Thread: Date of effect now 1 April 2004 for revised IGC-approval for certain legacy types of GNSS flight recorder
View Single Post
  #45  
Old November 28th 03, 12:18 AM
Eric Greenwell
external usenet poster
  
Posts: n/a
Default
Pat Russell wrote:

-there is a reliable agent that can inspect the flight recorder for
signs of tampering


This is a question of physical security. The person responsible
is the official observer. This has always been true.

Tampering can include alterations inside the box (physical, electrical,
or programing) that the observer can not detect just by examining the
box or the file it produces. The entity most likely to be able to
determine this is the company that produces it, though it's possible the
ability could be passed on to another entity.



-it can answer critics with questions about the security of algorithms


Electronic security is not perfect. It can be "strong" or
"weak" just like physical security. If the world believes that
the electronic security designed into the flight recorder is
strong enough to do the job, then there will be no critics. If
the world believes that new techniques have rendered the flight
recorder vulnerable, then it is GFAC's responsibility to issue a
disapproval. The manufacturer need not exist.

I agree the manufacturer would not be needed for this, once the unit is
approved. If further questions arise that only the manufacturer can
answer, and the manufacturer is no longer available, then the unit
should be downgraded.



-it can maintain the security keys


You may have to clarify this one. I don't think security
algorithms need maintenance.

As I understand it, the manufacturer maintains the keys for the
algorithms (the algorithm itself doesn't need maintenance). Different
keys can be used for different recorders. I don't know where these keys
go, or who ensures their secrecy, once the manufacturer is gone.

So yes, this is the question (verbose version):

In the absence of any security challenge, criticism, disapproval
notice, or special procedure required of the manufacturer, would
the manufacturer's retirement be reason enough to cause the
automatic downgrading of a flight recorder from usable for world
records to unusable for world records?

If, in this hypothetical situation, a recorder was downgraded only
because the manufacturer retired, I'd have to know the reasoning for
doing this before I could decide if it was a sufficient reason. I can't
think of one myself, but I am limited by my imagination!

Since the IGC flight recorder concept is basically about security, the
question seems to beg the question: of course, there is no reason to
disapprove a recorder if there is no concern for security.
--
-----
Replace "SPAM" with "charter" to email me directly

Eric Greenwell
Washington State
USA