--> --> --> -->

   

  

 

 

 

Outcome

4.1 (1) eUICC base network connectivity and identification of drones, DIM and drone license verification using the UICC (2) small drone-demo (shows TLS-communication using “IoT SAFE Applet” running on eUICC-chip)

 

Partners: GD, IFAG, IFAT

 

To enable long range drone control and especially Beyond Visual Line of Sight (BVLOS) for drones, 5G networks will play an important role. Especially the ultra-reliability and low latency of 5G networks are necessary to enable accurate communication.

For 5G connectivity an enhanced version of the Universal Integrated Circuit Card (UICC) will be used. For the drone use cases highly integrated versions of the UICC - like the embedded (eUICC) - will be used, which then additionally enable remote connectivity management (eSIM). The UICC-platform offers a high level of proven security, which is able to host additional security relevant applications. In the drone use case, this platform can be used to provide a reliable identification of the drone towards the infrastructure based on state-of-the art

cryptographic protocols (required to fulfil regulations). Additionally, the UICC can be used for enhanced application layer security to provide confidentiality, authenticity and integrity for the communication layer (e.g. video transmission). Goal is to securely identify the drone itself and to verify that the operating pilot is in possession of a valid

licence to control the drone. The identification of the operator bases on the user-friendly FIDO-standardization. The standardisation of a Drone Identity Module (ISO/IEC 22460-2) based on a Secure Element such as an eUICC has just started in ISO/IEC JTC 1 / SC 17 / WG12. This group also standardises a Drone Licence (ISO/IEC 22460-3) which can be used to authenticate the license holder

to the drone and prove that she is allowed to pilot the drone. This would allow to identify a drone and the person piloting the drone. WG12 collaborates with the standardisation group ISO/TC 20/SC 16, Unmanned Aircraft Systems.

Furthermore, a second D4.1 sub-demonstrator has been developed, which also is using the eSIM (eUICC) chip, however for another purpose: Securing the “TLS connection establishment” procedure inside of a drone by using the “IoT SAFE” implementation enhancement, running inside of the eSIM chip. This significantly improves today’s drone security by enabling a 2-stage authentication security process: In this concept, 1st the eSIM authenticates to the mobile provider, and 2nd the eSIM + ”IoT SAFE-Applet” perform the authentication in a hardware-protected environment during TLS connection establishment to the cloud/operator. The underlying concept of the developments is depicted in the figure below:

 

 

The final resulting D4.1 sub-demonstrator is depicted in the figure below. It is based on the Infineon “Larix” drone-development platform, and enhances its TLS-communication by using the “eSIM Development-Board” (red board) with the “IoT SAFE Applet” installed, mounted on top of the drone’s RaspberryPi (used as drone-controller + communication platform).

 

  

 

Acknowledgement

ADACORSA has received funding from the ECSEL Joint Undertaking (JU) under grant agreement No 876019.
The JU receives support from the European Union’s Horizon 2020 research and innovation programme and Germany, Netherlands, Austria, France, Sweden, Cyprus, Greece, Lithuania, Portugal, Italy, Finland, Turkey.