Revised IGC-approvals for some types of legacy recorder

Tim Newport-Peace wrote:

I don't think it is within GFAC's remit to say what should or should not
be used for World Championships. That is for the Annex A team to decide
upon.

Annex A is part of the Sporting Code as well as are world records or
badges ; Annex A group are the specialists for World Championships
within SC3, like there is a Sporting code specialist for records and
badges within main part of SC3.

I think GFAC should not decide which loggers should or should not be
used for badges and records neither... they should approve loggers
within a security classification (class A, B, C, etc.), and it should be
up to the sporting code specialist (for main SC3 and Annex A) to propose
to the IGC plenary which class of approval is required for badges,
records, Championships, etc.

As part of Annex A group I would recommand that only loggers approved
for world records be accepted for world championships. But it is not the
case today.


--
Denis
Private replies: remove "moncourrielest" from my e-mail address
Pour me répondre utiliser l'adresse courriel figurant après
moncourrielest" dans mon adresse courriel...

(Bruno Ramseyer) writes:

What exactly do you not find acceptable? Progress? Computing power
has changed considerably since these initial specifications were
introduced. I think pilots going for world records will be happy in
the knowledge that their traces come from FR's with the highest
security available and nobody will be able to manufacture a record
by breaking the security of these older FR's.

If anyone is going to fabricate records, then just feed the whole
system from a pseudolite set. No need to get inside the systems at
all.

--
Paul Repacholi 1 Crescent Rd.,
+61 (08) 9257-1001 Kalamunda.
West Australia 6076
comp.os.vms,- The Older, Grumpier Slashdot
Raw, Cooked or Well-done, it's all half baked.
EPIC, The Architecture of the future, always has been, always will be.

Paul Repacholi wrote:
If anyone is going to fabricate records, then just feed the whole
system from a pseudolite set. No need to get inside the systems at
all.

You'd need to properly synchonize the GPS and pressure altitude changes
to pull it off. Maybe it's easy for you, but not for me 8^)

Marc

X-no-archive: yes
In article , Denis Flament
writes
As part of Annex A group I would recommand that only loggers approved
for world records be accepted for world championships. But it is not the
case today.

I did not find anywhere in SC3A and mention of Recorder Categories, and
prior to this announcement, there were two categories one for 'Badges up
to Diamond' and another for full approval.

It would seem to me that as any recorder could be used up to now, Ian's
announcement does not effect SC3A, as it simply divided previously
accepted recorders into two subdivisions.

I think I must disagree with Denis about "only loggers approved for
world records be accepted for world championships".

In any competition it is far more difficult to falsify a recording
because:

1. The task is not known until a relatively short time before take-
off.

2. The Start-Line Open time will not be known in advance of take-
off

3. The recorder must be handed in within a relatively short time
from landing.

4. The falsified record would need show the correct time for
Takeoff, Finishing and Landing.

These checks, especially the combination of 3 and 4, will give an added
level of security, so that a lower level of FR security should be
accepted.

Tim Newport-Peace

"Indecision is the Key to Flexibility."

"Todd Pattist" wrote:
Tim Newport-Peace ] wrote:
It was suggested:

A: All Purposes including World Records.
B: Badges and Diplomas
D: Badges up to Diamond

What is the rationale for distinguishing between levels B
and D? If I understand correctly, D was initially separated
from everything else because of concerns about cheating,
then B was shown to be hackable (Wedekind). If that's
correct, why wasn't B moved into group D? Or, more
preferably, why isn't D given the same privileges as B?

The Diamond-level approval exists to allow for equipment with minimal
physical security. The only flight recorders in that category, at present,
are the EW models which connect to external GPS units.

Instead of ratcheting up costs, why can't we just use our
Official Observers to control cheating? We relied on them
for decades before RSA/DSA and public/private key
encryption.

Costs are ratcheting up only in the sense that some flight recorders that
could formerly be used for world records no longer can be. If the private
keys in the flight recorder are compromised, we can't depend upon Official
Observers to prevent cheating. There are a number of ways to cheat which
will not be visible to even the most diligent observer using present
procedures. The observer procedures could be altered to require more
intrusive inspection and monitoring of the flight (much like the
camera/barograph/chronometer days), but I think it a better compromise to
accept the fact that some older flight recorder designs just don't provide
the level of security assurance desirable for world records.

If I hack an A level recorder (with a GPS
transmitter simulator and a pressure chamber or by opening
the case and inserting GPS code between the off-the-shelf
GPS receiver and the custom circuitry), can we just agree
that no security is perfect and group them all as imperfect,
but usable for all levels with appropriate monitoring by an
OO?


Of course the security of even "A" level flight recorders is imperfect.
There are no perfect security systems. We are just trying to find an
appropriate balance between the security requirements, and convenience for
pilots and observers. It's not quite as simple to find that balance as you
might think...

Marc

Paul Repacholi wrote:
...
If anyone is going to fabricate records, then just feed the whole
system from a pseudolite set. No need to get inside the systems at
all.
...

This is just what the cryptograhic RSA signature makes impossible,
not to fake such records, but to put them in an IGC file that the
validation program accepts as a genuine file coming from the logger.

Todd Pattist wrote:

Tim Newport-Peace ] wrote:

It was suggested:

A: All Purposes including World Records.
B: Badges and Diplomas
D: Badges up to Diamond

What is the rationale for distinguishing between levels B
and D? If I understand correctly, D was initially separated
from everything else because of concerns about cheating,
then B was shown to be hackable (Wedekind). If that's
correct, why wasn't B moved into group D? Or, more
preferably, why isn't D given the same privileges as B?

Instead of ratcheting up costs, why can't we just use our
Official Observers to control cheating? We relied on them
for decades before RSA/DSA and public/private key
encryption. If I hack an A level recorder (with a GPS
transmitter simulator and a pressure chamber or by opening
the case and inserting GPS code between the off-the-shelf
GPS receiver and the custom circuitry), can we just agree
that no security is perfect and group them all as imperfect,
but usable for all levels with appropriate monitoring by an
OO?
Todd Pattist - "WH" Ventus C
(Remove DONTSPAMME from address to email reply.)

I think the kind of hacking addressed by the change is merely
post download hacking, i.e. patching the downloaded file
and making it valid either because it doesn't have a cryptogrhic
signature or because the method used to generate the signature
is to weak and so the signature can be hacked/faked.

On Wed, 19 Nov 2003 04:24:46 GMT, Marc Ramsey wrote:




There is no written policy at this moment, as the category is less than
a year old, and it's not clear whether any other manufacturers will make
use of it. The whole point is to keep it fairly flexible, so those who
can't or won't go for all flights approval have another category to work
with.

Great. What you mean is that any manufacturer could be screwed around
by the GFAC as there is no publicly stated, openly available policy.
It has happened before.

"jump starting the market" in that way as you put it would most
likely contravene the Trade Practices Act (1974) in Australia and land
you with a large fine. Ask the freight companies who were fined after
the ACCC(Australian Consumer and Competition Commission) used an
electronic barograph to prove that goods being sent by "airfreight"
were in fact going by truck between Brisbane- Sydney- Melbourne.

I have no idea what you are talking about.

Writing a specification around one manufacturer's product, approving
that product and others from the same manufacturer and then changing
the rules for new entrants into the market to make it more difficult
and expensive for them while still leaving the old rules for the
original manufacturer's products would be not only considered
unethical in Australia but most likely illegal. The ACCC does have
teeth and uses them regularly.


Mike Borgelt

Hi,
let me try to add my 2cents to this thread. We should not see proposed
modification as downgrade of approval level for particular flight recorder
but rather as an increase of security measure for particular type of flights
(e.g. world records). And some of approved flight recorders do not meet
these requirements.

Seeyou
Erazem

On Wed, 19 Nov 2003 11:57:02 -0500, Todd Pattist
wrote:

Tim Newport-Peace ] wrote:


It was suggested:

A: All Purposes including World Records.
B: Badges and Diplomas
D: Badges up to Diamond


What is the rationale for distinguishing between levels B
and D? If I understand correctly, D was initially separated
from everything else because of concerns about cheating,
then B was shown to be hackable (Wedekind). If that's
correct, why wasn't B moved into group D? Or, more
preferably, why isn't D given the same privileges as B?

Instead of ratcheting up costs, why can't we just use our
Official Observers to control cheating? We relied on them
for decades before RSA/DSA and public/private key
encryption. If I hack an A level recorder (with a GPS
transmitter simulator and a pressure chamber or by opening
the case and inserting GPS code between the off-the-shelf
GPS receiver and the custom circuitry), can we just agree
that no security is perfect and group them all as imperfect,
but usable for all levels with appropriate monitoring by an
OO?
Todd Pattist - "WH" Ventus C
(Remove DONTSPAMME from address to email reply.)


Far too sensible for GFAC , Todd and of course you, me and others like
Robert Danewid and Dave Starer pointed out all this in 1995-96.

Done a search for GPS simulators lately? Not only has PC technology
progressed in the last ten years but simulator technology has too. I
found several manufacturers quite easily in a few minutes.

Give the problem to a bunch of bright engineering students and I'll
bet in 12 months you not only have a nice GPS simulator that is driven
by a PDA but a nice commercial product too.

Knowing this I have doubts about many of the current crop of amazing
records which is a pity because they *might* even be real.

Engine noise level sensors are easy to fool. The technology is readily
available commercially from Headsets Inc.. Just organise your active
noise cancelling to put noise in during glides and noise cancelling
during climbs with engine running. I just put a kit in our headsets
for the BD4. Works great.

I heard a rumour yesterday that the IGC in fact have a motorglider
record they have doubts about because of vague engine noise levels.

The mickey mouse microswitch is also good for just the first time you
open a particular logger. I sell Volksloggers and have serviced two
and fooling the microswitch is truly child's play now. Any potential
World record or 1000 km diploma holders should contact me privately.
GFAC members need not apply.

I'm also told by some people who are actively seeking World Records
that some records have been set under some suspicious circumstances.
For records requiring declarations the trick is to carry multiple
loggers and choose the appropriate one after the fact with the
declaration for the flight you actually did. This is definitely
cheating so why should we be surprised at better efforts requiring
more organisation?

I believe that for World Records the following should apply:

At least 30 days notice to the IGC that records will be attempted.

Notice to include the serial numbers and type of logger being used
including spares and name of O.O being used and location.

No more than 2 loggers in the aircraft. Requires O.O. to be present
just before takeoff.

O.O to use his own PC to clear logger memory before takeoff then seal
the loggers in aircraft no more than 15 minutes before takeoff. O.O
notes takeoff and landing times.

O.O to take charge of loggers immediately after landing and download
them him or her self and send files to IGC. If landed at some other
place logger must stay sealed in aircraft until aircraft is brought to
O.O or O.O to aircraft. In this case any dataports must be sealed by
the O.O. and only unsealed by him.

IGC to reserve the right to substitute their own nominated O.O at any
time. Actually do this now and again.

Loggers used to be returned to manufacturer for examination as soon as
possible after record session ends before record is approved.

Yes it requires honest O.O's. If we don't have those then we don't
have anything do we?

Note none of the above requires any onerous electronic security on the
logger and the logger and GPS can be separate joined by a cable. As
Marc pointed out indirectly the RSA security drives the current
logger design.

We could also get real and eliminate the pressure sensor out of the
logger and start using geometric altitudes like the rest of aviation.
They are the same in an ISA standard atmosphere but near as I can tell
gliding assumes that pressure altitudes achieved were done in an ISA
atmosphere when this is most likely not the case. The differences are
quite serious for gold and diamond badges.

Mike Borgelt