FAA Drone Regulations & Privacy Techniques: Part 107, TRUST, and Location Privacy

Maximum altitude in uncontrolled airspace

400 feet (applies to Class G airspace)

Part 107

Default regulation for commercial drone operations (under 55 lbs)

TRUST certificate

Required for all recreational flyers

Remote ID requirement

Remote ID required as of September 16, 2023

Drone registration requirement

Drones between 0.55 lb and 55 lb must be registered

Visual Line-of-Sight rule

Operator must keep drone within unaided line of sight

Yield to manned aircraft

Drones must always give way to manned aircraft

Temporary Flight Restrictions (TFR)

Temporary restrictions for VIP/security events (e.g., presidential visits)

Philadelphia case (2020)

Consent judgment for FAA violations: over people, night ops without waiver, near emergency ops

Los Angeles wildfire case

Plea deal after interfering with firefighting plane; criminal charges possible

FAA rule importance

Violations can endanger aircraft/emergency ops and lead to criminal penalties

Confidentiality

Only sender and intended receiver can access message contents; prevents unauthorized disclosure

Integrity

Information is not altered except in authorized ways; ensures correctness

Availability

Services are accessible when needed; high-criticality requires high availability

End-point authentication

Verifies identity of communication party (are you really you?)

Nonrepudiation

Prevents parties from denying participation in communication; ensures accountability

Encrypted message altered (T/F)

TRUE — can remain confidential but lose integrity if alteration undetected

Confidentiality assures authorized changes (T/F)

FALSE — that describes integrity

k-anonymity

Privacy technique sending k−1 dummy locations so server cannot distinguish the real one

k-anonymity probability

Probability server identifies real location = 1/k

k-anonymity example

If k=5, probability = 1/5 = 20%

Dummy locations

Fake coordinates sent to confuse the LBS server

Spatial cloaking

Reporting a region containing k users instead of exact coordinates

Location perturbation

Adding noise to reported location to reduce precision

Zone-based reporting

Report a general zone instead of exact coordinates

Passive attacks

Observe or listen (eavesdropping, traffic analysis) without altering resources

Active attacks

Alter system resources or operations (masquerade, replay, modification, DoS)

Masquerade attack

Attacker pretends to be a legitimate entity

Replay attack

Capture and retransmit valid data to produce unauthorized effects

Modification attack

Altering legitimate messages or data in transit

Denial-of-Service (DoS)

Overwhelm or disrupt services to prevent normal use

Sky-of-Things (SoT)

IoT extended with drones, sensors, and distributed devices

Drone network security essentials

Require confidentiality, integrity, and end-point authentication

Drone invasion attack

Use of drones for unauthorized surveillance with sensors/cameras

Weaponized drones

Drones equipped or used as weapons (suicide drones, explosives)

Geofencing

Virtual boundaries preventing drone entry to restricted areas

Physical attacks on drones

Tampering, theft, shooting — generally illegal

GPS jamming

Interference with GPS signals so the drone loses location service

GPS spoofing

Sending fake GPS signals to mislead drone position

SPT (Shortest Path Tracking)

Drone flies directly; efficient and fast detection but predictable

RLT (Random Location Tracking)

Random intermediate destinations in a rectangle; more randomness but frequent server contact

DLT (Dummy Location Tracking)

Generate k dummy locations and fly through a subset; better privacy but higher detection delay

Location privacy metric

Entropy-based anonymity measures uncertainty in identifying the real location

Trajectory privacy metrics

Number of possible paths and convex hull size increase unpredictability

Path vs Trajectory

Path = spatial route; Trajectory = movement between intermediate locations over time

Detection range

Area where a drone can detect a target

Cloaking area

Region where dummy locations are distributed

Convex hull

Smallest polygon containing all dummy locations