Hide and Seek

Abstract

Due to the frequent unauthorized invasions by commercial drones to Critical Infrastructures (CIs), the US-based Federal Avionics Administration (FAA) recently published a new specification, namely RemoteID. Such a rule requires all drones to broadcast information about their identity and location, to allow for immediate invasion attribution and counter-actions. However, the enforcement of such a rule poses severe concerns on drones' operators, especially in terms of location privacy and tracking threats. Indeed, by simply receiving wireless signals, an adversary could know the precise drone location, track it, and infer sensitive information. In this paper, we demonstrate that CI operators can detect timely and efficiently drones invading no-fly zones, without sacrificing drones location privacy. Specifically, we provide two major contributions. First, we propose DiPrID, the first RemoteID-compliant solution enhancing drones location privacy via Differential Privacy. Second, we introduce and evaluate ICARUS, an effective area invasion detection technique capable of identifying invasions by unauthorized drones, even when equipped with DiPrID, with remarkable accuracy and negligible detection delays. Our experiments showed that when drones obfuscate their location by an average distance as large as 31.914 km, ICARUS can detect up to 94.2% of invasions, while false-positives can be mitigated through the help of the FAA.