IGC-approval levels for some types of Flight Recorders

In article , Gerhard Wesp
writes

Which cryptographic algorithms are considered ``equivalent'' to RSA?
What is the minimum key length prescribed?

DSA for one, which has the advantage that most security calculations may
be made "on the fly" during flight. This leads to a shorter download
time after flight. A couple of newer recorder designs use DSA and the
rest use RSA.

On key length, for a new type of recorder for IGC-approval for "all
flights" he answer is a private key of at least 512 bits.

It is all spelt out in the IGC Technical Specification for GNSS Flight
Recorders, particularly para 2.8.3. A good bedtime read! (a joke, I
think, but some might find it interesting). See:
http://www.fai.org/gliding/gnss/tech_spec_gnss.asp

GFAC is also looking at the concept of "server-based security" where the
VALIDATION check program is not available in the public domain (as now,
through the IGC GNSS web site) but is held behind a firewall.
Interrogation for VALI checks would result in a pass/fail message being
sent back on the public side of the firewall. The server/firewall could
be at the recorder manufacturer's site or, preferably, at the FAI site
in Lausanne. The principle was announced to IGC at the 2004 Plenary but
GFAC was overtaken by other work such as the World Record review and the
COTS situation (as well as our normal work), and no practical progress
on testing such a system has been made. We are now preparing to try it
out. One advantage if it can be made to work would be to stop the
incessant rise of private key bit count requirements as computer power
increases with time. In other words, simpler types of VALI programs
might be OK but they would always be hidden. That is, not available on
the IGC web site as they are now, together with the standard download
programs DATA-XXX.exe and the Windows-based equivalents (XXX is each
manufacturer's three letter code).

Hope that helps ........

--
Ian Strachan
Chairman IGC GFA Committee

Bruce Hoult wrote:
All rather smaller than your numbers.

You must have been richer than I was 8^)

We can argue up, down, and sideways whether there is any need for
digital signatures and other security mechanisms in approved flight
recorders. I'm fairly agnostic about that, myself. But, given that the
IGC has decided it wants at least some security, it is necessary to
disallow older devices with questionable security for world record
purposes, before technological advances render them completely insecure.


Actually, those recorders were completely insecure *then*. I argued the
need for RSA (or something like it) with both Dave Ellis of CAI and
Bernald Smith at either or both of the 1995 Worlds and the 1994
pre-worlds, when GPS recorders were first used.

The IGC having (wrongly, in my opinion) decided that "security through
obscurity" was sufficient deterrent to cheating back then, why have they
changed their minds now?

The minds of the relevant people in GFAC/IGC were changed on this
subject by 1997. Quite a few of these non-RSA units had already been
sold. What would you have done?

Marc

Andrew Warbrick wrote:
Surely you mean terrorists, hackers & spammers are
trying to get world records without having to do any
striving?

sorry, I could not resist.

I think if somebody constructs a world record on the desktop
instead of flying I would allow the medal:
loss of peace of conscience is long lasting :-)

Peter Hermann

ps.: please save bandwidth

I don't know, probably I'm a hoplessly old fashioned idealist, but this
whole discussion seems very strange to me. After all, soaring is about
flying and having fun, isn't it? At least this was the reason I've
learnt to fly some time ago. If I have enjoyed a nice fly, and if I feel
like it, I may submit it somewhere, for the fun of it, to share my joy,
maybe even for competition. But fake the file? No way! What should I
answer if somebody wants to talk with me about the flight? If somebody
else wants to cheat, so be it, it's his business, I don't care.

Stefan

Nick Gilbert wrote:
Not sure if the patronising reply was necessary. Also, it was presumptuous
of you to assume I know nothing about this topic, whether I do or not.

Me bad.

The trade-offs are pretty straightforward. In 1996, if the IGC had
specified a security system that would still be considered reasonably
secure in 2005, the flight recorders would either have cost several
times as much, or it would have taken hours to do the signature
calculations in the recorder. We have much the same problem in 2005.
That is an unfortunate characteristic of trying to implement public key
encryption systems on inexpensive microcontrollers in low production
volume devices.

The one thing that may ultimately ease the issue, is the nearly
ubiquitous presence of internet access in 2005, which makes a private
key system viable and secure.

I am simply questioning the seriousness of the security flaw. If it has been
proven that flight traces with the redundant devices can be falsified (one
can only assume they have, otherwise we wouldn't be going through this at
all), then why not ask the question?

It comes down to this, if someone cheats by managing to break the
signature system, we won't find out unless a mistake was made some place
else in flight documentation (like faking the flight in an inconsistent
fashion). We can only really guard against this by removing world
record approval for devices that that we know to have fairly weak
encryption capabilities.

Marc

Yep.

--
Bert Willing

ASW20 "TW"


"Stefan" a écrit dans le message de news:
...
I don't know, probably I'm a hoplessly old fashioned idealist, but this
whole discussion seems very strange to me. After all, soaring is about
flying and having fun, isn't it? At least this was the reason I've learnt
to fly some time ago. If I have enjoyed a nice fly, and if I feel like it,
I may submit it somewhere, for the fun of it, to share my joy, maybe even
for competition. But fake the file? No way! What should I answer if
somebody wants to talk with me about the flight? If somebody else wants to
cheat, so be it, it's his business, I don't care.

Stefan

Stefan wrote:
I don't know, probably I'm a hoplessly old fashioned idealist, but this
whole discussion seems very strange to me. After all, soaring is about
flying and having fun, isn't it? At least this was the reason I've
learnt to fly some time ago. If I have enjoyed a nice fly, and if I feel
like it, I may submit it somewhere, for the fun of it, to share my joy,
maybe even for competition. But fake the file? No way! What should I
answer if somebody wants to talk with me about the flight? If somebody
else wants to cheat, so be it, it's his business, I don't care.

Yes, that is why there is less concern over security issues for badges,
contests, the OLC, etc. However, world or national records fit in a
slightly different category, in that once someone claims one, it is
theirs until someone else makes a better flight. Given the known
history of cheating on world records (and in world championships) in the
pre-GPS days, it doesn't take much cynicism to assume that there are
still people out there who would cheat, given the opportunity...

Marc

Marc Ramsey wrote:

Given the known
history of cheating on world records (and in world championships) in the
pre-GPS days, it doesn't take much cynicism to assume that there are
still people out there who would cheat, given the opportunity...

Is this "history" available somewhere?

/Janos

We are told that the old standards aren't strict enough, but has there
ever been an instance where someone used those lax old standards to fake
a world record claim?


Marc Ramsey wrote:
Nick Gilbert wrote:

Not sure if the patronising reply was necessary. Also, it was
presumptuous of you to assume I know nothing about this topic, whether
I do or not.


Me bad.

The trade-offs are pretty straightforward. In 1996, if the IGC had
specified a security system that would still be considered reasonably
secure in 2005, the flight recorders would either have cost several
times as much, or it would have taken hours to do the signature
calculations in the recorder. We have much the same problem in 2005.
That is an unfortunate characteristic of trying to implement public key
encryption systems on inexpensive microcontrollers in low production
volume devices.

The one thing that may ultimately ease the issue, is the nearly
ubiquitous presence of internet access in 2005, which makes a private
key system viable and secure.

I am simply questioning the seriousness of the security flaw. If it
has been proven that flight traces with the redundant devices can be
falsified (one can only assume they have, otherwise we wouldn't be
going through this at all), then why not ask the question?


It comes down to this, if someone cheats by managing to break the
signature system, we won't find out unless a mistake was made some place
else in flight documentation (like faking the flight in an inconsistent
fashion). We can only really guard against this by removing world
record approval for devices that that we know to have fairly weak
encryption capabilities.

Marc

Greg Arnold wrote:
We are told that the old standards aren't strict enough, but has there
ever been an instance where someone used those lax old standards to fake
a world record claim?

Good question, how would we know? This is what we know: a) at least one
of the flight recorders meeting the pre-97 standards has had its
security broken as an academic exercise, and b) if someone used those
pre-97 standards to fake a world record claim, we would only find out if
there was some other reasonably obvious problem.

Marc