Opinion: Development of drone security module and international standardization

Opinion: Development of drone security module and international standardization
Kang Yousung, Director at ETRI

By Kang Yousung, Director at ETRI
Apr. 11, 2024 6:00PM GMT+9

In September 2014, Thomas Frey, heralded by Google as one of the world’s leading futurists, unveiled “192 Future Uses for Flying Drones.” This comprehensive list, derived from his extensive knowledge of drone technology, was divided into 24 categories, each highlighting 8 distinct applications. These categories covered a wide range of civilian uses, including Early Warning Systems, Emergency Services, Delivery, Business Activity Monitoring, and Marketing. They also addressed specialized governmental functions, such as Police Drones and Military and Spy Operations. Despite being proposed a decade ago, Frey’s visionary uses for drones remain highly relevant, suggesting that a variety of drone-based services could still emerge in the near future.

Drones, often compared to flying smartphones, are integrated with advanced digital systems, enabling control and information transmission through long-term evolution (LTE) or the fifth generation (5G) networks. As the future drone services suggested by Thomas Frey become increasingly feasible with these digital advancements, the critical need for drone security technologies cannot be overstated. Given their similarity to conventional digital devices, drones can be seen as assets requiring protection or as potential threats, depending on their use. For scenarios where drones need safeguarding, it’s crucial for service providers or users to implement robust cybersecurity measures, including secure operation protocols and data protection strategies for drones. On the flip side, to counteract unauthorized drones, building managers or the general public might need to adopt anti-drone technologies to shield their premises and ensure personal safety.

The dual nature of drones necessitates a nuanced approach to security, encapsulating both drone cybersecurity technology and anti-drone technology. For instance, radio jamming, a prevalent anti-drone measure, acts as a defense mechanism by inhibiting the operations of illegal drones. However, from the perspective of drone cybersecurity, the same technology poses a threat: potentially disrupting legitimate drones. This duality underscores the complexity of securing future drone services. Using radio jamming as an illustrative example, it becomes evident that such measures should be selectively applied. Law enforcement or military personnel may deploy jamming signals to neutralize a perceived threat, but only upon confirming the drone's unauthorized or malicious nature. Meanwhile, legitimate drones, verified through their legality and appropriate flight permits, should navigate freely without interference. The cornerstone of addressing this duality lies in the real-time identification and authentication of drones, ensuring a balanced approach to both protecting and regulating drone operations.

The key to achieving effective real-time drone identification, a fundamental aspect of drone security, is encapsulated in the Drone Security Module technology. Defined by the ISO/IEC JTC1 SC17 WG12, an international standardization body, the Drone Security Module is characterized as a security apparatus. It functions as both a repository and a provider of cryptographic services for various critical data, including the drone pilot or operator’s license, personal identification, drone ID, flight permit ID, and potentially other ancillary elements. This module plays a pivotal role in storing essential information such as licenses, identification details, and cryptographic keys.

Its primary utility lies in conducting cryptographic operations vital for security applications. These include integrity validation, authentication, data encryption, and digital signature processes. Furthermore, the Drone Security Module’s capabilities can be extended, based on the regulatory framework established by each country’s aviation authority, to encompass data protection and digital signature functionalities specifically for drone flight data. This adaptability ensures that the module can be tailored to meet the diverse requirements of global aviation security standards, marking it as a key player in the advancement of drone security technologies.

Discussions surrounding the Drone Security Module commenced in 2018, with an anticipated international standard publication by the end of April 2024, designated as ‘ISO/IEC 22460-2, ISO UAS license and drone/UAS security module – Part 2: Drone/UAS security module.’ This forthcoming standardization and subsequent global implementation are poised to significantly enhance the identification process for both legal and unauthorized drones, making drone operations safer and more manageable.

At present, the predominant use of small drones lies within the civilian realm, focusing on videography and personal entertainment. However, the scope of drone applications is expected to broaden considerably in the near future, encompassing goods delivery, surveillance, investigation, and even transportation. Such expansion underscores the drones’ potential to influence various facets of human life profoundly.

In scenarios where drones are operational, it is crucial to employ both drone cybersecurity technology and anti-drone technology. These measures are essential to safeguard the interests and safety of service providers, users, and even members of the general public who are not directly involved with the services. The Drone Security Module, with its robust cryptographic functionalities, stands as a cornerstone technology in ensuring the security and integrity of drone-based services, heralding a new era of drone safety and reliability.

youskang@etri.re.kr

This article was copyedited by Arthur Gregory Willers.


About the author

Dr. Kang Yousung joined the Electronics and Telecommunications Research Institute (ETRI) in 1999, and he is now the Director leading ETRI’s Cryptography and Authentication Research Section. He was a visiting researcher at Queen’s University Belfast, Northern Ireland, UK, from 2011 to 2012. Since 2004, he has been the IT international standard expert of the Telecommunications Technology Association (TTA). He has successfully led several government R&D projects related to cybersecurity, including international collaborative projects. He obtained his BS and MS in Electronics Engineering from Chonnam National University, Gwangju, Korea in 1997 and in 1999, respectively. He received his Ph.D. in Electrical and Electronic Engineering from KAIST, Daejeon, Korea in 2015. His research interests include quantum security, drone/IoT security, key-hiding technology, side channel analysis, and cryptographic engineering.