (wrapperLength MOD 25) != 0 { | |||
return DECODE_FAILURE; | return DECODE_FAILURE; | |||
} | } | |||
wrappedCount = wrapperLength / 25; | wrappedCount = wrapperLength / 25; | |||
if (wrappedCount == 0) { | if (wrappedCount == 0) { | |||
// DECODE_SUCCESS; treat as DRIP Wrapper over extended transport | // DECODE_SUCCESS; treat as DRIP Wrapper over extended transport | |||
} | } | |||
else if (wrappedCount > 4) { | else if (wrappedCount > 4) { | |||
return DECODE_FAILURE; | return DECODE_FAILURE; | |||
} else { | } else { | |||
// DECODE_SUCCESS; treat as standard DRIP Wrapper | // DECODE_SUCCESS; treat as standard DRIP Wrapper | |||
} | } | |||
<CODE ENDS> | <CODE ENDS> | |||
Figure 6: Pseudocode for Wrapper Validation and Number of | Figure 6: Pseudocode for Wrapper Validation and Number of | |||
Messages calculation | Messages Calculation | |||
4.3.2. Wrapper over Extended Transports | 4.3.2. Wrapper over Extended Transports | |||
When using Extended Transports, an optimization to DRIP Wrapper can | When using Extended Transports, an optimization to DRIP Wrapper can | |||
be made to sign over co-located data in an ASTM Message Pack (Message | be made to sign over co-located data in an ASTM Message Pack (Message | |||
Type 0xF). | Type 0xF). | |||
To perform this optimization, the UA Signed Evidence Structure is | To perform this optimization, the _UA-Signed Evidence Structure_ is | |||
filled with the ASTM Messages to be in the ASTM Message Pack, the | filled with the ASTM Messages to be in the ASTM Message Pack, the | |||
signature is generated, and then the evidence field is cleared, | signature is generated, and then the _Evidence_ field is cleared, | |||
leaving the encoded form shown in Figure 7. | leaving the encoded form shown in Figure 7. | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| VNB Timestamp by UA | | | VNB Timestamp by UA | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| VNA Timestamp by UA | | | VNA Timestamp by UA | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| | | | | | |||
| UA | | | UA | | |||
| DRIP Entity Tag | | | DRIP Entity Tag | | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| UA Signature | | | UA Signature | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
Figure 7: DRIP Wrapper over Extended Transports | Figure 7: DRIP Wrapper over Extended Transports | |||
To verify the signature, the receiver MUST concatenate all the | To verify the signature, the receiver MUST concatenate all the | |||
messages in the Message Pack (excluding the Authentication Message | messages in the Message Pack (excluding the Authentication Message | |||
found in the same Message Pack) in ASTM Message Type order and set | found in the same Message Pack) in ASTM Message Type order and set | |||
the evidence section of the UA Signed Evidence Structure before | the _Evidence_ field of the _UA-Signed Evidence Structure_ before | |||
performing signature verification. | performing signature verification. | |||
The functionality of a Wrapper in this form is equivalent to Message | The functionality of a Wrapper in this form is equivalent to Message | |||
Set Signature (Authentication Type 0x3) when running over Extended | Set Signature (Authentication Type 0x3) when running over Extended | |||
Transports. The Wrapper provides the same format but over both | Transports. The Wrapper provides the same format but over both | |||
Extended and Legacy Transports, which allows the transports to be | Extended and Legacy Transports, which allows the transports to be | |||
similar. Message Set Signature also implies using the ASTM validator | similar. Message Set Signature also implies using the ASTM validator | |||
system architecture, which depends on Internet connectivity for | system architecture, which depends on Internet connectivity for | |||
verification that the receiver may not have at the time an | verification that the receiver may not have at the time an | |||
Authentication Message is received. This is something the Wrapper, | Authentication Message is received. This is something the Wrapper, | |||
and all DRIP Authentication Formats, avoid when the UA key is | and all DRIP Authentication Formats, avoid when the UA key is | |||
obtained via a DRIP Link Authentication Message. | obtained via a DRIP Link Authentication Message. | |||
4.3.3. Wrapper Limitations | 4.3.3. Wrapper Limitations | |||
The primary limitation of the Wrapper is the bounding of up to four | The primary limitation of the Wrapper is the bounding of up to four | |||
ASTM Messages that can be sent within it. Another limitation is that | ASTM Messages that can be sent within it. Another limitation is that | |||
the format cannot be used as a surrogate for messages it is wrapping | the format cannot be used as a surrogate for messages it is wrapping | |||
due to the potential that an Observer on the ground does not support | due to the potential that an Observer on the ground does not support | |||
DRIP. Thus, when a Wrapper is being used, the wrapped data must | DRIP. Thus, when a Wrapper is being used, the wrapped data must | |||
effectively be sent twice, once as a single-framed message (as | effectively be sent twice, once as a single-framed message (as | |||
specified in [F3411]) and again within the Wrapper. | specified in [F3411]) and again within the Wrapper. | |||
4.4. DRIP Manifest | 4.4. DRIP Manifest | |||
This SAM Type is used to create message manifests that contain hashes | This SAM Type is used to create message manifests that contain hashes | |||
of previously sent ASTM Messages. | of previously sent ASTM Messages. | |||
By hashing previously sent messages and signing them, we gain trust | By hashing previously sent messages and signing them, we gain trust | |||
in a UA's previous reports without retransmitting them. This is a | in a UA's previous reports without retransmitting them. This is a | |||
way to evade the limitation of a maximum of four messages in the | way to evade the limitation of a maximum of four messages in the | |||
Wrapper (Section 4.3.3) and greatly reduce overhead. | Wrapper (Section 4.3.3) and greatly reduce overhead. | |||
Observers MUST hash all received ASTM Messages and cross-check them | Observers MUST hash all received ASTM Messages and cross-check them | |||
against hashes in received Manifests. | against hashes in received Manifests. | |||
Judicious use of a Manifest enables an entire Broadcast RID message | Judicious use of a Manifest enables an entire Broadcast RID message | |||
stream to be strongly authenticated with less than 100% overhead | stream to be strongly authenticated with less than 100% overhead | |||
relative to a completely unauthenticated message stream (see | relative to a completely unauthenticated message stream (see | |||
Section 6.3 and Appendix B). | Section 6.3 and Appendix B). | |||
The evidence section of the UA Signed Evidence Structure | The _Evidence_ field of the _UA-Signed Evidence Structure_ | |||
(Section 4.1) is populated with 8-octet hashes of [F3411] Broadcast | (Section 4.1) is populated with 8-octet hashes of [F3411] Broadcast | |||
RID messages (up to 11) and three special hashes (Section 4.4.2). | RID messages (up to 11) and three special hashes (Section 4.4.2). | |||
All of these hashes MUST be concatenated to form a contiguous octet | All of these hashes MUST be concatenated to form a contiguous octet | |||
sequence in the evidence section. It is RECOMMENDED that the maximum | sequence in the _Evidence_ field. It is RECOMMENDED that the maximum | |||
number of ASTM Message Hashes used be 10 (see Appendix B.1.1.2). | number of ASTM Message Hashes used be 10 (see Appendix B.1.1.2). | |||
The Previous Manifest Hash, Current Manifest Hash, and DRIP Link (BE: | The _Previous Manifest Hash_, _Current Manifest Hash_, and _DRIP Link | |||
HDA, UA) Hash MUST always come before the ASTM Message Hashes as seen | (BE: HDA, UA) Hash_ MUST always come before the _ASTM Message Hashes_ | |||
in Figure 8. | as seen in Figure 8. | |||
An Observer MUST use the Manifest to verify each ASTM Message hashed | An Observer MUST use the Manifest to verify each ASTM Message hashed | |||
therein that it has previously received. It can do this without | therein that it has previously received. It can do this without | |||
having received them all. A Manifest SHOULD typically encompass a | having received them all. A Manifest SHOULD typically encompass a | |||
single transmission cycle of messages being sent; see Section 6.4 and | single transmission cycle of messages being sent; see Section 6.4 and | |||
Appendix B. | Appendix B. | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| Previous Manifest | | | Previous Manifest | | |||
| Hash | | | Hash | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| Current Manifest | | | Current Manifest | | |||
| Hash | | | Hash | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| DRIP Link (BE: HDA, UA) | | | DRIP Link (BE: HDA, UA) | | |||
| Hash | | | Hash | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| | | | | | |||
. . | . . | |||
. ASTM Message Hashes . | . ASTM Message Hashes . | |||
. . | . . | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
Figure 8: DRIP Manifest Evidence Structure | Figure 8: DRIP Manifest Evidence Structure | |||
Previous Manifest Hash: (8 octets) | _Previous Manifest Hash_: (8 octets) | |||
Hash of the previously sent Manifest Message. | Hash of the previously sent Manifest Message. | |||
Current Manifest Hash: (8 octets) | _Current Manifest Hash_: (8 octets) | |||
Hash of the current Manifest Message. | Hash of the current Manifest Message. | |||
DRIP Link (BE: HDA, UA): (8 octets) | _DRIP Link (BE: HDA, UA)_: (8 octets) | |||
Hash of the DRIP Link Authentication Message carrying BE: HDA, UA | Hash of the DRIP Link Authentication Message carrying BE: HDA, UA | |||
(see Section 4.2). | (see Section 4.2). | |||
ASTM Message Hash: (8 octets) | _ASTM Message Hash_: (8 octets) | |||
Hash of a single full ASTM Message using hash operations described | Hash of a single full ASTM Message using hash operations described | |||
in Section 4.4.3. | in Section 4.4.3. | |||
4.4.1. Hash Count and Format Validation | 4.4.1. Hash Count and Format Validation | |||
When decoding a DRIP Manifest on a receiver, a calculation of the | When decoding a DRIP Manifest on a receiver, a calculation of the | |||
number of hashes and a validation can be performed by using the | number of hashes and a validation can be performed by using the | |||
number of octets between the UA DET and the VNB Timestamp by UA | number of octets between the _UA DET_ and the _VNB Timestamp by UA_ | |||
(defined as manifestLength) such as shown in Figure 9. | (defined as manifestLength) such as shown in Figure 9. | |||
<CODE BEGINS> | <CODE BEGINS> | |||
if (manifestLength MOD 8) != 0 { | if (manifestLength MOD 8) != 0 { | |||
return DECODE_FAILURE | return DECODE_FAILURE | |||
} | } | |||
hashCount = (manifestLength / 8) - 3; | hashCount = (manifestLength / 8) - 3; | |||
<CODE ENDS> | <CODE ENDS> | |||
Figure 9: Pseudocode for Manifest Sanity Check and Number of | Figure 9: Pseudocode for Manifest Sanity Check and Number of | |||
Hashes Calculation | Hashes Calculation | |||
4.4.2. Manifest Ledger Hashes | 4.4.2. Manifest Ledger Hashes | |||
Three special hashes are included in all Manifests. The Previous | The following three special hashes are included in all Manifests: | |||
Manifest Hash, links to the previous Manifest, and the Current | ||||
Manifest Hash is of the Manifest in which it appears. These two | ||||
hashes act as a ledger of provenance to the Manifest that could be | ||||
traced back if the Observer was present for extended periods of time. | ||||
The DRIP Link (BE: HDA, UA) is included so there is a direct | * the _Previous Manifest Hash_ links to the previous Manifest. | |||
* the _Current Manifest Hash_ is of the Manifest in which it | ||||
appears. | ||||
* the _DRIP Link (BE: HDA, UA) Hash_ ties the endorsed UA key to the | ||||
Manifest chain. | ||||
The Previous and Current hashes act as a ledger of provenance for the | ||||
Manifest chain, which should be traced back if the Observer and UA | ||||
were within Broadcast RID wireless range of each other for an | ||||
extended period of time. | ||||
The _DRIP Link (BE: HDA, UA)_ is included so there is a direct | ||||
signature by the UA over the Broadcast Endorsement (see Section 4.2). | signature by the UA over the Broadcast Endorsement (see Section 4.2). | |||
Typical operation would expect that the list of ASTM Message Hashes | Typical operation would expect that the list of _ASTM Message Hashes_ | |||
contain nonce-like data. To enforce a binding between the BE: HDA, | contain nonce-like data. To enforce a binding between the BE: HDA, | |||
UA and avoid trivial replay attack vectors (see Section 9.1), at | UA and avoid trivial replay attack vectors (see Section 9.1), at | |||
least one ASTM Message Hash MUST be from an [F3411] message that | least one _ASTM Message Hash_ MUST be from an [F3411] message that | |||
satisfies the fourth requirement in Section 6.3. | satisfies the fourth requirement in Section 6.3. | |||
4.4.3. Hash Algorithms and Operation | 4.4.3. Hash Algorithms and Operation | |||
The hash algorithm used for the Manifest is the same hash algorithm | The hash algorithm used for the Manifest is the same hash algorithm | |||
used in creation of the DET [RFC9374] that is signing the Manifest. | used in creation of the DET [RFC9374] that is signing the Manifest. | |||
This is encoded as part of the DET using the HHIT Suite ID. | This is encoded as part of the DET using the HHIT Suite ID. | |||
DETs that use cSHAKE128 [NIST.SP.800-185] compute the hash as | DETs that use cSHAKE128 [NIST.SP.800-185] compute the hash as | |||
follows: | follows: | |||
cSHAKE128(ASTM Message, 64, "", "Remote ID Auth Hash") | cSHAKE128(ASTM Message, 64, "", "Remote ID Auth Hash") | |||
For ORCHID Generation Algorithms (OGAs) other than "5" (EdDSA/ | For ORCHID Generation Algorithms (OGAs) other than "5" (EdDSA/ | |||
cSHAKE128) [RFC9374], use the construct appropriate for the | cSHAKE128) [RFC9374], use the construct appropriate for the | |||
associated hash. For example, the hash for "2" (ECDSA/SHA-384) is | associated hash. For example, the hash for "2" (ECDSA/SHA-384) is | |||
computed as follows: | computed as follows: | |||
Ltrunc( SHA-384( ASTM Message | "Remote ID Auth Hash" ), 8 ) | Ltrunc( SHA-384( ASTM Message | "Remote ID Auth Hash" ), 8 ) | |||
When building the list of hashes, the Previous Manifest Hash is known | When building a Manifest, this process MUST be followed: | |||
from the previous Manifest. For the first built Manifest, this value | ||||
is filled with a random nonce. The Current Manifest Hash is null | 1. The _Previous Manifest Hash_ | |||
filled while ASTM Messages are hashed and fill the ASTM Messaged | ||||
Hashes section. When all messages are hashed, the Current Manifest | a. is filled with a random nonce if and only if this is the | |||
Hash is computed over the Previous Manifest Hash, Current Manifest | first manifest being generated; | |||
Hash (null filled), and ASTM Message Hashes. This hash value | ||||
replaces the null-filled Current Manifest Hash and becomes the | b. otherwise, it contains the previous manifest's _Current | |||
Previous Manifest Hash for the next Manifest. | Manifest Hash_. | |||
2. The _Current Manifest Hash_ is filled with null. | ||||
3. _ASTM Message Hashes_ are filled per Section 4.4.3.1 or | ||||
Section 4.4.3.2. | ||||
4. A hash, as defined above in this section, is calculated over the | ||||
_Previous Manifest Hash_, _Current Manifest Hash_ (null filled), | ||||
and _ASTM Message Hashes_. | ||||
5. The _Current Manifest Hash_ (null filled) is replaced with the | ||||
hash generated in Step r. | ||||
4.4.3.1. Legacy Transport Hashing | 4.4.3.1. Legacy Transport Hashing | |||
Under this transport, DRIP hashes the full ASTM Message being sent | Under this transport, DRIP hashes the full ASTM Message being sent | |||
over the Bluetooth Advertising frame. This is the 25-octet object | over the Bluetooth Advertising frame. This is the 25-octet object | |||
that starts with the Message Type and Protocol Version octet along | that starts with the Message Type and Protocol Version octet along | |||
with the 24 octets of message data. The hash MUST NOT include the | with the 24 octets of message data. The hash MUST NOT include the | |||
Message Counter octet. | Message Counter octet. | |||
For paged ASTM Messages (currently only Authentication Messages), all | For paged ASTM Messages (currently only Authentication Messages), all | |||
of the pages are concatenated together in Page Number order and | of the pages are concatenated together in Page Number order and | |||
hashed as one object. | hashed as one object. | |||
4.4.3.2. Extended Transport Hashing | 4.4.3.2. Extended Transport Hashing | |||
Under this transport, DRIP hashes the full ASTM Message Pack (Message | Under this transport, DRIP hashes the full ASTM Message Pack (Message | |||
Type 0xF) regardless of its content. The hash MUST NOT include the | Type 0xF) regardless of its content. The hash MUST NOT include the | |||
Message Counter octet. | Message Counter octet. | |||
4.5. DRIP Frame | 4.5. DRIP Frame | |||
This SAM Type is defined to enable the use of Section 4.1 in the | This SAM Type is defined to enable use of the _UA-Signed Evidence | |||
future beyond the previously defined formats (Wrapper and Manifest) | Structure_ (Section 4.1) in the future beyond the previously defined | |||
by the inclusion of a single octet to signal the format of evidence | formats (Wrapper and Manifest) by the inclusion of a single octet to | |||
data (up to 111 octets). | signal the format of _Evidence_ data (up to 111 octets). | |||
The content format of Frame Evidence Data is not defined in this | The content format of _Frame Evidence Data_ is not defined in this | |||
document. Other specifications MUST define the contents and register | document. Other specifications MUST define the contents and register | |||
for a Frame Type. At the time of publication, there are no defined | for a _Frame Type_. At the time of publication (2024), there are no | |||
Frame Types other than an Experimental range. | defined Frame Types; only an Experimental range has been defined. | |||
Observers MUST check the signature of the structure (Section 4.1) per | Observers MUST check the signature of the structure (Section 4.1) per | |||
Section 3.1.2.2 and MAY, if the specification of Frame Type is known, | Section 3.1.2.2 and MAY, if the specification of _Frame Type_ is | |||
parse the content in Frame Evidence Data. | known, parse the content in _Frame Evidence Data_. | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| Frame Type | | | | Frame Type | | | |||
+---------------+ . | +---------------+ . | |||
. Frame Evidence Data . | . Frame Evidence Data . | |||
. . | . . | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
Figure 10: DRIP Frame | Figure 10: DRIP Frame | |||
Frame Type: (1 octet) | _Frame Type_: (1 octet) | |||
Byte to subtype for future different DRIP Frame formats. It takes | As shown in Figure 10, the _Frame Type_ takes the first octet, | |||
the first octet in Figure 10, leaving 111 octets available for | which leaves 111 octets available for _Frame Evidence Data_. See | |||
Frame Evidence Data. See Section 8.1 for Frame Type allocations. | Section 8.1 for Frame Type allocations. | |||
5. Forward Error Correction | 5. Forward Error Correction | |||
For Broadcast RID, FEC is provided by the lower layers in Extended | For Broadcast RID, FEC is provided by the lower layers in Extended | |||
Transports. The Bluetooth 4.x Legacy Transport does not support FEC, | Transports. The Bluetooth 4.x Legacy Transport does not support FEC, | |||
so the following application-level scheme is used with DRIP | so the following application-level scheme is used with DRIP | |||
Authentication to add some FEC. When sending data over a medium that | Authentication to add some FEC. When sending data over a medium that | |||
does not have underlying FEC, for example Bluetooth 4.x, this section | does not have underlying FEC, for example Bluetooth 4.x, this section | |||
MUST be used. | MUST be used. | |||
The Bluetooth 4.x lower layers have error detection but not | The Bluetooth 4.x lower layers have error detection but not | |||
correction. Any frame in which Bluetooth detects an error is dropped | correction. Any frame in which Bluetooth detects an error is dropped | |||
and not delivered to higher layers (in our case, DRIP). Thus it can | and not delivered to higher layers (in our case, DRIP). Thus it can | |||
be treated as an erasure. | be treated as an erasure. | |||
DRIP standardizes a single page FEC scheme using XOR parity across | DRIP standardizes a single page FEC scheme using XOR parity across | |||
all page data of an Authentication Message. This allows the | all page data of an Authentication Message. This allows the | |||
correction of a single erased page in an Authentication Message. If | correction of a single erased page in an Authentication Message. If | |||
more than a single page is missing, then handling of an incomplete | more than a single page is missing, then handling of an incomplete | |||
Authentication Message is determined by higher layers. | Authentication Message is determined by higher layers. | |||
Other FEC schemes, to protect more than a single page of an | Other FEC schemes, to protect more than a single page of an | |||
Authentication Message or multiple [F3411] Messages, are left for | Authentication Message or multiple [F3411] Messages, are left for | |||
future standardization if operational experience proves it necessary | future standardization if operational experience proves it necessary | |||
and/or practical. | and/or practical. | |||
The data added during FEC is not included in the Authentication Data | The data added during FEC is not included in the _Authentication Data | |||
/ Signature, but instead in the Additional Data field of Figure 2. | / Signature_, but instead in the _Additional Data_ field of Figure 2. | |||
This may cause the Authentication Message to exceed 9 pages, up to a | This may cause the Authentication Message to exceed 9 pages, up to a | |||
maximum of 16 pages. | maximum of 16 pages. | |||
5.1. Encoding | 5.1. Encoding | |||
When encoding, two things are REQUIRED: | When encoding, two things are REQUIRED: | |||
1. The FEC data MUST start on a new Authentication Page. To do | 1. The FEC data MUST start on a new Authentication Page. To do | |||
this, the results of parity encoding MUST be placed in the | this, the results of parity encoding MUST be placed in the | |||
Additional Data field of Figure 2 with null padding before it to | _Additional Data_ field of Figure 2 with null padding before it | |||
line up with the next page. The Additional Data Length field | to line up with the next page. The _Additional Data Length_ | |||
MUST be set to number of padding octets + number of parity | field MUST be set to number of padding octets + number of parity | |||
octets. | octets. | |||
2. The Last Page Index field (in Page 0) MUST be incremented from | 2. The _Last Page Index_ field (in Page 0) MUST be incremented from | |||
what it would have been without FEC by the number of pages | what it would have been without FEC by the number of pages | |||
required for the Additional Data Length field, null padding, and | required for the _Additional Data Length_ field, null padding, | |||
FEC. | and FEC. | |||
To generate the parity, a simple XOR operation using the previous | To generate the parity, a simple XOR operation using the previous | |||
parity page and current page is used. Only the 23-octet | parity page and current page is used. Only the 23-octet | |||
Authentication Payload field of Figure 1 is used in the XOR | _Authentication Payload_ field of Figure 1 is used in the XOR | |||
operations. For Page 0, a 23-octet null pad is used for the previous | operations. For Page 0, a 23-octet null pad is used for the previous | |||
parity page. | parity page. | |||
Figure 11 shows an example of the last two pages (out of N) of an | Figure 11 shows an example of the last two pages (out of N) of an | |||
Authentication Message using DRIP Single Page FEC. The Additional | Authentication Message using DRIP Single Page FEC. The _Additional | |||
Data Length is set to 33, as there are always 23 octets of FEC data | Data Length_ is set to 33, as there are always 23 octets of FEC data | |||
and there are 10 octets of padding in this example to line it up into | and there are 10 octets of padding in this example to line it up into | |||
Page N. | Page N. | |||
Page N-1: | Page N-1: | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| Page Header | | | | Page Header | | | |||
+---------------+ | | +---------------+ | | |||
| Authentication Data / Signature | | | Authentication Data / Signature | | |||
| | | | | | |||
| +---------------+---------------+---------------+ | | +---------------+---------------+---------------+ | |||
| | ADL=33 | | | | | ADL=33 | | | |||
+---------------+---------------+ | | +---------------+---------------+ | | |||
| Null Padding | | | Null Padding | | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
Page N: | Page N: | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
| Page Header | | | | Page Header | | | |||
+---------------+ | | +---------------+ | | |||
| | | | | | |||
| Forward Error Correction | | | Forward Error Correction | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
+---------------+---------------+---------------+---------------+ | +---------------+---------------+---------------+---------------+ | |||
Figure 11: Example Single Page FEC Encoding | Figure 11: Example Single Page FEC Encoding | |||
5.2. Decoding | 5.2. Decoding | |||
Frame decoding is independent of the transmit media. However, the | Frame decoding is independent of the transmit media. However, the | |||
decoding process can determine from the first Authentication page | decoding process can determine from the first Authentication Page | |||
that there may be a Bluetooth 4.x FEC page at the end. The decoding | that there may be a Bluetooth 4.x FEC page at the end. The decoding | |||
process MUST test for the presence of FEC and apply it as follows. | process MUST test for the presence of FEC and apply it as follows. | |||
To determine if FEC has been used, a check of the Last Page Index is | To determine if FEC has been used, a check of the _Last Page Index_ | |||
performed. In general, if the Last Page Index field is one greater | is performed. In general, if the _Last Page Index_ field is one | |||
than that necessary to hold Length octets of Authentication Data, | greater than that necessary to hold _Length_ octets of Authentication | |||
then FEC has been used. Note that if Length octets are exhausted | Data, then FEC has been used. Note that if _Length_ octets are | |||
exactly at the end of an Authentication Page, the Additional Data | exhausted exactly at the end of an Authentication Page, the | |||
Length field will occupy the first octet of the following page. The | _Additional Data Length_ field will occupy the first octet of the | |||
remainder of this page will be null padded under DRIP to align the | following page. The remainder of this page will be null padded under | |||
FEC to its own page. In this case, the Last Page Index will have | DRIP to align the FEC to its own page. In this case, the _Last Page | |||
been incremented once for initializing the Additional Data Length | Index_ will have been incremented once for initializing the | |||
field and once for the FEC page, for a total of two additional pages, | _Additional Data Length_ field and once for the FEC page, for a total | |||
as in the last row of Table 5. | of two additional pages, as in the last row of Table 5. | |||
To decode FEC in DRIP, a rolling XOR is used on each Authentication | To decode FEC in DRIP, a rolling XOR is used on each _Authentication | |||
Page received in the current Authentication Message. A Message | Page_ received in the current Authentication Message. A Message | |||
Counter, outside of the ASTM Message but specified in [F3411], is | Counter, outside of the ASTM Message but specified in [F3411], is | |||
used to signal a different Authentication Message and to correlate | used to signal a different Authentication Message and to correlate | |||
pages to messages. This Message Counter is only a single octet in | pages to messages. This Message Counter is only a single octet in | |||
length, so it will roll over (to 0x00) after reaching its maximum | length, so it will roll over (to 0x00) after reaching its maximum | |||
value (0xFF). If only a single page is missing in the Authentication | value (0xFF). If only a single page is missing in the Authentication | |||
Message the resulting parity octets should be the data of the erased | Message the resulting parity octets should be the data of the erased | |||
page. | page. | |||
Authentication Page 0 contains various important fields, only located | Authentication Page 0 contains various important fields, only located | |||
on that page, that help decode the full ASTM Authentication Message. | on that page, that help decode the full ASTM Authentication Message. | |||
If Page 0 has been reconstructed, the Last Page Index and Length | If Page 0 has been reconstructed, the _Last Page Index_ and _Length_ | |||
fields MUST be validated by DRIP. The pseudocode in Figure 12 can be | fields MUST be validated by DRIP. The pseudocode in Figure 12 can be | |||
used for both checks. | used for both checks. | |||
<CODE BEGINS> | <CODE BEGINS> | |||
function decode_check(auth_pages[], decoded_lpi, decoded_length) { | function decode_check(auth_pages[], decoded_lpi, decoded_length) { | |||
// check decoded_lpi does not exceed maximum value | // check decoded_lpi does not exceed maximum value | |||
if (decoded_lpi >= 16) { | if (decoded_lpi >= 16) { | |||
return DECODE_FAILURE | return DECODE_FAILURE | |||
} | } | |||
// check that decoded length does not exceed DRIP maximum value | // check that decoded length does not exceed DRIP maximum value | |||
if (decoded_length > 201) { | if (decoded_length > 201) { | |||
return DECODE_FAILURE | return DECODE_FAILURE | |||
} | } | |||
// grab the page at index where length ends and extract its data | // grab the page at index where length ends and extract its data | |||
auth_data = auth_pages[(decoded_length - 17) / 23].data | auth_data = auth_pages[(decoded_length - 17) / 23].data | |||
// find the index of last auth byte | // find the index of last auth byte | |||
last_auth_byte = (17 + (23 * last_auth_page)) - decoded_length | last_auth_byte = (17 + (23 * last_auth_page)) - decoded_length | |||
// look for non-nulls after the last auth byte | // look for non-nulls after the last auth byte | |||
if (auth_data[(last_auth_byte + 2):] has non-nulls) { | if (auth_data[(last_auth_byte + 2):] has non-nulls) { | |||
return DECODE_FAILURE | return DECODE_FAILURE | |||
} | } | |||
// check that byte directly after last auth byte is null | // check that byte directly after last auth byte is null | |||
if (auth_data[last_auth_byte + 1] equals null) { | if (auth_data[last_auth_byte + 1] equals null) { | |||
return DECODE_FAILURE | return DECODE_FAILURE | |||
} | } | |||
// we set our presumed Additional Data Length (ADL) | // we set our presumed Additional Data Length (ADL) | |||
presumed_adl = auth_data[last_auth_byte + 1] | presumed_adl = auth_data[last_auth_byte + 1] | |||
// use the presumed ADL to calculate a presumed LPI | // use the presumed ADL to calculate a presumed | |||
//Last Page Index (LPI, a field defined in [F3411]) | ||||
presumed_lpi = (presumed_adl + decoded_length - 17) / 23 | presumed_lpi = (presumed_adl + decoded_length - 17) / 23 | |||
// check that presumed LPI and decoded LPI match | // check that presumed LPI and decoded LPI match | |||
if (presumed_lpi not equal decoded_lpi) { | if (presumed_lpi not equal decoded_lpi) { | |||
return DECODE_FAILURE | return DECODE_FAILURE | |||
} | } | |||
return DECODE_SUCCESS | return DECODE_SUCCESS | |||
} | } | |||
<CODE ENDS> | <CODE ENDS> | |||
Figure 12: Pseudocode for Decode Checks | Figure 12: Pseudocode for Decode Checks | |||
5.3. FEC Limitations | 5.3. FEC Limitations | |||
The worst-case scenario is when the Authentication Data / Signature | The worst-case scenario is when the _Authentication Data / Signature_ | |||
ends perfectly on a page boundary (Page N-1). This means the | ends perfectly on a page boundary (Page N-1). This means the | |||
Additional Data Length would start the next page (Page N) and have 22 | _Additional Data Length_ would start the next page (Page N) and have | |||
octets worth of null padding to align the FEC to begin at the start | 22 octets worth of null padding to align the FEC to begin at the | |||
of the next page (Page N+1). In this scenario, an entire page (Page | start of the next page (Page N+1). In this scenario, an entire page | |||
N) is being wasted just to carry the Additional Data Length. | (Page N) is being wasted just to carry the _Additional Data Length_. | |||
6. Requirements and Recommendations | 6. Requirements and Recommendations | |||
6.1. Legacy Transports | 6.1. Legacy Transports | |||
Under DRIP, the goal is to bring reliable receipt of the paged | Under DRIP, the goal is to bring reliable receipt of the paged | |||
Authentication Message using Legacy Transports. FEC (Section 5) MUST | Authentication Message using Legacy Transports. FEC (Section 5) MUST | |||
be used, per mandated RID rules (for example, the US FAA RID Rules | be used, per mandated RID rules (for example, the US FAA RID Rules | |||
[FAA-14CFR]), when using Legacy Transports (such as Bluetooth 4.x). | [FAA-14CFR]), when using Legacy Transports (such as Bluetooth 4.x). | |||
Under [F3411], Authentication Messages are transmitted at the static | Under [F3411], Authentication Messages are transmitted at the static | |||
rate (at least every 3 seconds). Any DRIP Authentication Messages | rate (at least every 3 seconds). Any DRIP Authentication Messages | |||
containing dynamic data (such as the DRIP Wrapper) MAY be sent at the | containing dynamic data (such as the DRIP Wrapper) MAY be sent at the | |||
dynamic rate (at least every 1 second). | dynamic rate (at least every 1 second). | |||
6.2. Extended Transports | 6.2. Extended Transports | |||
Under the ASTM specification, Extended Transports of RID must use the | Under the ASTM specification, Extended Transports of RID must use the | |||
Message Pack (Message Type 0xF) format for all transmissions. Under | Message Pack (Message Type 0xF) format for all transmissions. Under | |||
Message Pack, ASTM Messages are sent together (in Message Type order) | Message Pack, ASTM Messages are sent together (in Message Type order) | |||
in a single frame (up to 9 single-frame equivalent messages under | in a single frame (up to 9 single-frame equivalent messages under | |||
Legacy Transports). Message Packs are required by [F3411] to be sent | Legacy Transports). Message Packs are required by [F3411] to be sent | |||
at a rate of 1 per second (like dynamic messages). | at a rate of 1 per second (like dynamic messages). | |||
Message Packs are sent only over Extended Transports that provide | Message Packs are sent only over Extended Transports that provide | |||
FEC. Thus, the DRIP decoders will never be presented with a Message | FEC. Thus, the DRIP decoders will never be presented with a Message | |||
Pack from which a constituent Authentication Page has been dropped; | Pack from which a constituent Authentication Page has been dropped; | |||
DRIP FEC could never provide benefit to a Message Pack, only consume | DRIP FEC could never provide benefit to a Message Pack, only consume | |||
its precious payload space. Therefore, DRIP FEC (Section 5) MUST NOT | its precious payload space. Therefore, DRIP FEC (Section 5) MUST NOT | |||
be used in Message Packs. | be used in Message Packs. | |||
6.3. Authentication | 6.3. Authentication | |||
To fulfill the requirements in [RFC9153], a UA: | To fulfill the requirements in [RFC9153], a UA: | |||
1. MUST: send DRIP Link (Section 4.2) using the BE: Apex, RAA | 1. MUST: send DRIP Link (Section 4.2) using the _BE: Apex, RAA_ | |||
(partially satisfying GEN-3); at least once per 5 minutes. Apex | (partially satisfying GEN-3); at least once per 5 minutes. Apex | |||
in this context is the DET prefix owner. | in this context is the DET prefix owner. | |||
2. MUST: send DRIP Link (Section 4.2) using the BE: RAA, HDA | 2. MUST: send DRIP Link (Section 4.2) using the BE: RAA, HDA | |||
(partially satisfying GEN-3); at least once per 5 minutes. | (partially satisfying GEN-3); at least once per 5 minutes. | |||
3. MUST: send DRIP Link (Section 4.2) using the BE: HDA, UA | 3. MUST: send DRIP Link (Section 4.2) using the BE: HDA, UA | |||
(satisfying ID-5, GEN-1 and partially satisfying GEN-3); at least | (satisfying ID-5, GEN-1 and partially satisfying GEN-3); at least | |||
once per minute. | once per minute. | |||
4. MUST: send any other DRIP Authentication Format (non-DRIP Link) | 4. MUST: send any other DRIP Authentication Format (non-DRIP Link) | |||
where the UA is dynamically signing data that is guaranteed to be | where the UA is dynamically signing data that is guaranteed to be | |||
unique, unpredictable, and easily cross checked by the receiving | unique, unpredictable, and easily cross checked by the receiving | |||
device (satisfying ID-5, GEN-1 and GEN-2); at least once per 5 | device (satisfying ID-5, GEN-1 and GEN-2); at least once per 5 | |||
seconds. | seconds. | |||
These four transmission requirements collectively satisfy GEN-3. | These four transmission requirements collectively satisfy GEN-3. | |||
6.4. Operational | 6.4. Operational | |||
UAS operation may impact the frequency of sending DRIP Authentication | UAS operation may impact the frequency of sending DRIP Authentication | |||
messages. When a UA dwells at an approximate location, and the | Messages. When a UA dwells at an approximate location, and the | |||
channel is heavily used by other devices, less frequent message | channel is heavily used by other devices, less frequent message | |||
authentication may be effective (to minimize RF packet collisions) | authentication may be effective (to minimize RF packet collisions) | |||
for an Observer. Contrast this with a UA transiting an area, where | for an Observer. Contrast this with a UA transiting an area, where | |||
authenticated messages SHOULD be sufficiently frequent for an | authenticated messages SHOULD be sufficiently frequent for an | |||
Observer to have a high probability of receiving an adequate number | Observer to have a high probability of receiving an adequate number | |||
for validation during the transit. | for validation during the transit. | |||
A RECOMMENDED operational configuration (in alignment with | A RECOMMENDED operational configuration (in alignment with | |||
Section 6.3) with rationale can be found in Appendix B. It consists | Section 6.3) with rationale can be found in Appendix B. It | |||
of the following recommendations for every second: | recommends the following once per second: | |||
* Under Legacy Transport: | * Under Legacy Transport: | |||
- Two sets of those ASTM Messages required by a CAA in its | - Two sets of those ASTM Messages required by a CAA in its | |||
jurisdiction (example: Basic ID, Location and System) and one | jurisdiction (example: Basic ID, Location/Vector, and System) | |||
set of other ASTM Messages (example: Self ID, Operator ID) | and one set of other ASTM Messages (example: Self ID, Operator | |||
ID) | ||||
- An FEC-protected DRIP Manifest enabling authentication of those | - An FEC-protected DRIP Manifest enabling authentication of those | |||
ASTM Messages sent | ASTM Messages sent | |||
- A single page of an FEC-protected DRIP Link | - A single page of an FEC-protected DRIP Link | |||
* Under Extended Transport: | * Under Extended Transport: | |||
- A Message Pack of ASTM Messages (up to 4) and a DRIP Wrapper | - A Message Pack of ASTM Messages (up to 4) and a DRIP Wrapper | |||
(per Section 4.3.2) | (per Section 4.3.2) | |||
- A Message Pack of a DRIP Link | - A Message Pack of a DRIP Link | |||
6.4.1. DRIP Wrapper | 6.4.1. DRIP Wrapper | |||
If DRIP Wrappers are sent, they MUST be sent in addition to any | If DRIP Wrappers are sent, they MUST be sent in addition to any | |||
required ASTM Messages in a given jurisdiction. An implementation | required ASTM Messages in a given jurisdiction. An implementation | |||
MUST NOT send DRIP Wrappers in place of any required ASTM Messages it | MUST NOT send DRIP Wrappers in place of any required ASTM Messages it | |||
may encapsulate. Thus, messages within a Wrapper are sent twice: | may encapsulate. Thus, messages within a Wrapper are sent twice: | |||
once in the clear and once authenticated within the Wrapper. | once in the clear and once authenticated within the Wrapper. | |||
The DRIP Wrapper has a specific use case for DRIP-aware Observers. | The DRIP Wrapper has a specific use case for DRIP-aware Observers. | |||
For an Observer plotting Location Messages (Message Type 0x2) on a | For an Observer plotting Location/Vector Messages (Message Type 0x2) | |||
map, display of an embedded Location Message in a DRIP Wrapper can be | on a map, display of an embedded Location/Vector Message in a DRIP | |||
marked differently (e.g., via color) to signify trust in the Location | Wrapper can be marked differently (e.g., via color) to signify trust | |||
data. | in the Location/Vector data. | |||
6.4.2. UAS RID Trust Assessment | 6.4.2. UAS RID Trust Assessment | |||
As described in Section 3.1.2, the Observer MUST perform validation | As described in Section 3.1.2, the Observer MUST perform validation | |||
of the data being received in Broadcast RID. This is because trust | of the data being received in Broadcast RID. This is because trust | |||
in a key is different from trust that an observed UA possesses that | in a key is different from trust that an observed UA possesses that | |||
key. | key. | |||
A chain of DRIP Links provides trust in a key. A message containing | A chain of DRIP Links provides trust in a key. A message, signed by | |||
rapidly changing, not predictable far in advance (relative to typical | that key, containing data that changes rapidly and is not predictable | |||
operational flight times) that can be validated by Observers, signed | far in advance (relative to typical operational flight times) but | |||
by that key, provides trust that some agent with access to that data | that can be validated by Observers, provides trust that some agent | |||
also possesses that key. If the validation involves correlating | with access to that data also possesses that key. If the validation | |||
physical world observations of the UA with claims in that data, then | involves correlating physical world observations of the UA with | |||
the probability is high that the observed UA is (or is collaborating | claims in that data, then the probability is high that the observed | |||
with or observed in real time by) the agent with the key. | UA is (or is collaborating with or observed in real time by) the | |||
agent with the key. | ||||
After signature verification of any DRIP Authentication Message | After signature verification of any DRIP Authentication Message | |||
containing UAS RID information elements (e.g., DRIP Wrapper | containing UAS RID information elements (e.g., DRIP Wrapper | |||
Section 4.3) the Observer MUST use other sources of information to | Section 4.3) the Observer MUST use other sources of information to | |||
correlate against and perform validation. An example of another | correlate against and perform validation. An example of another | |||
source of information is a visual confirmation of the UA position. | source of information is a visual confirmation of the UA position. | |||
When correlation of these different data streams does not match in | When correlation of these different data streams does not match in | |||
acceptable thresholds, the data MUST be rejected as if the signature | acceptable thresholds, the data MUST be rejected as if the signature | |||
failed to validate. Acceptable threshold limits and what happens | failed to validate. Acceptable threshold limits and what happens | |||
after such a rejection are out of scope for this document. | after such a rejection are out of scope for this document. | |||
7. Summary of Addressed DRIP Requirements | 7. Summary of Addressed DRIP Requirements | |||
The following requirements as defined in [RFC9153] are addressed in | The following requirements as defined in [RFC9153] are addressed in | |||
this document: | this document: | |||
ID-5: Non-spoofability | ID-5: Non-spoofability | |||
Addressed using the DRIP Wrapper (Section 4.3), DRIP Manifest | Addressed using the DRIP Wrapper (Section 4.3), DRIP Manifest | |||
(Section 4.4), or DRIP Frame (Section 4.5). | (Section 4.4), or DRIP Frame (Section 4.5). | |||
GEN-1: Provable Ownership | GEN-1: Provable Ownership | |||
Addressed using the DRIP Link (Section 4.2) and DRIP Wrapper | Addressed using the DRIP Link (Section 4.2) and DRIP Wrapper | |||
(Section 4.3), DRIP Manifest (Section 4.4), or DRIP Frame | (Section 4.3), DRIP Manifest (Section 4.4), or DRIP Frame | |||
(Section 4.5). | (Section 4.5). | |||
GEN-2: Provable Binding | GEN-2: Provable Binding | |||
Addressed using the DRIP Wrapper (Section 4.3), DRIP Manifest | Addressed using the DRIP Wrapper (Section 4.3), DRIP Manifest | |||
(Section 4.4) or DRIP Frame (Section 4.5). | (Section 4.4) or DRIP Frame (Section 4.5). | |||
GEN-3: Provable Registration | GEN-3: Provable Registration | |||
Addressed using the DRIP Link (Section 4.2). | Addressed using the DRIP Link (Section 4.2). | |||
8. IANA Considerations | 8. IANA Considerations | |||
8.1. IANA DRIP Registry | 8.1. IANA DRIP Registry | |||
IANA has created the "DRIP SAM Types" and "DRIP Frame Types" | IANA has created the "DRIP SAM Types" and "DRIP Frame Types" | |||
registries within the "Drone Remote ID Protocol" registry group | registries within the "Drone Remote ID Protocol" registry group | |||
(https://www.iana.org/assignments/drip). | (https://www.iana.org/assignments/drip). | |||
DRIP SAM Types: | DRIP SAM Types: | |||
This registry is a mirror for SAM Types containing the subset of | This registry is a mirror for SAM Types containing the subset of | |||
allocations used by DRIP Authentication Messages. Future | allocations used by DRIP Authentication Messages. Future | |||
additions MUST be done through ASTM's designated registrar, which | additions MUST be done through ASTM's designated registrar, which | |||
is ICAO [ASTM-Remote-ID] at the time of publication of this RFC. | is ICAO [ASTM-Remote-ID] at the time of publication of this RFC | |||
Additions for DRIP will be coordinated by IANA and the ASTM | (2024). The registration procedure for DRIP (only) SAM Types is | |||
designated registrar before final publication as Standards Track | Standards Action [RFC8126]. Requests for new DRIP SAM Type | |||
RFCs. The following values have been allocated to the IETF: | registrations will be coordinated by IANA and the ASTM-designated | |||
registrar of all SAM Types before being documented in Standards | ||||
Track RFCs. The following values have been allocated to the IETF: | ||||
+==========+===========+=======================================+ | +==========+===========+=======================================+ | |||
| SAM Type | Name | Description | | | SAM Type | Name | Description | | |||
+==========+===========+=======================================+ | +==========+===========+=======================================+ | |||
| 0x01 | DRIP Link | Format to hold Broadcast Endorsements | | | 0x01 | DRIP Link | Format to hold Broadcast Endorsements | | |||
+----------+-----------+---------------------------------------+ | +----------+-----------+---------------------------------------+ | |||
| 0x02 | DRIP | Authenticate full ASTM Messages | | | 0x02 | DRIP | Authenticate full ASTM Messages | | |||
| | Wrapper | | | | | Wrapper | | | |||
+----------+-----------+---------------------------------------+ | +----------+-----------+---------------------------------------+ | |||
| 0x03 | DRIP | Authenticate hashes of ASTM Messages | | | 0x03 | DRIP | Authenticate hashes of ASTM Messages | | |||
| | Manifest | | | | | Manifest | | | |||
+----------+-----------+---------------------------------------+ | +----------+-----------+---------------------------------------+ | |||
| 0x04 | DRIP | Format for future DRIP authentication | | | 0x04 | DRIP | Format for future DRIP authentication | | |||
| | Frame | | | | | Frame | | | |||
+----------+-----------+---------------------------------------+ | +----------+-----------+---------------------------------------+ | |||
Table 2: DRIP SAM Types | Table 2: DRIP SAM Types | |||
DRIP Frame Types: | DRIP Frame Types: | |||
This 8-bit value registry is for Frame Types in DRIP Frame | This 8-bit value registry is for Frame Types in DRIP Frame | |||
Authentication Messages. Future additions to this registry are to | Authentication Messages. Future additions to this registry are to | |||
be made through Expert Review (Section 4.5 of [RFC8126]) for | be made through Expert Review (Section 4.5 of [RFC8126]) for | |||
values 0x01 to 0x9F and First Come First Served (Section 4.4 of | values 0x01 to 0x9F and First Come First Served (Section 4.4 of | |||
[RFC8126]) for values 0xA0 to 0xEF. The following values are | [RFC8126]) for values 0xA0 to 0xEF. The following values are | |||
defined: | defined: | |||
+=============+==============+===============================+ | +=============+==============+===============================+ | |||
| Frame Type | Name | Description | | | Frame Type | Name | Description | | |||
+=============+==============+===============================+ | +=============+==============+===============================+ | |||
| 0x00 | Reserved | Reserved | | | 0x00 | Reserved | Reserved | | |||
+-------------+--------------+-------------------------------+ | +-------------+--------------+-------------------------------+ | |||
| 0x01 - 0xEF | Unassigned | | | | 0x01 - 0xEF | Unassigned | | | |||
+-------------+--------------+-------------------------------+ | +-------------+--------------+-------------------------------+ | |||
| 0xF0-0xFF | Experimental | Reserved for Experimental Use | | | 0xF0-0xFF | Experimental | Reserved for Experimental Use | | |||
+-------------+--------------+-------------------------------+ | +-------------+--------------+-------------------------------+ | |||
Table 3: DRIP Frame Types | Table 3: DRIP Frame Types | |||
Criteria that should be applied by the designated experts includes | Criteria that should be applied by the designated experts includes | |||
determining whether the proposed registration duplicates existing | determining whether the proposed registration duplicates existing | |||
functionality and whether the registration description is clear and | functionality and whether the registration description is clear and | |||
fits the purpose of this registry. | fits the purpose of this registry. | |||
Registration requests MUST be sent to drip-reg-review@ietf.org | Registration requests MUST be sent to drip-reg-review@ietf.org | |||
(mailto:drip-reg-review@ietf.org) and be evaluated by one or more | (mailto:drip-reg-review@ietf.org) and be evaluated by one or more | |||
designated experts within a three-week review period. Within that | designated experts within a three-week review period. Within that | |||
review period, the designated experts will either approve or deny the | review period, the designated experts will either approve or deny the | |||
registration request, and communicate their decision to the review | registration request, and communicate their decision to the review | |||
list and IANA. Denials should include an explanation and, if | list and IANA. Denials should include an explanation and, if | |||
applicable, suggestions to successfully register the DRIP Frame Type. | applicable, suggestions to successfully register the DRIP Frame Type. | |||
Registration requests that are undetermined for a period longer than | Registration requests that are undetermined for a period longer than | |||
28 days can be brought to the IESG's attention for resolution. | 28 days can be brought to the IESG's attention for resolution. | |||
9. Security Considerations | 9. Security Considerations | |||
9.1. Replay Attacks | 9.1. Replay Attacks | |||
[F3411] (regardless of transport) lacks replay protection, as it more | [F3411] (regardless of transport) lacks replay protection, as it more | |||
fundamentally lacks fully specified authentication. An attacker can | fundamentally lacks fully specified authentication. An attacker can | |||
spoof the UA sender MAC address and UAS ID, replaying (with or | spoof the UA sender MAC address and UAS ID, replaying (with or | |||
without modification) previous genuine messages, and/or crafting | without modification) previous genuine messages, and/or crafting | |||
entirely new messages. Using DRIP in [F3411] Authentication message | entirely new messages. Using DRIP in [F3411] Authentication Message | |||
framing enables verification that messages were signed with | framing enables verification that messages were signed with | |||
registered keys, but when naively used may be vulnerable to replay | registered keys, but when naively used may be vulnerable to replay | |||
attacks. Technologies such as Single Emitter Identification can | attacks. Technologies such as Single Emitter Identification can | |||
detect such attacks, but they are not readily available and can be | detect such attacks, but they are not readily available and can be | |||
prohibitively expensive, especially for typical Observer devices such | prohibitively expensive, especially for typical Observer devices such | |||
as smartphones. | as smartphones. | |||
Replay attack detection using DRIP requires Observer devices to | Replay attack detection using DRIP requires Observer devices to | |||
combine information from multiple messages and sources other than | combine information from multiple messages and sources other than | |||
Broadcast RID. A complete chain of Link messages (Section 4.2) from | Broadcast RID. A complete chain of Link messages (Section 4.2) from | |||
an Endorsement root of trust to the claimed sender must be collected | an Endorsement root of trust to the claimed sender must be collected | |||
and verified by the Observer device to provide trust in a key. | and verified by the Observer device to provide trust in a key. | |||
Successful signature verification, using that key, of a Wrapper | Successful signature verification, using that public key, of a | |||
(Section 4.3) or Manifest (Section 4.4) message, authenticating | Wrapper (Section 4.3) or Manifest (Section 4.4) message, | |||
content that is nonce-like, provides trust that the sender actually | authenticating content that is nonce-like, provides trust that the | |||
possesses that key. | sender actually possesses the corresponding private key. | |||
The term "nonce-like" means the that data is unique, not accurately | The term "nonce-like" describes data that is unique, changes | |||
predictable long in advance, and readily validated by the Observer. | frequently, is not accurately predictable long in advance, and is | |||
This is described in Section 6.3 (requirement 4) and Section 3.1.2.2. | easily validated (i.e., can be checked quickly at low computational | |||
The Location message [F3411] reporting precise UA position and | cost using readily available data) by the Observer. A Location/ | |||
velocity at a precise and very recent time is to be checked by the | Vector Message is an obvious choice. This is described in | |||
Observer against visual observations of the UA within RF. Thus, | Section 3.1.2.2 and Section 6.3 (requirement 4). The Location/Vector | |||
Visual Line of Sight is typically the recommended form of this data. | Message [F3411] reporting precise UA position and velocity at a | |||
For specification of the foregoing, see Sections 3.1.2 and 6.4.2. | precise and very recent time is to be checked by the Observer against | |||
visual observations of the UA within RF. Thus, Visual Line of Sight | ||||
is typically the recommended form of this data. For specification of | ||||
the foregoing, see Sections 3.1.2 and 6.4.2. | ||||
Messages that pass signature verification with trusted keys could | Messages that pass signature verification with trusted keys could | |||
still be replays if they contain only static information (e.g., | still be replays if they contain only static information (e.g., | |||
Broadcast Endorsements (Section 4.2), [F3411] Basic ID or [F3411] | Broadcast Endorsements (Section 4.2), [F3411] Basic ID or [F3411] | |||
Operator ID), or information that cannot be readily validated (e.g., | Operator ID), or information that cannot be readily validated (e.g., | |||
[F3411] Self-ID). Replay of Link messages is harmless (unless sent | [F3411] Self-ID). Replay of Link messages is harmless (unless sent | |||
so frequently as to cause RF data link congestion) and indeed can | so frequently as to cause RF data link congestion) and indeed can | |||
increase the likelihood of an Observer device collecting an entire | increase the likelihood of an Observer device collecting an entire | |||
trust chain in a short time window. Replay of other messages | trust chain in a short time window. Replay of other messages | |||
([F3411] Basic ID, [F3411] Operator ID, or [F3411] Self-ID) remains a | ([F3411] Basic ID, [F3411] Operator ID, or [F3411] Self-ID) remains a | |||
vulnerability, unless they are combined with messages containing | vulnerability, unless they are combined with messages containing | |||
nonce-like data ([F3411] Location or [F3411] System) in a Wrapper or | nonce-like data ([F3411] Location/Vector or [F3411] System) in a | |||
Manifest. For specification of this last requirement, see | Wrapper or Manifest. For specification of this last requirement, see | |||
Section 4.4.2. | Section 4.4.2. | |||
9.2. Wrapper vs Manifest | 9.2. Wrapper vs Manifest | |||
Implementations have a choice of using Wrapper (Section 4.3), | Implementations have a choice of using Wrapper (Section 4.3), | |||
Manifest (Section 4.4), or a combination to satisfy the fourth | Manifest (Section 4.4), or a combination to satisfy the fourth | |||
requirement in Section 6.3. | requirement in Section 6.3. | |||
Wrapper is an attached signature of the full content of one or more | Wrapper is an attached signature on the full content of one or more | |||
[F3411] messages, providing strong authentication. However, the size | [F3411] messages, providing strong authentication. Wrapper is an | |||
attached signature of the full content of one or more [F3411] | ||||
messages, providing strong authentication. However, the size | ||||
limitation means it cannot support such signatures over other | limitation means it cannot support such signatures over other | |||
Authentication Messages; thus, it cannot provide a direct binding to | Authentication Messages; thus, it cannot provide a direct binding to | |||
any part of the trust chain (Sections 3.1.2 and 6.4.2). | any part of the trust chain (Sections 3.1.2 and 6.4.2). | |||
Manifest explicitly provides the binding of the last link in the | Manifest explicitly provides the binding of the last link in the | |||
trust chain (with the inclusion of the hash of the Link containing | trust chain (with the inclusion of the hash of the Link containing | |||
BE: HDA, UA). The use of hashes and their length also allows for a | BE: HDA, UA). The use of hashes and their length also allows for a | |||
larger number (11 vs 4) of [F3411] messages to be authenticated, | larger number (11 vs 4) of [F3411] messages to be authenticated, | |||
making it more efficient compared to the Wrapper. However, the | making it more efficient compared to the Wrapper. However, the | |||
detached signature requires additional Observer overhead in storing | detached signature requires additional Observer overhead in storing | |||
and comparing hashes of received messages (some of which may not be | and comparing hashes of received messages (some of which may not be | |||
received) with those in a Manifest. | received) with those in a Manifest. | |||
Appendix B contains a breakdown of frame counts and an example of a | Appendix B contains a breakdown of frame counts and an example of a | |||
schedule using both Manifest and Wrapper. Typical operation may see | schedule using both Manifest and Wrapper. Typical operation may see | |||
(as an example) 2x Basic ID, 2x Location, 2x System, 1x Operator ID | (as an example) 2x Basic ID, 2x Location/Vector, 2x System, 1x | |||
and 1x Self ID broadcast per second to comply with jurisdiction | Operator ID and 1x Self ID broadcast per second to comply with | |||
mandates. Each of these messages is a single frame in size. A Link | jurisdiction mandates. Each of these messages is a single frame in | |||
message is 8 frames long (including FEC). This is a base frame count | size. A Link message is 8 frames long (including FEC). This is a | |||
of *16 frames*. | base frame count of *16 frames*. | |||
When Wrapper is used, up to four of the previous messages (except the | When Wrapper is used, up to four of the previous messages (except the | |||
Link) can be authenticated. For this comparison, we will sign all | Link) can be authenticated. For this comparison, we will sign all | |||
the messages we can in two Wrappers. This results in _20 frames_ | the messages we can in two Wrappers. This results in _20 frames_ | |||
(with FEC). Due to size constraints, the Link message is left | (with FEC). Due to size constraints, the Link message is left | |||
unauthenticated. The total frame count using Wrappers is *36 frames* | unauthenticated. The total frame count using Wrappers is *36 frames* | |||
(wrapper frame count + base frame count). | (wrapper frame count + base frame count). | |||
When Manifest is used, up to 10 previous messages can be | When Manifest is used, up to 10 previous messages can be | |||
authenticated. For this example, all messages (8) are hashed | authenticated. For this example, all messages (8) are hashed | |||
(including the Link) resulting in a single Manifest that is _9 | (including the Link) resulting in a single Manifest that is _9 | |||
frames_ (with FEC). The total frame count using Manifest is *25 | frames_ (with FEC). The total frame count using Manifest is *25 | |||
frames* (manifest frame count + base frame count). | frames* (manifest frame count + base frame count). | |||
9.3. VNA Timestamp Offsets for DRIP Authentication Formats | 9.3. VNA Timestamp Offsets for DRIP Authentication Formats | |||
Note the discussion of VNA Timestamp offsets here is in the context | Note the discussion of VNA Timestamp offsets here is in the context | |||
of the DRIP Wrapper (Section 4.3), DRIP Manifest (Section 4.4), and | of the DRIP Wrapper (Section 4.3), DRIP Manifest (Section 4.4), and | |||
DRIP Frame (Section 4.5). For DRIP Link (Section 4.2), these offsets | DRIP Frame (Section 4.5). For DRIP Link (Section 4.2), these offsets | |||
are set by the DIME and have their own set of considerations in | are set by the DIME and have their own set of considerations in | |||
[DRIP-REG]. | [DRIP-REG]. | |||
The offset of the VNA Timestamp by UA is one that needs careful | The offset of the _VNA Timestamp by UA_ is one that needs careful | |||
consideration for any implementation. The offset should be shorter | consideration for any implementation. The offset should be shorter | |||
than any given flight duration (typically less than an hour) but be | than any given flight duration (typically less than an hour) but be | |||
long enough to be received and processed by Observers (larger than a | long enough to be received and processed by Observers (larger than a | |||
few seconds). It is recommended that 3-5 minutes should be | few seconds). It is recommended that 3-5 minutes should be | |||
sufficient to serve this purpose in any scenario, but it is not | sufficient to serve this purpose in any scenario, but it is not | |||
limited by design. | limited by design. | |||
9.4. DNS Security in DRIP | 9.4. DNS Security in DRIP | |||
As stated in Section 3.1 specification of particular DNS security | As stated in Section 3.1 specification of particular DNS security | |||
options, transports, etc. is outside the scope of this document. | options, transports, etc. is outside the scope of this document. The | |||
[DRIP-REG] is the main specification for DNS operations in DRIP and | main specification for DNS operations in DRIP [DRIP-REG] will specify | |||
as such will specify DRIP usage of best common practices for security | applicable best common security practices (e.g., from [RFC9364]). | |||
(such as [RFC9364]). | ||||
10. Acknowledgments | ||||
* Ryan Quigley, James Mussi, and Joseph Stanton of AX Enterprize, | ||||
LLC for early prototyping to find holes in earlier drafts of this | ||||
specification | ||||
* Carsten Bormann for the simple approach of using bit-column-wise | ||||
parity for erasure (dropped frame) FEC | ||||
* Soren Friis for pointing out that Wi-Fi implementations would not | ||||
always give access to the MAC Address, as was originally used in | ||||
calculation of the hashes for DRIP Manifest. Also, for confirming | ||||
that Message Packs (0xF) can only carry up to 9 ASTM frames worth | ||||
of data (9 Authentication pages) | ||||
* Gabriel Cox (chair of the working group that produced [F3411]) for | ||||
reviewing the specification for the SAM Type request as the ASTM | ||||
Designated Expert | ||||
* Mohamed Boucadair (Document Shepherd) for his many patches and | ||||
comments | ||||
* Eric Vyncke (DRIP AD) for his guidance regarding the document's | ||||
path to publication | ||||
* Thanks to the following reviewers: | ||||
- Rick Salz (secdir) | ||||
- Matt Joras (genart) | ||||
- Di Ma (dnsdir) | ||||
- Gorry Fairhurst (tsvart) | ||||
- Carlos Bernardos (intdir) | ||||
- Behcet Sarikaya (iotdir) | ||||
- Martin Duke (IESG) | ||||
- Roman Danyliw (IESG) | ||||
- Murray Kucherawy (IESG) | ||||
- Erik Kline (IESG) | ||||
- Warren Kumari (IESG) | ||||
- Paul Wouters (IESG) | ||||
11. References | 10. References | |||
11.1. Normative References | 10.1. Normative References | |||
[F3411] ASTM International, "Standard Specification for Remote ID | [F3411] ASTM International, "Standard Specification for Remote ID | |||
and Tracking", ASTM F3411-22A, DOI 10.1520/F3411-22A, July | and Tracking", ASTM F3411-22A, DOI 10.1520/F3411-22A, July | |||
2022, <https://www.astm.org/f3411-22a.html>. | 2022, <https://www.astm.org/f3411-22a.html>. | |||
[NIST.SP.800-185] | [NIST.SP.800-185] | |||
Kelsey, J., Chang, S., and R. Perlner, "SHA-3 Derived | Kelsey, J., Chang, S., and R. Perlner, "SHA-3 Derived | |||
Functions: cSHAKE, KMAC, TupleHash and ParallelHash", NIST | Functions: cSHAKE, KMAC, TupleHash and ParallelHash", NIST | |||
Special Publication 800-185, DOI 10.6028/NIST.SP.800-185, | Special Publication 800-185, DOI 10.6028/NIST.SP.800-185, | |||
December 2016, | December 2016, | |||
<https://nvlpubs.nist.gov/nistpubs/SpecialPublications/ | <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/ | |||
NIST.SP.800-185.pdf>. | NIST.SP.800-185.pdf>. | |||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
<https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
[RFC9153] Card, S., Ed., Wiethuechter, A., Moskowitz, R., and A. | [RFC9153] Card, S., Ed., Wiethuechter, A., Moskowitz, R., and A. | |||
Gurtov, "Drone Remote Identification Protocol (DRIP) | Gurtov, "Drone Remote Identification Protocol (DRIP) | |||
Requirements and Terminology", RFC 9153, | Requirements and Terminology", RFC 9153, | |||
DOI 10.17487/RFC9153, February 2022, | DOI 10.17487/RFC9153, February 2022, | |||
<https://www.rfc-editor.org/info/rfc9153>. | <https://www.rfc-editor.org/info/rfc9153>. | |||
[RFC9374] Moskowitz, R., Card, S., Wiethuechter, A., and A. Gurtov, | [RFC9374] Moskowitz, R., Card, S., Wiethuechter, A., and A. Gurtov, | |||
"DRIP Entity Tag (DET) for Unmanned Aircraft System Remote | "DRIP Entity Tag (DET) for Unmanned Aircraft System Remote | |||
ID (UAS RID)", RFC 9374, DOI 10.17487/RFC9374, March 2023, | ID (UAS RID)", RFC 9374, DOI 10.17487/RFC9374, March 2023, | |||
<https://www.rfc-editor.org/info/rfc9374>. | <https://www.rfc-editor.org/info/rfc9374>. | |||
[RFC9434] Card, S., Wiethuechter, A., Moskowitz, R., Zhao, S., Ed., | [RFC9434] Card, S., Wiethuechter, A., Moskowitz, R., Zhao, S., Ed., | |||
and A. Gurtov, "Drone Remote Identification Protocol | and A. Gurtov, "Drone Remote Identification Protocol | |||
(DRIP) Architecture", RFC 9434, DOI 10.17487/RFC9434, July | (DRIP) Architecture", RFC 9434, DOI 10.17487/RFC9434, July | |||
2023, <https://www.rfc-editor.org/info/rfc9434>. | 2023, <https://www.rfc-editor.org/info/rfc9434>. | |||
11.2. Informative References | 10.2. Informative References | |||
[ASTM-Remote-ID] | [ASTM-Remote-ID] | |||
International Civil Aviation Organization (ICAO), "Remote | International Civil Aviation Organization (ICAO), "Remote | |||
ID Number Registration", December 2023, | ID Number Registration", December 2023, | |||
<https://www.icao.int/airnavigation/IATF/Pages/ASTM- | <https://www.icao.int/airnavigation/IATF/Pages/ASTM- | |||
Remote-ID.aspx>. | Remote-ID.aspx>. | |||
[DRIP-REG] Wiethuechter, A. and J. Reid, "DRIP Entity Tag (DET) | [DRIP-REG] Wiethuechter, A. and J. Reid, "DRIP Entity Tag (DET) | |||
Identity Management Architecture", Work in Progress, | Identity Management Architecture", Work in Progress, | |||
Internet-Draft, draft-ietf-drip-registries-15, 1 April | Internet-Draft, draft-ietf-drip-registries-15, 1 April | |||
2024, <https://datatracker.ietf.org/doc/html/draft-ietf- | 2024, <https://datatracker.ietf.org/doc/html/draft-ietf- | |||
drip-registries-15>. | drip-registries-15>. | |||
[FAA-14CFR] | [FAA-14CFR] | |||
Federal Aviation Administration (FAA), "Remote | Federal Aviation Administration (FAA), "Remote | |||
Identification of Unmanned Aircraft", January 2021, | Identification of Unmanned Aircraft", January 2021, | |||
<https://www.govinfo.gov/content/pkg/FR-2021-01-15/ | <https://www.govinfo.gov/content/pkg/FR-2021-01-15/ | |||
pdf/2020-28948.pdf>. | pdf/2020-28948.pdf>. | |||
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | |||
Writing an IANA Considerations Section in RFCs", BCP 26, | Writing an IANA Considerations Section in RFCs", BCP 26, | |||
RFC 8126, DOI 10.17487/RFC8126, June 2017, | RFC 8126, DOI 10.17487/RFC8126, June 2017, | |||
<https://www.rfc-editor.org/info/rfc8126>. | <https://www.rfc-editor.org/info/rfc8126>. | |||
[RFC9364] Hoffman, P., "DNS Security Extensions (DNSSEC)", BCP 237, | [RFC9364] Hoffman, P., "DNS Security Extensions (DNSSEC)", BCP 237, | |||
RFC 9364, DOI 10.17487/RFC9364, February 2023, | RFC 9364, DOI 10.17487/RFC9364, February 2023, | |||
<https://www.rfc-editor.org/info/rfc9364>. | <https://www.rfc-editor.org/info/rfc9364>. | |||
Appendix A. Authentication States | Appendix A. Authentication States | |||
ASTM Authentication has only three states: None, Invalid, and Valid. | ASTM Authentication has only three states: None, Invalid, and Valid. | |||
This is because, under ASTM, the authentication is done by an | This is because, under ASTM, the authentication is done by an | |||
external service hosted somewhere on the Internet so it is assumed an | external service hosted somewhere on the Internet so it is assumed an | |||
authoritative response will always be returned. This classification | authoritative response will always be returned. This classification | |||
becomes more complex in DRIP with the support of "offline" scenarios | becomes more complex in DRIP with the support of "offline" scenarios | |||
where an Observer does not have Internet connectivity. With the use | where an Observer does not have Internet connectivity. With the use | |||
of asymmetric cryptography, this means that the public key (PK) must | of asymmetric cryptography, this means that the public key (PK) must | |||
somehow be obtained. [DRIP-REG] provides more detail on how these | somehow be obtained. [DRIP-REG] provides more detail on how these | |||
keys are stored on the DNS and how DRIP Authentication messages can | keys are stored on the DNS and how DRIP Authentication Messages can | |||
be used to send PK's over Broadcast RID. | be used to send PK's over Broadcast RID. | |||
There are a few keys of interest: the PK of the UA and the PKs of | There are a few keys of interest: the PK of the UA and the PKs of | |||
relevant DIMEs. This document describes how to send the PK of the UA | relevant DIMEs. This document describes how to send the PK of the UA | |||
over the Broadcast RID messages. The keys of DIMEs are sent over | over the Broadcast RID messages. The keys of DIMEs are sent over | |||
Broadcast RID using the same mechanisms (see Sections 4.2 and 6.3) | Broadcast RID using the same mechanisms (see Sections 4.2 and 6.3) | |||
but MAY be sent at a far lower rate due to potential operational | but MAY be sent at a far lower rate due to potential operational | |||
constraints (such as saturation of limited bandwidth). As such, | constraints (such as saturation of limited bandwidth). As such, | |||
there are scenarios where part of the key-chain may be unavailable at | there are scenarios where part of the key-chain may be unavailable at | |||
the moment a full Authentication Message is received and processed. | the moment a full Authentication Message is received and processed. | |||
The intent of this informative appendix is to recommend a way to | The intent of this informative appendix is to recommend a way to | |||
classify these various states and convey it to the user through | classify these various states and convey it to the user through | |||
colors and state names/text. These states can apply to either a | colors and state names/text. These states can apply to either a | |||
single authentication message, a DET (and its associated public key), | single Authentication Message, a DET (and its associated public key), | |||
and/or a sender. | and/or a sender. | |||
The table below lays out the recommended colors to associate with | Table 4 briefly describes each state and recommends an associated | |||
state and a brief description of each. | color. | |||
+==============+========+===================================+ | +==============+========+===================================+ | |||
| State | Color | Details | | | State | Color | Details | | |||
+==============+========+===================================+ | +==============+========+===================================+ | |||
| None | Black | No Authentication being received | | | None | Black | No Authentication has been or is | | |||
| | | (as yet) | | | | | being received (as yet) | | |||
+--------------+--------+-----------------------------------+ | +--------------+--------+-----------------------------------+ | |||
| Partial | Gray | Authentication being received but | | | Partial | Gray | Authentication being received but | | |||
| | | missing pages | | | | | missing pages | | |||
+--------------+--------+-----------------------------------+ | +--------------+--------+-----------------------------------+ | |||
| Unsupported | Brown | Authentication Type / SAM Type of | | | Unsupported | Brown | Authentication Type / SAM Type of | | |||
| | | received message not supported | | | | | received message not supported | | |||
+--------------+--------+-----------------------------------+ | +--------------+--------+-----------------------------------+ | |||
| Unverifiable | Yellow | Data needed for signature | | | Unverifiable | Yellow | Data needed for signature | | |||
| | | verification is missing | | | | | verification is missing | | |||
+--------------+--------+-----------------------------------+ | +--------------+--------+-----------------------------------+ | |||
| Verified | Green | Valid signature verification and | | | Verified | Green | Valid signature verification and | | |||
| | | content validation | | | | | content validation | | |||
+--------------+--------+-----------------------------------+ | +--------------+--------+-----------------------------------+ | |||
| Trusted | Blue | Evidence of Verified and DIME is | | | Trusted | Blue | Evidence of Verified and DIME is | | |||
| | | marked as only registering DETs | | | | | marked as only registering DETs | | |||
| | | for trusted entities | | | | | for trusted entities | | |||
+--------------+--------+-----------------------------------+ | +--------------+--------+-----------------------------------+ | |||
| Unverified | Red | Invalid signature verification or | | | Unverified | Red | Invalid signature verification or | | |||
| | | content validation | | | | | content validation | | |||
+--------------+--------+-----------------------------------+ | +--------------+--------+-----------------------------------+ | |||
| Questionable | Orange | Evidence of both"Verified and | | | Questionable | Orange | Evidence of both"Verified and | | |||
| | | Unverified for the same claimed | | | | | Unverified for the same claimed | | |||
| | | sender | | | | | sender | | |||
+--------------+--------+-----------------------------------+ | +--------------+--------+-----------------------------------+ | |||
| Conflicting | Purple | Evidence of both Trusted and | | | Conflicting | Purple | Evidence of both Trusted and | | |||
| | | Unverified for the same claimed | | | | | Unverified for the same claimed | | |||
| | | sender | | | | | sender | | |||
+--------------+--------+-----------------------------------+ | +--------------+--------+-----------------------------------+ | |||
Table 4: Authentication State Names, Colors, and Descriptions | Table 4: Authentication State Names, Colors, and Descriptions | |||
A.1. None: Black | A.1. None: Black | |||
The default state where no authentication information has been | The default state where authentication information has not yet been | |||
received. | received and is not currently being received. | |||
A.2. Partial: Gray | A.2. Partial: Gray | |||
A pending state where authentication pages are being received, but a | A pending state where Authentication Pages are being received, but a | |||
full authentication message has yet to be compiled. | full Authentication Message has yet to be compiled. | |||
A.3. Unsupported: Brown | A.3. Unsupported: Brown | |||
A state wherein authentication data is being or has been received but | A state wherein authentication data is being or has been received but | |||
cannot be used, as the Authentication Type or SAM Type is not | cannot be used, as the Authentication Type or SAM Type is not | |||
supported by the Observer. | supported by the Observer. | |||
A.4. Unverifiable: Yellow | A.4. Unverifiable: Yellow | |||
A pending state where a full authentication message has been received | A pending state where a full Authentication Message has been received | |||
but other information, such as public keys to verify signatures, is | but other information, such as public keys to verify signatures, is | |||
missing. | missing. | |||
A.5. Verified: Green | A.5. Verified: Green | |||
A state where all authentication messages that have been received | A state where all Authentication Messages that have been received | |||
from that claimed sender up to that point pass signature verification | from that claimed sender up to that point pass signature verification | |||
and the requirement of Section 6.4.2 has been met. | and the requirement of Section 6.4.2 has been met. | |||
A.6. Trusted: Blue | A.6. Trusted: Blue | |||
A state where all authentication messages that have been received | A state where all Authentication Messages that have been received | |||
from that claimed sender up to that point have passed signature | from that claimed sender up to that point have passed signature | |||
verification, the requirement of Section 6.4.2 has been met, and the | verification, the requirement of Section 6.4.2 has been met, and the | |||
public key of the sending UA has been marked as trusted. | public key of the sending UA has been marked as trusted. | |||
The sending UA key will have been marked as trusted if the relevant | The sending UA key will have been marked as trusted if the relevant | |||
DIMEs only register DETs (of subordinate DIMEs, UAS operators, and | DIMEs only register DETs (of subordinate DIMEs, UAS operators, and | |||
UA) that have been vetted as per their published registration | UA) that have been vetted as per their published registration | |||
policies, and those DIMEs have been marked, by the owner (individual | policies, and those DIMEs have been marked, by the owner (individual | |||
or organizational) of the Observer, as per that owner's policy, as | or organizational) of the Observer, as per that owner's policy, as | |||
trusted to register DETs only for trusted parties. | trusted to register DETs only for trusted parties. | |||
A.7. Questionable: Orange | A.7. Questionable: Orange | |||
A state where there is a mix of authentication messages received that | A state where there is a mix of Authentication Messages received that | |||
are Verified (Appendix A.5) and Unverified (Appendix A.8). | are Verified (Appendix A.5) and Unverified (Appendix A.8). | |||
State transitions from Verified to Questionable if a subsequent | State transitions from Verified to Questionable if a subsequent | |||
message fails verification, so it would have otherwise been marked | message fails verification, so it would have otherwise been marked | |||
Unverified. State transitions from Unverified to Questionable if a | Unverified. State transitions from Unverified to Questionable if a | |||
subsequent message passes verification or validation, so it would | subsequent message passes verification or validation, so it would | |||
otherwise have been marked Verified. It may transition from either | otherwise have been marked Verified. It may transition from either | |||
of those states upon mixed results on the requirement of | of those states upon mixed results on the requirement of | |||
Section 6.4.2. | Section 6.4.2. | |||
A.8. Unverified: Red | A.8. Unverified: Red | |||
A state where all authentication messages that have been received | A state where all Authentication Messages that have been received | |||
from that claimed sender up to that point failed signature | from that claimed sender up to that point failed signature | |||
verification or the requirement of Section 6.4.2. | verification or the requirement of Section 6.4.2. | |||
A.9. Conflicting: Purple | A.9. Conflicting: Purple | |||
A state where there is a mix of authentication messages received that | A state where there is a mix of Authentication Messages received that | |||
are Trusted (Appendix A.6) and Unverified (Appendix A.8) and the | are Trusted (Appendix A.6) and Unverified (Appendix A.8) and the | |||
public key of the aircraft is marked as trusted. | public key of the aircraft is marked as trusted. | |||
State transitions from Trusted to Conflicting if a subsequent message | State transitions from Trusted to Conflicting if a subsequent message | |||
fails verification, so it would have otherwise been marked | fails verification, so it would have otherwise been marked | |||
Unverified. State transitions from Unverified to Conflicting if a | Unverified. State transitions from Unverified to Conflicting if a | |||
subsequent message passes verification or validation and policy | subsequent message passes verification or validation and policy | |||
checks, so it would otherwise have been marked Trusted. It may | checks, so it would otherwise have been marked Trusted. It may | |||
transition from either of those states upon mixed results on the | transition from either of those states upon mixed results on the | |||
requirement of Section 6.4.2. | requirement of Section 6.4.2. | |||
Appendix B. Operational Recommendation Analysis | Appendix B. Operational Recommendation Analysis | |||
The recommendations in Section 6.4 may seem heavy-handed and | The recommendations in Section 6.4 may seem heavy-handed and | |||
specific. This informative appendix lays out the math and | specific. This informative appendix lays out the math and | |||
assumptions made that resulted in those recommendations and provides | assumptions made that resulted in those recommendations and provides | |||
an example. | an example. | |||
In many jurisdictions, the required ASTM Messages to be transmitted | In all jurisdictions known to the authors of this document as of its | |||
every second are: Basic ID (0x1), Location (0x2), and System (0x4). | publication (2024), at least the following ASTM Messages are required | |||
Typical implementations will most likely send at a higher rate (2x | to be transmitted at least once per second: | |||
sets per cycle) resulting in 6 frames sent per cycle. Transmitting | ||||
this set of messages more than once a second is not discouraged, but | ||||
awareness is needed to avoid congesting the RF spectrum, causing | ||||
further issues. | ||||
Informational Note: In Europe, the Operator ID Message (0x5) is also | * Basic ID (0x1) | |||
required. In Japan, two Basic ID (0x0), Location (0x1), and | ||||
Authentication (0x2) are required. Self ID (0x3) is optional but can | * Location (0x2) | |||
carry Emergency Status information. | ||||
* System (0x4) | ||||
Europe also requires: | ||||
* Operator ID Message (0x5) | ||||
Japan requires not one but two Basic ID messages: | ||||
* one carrying a manufacturer assigned serial number | ||||
* one carrying a CAA assigned registration number | ||||
Japan also requires: | ||||
* Authentication (0x2) using their own unique scheme | ||||
In all jurisdictions, one further message is optional, but highly | ||||
recommended for carriage of additional information on the nature of | ||||
the emergency if the Emergency value is sent in the Operational | ||||
Status field of the Location/Vector Message: | ||||
* Self ID (0x3) | ||||
To improve the likelihood of successful timely receipt of regulator | ||||
required RID data elements, most implementations send at a higher | ||||
rate, whether by repeating the same messages in the same one second | ||||
interval, or updating message content and sending messages more | ||||
frequently than once per second. Excessive sending rate, however, | ||||
could congest the RF spectrum, leading to collisions and counter- | ||||
intuitively actually reducing the likelihood of timely receipt of RID | ||||
data. | ||||
B.1. Page Counts vs Frame Counts | B.1. Page Counts vs Frame Counts | |||
There are two formulas to determine the number of Authentication | There are two formulas to determine the number of Authentication | |||
Pages required. The following formula is for Wrapper: | Pages required. The following formula is for Wrapper: | |||
<CODE BEGINS> | <CODE BEGINS> | |||
wrapper_struct_size = 89 + (25 * num_astm_messages) | wrapper_struct_size = 89 + (25 * num_astm_messages) | |||
wrapper_page_count = ceiling((wrapper_struct_size - 17) / 23) + 1 | wrapper_page_count = ceiling((wrapper_struct_size - 17) / 23) + 1 | |||
<CODE ENDS> | <CODE ENDS> | |||
The following formula is for Manifest: | The following formula is for Manifest: | |||
<CODE BEGINS> | <CODE BEGINS> | |||
manifest_struct_size = 89 + (8 * (num_astm_hashes + 3)) | manifest_struct_size = 89 + (8 * (num_astm_hashes + 3)) | |||
manifest_page_count = ceiling((manifest_struct_size - 17) / 23) + 1 | manifest_page_count = ceiling((manifest_struct_size - 17) / 23) + 1 | |||
<CODE ENDS> | <CODE ENDS> | |||
A similar formula can be applied to Links, as they are of fixed size: | A similar formula can be applied to Links, as they are of fixed size: | |||
<CODE BEGINS> | <CODE BEGINS> | |||
link_page_count = ceiling((137 - 17) / 23) + 1 = 7 | link_page_count = ceiling((137 - 17) / 23) + 1 = 7 | |||
<CODE ENDS> | <CODE ENDS> | |||
Comparing Wrapper and Manifest Authentication Message page counts | Comparing Wrapper and Manifest Authentication Message page counts | |||
against total frame counts, we have the following: | against total frame counts, we have the following: | |||
+==========+=========+==========+=================+===============+ | +==========+=========+==========+=================+===============+ | |||
| ASTM | Wrapper | Manifest | ASTM Messages + | ASTM Messages | | | ASTM | Wrapper | Manifest | ASTM Messages + | ASTM Messages | | |||
| Messages | (w/FEC) | (w/FEC) | Wrapper (w/FEC) | + Manifest | | | Messages | (w/FEC) | (w/FEC) | Wrapper (w/FEC) | + Manifest | | |||
| | | | | (w/FEC) | | | | | | | (w/FEC) | | |||
+==========+=========+==========+=================+===============+ | +==========+=========+==========+=================+===============+ | |||
| 0 | 5 (6) | 6 (7) | 5 (6) | 6 (7) | | | 0 | 5 (6) | 6 (7) | 5 (6) | 6 (7) | | |||
+----------+---------+----------+-----------------+---------------+ | +----------+---------+----------+-----------------+---------------+ | |||
| 1 | 6 (7) | 6 (7) | 7 (8) | 7 (8) | | | 1 | 6 (7) | 6 (7) | 7 (8) | 7 (8) | | |||
+----------+---------+----------+-----------------+---------------+ | +----------+---------+----------+-----------------+---------------+ | |||
| 2 | 7 (8) | 6 (7) | 9 (10) | 8 (9) | | | 2 | 7 (8) | 6 (7) | 9 (10) | 8 (9) | | |||
+----------+---------+----------+-----------------+---------------+ | +----------+---------+----------+-----------------+---------------+ | |||
| 3 | 8 (9) | 7 (8) | 11 (12) | 10 (11) | | | 3 | 8 (9) | 7 (8) | 11 (12) | 10 (11) | | |||
+----------+---------+----------+-----------------+---------------+ | +----------+---------+----------+-----------------+---------------+ | |||
| 4 | 9 (10) | 7 (8) | 13 (14) | 11 (12) | | | 4 | 9 (10) | 7 (8) | 13 (14) | 11 (12) | | |||
+----------+---------+----------+-----------------+---------------+ | +----------+---------+----------+-----------------+---------------+ | |||
| 5 | N/A | 7 (8) | N/A | 12 (13) | | | 5 | N/A | 7 (8) | N/A | 12 (13) | | |||
+----------+---------+----------+-----------------+---------------+ | +----------+---------+----------+-----------------+---------------+ | |||
| 6 | N/A | 8 (9) | N/A | 14 (15) | | | 6 | N/A | 8 (9) | N/A | 14 (15) | | |||
+----------+---------+----------+-----------------+---------------+ | +----------+---------+----------+-----------------+---------------+ | |||
| 7 | N/A | 8 (9) | N/A | 15 (16) | | | 7 | N/A | 8 (9) | N/A | 15 (16) | | |||
+----------+---------+----------+-----------------+---------------+ | +----------+---------+----------+-----------------+---------------+ | |||
| 8 | N/A | 8 (9) | N/A | 16 (17) | | | 8 | N/A | 8 (9) | N/A | 16 (17) | | |||
+----------+---------+----------+-----------------+---------------+ | +----------+---------+----------+-----------------+---------------+ | |||
| 9 | N/A | 9 (10) | N/A | 18 (19) | | | 9 | N/A | 9 (10) | N/A | 18 (19) | | |||
+----------+---------+----------+-----------------+---------------+ | +----------+---------+----------+-----------------+---------------+ | |||
| 10 | N/A | 9 (10) | N/A | 19 (20) | | | 10 | N/A | 9 (10) | N/A | 19 (20) | | |||
+----------+---------+----------+-----------------+---------------+ | +----------+---------+----------+-----------------+---------------+ | |||
| 11 | N/A | 9 (11) | N/A | 20 (22) | | | 11 | N/A | 9 (11) | N/A | 20 (22) | | |||
+----------+---------+----------+-----------------+---------------+ | +----------+---------+----------+-----------------+---------------+ | |||
Table 5: Page and Frame Counts | Table 5: Page and Frame Counts | |||
Link shares the same page counts as Manifest with 5 ASTM Messages. | Link shares the same page counts as Manifest with 5 ASTM Messages. | |||
B.1.1. Special Cases | B.1.1. Special Cases | |||
B.1.1.1. Zero ASTM Messages | B.1.1.1. Zero ASTM Messages | |||
Zero ASTM Messages (see Table 5) is where Extended Wrapper | Zero ASTM Messages (see Table 5) is where Extended Wrapper | |||
(Section 4.3.2) without FEC is used in Message Packs. With a maximum | (Section 4.3.2) without FEC is used in Message Packs. With a maximum | |||
of nine "message slots" in a Message Pack, an Extended Wrapper fills | of nine "message slots" in a Message Pack, an Extended Wrapper fills | |||
five slots; thus it can authenticate up to four ASTM Messages co- | five slots; thus it can authenticate up to four ASTM Messages co- | |||
located in the same Message Pack. | located in the same Message Pack. | |||
B.1.1.2. Eleven ASTM Messages | B.1.1.2. Eleven ASTM Messages | |||
Eleven ASTM Messages (see Table 5) is where a Manifest with FEC | Eleven ASTM Messages (see Table 5) is where a Manifest with FEC | |||
invokes the situation mentioned in Section 5.3. | invokes the situation mentioned in Section 5.3. | |||
Eleven is the maximum number of ASTM Message Hashes that can be | Eleven is the maximum number of ASTM Message Hashes that can be | |||
supported resulting in 14 total hashes. This completely fills the | supported resulting in 14 total hashes. This completely fills the | |||
evidence section of the structure making its total size 200 octets. | _Evidence_ field of the _UA-Signed Evidence Structure_ making its | |||
This fits on exactly 9 Authentication Pages ((201 - 17) / 23 == 8), | total size 200 octets. This fits on exactly 9 Authentication Pages | |||
so when the ADL is added, it is placed on the next page (Page 10). | ((201 - 17) / 23 == 8), so when the ADL is added, it is placed on the | |||
Per rule 1 in Section 5.1, this means that all of Page 10 is null | next page (Page 10). Per rule 1 in Section 5.1, this means that all | |||
padded (expect the ADL octet) and FEC data fills Page 11, resulting | of Page 10 is null padded (expect the ADL octet) and FEC data fills | |||
in a plus-two page count when FEC is applied. | Page 11, resulting in a plus-two page count when FEC is applied. | |||
This drives the recommendation is Section 4.4 to only use up to 10 | This drives the recommendation is Section 4.4 to only use up to 10 | |||
ASTM Message Hashes, not 11. | ASTM Message Hashes, not 11. | |||
B.2. Full Authentication Example | B.2. Full Authentication Example | |||
This example is focused on showing that 100% of ASTM Messages can be | This example (Figure 13) is focused on showing that 100% of ASTM | |||
authenticated over Legacy Transports with up to 125% overhead in | Messages can be authenticated over Legacy Transports with up to 125% | |||
Authentication Pages. Extended Transport is not shown as | overhead in Authentication Pages. Extended Transports are not shown | |||
Authentication with DRIP in that case is covered using Extended | in this example, because, for those, Authentication with DRIP is | |||
Wrapper (Section 4.3.2). Two ASTM Message Packs are sent in a given | achieved using Extended Wrapper (Section 4.3.2). Two ASTM Message | |||
cycle: one containing up to four ASTM Messages and an Extended | Packs are sent in a given cycle: one containing up to four ASTM | |||
Wrapper (authenticating the pack), and one containing a Link message | Messages and an Extended Wrapper (authenticating the pack), and one | |||
with a Broadcast Endorsement and up to two other ASTM Messages. | containing a Link message with a Broadcast Endorsement and up to two | |||
other ASTM Messages. | ||||
This example transmit scheme covers and meets every known regulatory | This example transmit scheme covers and meets every known regulatory | |||
case enabling manufacturers to use the same firmware worldwide. | case enabling manufacturers to use the same firmware worldwide. | |||
+------------------------------------------------------+ | +------------------------------------------------------+ | |||
| Frame Slots | | | Frame Slots | | |||
| 00 - 04 | 05 - 07 | 08 - 16 | 17 | | | 00 - 04 | 05 - 07 | 08 - 16 | 17 | | |||
+-------------------+---------------+---------+--------+ | +-------------------+---------------+---------+--------+ | |||
| {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[0] | | | {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[0] | | |||
+-------------------+---------------+---------+--------+ | +-------------------+---------------+---------+--------+ | |||
| {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[1] | | | {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[1] | | |||
+-------------------+---------------+---------+--------+ | +-------------------+---------------+---------+--------+ | |||
| {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[2] | | | {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[2] | | |||
+-------------------+---------------+---------+--------+ | +-------------------+---------------+---------+--------+ | |||
| {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[3] | | | {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[3] | | |||
+-------------------+---------------+---------+--------+ | +-------------------+---------------+---------+--------+ | |||
| {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[4] | | | {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[4] | | |||
+-------------------+---------------+---------+--------+ | +-------------------+---------------+---------+--------+ | |||
| {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[5] | | | {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[5] | | |||
+-------------------+---------------+---------+--------+ | +-------------------+---------------+---------+--------+ | |||
| {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[6] | | | {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[6] | | |||
+-------------------+---------------+---------+--------+ | +-------------------+---------------+---------+--------+ | |||
| {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[7] | | | {A|B|C|D},V,S,I,O | {A|B|C|D},V,S | M[0,8] | L/W[7] | | |||
+-------------------+---------------+---------+--------+ | +-------------------+---------------+---------+--------+ | |||
A = Basic ID Message (0x0) ID Type 1 | A = Basic ID Message (0x0) ID Type 1 | |||
B = Basic ID Message (0x0) ID Type 2 | B = Basic ID Message (0x0) ID Type 2 | |||
C = Basic ID Message (0x0) ID Type 3 | C = Basic ID Message (0x0) ID Type 3 | |||
D = Basic ID Message (0x0) ID Type 4 | D = Basic ID Message (0x0) ID Type 4 | |||
V = Location/Vector Message (0x1) | V = Location/Vector Message (0x1) | |||
I = Self ID Message (0x3) | I = Self ID Message (0x3) | |||
S = System Message (0x4) | S = System Message (0x4) | |||
O = Operator ID Message (0x5) | O = Operator ID Message (0x5) | |||
L[y,z] = DRIP Link Authentication Message (0x2) | L[y,z] = DRIP Link Authentication Message (0x2) | |||
W[y,z] = DRIP Wrapper Authentication Message (0x2) | W[y,z] = DRIP Wrapper Authentication Message (0x2) | |||
M[y,z] = DRIP Manifest Authentication Message (0x2) | M[y,z] = DRIP Manifest Authentication Message (0x2) | |||
y = Start Page | y = Start Page | |||
z = End Page | z = End Page | |||
# = Empty Frame Slot | # = Empty Frame Slot | |||
* = Message in DRIP Manifest Authentication Message | * = Message in DRIP Manifest Authentication Message | |||
Figure 13: Example of a Fully Authenticated Legacy Transport | Figure 13: Example of a Fully Authenticated Legacy Transport | |||
Transmit Schedule | Transmit Schedule | |||
Every common required message (Basic ID, Location, and System) is | Every common required message (Basic ID, Location/Vector, and System) | |||
sent twice along with Operator ID and Self ID in a single second. | is sent twice along with Operator ID and Self ID in a single second. | |||
The Manifest is over all messages (8) in slots 00 - 04 and 05 - 07. | The Manifest is over all messages (8) in slots 00 - 04 and 05 - 07. | |||
In two seconds, either a Link or Wrapper are sent. The content and | In two seconds, either a Link or Wrapper is sent. The content and | |||
order of Links and Wrappers runs as follows: | order of Links and Wrappers runs as follows: | |||
Link: HDA on UA | Link: HDA on UA | |||
Link: RAA on HDA | Link: RAA on HDA | |||
Link: HDA on UA | Link: HDA on UA | |||
Link: Apex on RAA | Link: Apex on RAA | |||
Link: HDA on UA | Link: HDA on UA | |||
Link: RAA on HDA | Link: RAA on HDA | |||
Link: HDA on UA | Link: HDA on UA | |||
Wrapper: Location (0x1), System (0x4) | Wrapper: Location/Vector (0x1), System (0x4) | |||
Link: HDA on UA | Link: HDA on UA | |||
Link: RAA on HDA | Link: RAA on HDA | |||
Link: HDA on UA | Link: HDA on UA | |||
Link: Apex on RAA | Link: Apex on RAA | |||
Link: HDA on UA | Link: HDA on UA | |||
Link: RAA on HDA | Link: RAA on HDA | |||
Link: HDA on UA | Link: HDA on UA | |||
Wrapper: Location (0x1), System (0x4) | Wrapper: Location/Vector (0x1), System (0x4) | |||
Link: IANA on UAS RID Apex | Link: IANA on UAS RID Apex | |||
With perfect receipt of all messages, all messages (up to that point | After perfect receipt of all messages for a period of 8 seconds, all | |||
then all in future) are authenticated within 8 seconds using the | messages sent during that period have been authenticated using the | |||
Manifest. Within 136 seconds, the entire Broadcast Endorsement chain | Manifest (except for the Authentication Messages themselves). Within | |||
is received and can be validated; interspersed with four messages | 136 seconds, the entire Broadcast Endorsement chain is received and | |||
directly signed over via Wrapper. | can be validated. Interspersed in this schedule are 4 messages sent | |||
not only in their basic [F3411] form, but also in DRIP Wrapper | ||||
messages, together with their attached signatures, to defend against | ||||
the possibility of attack against the detached signatures provided by | ||||
the Manifest messages. | ||||
B.2.1. Raw Example | B.2.1. Raw Example | |||
Assuming the following DET and HI: | Assuming the following DET and HI: | |||
2001:3f:fe00:105:a29b:3ff4:2226:c04e | 2001:3f:fe00:105:a29b:3ff4:2226:c04e | |||
b5fef530d450dedb59ebafa18b00d7f5ed0ac08a81975034297bea2b00041813 | b5fef530d450dedb59ebafa18b00d7f5ed0ac08a81975034297bea2b00041813 | |||
The following ASTM Messages are to be sent in a single second: | The following ASTM Messages are to be sent in a single second: | |||
0240012001003ffe000105a29b3ff42226c04e000000000000 | 0240012001003ffe000105a29b3ff42226c04e000000000000 | |||
12000000000000000000000000000000000000000060220000 | 12000000000000000000000000000000000000000060220000 | |||
32004578616d706c652053656c662049440000000000000000 | 32004578616d706c652053656c662049440000000000000000 | |||
420000000000000000000100000000000000000010ea510900 | 420000000000000000000100000000000000000010ea510900 | |||
52004578616d706c65204f70657261746f7220494400000000 | 52004578616d706c65204f70657261746f7220494400000000 | |||
0240012001003ffe000105a29b3ff42226c04e000000000000 | 0240012001003ffe000105a29b3ff42226c04e000000000000 | |||
12000000000000000000000000000000000000000060220000 | 12000000000000000000000000000000000000000060220000 | |||
420000000000000000000100000000000000000010ea510900 | 420000000000000000000100000000000000000010ea510900 | |||
This is a Link with FEC that would be spread out over 8 seconds: | This is a Link with FEC that would be spread out over 8 seconds: | |||
2250078910ea510904314b8564b17e66662001003ffe000105 | 2250078910ea510904314b8564b17e66662001003ffe000105 | |||
2251a29b3ff42226c04eb5fef530d450dedb59ebafa18b00d7 | 2251a29b3ff42226c04eb5fef530d450dedb59ebafa18b00d7 | |||
2252f5ed0ac08a81975034297bea2b000418132001003ffe00 | 2252f5ed0ac08a81975034297bea2b000418132001003ffe00 | |||
22530105b82bf1c99d87273103fc83f6ecd9b91842f205c222 | 22530105b82bf1c99d87273103fc83f6ecd9b91842f205c222 | |||
2254dd71d8e165ad18ca91daf9299a73eec850c756a7e9be46 | 2254dd71d8e165ad18ca91daf9299a73eec850c756a7e9be46 | |||
2255f51dddfa0f09db7bfdde14eec07c7a6dd1061c1d5ace94 | 2255f51dddfa0f09db7bfdde14eec07c7a6dd1061c1d5ace94 | |||
2256d9ad97940d280000000000000000000000000000000000 | 2256d9ad97940d280000000000000000000000000000000000 | |||
2257a03b0f7a6feb0d198167045058cfc49f73129917024d22 | 2257a03b0f7a6feb0d198167045058cfc49f73129917024d22 | |||
This is a Wrapper with FEC that would be spread out over 8 seconds: | This is a Wrapper with FEC that would be spread out over 8 seconds: | |||
2250078b10ea510902e0dd7c6560115e671200000000000000 | 2250078b10ea510902e0dd7c6560115e671200000000000000 | |||
22510000000000000000000000000060220000420000000000 | 22510000000000000000000000000060220000420000000000 | |||
2252000000000100000000000000000010ea5109002001003f | 2252000000000100000000000000000010ea5109002001003f | |||
2253fe000105a29b3ff42226c04ef0ecad581a030ca790152a | 2253fe000105a29b3ff42226c04ef0ecad581a030ca790152a | |||
22542f08df5762a463e24a742d1c530ec977bbe0d113697e2b | 22542f08df5762a463e24a742d1c530ec977bbe0d113697e2b | |||
2255b909d6c7557bdaf1227ce86154b030daadda4a6b8474de | 2255b909d6c7557bdaf1227ce86154b030daadda4a6b8474de | |||
22569a62f6c375020826000000000000000000000000000000 | 22569a62f6c375020826000000000000000000000000000000 | |||
2257f5e8eebcb04f8c2197526053e66c010d5d7297ff7c1fe0 | 2257f5e8eebcb04f8c2197526053e66c010d5d7297ff7c1fe0 | |||
This is the Manifest with FEC sent in the same second as the original | This is the Manifest with FEC sent in the same second as the original | |||
messages: | messages: | |||
225008b110ea510903e0dd7c6560115e670000000000000000 | 225008b110ea510903e0dd7c6560115e670000000000000000 | |||
2251d57594875f8608b4d61dc9224ecf8b842bd4862734ed01 | 2251d57594875f8608b4d61dc9224ecf8b842bd4862734ed01 | |||
22522ca2e5f2b8a3e61547b81704766ba3eeb651be7eafc928 | 22522ca2e5f2b8a3e61547b81704766ba3eeb651be7eafc928 | |||
22538884e3e28a24fd5529bc2bd4862734ed012ca2e5f2b8a3 | 22538884e3e28a24fd5529bc2bd4862734ed012ca2e5f2b8a3 | |||
2254e61547b81704766ba3eeb62001003ffe000105a29b3ff4 | 2254e61547b81704766ba3eeb62001003ffe000105a29b3ff4 | |||
22552226c04efb729846e7d110903797066fd96f49a77c5a48 | 22552226c04efb729846e7d110903797066fd96f49a77c5a48 | |||
2256c4c3b330be05bc4a958e9641718aaa31aeabad368386a2 | 2256c4c3b330be05bc4a958e9641718aaa31aeabad368386a2 | |||
22579ed2dce2769120da83edbcdc0858dd1e357755e7860317 | 22579ed2dce2769120da83edbcdc0858dd1e357755e7860317 | |||
2258e7c06a5918ea62a937391cbfe0983539de1b2e688b7c83 | 2258e7c06a5918ea62a937391cbfe0983539de1b2e688b7c83 | |||
Acknowledgments | ||||
The authors acknowledge the following individuals: | ||||
* Ryan Quigley, James Mussi, and Joseph Stanton of AX Enterprize, | ||||
LLC for early prototyping to find holes in earlier drafts of this | ||||
specification. | ||||
* Carsten Bormann for the simple approach of using bit-column-wise | ||||
parity for erasure (dropped frame) FEC. | ||||
* Soren Friis for pointing out that Wi-Fi implementations would not | ||||
always give access to the MAC Address, as was originally used in | ||||
calculation of the hashes for DRIP Manifest. Also, for confirming | ||||
that Message Packs (0xF) can only carry up to 9 ASTM frames worth | ||||
of data (9 Authentication Pages). | ||||
* Gabriel Cox (chair of the working group that produced [F3411]) for | ||||
reviewing the specification for the SAM Type request as the ASTM | ||||
Designated Expert. | ||||
* Mohamed Boucadair (Document Shepherd) for his many patches and | ||||
comments. | ||||
* Eric Vyncke (DRIP AD) for his guidance regarding the document's | ||||
path to publication. | ||||
The authors also thank the following reviewers: | ||||
* Rick Salz (secdir) | ||||
* Matt Joras (genart) | ||||
* Di Ma (dnsdir) | ||||
* Gorry Fairhurst (tsvart) | ||||
* Carlos Bernardos (intdir) | ||||
* Behcet Sarikaya (iotdir) | ||||
* Martin Duke (IESG) | ||||
* Roman Danyliw (IESG) | ||||
* Murray Kucherawy (IESG) | ||||
* Erik Kline (IESG) | ||||
* Warren Kumari (IESG) | ||||
* Paul Wouters (IESG) | ||||
Authors' Addresses | Authors' Addresses | |||
Adam Wiethuechter (editor) | Adam Wiethuechter (editor) | |||
AX Enterprize, LLC | AX Enterprize, LLC | |||
4947 Commercial Drive | 4947 Commercial Drive | |||
Yorkville, NY 13495 | Yorkville, NY 13495 | |||
United States of America | United States of America | |||
Email: adam.wiethuechter@axenterprize.com | Email: adam.wiethuechter@axenterprize.com | |||
Stuart Card | Stuart Card | |||
AX Enterprize, LLC | AX Enterprize, LLC | |||
4947 Commercial Drive | 4947 Commercial Drive | |||
Yorkville, NY 13495 | Yorkville, NY 13495 | |||
United States of America | United States of America | |||
Email: stu.card@axenterprize.com | Email: stu.card@axenterprize.com | |||
Robert Moskowitz | Robert Moskowitz | |||
HTT Consulting | HTT Consulting | |||
Oak Park, MI 48237 | Oak Park, MI 48237 | |||
United States of America | United States of America | |||
Email: rgm@labs.htt-consult.com | Email: rgm@labs.htt-consult.com | |||
End of changes. 139 change blocks. | ||||
360 lines changed or deleted | 429 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. |