At 09:50 AM 21/01/2011, you wrote:
On 21/01/2011, at 12:28 AM,
<<mailto:[email protected]>[email protected]>
<<mailto:[email protected]>[email protected]> wrote:
If in a comp the O.O was looking over your shoulder as you loaded
your task and declared it, He un plugs it, he install's it in the
glider and seals the cables with tape and markings photographes
it with his camera , you fly the task, as you finish your rollout
he verifies the tape and markings and then photo graphs it again,
then he removes it for down load and submittal for scoring.
With the official process adhered to no falsification can occur.
Not actually true when the required equipment is small enough to
carry in the baggage compartment, and can do its work without
physical tampering with the OO's stuff.
You're right , Mark.
Also not true when you look at the actual required procedures in the
Sporting code. One of the security drivers for the IGC FR rules was
that the O.O is only required to be present at ONE end of the flight
on the day.
One could actually fly the task and come back with a forged logger
trace which said that you flew it slightly differently (e.g., extended
the distance just that little bit further into each turnpoint radius, giving
you just that little bit extra distance)
The resulting trace could be very similar to "real life," and have an
identical set of timestamps on it, but show a bit more distance. And
you've still had the fun of flying the task. :)
Not only time stamps but if the simulator is any good the same
satellite constellation and doppler shifts as the real constellation
on the day.
The incentives for abuse are even higher for world record claims,
and I reckon they'd be easier to forge too, because there's probably
no potential to compare the traces to lots of others like you could
at a comp.
IGC approved loggers are surrounded by a thin veneer of
technological gobbledegook which looks like "security" to someone
who hasn't thought about it, but which is probably no such thing.
The mystical aura of cryptography sure sounds impressive, but.
The cryptography also drives the expense of the design. Most of what
goes on in an FR can be done witha very simple 8 bit microcontroller.
Doing the crypto requires heaps of computing grunt. It is a VERY
impressively large package in the Colibri.
The security also requires that the FR have an internal backup
battery. These will eventually require replacement by opening and the
resealing. Any problems requiring opening also require resealing. It
is a pain, requires contact with the manufacturer (hope he isn't on
holidays) and the file for resealing nowadays has a limited time
usefulness. In case Ian Strachan gets his knickers in a knot again,
this is in the FR requirements which you can get from the IGC website.
The purpose of countermeasures isn't to directly prevent the behaviour
you wish to protect against, it's to increase the cost of that behaviour
enough to make it impractical. In the case of a logger, the security
measures employed ought to make flying a task cheaper and easier
than generating a forged trace.
You can imagine the process the IGC went through:
Problem: We want to prevent people from submitting fraudulent
logger traces.
Method: Editing the logger trace.
Countermeasure: Use crypto to prevent editing. Supercomputer time
is expensive, so this countermeasure makes flying the task cheaper
and easier.
The crypto has to be in the FR.
Method: Alter the electronics inside the case.
Countermeasure: Require tamper-proof packaging on an IGC logger.
Performing alterations of hardware in tamper-proof packaging is
generally expensive and technically challenging, flying the task
is probably cheaper and easier.
In all cases I've seen it is a simple microswitch. Once you've seen
on example of a particular FR it isn't difficult to defeat.
Method: Alter the software inside the case.
Countermeasure: Require loggers to be submitted to IGC for
test, audit, certification; Require tamper-proof packaging so
software can't be altered after the fact. Previous notes about
expense and simplicity also apply.
Method: Feed-in fraudulent GPS position data.
Countermeasure: Write a rule, because rules are never broken by
cheats (!), and because the equipment required to inject fraudulent
GPS position data is so expensive it's probably easier and cheaper
to just fly the task.
GPS signal injection isn't new, but what's changed is the "expensive
and difficult" part. It just ain't anymore. So the countermeasure is no
longer effective, and the "security" is illusory: The countermeasure
probably doesn't make forging a logger trace more expensive or
difficult than flying a task.
Throughout this discussion I also note that nobody has addressed
the $20 GPS jammer that's small enough to fit on a keyring. Combine
it with a timer that only turns it on after the task has started, and
gaffer-tape it inside someone's wheel well on the last day of a comp
to make them lose. Costs almost nothing and is pretty much
untraceable to any particular individual. You could even trivially rig
it up to the undercarriage so that it jettisons when the wheel is
extended, leaving no evidence. Touchy subject nobody wants to
talk about? :-)
Not only that but the competitor will lose his FLARM. For added fun,
experiment with a shielded directional antenna for the jammer.
As a competition organizer, Tim's "Make my day," attitude probably
isn't helpful, it's setting up a situation where the only way to get the
competition organizer to take any of this seriously is to actually
provide proof by demonstration -- i.e., to successfully cheat. Security
practitioners need to "think like the bad guy" to win, and the motivated
bad guy probably knows all about your countermeasures and is
diligently using his ingenuity to get around them.
If you're not taking that seriously then you're just asking to have a
National Championship invalidated due to cheating: It only costs
$20, which is probably low enough to entice someone with no
stake in the competition to try it just to piss everybody off. What
effective countermeasures are available?
I've heard of more cheating by contest organisers who don't enforce
their own rules.
Mike
Borgelt Instruments - manufacturers of quality soaring instruments since 1978
phone Int'l + 61 746 355784
fax Int'l + 61 746 358796
cellphone Int'l + 61 428 355784
email: [email protected]
website: www.borgeltinstruments.com
_______________________________________________
Aus-soaring mailing list
[email protected]
To check or change subscription details, visit:
http://lists.internode.on.net/mailman/listinfo/aus-soaring
