IGC FLIGHT RECORDER APPROVAL LEVELS

A decision was made on 5 March by the IGC Plenary meeting in Lausanne,
Switzerland, that will affect the Cambridge models 10, 20 & 25, Print
Technik GR1000 series and the Zander 940 types of GPS Flight Recorder.
The annual Plenary meeting is the highest decision-taking body within
the IGC structure. This was the final stage in the process of reviewing
World Record (WR) procedures that was carried out by a working group led
by the IGC Bureau during 2004.

A discussion was held on electronic security systems for flight
recorders that may be used for WR flight evidence. It was decided by a
two thirds majority vote that flight recorders not having public/private
key systems such as RSA or equivalent as part of the system by which
manufacturer's Validation program files are available through the IGC
GNSS web pages, will not be permitted for WR evidence. In accordance
with Annex B of the Sporting Code for Gliding (SC3B), para 1.1.4.2, this
will take effect on 15 March 2006 and over-rides any "Grandfather
Rights" for the recorders concerned.

The manufacturers have already been notified and the period of a year
allows them to consider the possibility of an upgrade for these recorder
models.

Otherwise, the new IGC-approval level for these recorder models will be
at the "all IGC/FAI badge and diplomas" level (SC3B para 1.1.3.3.2) with
effect from 15 March 2006.

Finally, please note that this decision does not affect the use of such
recorders in gliding competitions (SC3B para 1.1.3.3.6 refers).

Bernald S Smith, Chairman IGC ANDS Committee
Ian W Strachan, Chairman IGC GFA Committee

--
Ian Strachan
Chairman IGC GFA Committee

Hi,

I understand that "old" technology must be made obsolete at some point, but
I think this is premature. The GPS-NAV is a very reliable and secure
system. It is a shame to make the units less valuable to thousands of
owners. I must respectfully disagree with the decision of the IGC.
There... I've said my piece.

Good Soaring,

Paul Remde
____________________________________

"Ian Strachan" > wrote in message
...
> IGC FLIGHT RECORDER APPROVAL LEVELS
>
> A decision was made on 5 March by the IGC Plenary meeting in Lausanne,
> Switzerland, that will affect the Cambridge models 10, 20 & 25, Print
> Technik GR1000 series and the Zander 940 types of GPS Flight Recorder. The
> annual Plenary meeting is the highest decision-taking body within the IGC
> structure. This was the final stage in the process of reviewing World
> Record (WR) procedures that was carried out by a working group led by the
> IGC Bureau during 2004.
>
> A discussion was held on electronic security systems for flight recorders
> that may be used for WR flight evidence. It was decided by a two thirds
> majority vote that flight recorders not having public/private key systems
> such as RSA or equivalent as part of the system by which manufacturer's
> Validation program files are available through the IGC GNSS web pages,
> will not be permitted for WR evidence. In accordance with Annex B of the
> Sporting Code for Gliding (SC3B), para 1.1.4.2, this will take effect on
> 15 March 2006 and over-rides any "Grandfather Rights" for the recorders
> concerned.
>
> The manufacturers have already been notified and the period of a year
> allows them to consider the possibility of an upgrade for these recorder
> models.
>
> Otherwise, the new IGC-approval level for these recorder models will be at
> the "all IGC/FAI badge and diplomas" level (SC3B para 1.1.3.3.2) with
> effect from 15 March 2006.
>
> Finally, please note that this decision does not affect the use of such
> recorders in gliding competitions (SC3B para 1.1.3.3.6 refers).
>
> Bernald S Smith, Chairman IGC ANDS Committee
> Ian W Strachan, Chairman IGC GFA Committee
>
> --
> Ian Strachan
> Chairman IGC GFA Committee
>
>

Have all world records that were set with these devices been retrospectively
cancelled??

If not, why not if the security flaw is enough to cause the revoking of the
approval?

Nick.


"Paul Remde" > wrote in message
news:qI7_d.75945$Ze3.65870@attbi_s51...
> Hi,
>
> I understand that "old" technology must be made obsolete at some point,
> but I think this is premature. The GPS-NAV is a very reliable and secure
> system. It is a shame to make the units less valuable to thousands of
> owners. I must respectfully disagree with the decision of the IGC.
> There... I've said my piece.
>
> Good Soaring,
>
> Paul Remde
> ____________________________________
>
> "Ian Strachan" > wrote in message
> ...
>> IGC FLIGHT RECORDER APPROVAL LEVELS
>>
>> A decision was made on 5 March by the IGC Plenary meeting in Lausanne,
>> Switzerland, that will affect the Cambridge models 10, 20 & 25, Print
>> Technik GR1000 series and the Zander 940 types of GPS Flight Recorder.
>> The annual Plenary meeting is the highest decision-taking body within the
>> IGC structure. This was the final stage in the process of reviewing
>> World Record (WR) procedures that was carried out by a working group led
>> by the IGC Bureau during 2004.
>>
>> A discussion was held on electronic security systems for flight recorders
>> that may be used for WR flight evidence. It was decided by a two thirds
>> majority vote that flight recorders not having public/private key systems
>> such as RSA or equivalent as part of the system by which manufacturer's
>> Validation program files are available through the IGC GNSS web pages,
>> will not be permitted for WR evidence. In accordance with Annex B of the
>> Sporting Code for Gliding (SC3B), para 1.1.4.2, this will take effect on
>> 15 March 2006 and over-rides any "Grandfather Rights" for the recorders
>> concerned.
>>
>> The manufacturers have already been notified and the period of a year
>> allows them to consider the possibility of an upgrade for these recorder
>> models.
>>
>> Otherwise, the new IGC-approval level for these recorder models will be
>> at the "all IGC/FAI badge and diplomas" level (SC3B para 1.1.3.3.2) with
>> effect from 15 March 2006.
>>
>> Finally, please note that this decision does not affect the use of such
>> recorders in gliding competitions (SC3B para 1.1.3.3.6 refers).
>>
>> Bernald S Smith, Chairman IGC ANDS Committee
>> Ian W Strachan, Chairman IGC GFA Committee
>>
>> --
>> Ian Strachan
>> Chairman IGC GFA Committee
>>
>>
>
>

Nick Gilbert wrote:
> Have all world records that were set with these devices been retrospectively
> cancelled??
>
> If not, why not if the security flaw is enough to cause the revoking of the
> approval?

There is this little thing called "technological progress". The
computer I have at home, right now, is around 500 times faster and has
2000 times the memory that my computer had in 1996, when the original
specs were written for approved flight recorders. If you know anything,
at all, about computer-based cryptography, you'll recognize that
security ultimately depends upon certain kinds of calculations taking
10s to 100s of years to complete. A calculation that would take 100
years on a fast workstation in 1996, may be completed in a few weeks on
a typical 2005 home PC. Now, extrapolate forward to 2010.

We can argue up, down, and sideways whether there is any need for
digital signatures and other security mechanisms in approved flight
recorders. I'm fairly agnostic about that, myself. But, given that the
IGC has decided it wants at least some security, it is necessary to
disallow older devices with questionable security for world record
purposes, before technological advances render them completely insecure.

Marc

In article >,
Marc Ramsey > wrote:

> There is this little thing called "technological progress". The
> computer I have at home, right now, is around 500 times faster and has
> 2000 times the memory that my computer had in 1996, when the original
> specs were written for approved flight recorders. If you know anything,
> at all, about computer-based cryptography, you'll recognize that
> security ultimately depends upon certain kinds of calculations taking
> 10s to 100s of years to complete. A calculation that would take 100
> years on a fast workstation in 1996, may be completed in a few weeks on
> a typical 2005 home PC. Now, extrapolate forward to 2010.

I'm not sure what *you* had in 1996, but at that time my fastest
computer was a 120 MHz PowerPC while my fastest now is a 2200 MHz Athlon
XP3200+ (and is as fast as 3.x GHz Pentium 4's so let's not count those
abberant marketing exercises). That's only a factor of about 20 faster.
RAM size then was 64 MB, now it is 768 MB, a factor of 12. Disk size
was 2 GB and is now 80 GB, a factor of 40.

All rather smaller than your numbers.


> We can argue up, down, and sideways whether there is any need for
> digital signatures and other security mechanisms in approved flight
> recorders. I'm fairly agnostic about that, myself. But, given that the
> IGC has decided it wants at least some security, it is necessary to
> disallow older devices with questionable security for world record
> purposes, before technological advances render them completely insecure.

Actually, those recorders were completely insecure *then*. I argued the
need for RSA (or something like it) with both Dave Ellis of CAI and
Bernald Smith at either or both of the 1995 Worlds and the 1994
pre-worlds, when GPS recorders were first used.

The IGC having (wrongly, in my opinion) decided that "security through
obscurity" was sufficient deterrent to cheating back then, why have they
changed their minds now?

--
Bruce | 41.1670S | \ spoken | -+-
Hoult | 174.8263E | /\ here. | ----------O----------

Marc,

Not sure if the patronising reply was necessary. Also, it was presumptuous
of you to assume I know nothing about this topic, whether I do or not.

I am simply questioning the seriousness of the security flaw. If it has been
proven that flight traces with the redundant devices can be falsified (one
can only assume they have, otherwise we wouldn't be going through this at
all), then why not ask the question?

Nick.

"Marc Ramsey" > wrote in message
. com...
> Nick Gilbert wrote:
>> Have all world records that were set with these devices been
>> retrospectively cancelled??
>>
>> If not, why not if the security flaw is enough to cause the revoking of
>> the approval?
>
> There is this little thing called "technological progress". The computer
> I have at home, right now, is around 500 times faster and has 2000 times
> the memory that my computer had in 1996, when the original specs were
> written for approved flight recorders. If you know anything, at all,
> about computer-based cryptography, you'll recognize that security
> ultimately depends upon certain kinds of calculations taking 10s to 100s
> of years to complete. A calculation that would take 100 years on a fast
> workstation in 1996, may be completed in a few weeks on a typical 2005
> home PC. Now, extrapolate forward to 2010.
>
> We can argue up, down, and sideways whether there is any need for digital
> signatures and other security mechanisms in approved flight recorders.
> I'm fairly agnostic about that, myself. But, given that the IGC has
> decided it wants at least some security, it is necessary to disallow older
> devices with questionable security for world record purposes, before
> technological advances render them completely insecure.
>
> Marc

Ian Strachan > wrote:
> A discussion was held on electronic security systems for flight
> recorders that may be used for WR flight evidence. It was decided by a
> two thirds majority vote that flight recorders not having public/private
> key systems such as RSA or equivalent as part of the system by which
> manufacturer's Validation program files are available through the IGC
> GNSS web pages, will not be permitted for WR evidence. In accordance

because terrorists, hackers & spammers ar striving for world records :-)

--
--Peter Hermann(49)0711-685-3611 fax3758
--Pfaffenwaldring 27 Raum 114, D-70569 Stuttgart Uni Computeranwendungen
--http://www.csv.ica.uni-stuttgart.de/homes/ph/
--Team Ada: "C'mon people let the world begin" (Paul McCartney)

Ian Strachan > wrote:
> two thirds majority vote that flight recorders not having public/private
> key systems such as RSA or equivalent as part of the system by which

Which cryptographic algorithms are considered ``equivalent'' to RSA?
What is the minimum key length prescribed?

Cheers
-Gerhard
--
Gerhard Wesp o o Tel.: +41 (0) 43 5347636
Bachtobelstrasse 56 | http://www.cosy.sbg.ac.at/~gwesp/
CH-8045 Zuerich \_/ See homepage for email address!

If it's still more difficult to fake the flight than make the flight, those
devices are still secure enough, no?

"Nick Gilbert" > wrote in message
...
> Marc,
>
> Not sure if the patronising reply was necessary. Also, it was presumptuous
> of you to assume I know nothing about this topic, whether I do or not.
>
> I am simply questioning the seriousness of the security flaw. If it has
been
> proven that flight traces with the redundant devices can be falsified (one
> can only assume they have, otherwise we wouldn't be going through this at
> all), then why not ask the question?
>
> Nick.
>
> "Marc Ramsey" > wrote in message
> . com...
> > Nick Gilbert wrote:
> >> Have all world records that were set with these devices been
> >> retrospectively cancelled??
> >>
> >> If not, why not if the security flaw is enough to cause the revoking of
> >> the approval?
> >
> > There is this little thing called "technological progress". The
computer
> > I have at home, right now, is around 500 times faster and has 2000 times
> > the memory that my computer had in 1996, when the original specs were
> > written for approved flight recorders. If you know anything, at all,
> > about computer-based cryptography, you'll recognize that security
> > ultimately depends upon certain kinds of calculations taking 10s to 100s
> > of years to complete. A calculation that would take 100 years on a fast
> > workstation in 1996, may be completed in a few weeks on a typical 2005
> > home PC. Now, extrapolate forward to 2010.
> >
> > We can argue up, down, and sideways whether there is any need for
digital
> > signatures and other security mechanisms in approved flight recorders.
> > I'm fairly agnostic about that, myself. But, given that the IGC has
> > decided it wants at least some security, it is necessary to disallow
older
> > devices with questionable security for world record purposes, before
> > technological advances render them completely insecure.
> >
> > Marc
>
>

At 13:30 17 March 2005, Peter Hermann wrote:
>Ian Strachan wrote:
>> A discussion was held on electronic security systems
>>for flight
>> recorders that may be used for WR flight evidence.
>> It was decided by a
>> two thirds majority vote that flight recorders not
>>having public/private
>> key systems such as RSA or equivalent as part of the
>>system by which
>> manufacturer's Validation program files are available
>>through the IGC
>> GNSS web pages, will not be permitted for WR evidence.
>> In accordance
>
>because terrorists, hackers & spammers ar striving
>for world records :-)
>

Surely you mean terrorists, hackers & spammers are
trying to get world records without having to do any
striving?

>--
>--Peter Hermann(49)0711-685-3611 fax3758 -stuttg
>>art.de
>--Pfaffenwaldring 27 Raum 114, D-70569 Stuttgart Uni
>Computeranwendungen
>--http://www.csv.ica.uni-stuttgart.de/homes/ph/
>--Team Ada: 'C'mon people let the world begin' (Paul
>McCartney)
>

In article >, Gerhard Wesp
> writes

>Which cryptographic algorithms are considered ``equivalent'' to RSA?
>What is the minimum key length prescribed?

DSA for one, which has the advantage that most security calculations may
be made "on the fly" during flight. This leads to a shorter download
time after flight. A couple of newer recorder designs use DSA and the
rest use RSA.

On key length, for a new type of recorder for IGC-approval for "all
flights" he answer is a private key of at least 512 bits.

It is all spelt out in the IGC Technical Specification for GNSS Flight
Recorders, particularly para 2.8.3. A good bedtime read! (a joke, I
think, but some might find it interesting). See:
http://www.fai.org/gliding/gnss/tech_spec_gnss.asp

GFAC is also looking at the concept of "server-based security" where the
VALIDATION check program is not available in the public domain (as now,
through the IGC GNSS web site) but is held behind a firewall.
Interrogation for VALI checks would result in a pass/fail message being
sent back on the public side of the firewall. The server/firewall could
be at the recorder manufacturer's site or, preferably, at the FAI site
in Lausanne. The principle was announced to IGC at the 2004 Plenary but
GFAC was overtaken by other work such as the World Record review and the
COTS situation (as well as our normal work), and no practical progress
on testing such a system has been made. We are now preparing to try it
out. One advantage if it can be made to work would be to stop the
incessant rise of private key bit count requirements as computer power
increases with time. In other words, simpler types of VALI programs
might be OK but they would always be hidden. That is, not available on
the IGC web site as they are now, together with the standard download
programs DATA-XXX.exe and the Windows-based equivalents (XXX is each
manufacturer's three letter code).

Hope that helps ........

--
Ian Strachan
Chairman IGC GFA Committee

Bruce Hoult wrote:
> All rather smaller than your numbers.

You must have been richer than I was 8^)

>>We can argue up, down, and sideways whether there is any need for
>>digital signatures and other security mechanisms in approved flight
>>recorders. I'm fairly agnostic about that, myself. But, given that the
>>IGC has decided it wants at least some security, it is necessary to
>>disallow older devices with questionable security for world record
>>purposes, before technological advances render them completely insecure.
>
>
> Actually, those recorders were completely insecure *then*. I argued the
> need for RSA (or something like it) with both Dave Ellis of CAI and
> Bernald Smith at either or both of the 1995 Worlds and the 1994
> pre-worlds, when GPS recorders were first used.
>
> The IGC having (wrongly, in my opinion) decided that "security through
> obscurity" was sufficient deterrent to cheating back then, why have they
> changed their minds now?

The minds of the relevant people in GFAC/IGC were changed on this
subject by 1997. Quite a few of these non-RSA units had already been
sold. What would you have done?

Marc

Andrew Warbrick > wrote:
> Surely you mean terrorists, hackers & spammers are
> trying to get world records without having to do any
> striving?

sorry, I could not resist.

I think if somebody constructs a world record on the desktop
instead of flying I would allow the medal:
loss of peace of conscience is long lasting :-)

Peter Hermann

ps.: please save bandwidth

I don't know, probably I'm a hoplessly old fashioned idealist, but this
whole discussion seems very strange to me. After all, soaring is about
flying and having fun, isn't it? At least this was the reason I've
learnt to fly some time ago. If I have enjoyed a nice fly, and if I feel
like it, I may submit it somewhere, for the fun of it, to share my joy,
maybe even for competition. But fake the file? No way! What should I
answer if somebody wants to talk with me about the flight? If somebody
else wants to cheat, so be it, it's his business, I don't care.

Stefan

Nick Gilbert wrote:
> Not sure if the patronising reply was necessary. Also, it was presumptuous
> of you to assume I know nothing about this topic, whether I do or not.

Me bad.

The trade-offs are pretty straightforward. In 1996, if the IGC had
specified a security system that would still be considered reasonably
secure in 2005, the flight recorders would either have cost several
times as much, or it would have taken hours to do the signature
calculations in the recorder. We have much the same problem in 2005.
That is an unfortunate characteristic of trying to implement public key
encryption systems on inexpensive microcontrollers in low production
volume devices.

The one thing that may ultimately ease the issue, is the nearly
ubiquitous presence of internet access in 2005, which makes a private
key system viable and secure.

> I am simply questioning the seriousness of the security flaw. If it has been
> proven that flight traces with the redundant devices can be falsified (one
> can only assume they have, otherwise we wouldn't be going through this at
> all), then why not ask the question?

It comes down to this, if someone cheats by managing to break the
signature system, we won't find out unless a mistake was made some place
else in flight documentation (like faking the flight in an inconsistent
fashion). We can only really guard against this by removing world
record approval for devices that that we know to have fairly weak
encryption capabilities.

Marc

Yep.

--
Bert Willing

ASW20 "TW"


"Stefan" > a écrit dans le message de news:
...
>I don't know, probably I'm a hoplessly old fashioned idealist, but this
>whole discussion seems very strange to me. After all, soaring is about
>flying and having fun, isn't it? At least this was the reason I've learnt
>to fly some time ago. If I have enjoyed a nice fly, and if I feel like it,
>I may submit it somewhere, for the fun of it, to share my joy, maybe even
>for competition. But fake the file? No way! What should I answer if
>somebody wants to talk with me about the flight? If somebody else wants to
>cheat, so be it, it's his business, I don't care.
>
> Stefan

Stefan wrote:
> I don't know, probably I'm a hoplessly old fashioned idealist, but this
> whole discussion seems very strange to me. After all, soaring is about
> flying and having fun, isn't it? At least this was the reason I've
> learnt to fly some time ago. If I have enjoyed a nice fly, and if I feel
> like it, I may submit it somewhere, for the fun of it, to share my joy,
> maybe even for competition. But fake the file? No way! What should I
> answer if somebody wants to talk with me about the flight? If somebody
> else wants to cheat, so be it, it's his business, I don't care.

Yes, that is why there is less concern over security issues for badges,
contests, the OLC, etc. However, world or national records fit in a
slightly different category, in that once someone claims one, it is
theirs until someone else makes a better flight. Given the known
history of cheating on world records (and in world championships) in the
pre-GPS days, it doesn't take much cynicism to assume that there are
still people out there who would cheat, given the opportunity...

Marc

Marc Ramsey wrote:

> Given the known
> history of cheating on world records (and in world championships) in the
> pre-GPS days, it doesn't take much cynicism to assume that there are
> still people out there who would cheat, given the opportunity...

Is this "history" available somewhere?

/Janos

We are told that the old standards aren't strict enough, but has there
ever been an instance where someone used those lax old standards to fake
a world record claim?


Marc Ramsey wrote:
> Nick Gilbert wrote:
>
>> Not sure if the patronising reply was necessary. Also, it was
>> presumptuous of you to assume I know nothing about this topic, whether
>> I do or not.
>
>
> Me bad.
>
> The trade-offs are pretty straightforward. In 1996, if the IGC had
> specified a security system that would still be considered reasonably
> secure in 2005, the flight recorders would either have cost several
> times as much, or it would have taken hours to do the signature
> calculations in the recorder. We have much the same problem in 2005.
> That is an unfortunate characteristic of trying to implement public key
> encryption systems on inexpensive microcontrollers in low production
> volume devices.
>
> The one thing that may ultimately ease the issue, is the nearly
> ubiquitous presence of internet access in 2005, which makes a private
> key system viable and secure.
>
>> I am simply questioning the seriousness of the security flaw. If it
>> has been proven that flight traces with the redundant devices can be
>> falsified (one can only assume they have, otherwise we wouldn't be
>> going through this at all), then why not ask the question?
>
>
> It comes down to this, if someone cheats by managing to break the
> signature system, we won't find out unless a mistake was made some place
> else in flight documentation (like faking the flight in an inconsistent
> fashion). We can only really guard against this by removing world
> record approval for devices that that we know to have fairly weak
> encryption capabilities.
>
> Marc

Greg Arnold wrote:
> We are told that the old standards aren't strict enough, but has there
> ever been an instance where someone used those lax old standards to fake
> a world record claim?

Good question, how would we know? This is what we know: a) at least one
of the flight recorders meeting the pre-97 standards has had its
security broken as an academic exercise, and b) if someone used those
pre-97 standards to fake a world record claim, we would only find out if
there was some other reasonably obvious problem.

Marc

Marc Ramsey wrote:
> Greg Arnold wrote:
>
>> We are told that the old standards aren't strict enough, but has there
>> ever been an instance where someone used those lax old standards to
>> fake a world record claim?
>
> Good question, how would we know? This is what we know: a) at least one
> of the flight recorders meeting the pre-97 standards has had its
> security broken as an academic exercise, and b) if someone used those
> pre-97 standards to fake a world record claim, we would only find out if
> there was some other reasonably obvious problem.
>
> Marc

For a faked world record claim to have any plausibility, it would have
to be done by an excellent pilot on a day with absolutely spectacular
soaring conditions. Why would an excellent pilot fake such a flight,
since if the fake was discovered it would destroy his reputation?
Further, on such a spectacular day, other pilots would be flying, and
might notice that the claimant was nowhere near the places he claimed to
be, and that his flight was inconsistent with observed conditions (e.g.,
he recorded a climb where other pilots only saw sink).

Also, now with the internet and software such as SeeYou, any record
claim will be analyzed in detail on many computers -- I don't see how
you could construct a fake flight that could withstand such scrutiny.

I think we need only minimal standards, provided all flight logs are
posted on the internet for all to see. I suspect the people who make
the rules are in love with the technology, and this is blinding them to
reality.

Greg Arnold wrote:
> For a faked world record claim to have any plausibility, it would have
> to be done by an excellent pilot on a day with absolutely spectacular
> soaring conditions. Why would an excellent pilot fake such a flight,
> since if the fake was discovered it would destroy his reputation?
> Further, on such a spectacular day, other pilots would be flying, and
> might notice that the claimant was nowhere near the places he claimed to
> be, and that his flight was inconsistent with observed conditions (e.g.,
> he recorded a climb where other pilots only saw sink).

Perhaps. But the key characteristic of record breaking flights is that
you go farther and faster than anyone else. So, why would you expect
any witnesses during the majority of the flight? If one pilot finds a
10 knot climb in an area where others only find sink, is that not, in
fact, what distinguishes someone capable of a world record flight from
the rest of us?

> Also, now with the internet and software such as SeeYou, any record
> claim will be analyzed in detail on many computers -- I don't see how
> you could construct a fake flight that could withstand such scrutiny.

My canonical example is simply scaling up an actual flight by some
amount. At what point would it become obvious that it was faked, 2, 4,
8, 10%? Can you prove it beyond a reasonable doubt? What about taking
a flight that was made at some point in the past, and changing the
dates? Or changing a declaration post flight?

> I think we need only minimal standards, provided all flight logs are
> posted on the internet for all to see. I suspect the people who make
> the rules are in love with the technology, and this is blinding them to
> reality.

I think most of the people who write the rules love glider technology
far more than computer technology. They listen to people that they hope
understand the computer things better than they do, and try to make
rules that make things convenient for the pilots, while maintaining some
level of integrity in the system. Then again, maybe they just do these
things to annoy people on r.a.s...

Marc

Marc Ramsey wrote:
> Greg Arnold wrote:
>
>
>> Also, now with the internet and software such as SeeYou, any record
>> claim will be analyzed in detail on many computers -- I don't see how
>> you could construct a fake flight that could withstand such scrutiny.
>
>
> My canonical example is simply scaling up an actual flight by some
> amount. At what point would it become obvious that it was faked, 2, 4,
> 8, 10%?

If you can get a world record by scaling a flight up by 10%, you had a
spectacular flight to begin with -- the flight of the year, and perhaps
of the decade. And scale up a flight by too much, and people would
notice discrepancies -- such as high thermalling speeds but small circles.

Can you prove it beyond a reasonable doubt? What about taking
> a flight that was made at some point in the past, and changing the
> dates? Or changing a declaration post flight?

That won't give you a record.

In article >,
Marc Ramsey > wrote:

> My canonical example is simply scaling up an actual flight by some
> amount. At what point would it become obvious that it was faked, 2, 4,
> 8, 10%? Can you prove it beyond a reasonable doubt?

Unless it's over dead flat land, very easily, by comparing the track
taken and the location of thermals to geographic features (obviously use
of ridge is even easier).

--
Bruce | 41.1670S | \ spoken | -+-
Hoult | 174.8263E | /\ here. | ----------O----------

Marc Ramsey wrote:
> Greg Arnold wrote:
>
>
>> Also, now with the internet and software such as SeeYou, any record
>> claim will be analyzed in detail on many computers -- I don't see how
>> you could construct a fake flight that could withstand such scrutiny.
>
>
> My canonical example is simply scaling up an actual flight by some
> amount. At what point would it become obvious that it was faked, 2, 4,
> 8, 10%?

Scaling up distances will result in obvious anomalies if the track is
compared to the topography. And scaling up speeds will also result in
problems -- such as high thermalling speeds but small circles. Also, if
you can get a world record by scaling a flight up by 10%, you had a
spectacular flight to begin with -- the flight of the year, and perhaps
of the decade.

Bruce Hoult wrote:
> In article >,
> Marc Ramsey > wrote:
>
>>My canonical example is simply scaling up an actual flight by some
>>amount. At what point would it become obvious that it was faked, 2, 4,
>>8, 10%? Can you prove it beyond a reasonable doubt?
>
> Unless it's over dead flat land, very easily, by comparing the track
> taken and the location of thermals to geographic features (obviously use
> of ridge is even easier).

Well, I could point to plenty of my flights where the cloud streets
basically meander around with with seeming little relationship to the
very prominent ridge lines (wind out here does strange things to
convection), but there really isn't much point. Perhaps if you guys
would get off your duffs, get yourselves appointed as IGC delegates and
GFAC members, and change these silly rules, then I wouldn't have to
waste any more of my time coming up with bogus justifications...

Marc

>> Unless it's over dead flat land, very easily, by comparing the track
>> taken and the location of thermals to geographic features (obviously
>> use of ridge is even easier).
>
>
> Well, I could point to plenty of my flights where the cloud streets
> basically meander around with with seeming little relationship to the
> very prominent ridge lines (wind out here does strange things to
> convection), but there really isn't much point. Perhaps if you guys
> would get off your duffs, get yourselves appointed as IGC delegates and
> GFAC members, and change these silly rules, then I wouldn't have to
> waste any more of my time coming up with bogus justifications...

Now you are making sense! Not sure about getting off my duff, though.

>
> Marc
>

T o d d P a t t i s t wrote:
> Ian Strachan > wrote:
>
> >>Which cryptographic algorithms are considered ``equivalent'' to
RSA?
> >>What is the minimum key length prescribed?
> >DSA for one,
> >On key length, for a new type of recorder for IGC-approval for "all
> >flights" he answer is a private key of at least 512 bits.
>
> This all seems to me to be roughly like putting a bank vault
> door on a house with windows. Yes, the door is better, but
> the thief's going to come through the window.
>
> Public/private key cryptographic algorithms work like this:
> Alice has a secret key and uses it to send a message to Bob.
> Bob wants to make sure the message actually came from
> Alice, so he uses the public key to decrypt and verify. The
> relationship between the public key and the private key is
> such that you can't determine the private key from the
> public key. Thus, Bob can be sure that the message came
> from someone who had the secret key, i.e., Alice and not the
> bad guy Snake, who does not have the secret key.
>
> In the world of gliders, Alice is the Flight Recorder and
> has the secret key. Bob is the FAI and wants to make sure
> the message is really from the FR. The pilot submitting the
> igc trace is our Snake! However, since Snake owns and
> controls Alice (it's his flight recorder) all he has to do
> is open up Alice and get or use the secret key. I just
> don't see how you can stop this by going from 128 bit to 256
> bit to 512 bit keys. Regardless of length, Snake owns and
> controls Alice.

Don't forget that Alice has a Chastity Belt!!! . ie a physical security
switch wich will void the security of the Flight Recorder when the case
is opened.

At 09:30 18 March 2005, Mottley wrote:
>
>T o d d P a t t i s t wrote:
>> Ian Strachan wrote:
>>
>> >>Which cryptographic algorithms are considered ``equivalent''
>>>>to
>RSA?
>> >>What is the minimum key length prescribed?
>> >DSA for one,
>> >On key length, for a new type of recorder for IGC-approval
>>>for 'all
>> >flights' he answer is a private key of at least 512
>>>bits.
>>
>> This all seems to me to be roughly like putting a
>>bank vault
>> door on a house with windows. Yes, the door is better,
>>but
>> the thief's going to come through the window.
>>
>> Public/private key cryptographic algorithms work like
>>this:
>> Alice has a secret key and uses it to send a message
>>to Bob.
>> Bob wants to make sure the message actually came from
>> Alice, so he uses the public key to decrypt and verify.
>> The
>> relationship between the public key and the private
>>key is
>> such that you can't determine the private key from
>>the
>> public key. Thus, Bob can be sure that the message
>>came
>> from someone who had the secret key, i.e., Alice and
>>not the
>> bad guy Snake, who does not have the secret key.
>>
>> In the world of gliders, Alice is the Flight Recorder
>>and
>> has the secret key. Bob is the FAI and wants to make
>>sure
>> the message is really from the FR. The pilot submitting
>>the
>> igc trace is our Snake! However, since Snake owns
>>and
>> controls Alice (it's his flight recorder) all he has
>>to do
>> is open up Alice and get or use the secret key. I
>>just
>> don't see how you can stop this by going from 128
>>bit to 256
>> bit to 512 bit keys. Regardless of length, Snake
>>owns and
>> controls Alice.
>
>Don't forget that Alice has a Chastity Belt!!! . ie
>a physical security
>switch wich will void the security of the Flight Recorder
>when the case
>is opened.
>
>

So let's say Snake is rich enough to afford two Alices.
He can sacrifice one Alice to find out all about where
the switch is, he now knows how to defeat the switch,
by cutting the case if necessary and has a nice clean
case from Alice 1 with which to rebuild Alice 2 having
done the dirty deed.

At 10:30 18 March 2005, Andrew Warbrick wrote:
>So let's say Snake is rich enough to afford two Alices.
>He can sacrifice one Alice to find out all about where
>the switch is, he now knows how to defeat the switch,
>by cutting the case if necessary and has a nice clean
>case from Alice 1 with which to rebuild Alice 2 having
>done the dirty deed.

and therein lies the problem with relying on this type
of security alone. The strength of RSA is that the
private (secret) key cannot be deduced from the public
key, well not easily. The weakness is that once you
have got the private (secret) key then all the units
that use that key are obsolete. Whoops. So if snake
gets the private key and publishes it on here then
all the units that use that key are insecure.

What are the OOs doing in relation to the false claims,
are they in on it?
>
>
>
>

As I know every unit has it's own unique key (at least should). So if
you manage to open a logger box without clearing the key, you can create
fake logs only for that unit.

/Janos

Don Johnstone wrote:
> At 10:30 18 March 2005, Andrew Warbrick wrote:
>
>>So let's say Snake is rich enough to afford two Alices.
>>He can sacrifice one Alice to find out all about where
>>the switch is, he now knows how to defeat the switch,
>>by cutting the case if necessary and has a nice clean
>>case from Alice 1 with which to rebuild Alice 2 having
>>done the dirty deed.
>
>
> and therein lies the problem with relying on this type
> of security alone. The strength of RSA is that the
> private (secret) key cannot be deduced from the public
> key, well not easily. The weakness is that once you
> have got the private (secret) key then all the units
> that use that key are obsolete. Whoops. So if snake
> gets the private key and publishes it on here then
> all the units that use that key are insecure.

That's my understanding too. However, it does not mean
that a determined cheat couldn't, in theory, compromise
the security of their own logger and secure a world
record.

I think the point I was trying to make is that the
system isn't bulletproof, I don't consider my Colibri
to be much more secure than a Cambridge model 10, and
if I was a Cambridge logger owner I'd be cheesed off.


After all, these guys were the 'early adopters' who
got the whole secure logger system kickstarted and
paid more for the privilege. Without these 'early adopters'
we'd still be smoking barographs and losing claims
when the photo developers cut the negative.

At 13:00 18 March 2005, Jancsika wrote:
>
>As I know every unit has it's own unique key (at least
>should). So if
>you manage to open a logger box without clearing the
>key, you can create
>fake logs only for that unit.
>
>/Janos
>

I agree with you, I just added this short clarification.
Actually I would be happy even with the COTS solution...

/Janos

Andrew Warbrick wrote:
> That's my understanding too. However, it does not mean
> that a determined cheat couldn't, in theory, compromise
> the security of their own logger and secure a world
> record.
>
> I think the point I was trying to make is that the
> system isn't bulletproof, I don't consider my Colibri
> to be much more secure than a Cambridge model 10, and
> if I was a Cambridge logger owner I'd be cheesed off.
>
>
> After all, these guys were the 'early adopters' who
> got the whole secure logger system kickstarted and
> paid more for the privilege. Without these 'early adopters'
> we'd still be smoking barographs and losing claims
> when the photo developers cut the negative.
>
> At 13:00 18 March 2005, Jancsika wrote:
>
>>As I know every unit has it's own unique key (at least
>>should). So if
>>you manage to open a logger box without clearing the
>>key, you can create
>>fake logs only for that unit.
>>
>>/Janos
>>
>
>
>
>
>

"Marc Ramsey" > wrote in message
. com...
(snip)
< Perhaps if you guys
> would get off your duffs, get yourselves appointed as IGC delegates and
> GFAC members, and change these silly rules, then I wouldn't have to
> waste any more of my time coming up with bogus justifications...
>
> Marc
>

It's like wrestling with a pig. Eventually you realize that the pig enjoys
it.
8^)
-Bob Korves

I think it is reasonnable that World Records are
subjected to a higher level of scrutiny than badge,
competition and ladder flights.

There was the case of the spurious British World
Altitude claim in ? the 60s / 70s.

There was a flight log that would have been a world
record (if claimed and validated), mentioned on this
forum, last year. I looked at the trace. It was
clearly not valid, but what had gone wrong was not
clear to me.

----------------

I would support a proposition that tracings for all
world record claims, and for all badge claims were
made accessible to all on the Internet. Logger files
are required for the BGA ladder and AeroKurier Online
Contest. It is not beyond the capabilities of the
authorities to make all world record and badge claim
flights available online. The issue of private
information is a non-issue, because the individual is
making a claim for their performance during a flight,
and a not unreasonnable requirement is for that claim
to be available to scrutiny.

If all such claims were available on the internet,
then I expect that the wider gliding community might
well be able to pick up on and alert the authorities
to a falsified logger.

There are obvious opportunites outside the logger to
falsify a claim eg if a standard class and open class
glider perform a task, and then the logger trace from
the open class glider is submitted as coming from the
standard class glider.

Rory

"T o d d P a t t i s t" > wrote in message
...
> "Mottley" > wrote:
>
> IMHO, it's much harder to detect a digital file faked WR
> with a current FR than it was to detect a faked baro and
> camera flight that used pictures of real world TP's on the
> alleged date of the flight and had an OO signature on the
> foil baro trace.
>

That makes sense.

So, why not require a barograph PLUS a FR for a WR? Wouldn't different
technologies recording the same flight be harder to fake convincingly?
There's lots of perfectly good working barographs laying around.

I've got a like-new Reploggle if anybody wants to buy it.

Bill Daniels

Hear, hear!!
The issue, ultimately, is trust. With sufficient effort any system can be
broken. Use technology to make the documentation easier, and trusted
observers to validate the documentation

"T o d d P a t t i s t" > wrote in message
...
> Rory O'Conor >
> wrote:
>
> >I think it is reasonnable that World Records are
> >subjected to a higher level of scrutiny than badge,
> >competition and ladder flights.
>
> So do I. So here's how I'd do it - I'd rely more on the OO
> for WR's and less on the "secure FR." I'd decrease cost
> and "digital security" for badges. Badges up through the
> 2000K could be claimed by any COTS or cam/baro with an OO
> there the day of the flight or with any FR (from EW to Model
> 10 to the latest and greatest) previously sealed by an OO.
>
> If you want to improve security for WRs you need OO "eyes
> on" and tighter control over the FR, not more digital bits
> in the file recording the alleged flight..

Greg Arnold wrote:
> Can you prove it beyond a reasonable doubt? What about taking
> > a flight that was made at some point in the past, and changing the
> > dates? Or changing a declaration post flight?
>
> That won't give you a record.

It certainly could for a spped record in wave. The location of the
start/finish is critical to getting a good speed flight. If I could go
up and scope out the wave, then fly an air declared course, and later
fudge the log to indicate a ground declaration...

But of course, if I had a few friends up flying to tell me where to
make the start/finish points before I took off, then this particular
"cheat" wouldn't be needed.

Or I might declare a 500k O&R then at the turn point decide to stretch
the flight into a 750 or 1000k O&R due to incredible conditions.

In both these situations it's really a good pilot in good conditions
just trying to bend the rules. But I'm sure a good imagination could
stretch this some more.

What IS the rationale (other than the restriction of the old paper
declaration) for requiring the declaration to be made before takeoff.
Why not allow a declaration prior to the soaring performance at hand?

-Tom

X-no-archive: yes
In article >, Rory O'Conor <REMOVE_TO_REP
> writes
>I think it is reasonnable that World Records are
>subjected to a higher level of scrutiny than badge,
>competition and ladder flights.
>
>There was the case of the spurious British World
>Altitude claim in ? the 60s / 70s.
>
>There was a flight log that would have been a world
>record (if claimed and validated), mentioned on this
>forum, last year. I looked at the trace. It was
>clearly not valid, but what had gone wrong was not
>clear to me.
>
I think Rory has hit the nail on the head. This only effect World
Records. It does not effect any other aspect of Gliding.

How many of the contributors to this thread have attempted a world
record?

Tim Newport-Peace

"Indecision is the Key to Flexibility."

Marc Ramsey wrote:
> >
Perhaps if you guys
> would get off your duffs, get yourselves appointed as IGC delegates
and
> GFAC members, and change these silly rules, then I wouldn't have to
> waste any more of my time coming up with bogus justifications...
>
> Marc

Alternative suggestion. Rather than getting yourselves elected to the
IGC, focus on your local IGC Reps. Several of the arguments in this
thread have been tried before, and some of them obviously have some
merit. The problem with international bodies like the IGC is that there
is a lot of intertia to overcome (obviously Marc knows this better than
the rest of us duffers). The best place to start is with the
individuals who make up the body.

So, please start a campaign to your local IGC delegates. Names can be
found here:

http://www.fai.org/directory/delegates.asp?id=6

I've found that a google on the name usually results in an email
address popping up (usually found on the Website of the national body
such as SSA, BGA, etc.)

All of this seems laughable to me. A one hour consulting fee
to David Copperfield and one could easily get as many World Records as
one wants. There are a million low tech ways to cheat that
would never be detected by a billion bits of PK cryptography.

Ultimately I believe by far the most effective way to
deter cheating is the rule mentioned in the 2005 IGC meeting
minutes whereby the FAI sporting license is permanently
revoked if cheating is proven.

The prospect of proving someone is a cheat and getting 15 minutes of
fame is so much more interesting than the WR itself, WRs will always
come under more scrutiny in ways never concieved by the IGC that
cheating will be very difficult to keep a secret.

Besides this, anyone following the advances solving Fermat's Last
Theorem or Primality knows that an NP=P proof isn't so farfetched.
PK has definitely not been proven uncrackable.
There is a good reason the DOD uses a combination of cryptography
AND physical security for its most secret messages.

The IGC focus on "improved" technology gets a big yawn from me.
But if it distracts the technophiles away from
modifying and complicating other (important) parts of the
sporting code, I support it completely!

In article >,
Andrew Warbrick > wrote:
>At 09:30 18 March 2005, Mottley wrote:
>>
>>T o d d P a t t i s t wrote:
>>> Ian Strachan wrote:
>>>
>>> >>Which cryptographic algorithms are considered ``equivalent''
>>>>>to
>>RSA?
>>> >>What is the minimum key length prescribed?
>>> >DSA for one,
>>> >On key length, for a new type of recorder for IGC-approval
>>>>for 'all
>>> >flights' he answer is a private key of at least 512
>>>>bits.
>>>
>>> This all seems to me to be roughly like putting a
>>>bank vault
>>> door on a house with windows. Yes, the door is better,
>>>but
>>> the thief's going to come through the window.
>>>
>>> Public/private key cryptographic algorithms work like
>>>this:
>>> Alice has a secret key and uses it to send a message
>>>to Bob.
>>> Bob wants to make sure the message actually came from
>>> Alice, so he uses the public key to decrypt and verify.
>>> The
>>> relationship between the public key and the private
>>>key is
>>> such that you can't determine the private key from
>>>the
>>> public key. Thus, Bob can be sure that the message
>>>came
>>> from someone who had the secret key, i.e., Alice and
>>>not the
>>> bad guy Snake, who does not have the secret key.
>>>
>>> In the world of gliders, Alice is the Flight Recorder
>>>and
>>> has the secret key. Bob is the FAI and wants to make
>>>sure
>>> the message is really from the FR. The pilot submitting
>>>the
>>> igc trace is our Snake! However, since Snake owns
>>>and
>>> controls Alice (it's his flight recorder) all he has
>>>to do
>>> is open up Alice and get or use the secret key. I
>>>just
>>> don't see how you can stop this by going from 128
>>>bit to 256
>>> bit to 512 bit keys. Regardless of length, Snake
>>>owns and
>>> controls Alice.
>>
>>Don't forget that Alice has a Chastity Belt!!! . ie
>>a physical security
>>switch wich will void the security of the Flight Recorder
>>when the case
>>is opened.
>>
>>
>
>So let's say Snake is rich enough to afford two Alices.
>He can sacrifice one Alice to find out all about where
>the switch is, he now knows how to defeat the switch,
>by cutting the case if necessary and has a nice clean
>case from Alice 1 with which to rebuild Alice 2 having
>done the dirty deed.
>
>
>


--

------------+
Mark J. Boyd

Apart from WR claims, I would be quite interested in
some progress and discussion on allowing COTS GPS
to validate Silver and perhaps Gold badge flights.

At least allowing a COTS GPS to be used in conjunction with
a barograph for Silver distance flights (like an
out and return).

Anything to make the Silver Badge easier to
validate would really help encourage pilots to transition
to X-C, in my opinion.

I know a LOT of pilots who have done Silver distance, but
not officially, due to the silly equipment requirements.
If we can get away from the "calibration"
garbage and grant some validity (even with a large margin of
error) to GPS altitudes, I think a fourfold reduction
in GPS price would really help this area.

Just because we "have" outdated rocket science doesn't mean we
need to "use" outdated rocket science. Pressure altitude
was useful because that was all they had. These days
it is an antique, a quaint reminder of a primitive time...

In article >,
Jancsika > wrote:
>
>I agree with you, I just added this short clarification.
>Actually I would be happy even with the COTS solution...
>
>/Janos
>
>Andrew Warbrick wrote:
>> That's my understanding too. However, it does not mean
>> that a determined cheat couldn't, in theory, compromise
>> the security of their own logger and secure a world
>> record.
>>
>> I think the point I was trying to make is that the
>> system isn't bulletproof, I don't consider my Colibri
>> to be much more secure than a Cambridge model 10, and
>> if I was a Cambridge logger owner I'd be cheesed off.
>>
>>
>> After all, these guys were the 'early adopters' who
>> got the whole secure logger system kickstarted and
>> paid more for the privilege. Without these 'early adopters'
>> we'd still be smoking barographs and losing claims
>> when the photo developers cut the negative.
>>
>> At 13:00 18 March 2005, Jancsika wrote:
>>
>>>As I know every unit has it's own unique key (at least
>>>should). So if
>>>you manage to open a logger box without clearing the
>>>key, you can create
>>>fake logs only for that unit.
>>>
>>>/Janos
>>>
>>
>>
>>
>>
>>
>


--

------------+
Mark J. Boyd

>How many of the contributors to this thread have attempted a world
>record?

Every single flight! And if it wasn't for poor weather, a lousy glider,
no crew, not enough water and sandwiches, and the need to pee, I'd
have dozens of World Records! :PPPP

>
>Tim Newport-Peace
>
>"Indecision is the Key to Flexibility."


--

------------+
Mark J. Boyd