The contribution proposes a solution to address the following key issues:
KI#5 "Privacy protection of UAS identities".
The fake USS/UTM issue part of KI#1 is also addressed in this solution.
KI#4 for the location tracking authorization.
Solution #25 in TR 23.754, adopted as the basis for normative work for UAV location tracking, includes the support for a new "unknown UAV tracking" feature. This feature allows a given USS/UTM to obtain a list of UAVs that are present in a specified target area. Currently, solution#25 does not have any provision to prevent exposure of UAV location information to unauthorized USS/UTM (e.g. competitor USS/UTM).
This solution proposes enhancements to solution #25 to ensure that only authorized entities (e.g. USS/UTM serving the UAV) can obtain location information for a UAV or set of UAVs from the 3GPP system.
The solution assumes (as per TR 23.754, clause 8.5) that UAV location information is provided to USS/UTM via a UAVF which may encompass the NEF/SCEF functionality.
During a UAV A&A procedure, UAVF and/or AMF stores a USS/UTM identifier (e.g. FQDN or IP address of the USS/UTM) and associates it with the 3GPP UAV ID (e.g. GPSI) and the CAA level UAV ID of the UAV that is successfully authenticated and authorized. The USS/UTM identifier may be obtained from the UE during the UAV A&A procedure (e.g. in Registration or PDU Session establishment request). The UAVF authenticate the USS/UTM using aviation domain provisioned certificates. If the UE did not provide a USS/UTM address, the UAVF may also resolve the USS/UTM address based on the UE provided CAA Level UAV ID by means of a trusted resolution function (UAVF may play the role of such resolution function when 3GPP assisted CAA-level UAV ID allocation is used).
During UAV location tracking procedure, the UAVF which verifies that the location tracking request is authorized (i.e., checks that identifier of the USS/UTM making the request matches the USS/UTM identifier previously associated with the 3GPP UAV ID during UAV A&A procedure).
When receiving an "unknown UAV" location tracking request from a USS/UTM, The UAVF checks the validity of the request (described in clause 184.108.40.206) before forwarding the request to the appropriate location tracking function (e.g. AMF, GMLC). The request includes an indication that the request is for any (e.g. unknown) UAV(s) in the target area.
The AMF obtains location information of all the UAVs in the given area. The AMF may perform filtering of UEs in that area such as to select only those that fulfil relevant UAV selection criteria (e.g. with a valid UAV subscription and/or that have been authorized by a USS/UTM, as per TR 23.754, clause 8.5). The AMF sends the location information to the UAVF for each of the UAVs that are in the given area including the 3GPP UAV ID for each UAV.
For each UAV, the UAVF selects UAVs whose 3GPP UAV ID is associated a USS/UTM identifier that matches the USS/UTM id from the location request and sends the UAV location information to the USS/UTM accordingly.
Alternatively, the AMF may perform filtering on the UEs in the given area such as to select only UEs that are UAVs served by the requesting USS/UTM (assuming AMF has stored USS/UTM identifier as described in 6.X.2.1 or UAVF provides it to AMF in the location request).
This solution complements solution#25 in TR 23.754 adopted for normative work for UAV location tracking.
This solution addresses Key Issue #5 requirement on linkability and trackability attacks on UAV by preventing the exposure of sensitive UAV information to unauthorized entities during location tracking procedures. UAV information provided in response to location tracking request includes one or more UAV identifier (3GPP UAV ID, CAA-level UAV ID) and geographical location.
The "fake USS/UTM" issue from Key Issue #1 is addressed as follows: USS/UTM is authenticated by UAVF (UAS NF) using aviation domain provisioned certificates. USS/UTM address is provided by UE or by a trusted resolution function (using the CAA-level UAV ID provided by the UAV).
This solution addresses Key Issue #4 requirement on location tracking authorization by checking that the USS/UTM making the location request is authorized for such request (i.e., has been associated with the UAV during UUAA). For location tracking of a set of UAVs in a given geographical area (i.e., "unknown" UAV tracking mode), the AMF and/or UAVF (aka UAS NF) performs a filtering of the relevant UAVs in the area to only send information about UAVs that have been associated with the USS/UTM.