VansAirForceForums  
Home > VansAirForceForums

- POSTING RULES
- Donate yearly (please).
- Advertise in here!

- Today's Posts | Insert Pics

  #31  
Old 10-16-2015, 09:05 PM
flightlogic's Avatar
flightlogic flightlogic is offline
 
Join Date: Nov 2013
Location: Prescott, AZ
Posts: 1,614
Default

This just de-volved into who is the smartest guy in the room.
To the original airline employed poster, you are probably over thinking the risk.
You are likely not flaunting the regs while not at work. The FAA is not staffed with the number of people to track you and randomly violate you. A really flagrant violation like drinking, flying... then crashing... and running away; as happened recently, will give them probable cause to come after you.
Then they have the legal right to see every prescription you ever got at a nearby neighborhood pharmacy. Barring that, and you are certainly not that kind of pilot.... you might relax and enjoy the safety of ADS-B traffic reports and nexrad imaging of precip ahead of you.
__________________
"Kindness is never a bad plan."

exemption option waived. Donation appropriate.
Reply With Quote
  #32  
Old 10-16-2015, 09:52 PM
YellowJacket RV9 YellowJacket RV9 is offline
 
Join Date: Oct 2012
Location: Clearwater, FL KCLW
Posts: 1,281
Default

Quote:
Originally Posted by Jamie View Post
It is a simple xor cipher which is easily broken, especially if the plain-text is known. And in this case, all of the potential plain-texts are known (one of the total set of ADDRP's for scenario 'a' for scenario 'b' the time).

https://en.wikipedia.org/wiki/XOR_cipher

Google is letting me down with finding §2.2.4.5.2.1, do you have that available?
Admittedly drifting off track here, but I also don't see how this would be 'trivial' to break. The potential plain-texts are known, but that does an attacker no good.

This is not a case of a key being used to encode multiple messages, in which case it would be subject to more types of attacks. This is a case of a key being used on a 'message' of the same size as the key. As long as the key is secure, this is essentially an unbreakable one-time pad.

From wikipedia:

"If the key is random and is at least as long as the message, the XOR cipher is much more secure than when there is key repetition within a message.[3] When the keystream is generated by a pseudo-random number generator, the result is a stream cipher. With a key that is truly random, the result is a one-time pad, which is unbreakable even in theory.

In any of these ciphers, the XOR operator is vulnerable to a known-plaintext attack, since plaintext \oplus ciphertext = key."

In this case, the key is both random, and as long as the message. The known-plaintext attack is not an option in this case, as it would require a physical back-door into your ADS-B system in order to inject the plaintext and recover the ciphertext; and if you had that, why even bother, just go straight for the target data.

I may be missing something, but I don't see the vulnerability.


Chris
__________________
Chris Johnson
RV-9A - Done(ish) 4/5/16! Flying 4/7/16

Last edited by YellowJacket RV9 : 10-16-2015 at 10:14 PM.
Reply With Quote
  #33  
Old 10-16-2015, 10:21 PM
spatsch spatsch is offline
 
Join Date: Nov 2014
Location: Plano, TX
Posts: 225
Default

Quote:
Originally Posted by Jamie View Post
It is a simple xor cipher which is easily broken, especially if the plain-text is known. And in this case, all of the potential plain-texts are known (one of the total set of ADDRP's for scenario 'a' for scenario 'b' the time).

https://en.wikipedia.org/wiki/XOR_cipher

Google is letting me down with finding §2.2.4.5.2.1, do you have that available?
As far as I know xor ciphers are totally secure as long as one part of the xor is truly random. Actually your google reference says that too: " With a key that is truly random, the result is a one-time pad, which is unbreakable even in theory." They are just not very practical due to the key length and randomness required and therefore only used in practice if you can distribute very long truly random key out of band (e.g. both parties have the same copy of a DVD with a 2GB key on it which is a type of cypher used by many militaries).

So the attack on this requires you to know at least part of the key which means part of the location and part of the time. So the question comes down to how difficult is it to predict at least some of the least 12 bits of lat and long and 24 bits of time which wraps every 192 days (you don't need all as even with a partial ICAO code you can correlate with e.g. airplanes registered in the region. That won't identify every transient airplane but most airplanes most of the time.)

Not quite sure what the lowest 12 bits represent as I am not that familiar with the Dynon encodings. E.g. is it the last 12 bits of an ASCII encoding of the GPS position (e.g. NMEA GGA sentence) which really only has 49 instead of 4096 as entropy and would be easy to attack or is it the last 12 bits in binary? What's the distance those 12 bits cover? E.g. can I look at airport lat/longs in the region and guess parts of those 12 bits assuming that you started that mode at an airport? How would I get an estimate at least for the day you started it. Maybe start with weekends?

Having a mode-s transponder I am quite worried about this. You can go to plane finder type in my N number select historic flights and you will see EVERY flight I made since I finished my RV-8. That does not only prevent me from exaggerating a little bit when talking about my flying over a beer but I really don't want everybody to know how I spend my spare time. To be honest I am less worried about the FAA then other uses but don't see an easy way of fixing it.

Oliver
__________________
Oliver Spatscheck
RV-8
N-2EQ
http://www.spatscheck.com/oliver

Last edited by spatsch : 10-16-2015 at 10:49 PM. Reason: clarified terms
Reply With Quote
  #34  
Old 10-18-2015, 10:25 AM
flyvans.com flyvans.com is offline
 
Join Date: Feb 2005
Location: Zurich, Switzerland
Posts: 466
Default

glad you guys are picking up this issue!

and i wouldn't worry too much about FAA (or even NSA-type agencies, even though this is also an interesting - although for this site maybe too political - subject *LOL*)...

the problem is the easy sniffing/recording and storing of the data combined with the ground/internet based networking, which basically enables an all-access tracking system without controls or restrictions.

the true risks IMHO which apply to the average decent-citizen rv-owner/builder come from NIMBY's that fight your local airports, divorce lawyers, envious neighbours or competitors, bankers, credit rating agencies, co-runners for public office all the way to targeted advertising firms and so forth...
or think back to the all-of-a-sudden public/media shaming of bizjets after the financial crisis as another example where a system like this is less than desired for the cause of aviation.

this privacy issue comes on top of the actual security issues (spoofing of targets, free targeting info etc...)
just goes to show that the ads-b stuff was engineered with the mindset from 20 years ago, totally not state of the art and in line with modern times.

even with facebook etc... you have somewhat decent control about how and when you are announcing your position. google and ad networks may be a bit the exception here, but there are relatively easy defenses against them as well.

should be interesting how things develop...
__________________
++++++++++++++++++++++++++++++++
Bernie Daenzer, Alex Lichtensteiger
www.flyvans.com
RV-7A
S/N 72072, Flying!
HB-YMT (Switzerland)
Reply With Quote
  #35  
Old 10-20-2015, 11:44 PM
RV7A Flyer's Avatar
RV7A Flyer RV7A Flyer is offline
 
Join Date: Jul 2013
Location: US
Posts: 2,251
Default

Quote:
Originally Posted by flyvans.com View Post
the true risks IMHO which apply to the average decent-citizen rv-owner/builder come from NIMBY's that fight your local airports, divorce lawyers, envious neighbours or competitors, bankers, credit rating agencies, co-runners for public office all the way to targeted advertising firms and so forth...
All of which would be a non-issue if the FAA acted like every state in the union does with automobile license plates, and keep the owner's name, address, etc., private instead of allowing anyone and everyone access to it.

Guess that genie is out of the bottle, though. Thanks, FAA.
Reply With Quote
  #36  
Old 10-21-2015, 04:01 AM
rmartingt's Avatar
rmartingt rmartingt is offline
 
Join Date: Nov 2006
Location: Savannah, GA
Posts: 1,029
Default

Quote:
Originally Posted by RV7A Flyer View Post
All of which would be a non-issue if the FAA acted like every state in the union does with automobile license plates, and keep the owner's name, address, etc., private instead of allowing anyone and everyone access to it.

Guess that genie is out of the bottle, though. Thanks, FAA.
I once asked the FAA aircraft registration branch why their records are publicly searchable and viewable. This was the response (egregious misspelling repeated for posterity):

Quote:
Originally Posted by FAA
Are records are made public for safety. sf
I don't understand how making pilot/aircraft owner records public contributes to "safety".

Perhaps the way to get it fixed is to talk to our congresscritters?
__________________
RV-7ER - finishing kit and systems installation
There are two kinds of fool in the world. The first says "this is old, and therefore good"; the second says "this is new, and therefore better".
Reply With Quote
  #37  
Old 10-21-2015, 10:49 AM
RV7A Flyer's Avatar
RV7A Flyer RV7A Flyer is offline
 
Join Date: Jul 2013
Location: US
Posts: 2,251
Default

Quote:
Originally Posted by rmartingt View Post
Perhaps the way to get it fixed is to talk to our congresscritters?
Only way it will change is the same way license plate information got changed to be private: something horrible like a murder where the victim is tracked down by tail number.

Congress? AHAHAHAHAHAHA! That's funny, man...
Reply With Quote
  #38  
Old 10-21-2015, 12:56 PM
spatsch spatsch is offline
 
Join Date: Nov 2014
Location: Plano, TX
Posts: 225
Default

Quote:
Originally Posted by RV7A Flyer View Post
Only way it will change is the same way license plate information got changed to be private: something horrible like a murder where the victim is tracked down by tail number.

Congress? AHAHAHAHAHAHA! That's funny, man...
More likely when a Senator gets tracked to his girlfriend using ADS-B data as the security blackout lists maintained by the FAA doesn't apply to privately run ADS-B collection networks and his flight are not blocked out any more.... .
__________________
Oliver Spatscheck
RV-8
N-2EQ
http://www.spatscheck.com/oliver
Reply With Quote
  #39  
Old 10-21-2015, 09:24 PM
dtw_rv6 dtw_rv6 is offline
 
Join Date: May 2008
Location: Martinsville, IN
Posts: 454
Default strategy

Seems that I'll be installing a power switch on my navworx that I can use when outside of Mode-C space. Also a good reason to keep my ADSB in for weather, and my Zaon for collision avoidance.
Reply With Quote
  #40  
Old 10-21-2015, 10:43 PM
BobTurner BobTurner is offline
 
Join Date: Dec 2011
Location: Livermore, CA
Posts: 6,797
Default

Quote:
Originally Posted by dtw_rv6 View Post
Seems that I'll be installing a power switch on my navworx that I can use when outside of Mode-C space. Also a good reason to keep my ADSB in for weather, and my Zaon for collision avoidance.
As previously discussed, it is illegal not to run an installed ADSB-out in any controlled airspace.
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 01:30 AM.


The VAFForums come to you courtesy Delta Romeo, LLC. By viewing and participating in them you agree to build your plane using standardized methods and practices and to fly it safely and in accordance with the laws governing the country you are located in.