Revised IGC-approvals for some types of legacy recorder

This GFAC announcement has been prepared with the agreement of
the IGC GNSS Committee and the IGC Bureau.

It was put out a couple of days ago on the FAI IGC email mailing lists
and ). A question that has been
asked is where the current 24 types of IGC-approved recorder and their
10 manufacturers, are listed. This can be seen on:

http://www.fai.org/gliding/gnss/igc_approved_frs.pdf

-------------------------------------------------------------------

At the last IGC Plenary meeting earlier in 2003, a new approval level
for
GNSS flight recorders was agreed. This was for "all IGC badge and
distance diploma flights" and was in addition to the existing levels for
"all
flights" and "badge flights up to and including Diamonds". The latter
is
used for types of recorder units that do not have their own GPS receiver
but rely on a separate GPS unit connected to the recorder by cable.

There are currently 24 models of IGC-approved GNSS recorder, from 10
different manufacturers. GFAC has completed a review of legacy
recorders, the IGC-approvals of which go back as far as 1996. The
following principles have been agreed for the futu

For world record flight claims, it is not considered suitable to have
recorders with one or more of the following characteristics:

1. No security microswitch or equivalent (this operates if the case is
opened).

2. Without electronic security giving the strength of systems such as
RSA
(public/private key systems) as assessed by GFAC and its experts in
electronic security.

3. No current manufacturer support (out of production and the original
manufacturer either no longer exists or is no longer dealing with them).

Negotiations with appropriate manufacturers have been going on for some
time, and revised IGC-approval documents have been circulated to them.
Types of recorders affected will have IGC-approvals for the new "all IGC
badge flights and distance diploma" level.


Types of recorders affected with the main reason:

Cambridge 10, 20 and 25 (not RSA or equivalent strength).

Filser LX20 first batch (not RSA or equivalent strength, no
microswitch).

Peschges VP8 (no microswitch, original manufacturer understood to be no
longer in the recorder business).

Print Technik GR1000 (not RSA or equivalent strength, original
manufacturer no longer in the recorder business).


Timescale

Filser LX20, Peschges VP8 and Print Technik GR1000
- all on 1 January 2004.

Cambridge 10, 20, 25 - the date of re-issue of IGC-approval documents as
part of present negotiations with the Horn Lake (MS) and Martinsville
(VA)
operations (this could be earlier than 1 January).


This announcement is made so that there will be no doubt of what is
happening, and why.

The only pilots affected will be those planning to attempt world record
flights, for which other types of IGC-approved flight recorder must be
used.

Any questions to the undersigned,

--
Ian Strachan
Chairman, GNSS Flight Recorder Approval Committee (GFAC)
of the International Gliding Commission

Bentworth Hall West
Bentworth
Alton, Hampshire GU34 5LA
ENGLAND


Tel: +44 1420 564 195
Fax: +44 1420 563 140

Hi Ian,

I am very suprised to learn about this development. So, if I undertand your
note correctly, you are saying that the CAI GPS-NAV units are suddenly not
considered secure? I think that is ridiculous. Please explain in detail
why you came to that conclusion.

Paul Remde

"Ian Strachan" wrote in message
...
This GFAC announcement has been prepared with the agreement of
the IGC GNSS Committee and the IGC Bureau.

It was put out a couple of days ago on the FAI IGC email mailing lists
and ). A question that has been
asked is where the current 24 types of IGC-approved recorder and their
10 manufacturers, are listed. This can be seen on:

http://www.fai.org/gliding/gnss/igc_approved_frs.pdf

-------------------------------------------------------------------

At the last IGC Plenary meeting earlier in 2003, a new approval level
for
GNSS flight recorders was agreed. This was for "all IGC badge and
distance diploma flights" and was in addition to the existing levels for
"all
flights" and "badge flights up to and including Diamonds". The latter
is
used for types of recorder units that do not have their own GPS receiver
but rely on a separate GPS unit connected to the recorder by cable.

There are currently 24 models of IGC-approved GNSS recorder, from 10
different manufacturers. GFAC has completed a review of legacy
recorders, the IGC-approvals of which go back as far as 1996. The
following principles have been agreed for the futu

For world record flight claims, it is not considered suitable to have
recorders with one or more of the following characteristics:

1. No security microswitch or equivalent (this operates if the case is
opened).

2. Without electronic security giving the strength of systems such as
RSA
(public/private key systems) as assessed by GFAC and its experts in
electronic security.

3. No current manufacturer support (out of production and the original
manufacturer either no longer exists or is no longer dealing with them).

Negotiations with appropriate manufacturers have been going on for some
time, and revised IGC-approval documents have been circulated to them.
Types of recorders affected will have IGC-approvals for the new "all IGC
badge flights and distance diploma" level.


Types of recorders affected with the main reason:

Cambridge 10, 20 and 25 (not RSA or equivalent strength).

Filser LX20 first batch (not RSA or equivalent strength, no
microswitch).

Peschges VP8 (no microswitch, original manufacturer understood to be no
longer in the recorder business).

Print Technik GR1000 (not RSA or equivalent strength, original
manufacturer no longer in the recorder business).


Timescale

Filser LX20, Peschges VP8 and Print Technik GR1000
- all on 1 January 2004.

Cambridge 10, 20, 25 - the date of re-issue of IGC-approval documents as
part of present negotiations with the Horn Lake (MS) and Martinsville
(VA)
operations (this could be earlier than 1 January).


This announcement is made so that there will be no doubt of what is
happening, and why.

The only pilots affected will be those planning to attempt world record
flights, for which other types of IGC-approved flight recorder must be
used.

Any questions to the undersigned,

--
Ian Strachan
Chairman, GNSS Flight Recorder Approval Committee (GFAC)
of the International Gliding Commission

Bentworth Hall West
Bentworth
Alton, Hampshire GU34 5LA
ENGLAND


Tel: +44 1420 564 195
Fax: +44 1420 563 140

After going to all of the time designing the hardware security along came
the idea of public key cryptography so the IGC spec was 'upgraded' to
incorporate this additional security layer. The Cambridges and others got
caught between the two specs.

On the basis of openness and transparency shouldn't the IGC be disclosing
all known or suspected cases of 'trace fraud?' ( If there have been any )
then the general gliding community can get a grip on how the system is
working.

Ian Molesworth


"Paul Remde" wrote in message
news:VA9ub.28061$Dw6.139143@attbi_s02...
Hi Ian,

I am very suprised to learn about this development. So, if I undertand
your
note correctly, you are saying that the CAI GPS-NAV units are suddenly not
considered secure? I think that is ridiculous. Please explain in detail
why you came to that conclusion.

Paul Remde

"Ian Strachan" wrote in message
...
This GFAC announcement has been prepared with the agreement of
the IGC GNSS Committee and the IGC Bureau.

It was put out a couple of days ago on the FAI IGC email mailing lists
and ). A question that has been
asked is where the current 24 types of IGC-approved recorder and their
10 manufacturers, are listed. This can be seen on:

http://www.fai.org/gliding/gnss/igc_approved_frs.pdf

-------------------------------------------------------------------

At the last IGC Plenary meeting earlier in 2003, a new approval level
for
GNSS flight recorders was agreed. This was for "all IGC badge and
distance diploma flights" and was in addition to the existing levels for
"all
flights" and "badge flights up to and including Diamonds". The latter
is
used for types of recorder units that do not have their own GPS receiver
but rely on a separate GPS unit connected to the recorder by cable.

There are currently 24 models of IGC-approved GNSS recorder, from 10
different manufacturers. GFAC has completed a review of legacy
recorders, the IGC-approvals of which go back as far as 1996. The
following principles have been agreed for the futu

For world record flight claims, it is not considered suitable to have
recorders with one or more of the following characteristics:

1. No security microswitch or equivalent (this operates if the case is
opened).

2. Without electronic security giving the strength of systems such as
RSA
(public/private key systems) as assessed by GFAC and its experts in
electronic security.

3. No current manufacturer support (out of production and the original
manufacturer either no longer exists or is no longer dealing with them).

Negotiations with appropriate manufacturers have been going on for some
time, and revised IGC-approval documents have been circulated to them.
Types of recorders affected will have IGC-approvals for the new "all IGC
badge flights and distance diploma" level.


Types of recorders affected with the main reason:

Cambridge 10, 20 and 25 (not RSA or equivalent strength).

Filser LX20 first batch (not RSA or equivalent strength, no
microswitch).

Peschges VP8 (no microswitch, original manufacturer understood to be no
longer in the recorder business).

Print Technik GR1000 (not RSA or equivalent strength, original
manufacturer no longer in the recorder business).


Timescale

Filser LX20, Peschges VP8 and Print Technik GR1000
- all on 1 January 2004.

Cambridge 10, 20, 25 - the date of re-issue of IGC-approval documents as
part of present negotiations with the Horn Lake (MS) and Martinsville
(VA)
operations (this could be earlier than 1 January).


This announcement is made so that there will be no doubt of what is
happening, and why.

The only pilots affected will be those planning to attempt world record
flights, for which other types of IGC-approved flight recorder must be
used.

Any questions to the undersigned,

--
Ian Strachan
Chairman, GNSS Flight Recorder Approval Committee (GFAC)
of the International Gliding Commission

Bentworth Hall West
Bentworth
Alton, Hampshire GU34 5LA
ENGLAND


Tel: +44 1420 564 195
Fax: +44 1420 563 140

In article ,
"tango4" wrote:

After going to all of the time designing the hardware security along came
the idea of public key cryptography so the IGC spec was 'upgraded' to
incorporate this additional security layer. The Cambridges and others got
caught between the two specs.

Public key cryptography was well known in 1994 when the Cambridge 10's
were used at the NZ pre-worlds, and in fact I *told* them at the time
that they should be using something like RSA instead of something
home-grown.

Oh well.

-- Bruce

Yes, but doesn't the CAI system work? It is my impression that it is
perfectly secure and has never been compromised. So why suddenly call it
"insecure".

What is the plan to get the approval back in place? What must CAI do to
make it meet your new requirements?

Paul Remde

"Bruce Hoult" wrote in message
...
In article ,
"tango4" wrote:

After going to all of the time designing the hardware security along
came
the idea of public key cryptography so the IGC spec was 'upgraded' to
incorporate this additional security layer. The Cambridges and others
got
caught between the two specs.

Public key cryptography was well known in 1994 when the Cambridge 10's
were used at the NZ pre-worlds, and in fact I *told* them at the time
that they should be using something like RSA instead of something
home-grown.

Oh well.

-- Bruce

Paul Remde wrote:

Yes, but doesn't the CAI system work? It is my impression that it is
perfectly secure and has never been compromised. So why suddenly call it
"insecure".

As of January 1st, the CAI Model 10/20/25 won't be considered
"insecure", they just won't be considered "secure enough" for world
records. You can still use it for badges, 1000K+ diplomas, contests,
etc., just not world records.

What is the plan to get the approval back in place? What must CAI do to
make it meet your new requirements?

Minimally, a firmware upgrade would be required, but it is not clear
that the microcontroller is fast enough to support the needed changes.
The manufacturer(s?) is the only one that can provide an answer...

Marc

In article gJfub.230766$Fm2.231960@attbi_s04,
"Paul Remde" wrote:
"Bruce Hoult" wrote in message
...
Public key cryptography was well known in 1994 when the Cambridge 10's
were used at the NZ pre-worlds, and in fact I *told* them at the time
that they should be using something like RSA instead of something
home-grown.

Yes, but doesn't the CAI system work?

Unfortunately we have no way of knowing, because the method used isn't
published. But essentially I believe it is a typical private key system
which relies on only trusted parties knowing the secret key. These
trusted parties include anyone writing software to upload flights (which
I suspect is the reason they would never give me the specs for writing
mac software), and authorized repair agents.


It is my impression that it is perfectly secure and has never been
compromised. So why suddenly call it "insecure".

Secure doesn't mean "hasn't (to our knowledge) been compromised". It
means "*can't* be compromised". If we didn't know how to do the latter
that would be a different matter, but we do.


And I'll ammend my earlier remarks. In 1994 when I was recommending RSA
to them I never imagined that they'd get to nearly 2004 before it became
an issue. So they may have made the correct commercial decision.

-- Bruce

In article gJfub.230766$Fm2.231960@attbi_s04, Paul Remde
writes

snip

What is the plan to get the approval back in place?

That is up to the manufacturer, of course.

Cambridge already makes the 302 series that use the DSA public/private
key system that is assessed as equivalent in security strength to the
original Rivest, Shamir and Adleman (RSA) system. The 302 is therefore,
together with many other types of recorder, IGC-approved for "all
flights" including of course world records.

What must CAI do to
make it meet your new requirements?

If they think it worthwhile, offer an "RSA or equivalent" upgrade for
their legacy recorder designs. The requirements are not new but go back
to 1997, see below.

-------------------------------------

For new recorder designs, "RSA or equivalent" level of security has been
in the Technical Specification for IGC-approved GNSS Flight Recorders
for many years. Here is an extract from the first edition of the IGC
Specification, effective 1 October 1997: "FRs approved for world record
flights must have an asymmetric algorithm (such as RSA) or have a system
providing equivalent security".

What we are talking about here is an adjustment to the "Grandfather
rights" provisions for recorder designs that were IGC-approved a long
time ago and do not comply with the current IGC Specification.

Incidentally, you may recall that one of the non-RSA security systems
for a GNSS recorder was successfully hacked by the Wedekinds in Germany.
This was all in the public domain and was extensively publicised at the
time. This was done as an exercise rather than for malpractice, but
shows what can be done. The manufacturer concerned immediately changed
to an RSA-based system without any prompting from IGC. The non-RSA
recorder concerned is on the list recently announced, together with
recorders with similar types of security.

It was felt that we should be even-handed to all recorder designs rather
than just adjust the IGC-approval for the Wedekind-hacked design and
leave the rest. That is what has been done, perhaps a bit late, but
first we had to get the IGC Plenary to agree to the new "all IGC badges
and distance diploma" level first, to have somewhere to put legacy
recorders that had lower levels of security without affecting the vast
majority of owners and pilots. As it is, only world record aspirants
will be affected and there are plenty of other recorder designs that are
available for this type of flight.

--
Ian Strachan
Chairman IGC GFA Committee

I agree with Paul.

So, all the world records that have been set with a CAI mod 10/20/25 may
perhaps not be secure enough???? The reason for increasing the security
should, if you using rational arguments, be a result of attempts to
cheat. I wonder which records that can be....

Of course all this is pure nonsense. Is this the way IGC is using its
resources to increase world wide gliding membership?

Yes, the decision was taken at the IGC plenary meeting, but lots of
delegates did not understand what was really happening as the
presentation was, if I may you use the word, very clever. I did not
realize at the meeting that the result was to degrade existant recorders.



Robert



Paul Remde wrote:
Yes, but doesn't the CAI system work? It is my impression that it is
perfectly secure and has never been compromised. So why suddenly call it
"insecure".

What is the plan to get the approval back in place? What must CAI do to
make it meet your new requirements?

Paul Remde

"Bruce Hoult" wrote in message
...

In article ,
"tango4" wrote:


After going to all of the time designing the hardware security along

came

the idea of public key cryptography so the IGC spec was 'upgraded' to
incorporate this additional security layer. The Cambridges and others

got

caught between the two specs.

Public key cryptography was well known in 1994 when the Cambridge 10's
were used at the NZ pre-worlds, and in fact I *told* them at the time
that they should be using something like RSA instead of something
home-grown.

Oh well.

-- Bruce

I'm betting that more than 75% of the questions being asked on this
thread can be answered "Because of Moore's Law."

Of course, I'm not betting much...

Bob K.