Revised IGC-approvals for some types of legacy recorder

This GFAC announcement has been prepared with the agreement of the IGC GNSS Committee and the IGC Bureau.

It was put out a couple of days ago on the FAI IGC email mailing lists

asked is where the current 24 types of IGC-approved recorder and their 10 manufacturers, are listed. This can be seen on:

Hi Ian,

I am very suprised to learn about this development. So, if I undertand your note correctly, you are saying that the CAI GPS-NAV units are suddenly not considered secure? I think that is ridiculous. Please explain in detail why you came to that conclusion.

Paul Remde

After going to all of the time designing the hardware security along came the idea of public key cryptography so the IGC spec was 'upgraded' to incorporate this additional security layer. The Cambridges and others got caught between the two specs.

On the basis of openness and transparency shouldn't the IGC be disclosing all known or suspected cases of 'trace fraud?' ( If there have been any ) then the general gliding community can get a grip on how the system is working.

Ian Molesworth

Public key cryptography was well known in 1994 when the Cambridge 10's were used at the NZ pre-worlds, and in fact I *told* them at the time that they should be using something like RSA instead of something home-grown.

Oh well.

Yes, but doesn't the CAI system work? It is my impression that it is perfectly secure and has never been compromised. So why suddenly call it 'insecure'.

What is the plan to get the approval back in place? What must CAI do to make it meet your new requirements?

Paul Remde

As of January 1st, the CAI Model 10/20/25 won't be considered 'insecure', they just won't be considered 'secure enough' for world records. You can still use it for badges, 1000K+ diplomas, contests, etc., just not world records.

Minimally, a firmware upgrade would be required, but it is not clear that the microcontroller is fast enough to support the needed changes. The manufacturer(s?) is the only one that can provide an answer...

I just find this absurd. I'm very angry about the sudden change.

If I remember correctly, Steve Fossett is using a GPS-NAV (and a 302 I believe) and currently setting world records in the southern hemisphere.

I'm still waiting for a good answer to the question why. Why is the GPS-NAV suddenly not secure for world records?

This is not acceptable behavior by the IGC.

Paul Remde

Unfortunately we have no way of knowing, because the method used isn't published. But essentially I believe it is a typical private key system which relies on only trusted parties knowing the secret key. These trusted parties include anyone writing software to upload flights (which I suspect is the reason they would never give me the specs for writing mac software), and authorized repair agents.

Secure doesn't mean 'hasn't (to our knowledge) been compromised'. It means '*can't* be compromised'. If we didn't know how to do the latter that would be a different matter, but we do.

And I'll ammend my earlier remarks. In 1994 when I was recommending RSA to them I never imagined that they'd get to nearly 2004 before it became an issue. So they may have made the correct commercial decision.

The 302 will continue to be approved for world records for the forseeable future. Steve Fossett also owns at least two Volksloggers, which will also continue to be approved for world records.

According to the current flight recorder specifications, a new design similar to the GPS-NAV could not be approved for world records. There are other older flight recorder models for which there are known security concerns. The only (more or less) fair way remove world record approval from some models was to remove such approval from all similar designs approved under the older specifications.

I can't think of any way this could have been done that everyone would find acceptable...

I'd make the simple point that if RSA was required when the first flight recorder specification was issued in 1995, there were no existing flight recorder designs which could have been approved. RSA (or equivalent asymmetric algorithm) has been required for 'all flights' approval since 1997, I believe...

So what? If RSA had been required at that time there soon would have been.

So it has been perfectly acceptable to fly world records for the last 5 to 6 years without RSA security with loggers approved before 1997.

If lack of RSA security was an issue why weren't legacy loggers given say 12 months to comply or lose 'all flights' approval back in 1997?

Why the change now?

Would someone tell us why this is suddenly an issue?

Which world record flights are suspect?

Isn't it a remarkable coincidence that this action is being taken right after CAI Model 20 and 25 loggers are no longer in production?

So a would a new design without RSA security would be acceptable for all but World Records?

If not, why not?

Mike Borgelt Borgelt Instruments