Why so expensive (flight recorders)

On Feb 16, 12:38*pm, nimbusgb wrote:
On 16 Feb, 12:45, nimbusgb wrote:





On 15 Feb, 21:08, Papa3 wrote:

On Feb 15, 9:09 am, nimbusgb

[Jim wrote: * and can provide just as secure a record for badge

flights]

[Ian wrote: * Not even nearly]

Okay Ian - prove it. * Prove that a COTS unit governed under the
manual OO procedures I've laid out in the referenced link doesn't
provide an equivalent level of security. *Come on, I dare ya *:-)

http://home.netcom.com/~pappa3/files...rity_draft.pdf

A cots GPS is still not as secure as an IGC logger.

Your presentation appears to have merit and I'd support using it for
badges.

Ian

Ho boy!

It is VERY simple to split the casing on COTS units and substitute
some internal microprocessor controlled gubbins or even reprogram the
software so that it appears to perform like the real thing but given a
few 'special' keystrokes could do just about anything, including
dumping some prerecorded track or trace. I have a Garmin 12 that I put
a NiMh pack into with a charger circuit INSIDE the casing.

Without the manufacurers PKI key it would be extremely difficult to
acheive this sot of thing with an IGC logger and still avoid detection
using the VALI programs.

That's why a COTS unit is not as secure. There is no way for anyone to
check the validity of what's being produced from the unit or whether
the unit is still a 'standard' cots unit.

Now if you want to talk about how #probable# it is that someone is
going to spend time, money and effort in replacing the internals of a
cots unit just toe get a diamond height, thats another argument. Its
MUCH quicker and simpler to just go find some wave somewhere.

This was all argued out more than 10 years ago!

Ian- Hide quoted text -

- Show quoted text -


Unfortunately, it was argued out by people who didn't take the time to
talk with the manufacturers of the COTS units themselves!! The
statement that " it would be It is VERY simple to split the casing on
COTS units and substitute
some internal microprocessor controlled gubbins or even reprogram the
software so that it appears to perform like the real thing but given a
few 'special' keystrokes could do just about anything, including
dumping some prerecorded track or trace" neglects the fact that a
company like Garmin or Magellan is more than a little sensitive about
people reverse-engineering their products. Show me somebody who's
rebuilt their Garmin 76 as you describe, and I'll believe you. I have
detailed correspondence with Garmin engineers willing to discuss the
issue.

Of course, there are more than a few people out there (myself
included) who know how to open the case of a number of IGC Approved
Secure loggers to defeat the tamper switch. Gasp! On one of the
units I own, this was precipitated by having to replace the small
backup battery which preserves memory. Once opened and accidentally
disconnected from the power supply, the security seal is broken.
What to do? Oh, need to send the unit back to the manufacturer to
reset the code. But, as long as I have it open, let's see how this
works. Ahah, here's the mechanical switch. Let's see now, where
does this come in contact with the case? Let's just mark that point
on the case for "future reference". Now, send it back to the
manufacturer and the unit comes back as "secure." Of course, now
that I know exactly where the switch is and how to defeat that...
Where did I put that 1/8" drill bit...

And off we go. Of course, why stop with cracking the case. I'm
sure any firmware guru and EE who wants to go to the effort of hacking
a COTS GPS can more easily create a low power GPS signal generator
which can spoof GPS signals with off-the-shelf components. In fact,
my firm works with a number of freight/transportation firms on RFID,
GPS, and other tracking technologies. Guess what one of the very REAL
threats they're facing is right now - GPS spoofing. See for
example:

http://www.eyefortransport.com/index...nli=freight&ch

Anyone who believes that an IGC Approved Recorder is somehow
"significantly more" secure from tampering by a sophisticated/
dedicated cheater is fooling him/herself. I strongly agree that the
IGC Approved Recorder provides a valuable solution for non-supervised/
minimally supervised flights. The overhead associated with having to
manually review every recorder at a large contest would be a
nightmare. But, could a dedicated cheater defeat security on an IGC
Approved Logger. Yup.

So, before we go off into fantasy land, let's start talking about the
REALISTIC threats and the differences between the two approaches.
IGC Approved loggers clearly have the advantage in that they offer an
easier administrative approach at contests and other gatherings where
there isn't direct supervision of the FRs. COTS loggers will
require additional manual intervention which make them less attractive
for those situations, but they are equally desirable for a supervised
Silver C.

Off to go skiing. At least I'll be on the ridge...

P3