Aircraft Black Box Security

[Ben]

Sorta related to the Malaysia Air conversation going on in Politics, but not really politics.

I've never thought about it before, but does anyone know how secure the data in commercial airline black boxes are? Are the data encrypted, or if someone wanted to corrupt or delete parts of the data, would it be relatively easy to get in and do so?

I've always thought of black boxes as something everyone would collaboratively want to get to in order to find out exactly what happened on a flight, but the whole thing with Separatists supposedly having the Malaysian Air black box for a time got me to thinking that with no or weak encryption, it would be relatively easy for a skilled person to say, delete or garble the last minute of a recording.

[RevDisk]

Not sure. It'd depend on which model of flight data recorder they use. There's minimum international standards (has to record for so long, withstand X, etc etc) but none that I know of regarding ways of guaranteeing the integrity of the data. I suspect it's not standardized, and if it exists, relies on proprietary systems.

L-3 makes a lot (most?) of them, so ask them directly: http://www.l-3ar.com/products/cockpit_voice_recorders.htm

[Tallpine]

I dunno about the aircraft flight data recorders, but the ECUs (engine control units) that I work with are pretty proprietary.  They don't want anyone to be able to download data without using the approved/qualified software tool, the internal design and protocol of which are very much not supposed to be available to anyone.  This is as much to protect the design/logic of the ECU software itself as it is the data.

The news makes a big deal about the "black box" but flight data is stored in several different control units on an aircraft.

[RevDisk]

FDRs are the same way. You have the emergency kind, but nowadays, there's regular maintenance downloads as well. They all use the same communication system. AFAIK, all are accessible only to propriety software/hardware. It's legally protected by patents and user agreements, but AFAIK, no one without an NDA has seriously looked into the information security aspects such as digital signatures, non-reputation, ACLs, etc.

That doesn't mean the data can't in cleartext CSV files or unencrypted WAV files. Honestly, I wouldn't be surprised in either direction if the information was encrypted essentially by one time pads burned to a chip resistant to physical manipulation or if it was cleartext easily accessible by COTS interfaces.

There's no openness, so there's no way of knowing.

[KD5NRH]

There's no openness, so there's no way of knowing.

Well, I know where there are some guys that have one you can reverse engineer.  I'll need a Russian translator to help cut a deal, though.

[RevDisk]

Well, I know where there are some guys that have one you can reverse engineer.  I'll need a Russian translator to help cut a deal, though.

 

Thank you, but I already have associates in communication with the rebel leadership. In seriousness, US sanctions forbid transferring any avionics equipment or defense services (such as data recovery) to or from the folks in question.

[onions!]

Last I read,this deal was still on.
Thin red lines notwithstanding.
http://www.bbc.com/news/world-europe-27722256

[KD5NRH]

Thank you, but I already have associates in communication with the rebel leadership. In seriousness, US sanctions forbid transferring any avionics equipment or defense services (such as data recovery) to or from the folks in question.

Then we'll just box you up and UPS you over there.  If you give them bad info, you haven't really violated the terms.

Going to cost extra if you want to come back, though.

[makattak]

Last I read,this deal was still on.

Pray I do not alter it any further.

[KD5NRH]

Last I read,this deal was still on.

Do they include the standard self-deploying white flags?

[Tallpine]

FDRs are the same way. You have the emergency kind, but nowadays, there's regular maintenance downloads as well. They all use the same communication system. AFAIK, all are accessible only to propriety software/hardware. It's legally protected by patents and user agreements, but AFAIK, no one without an NDA has seriously looked into the information security aspects such as digital signatures, non-reputation, ACLs, etc.

That doesn't mean the data can't [be?] in cleartext CSV files or unencrypted WAV files. Honestly, I wouldn't be surprised in either direction if the information was encrypted essentially by one time pads burned to a chip resistant to physical manipulation or if it was cleartext easily accessible by COTS interfaces.

There's no openness, so there's no way of knowing.

The stuff I work with is strictly binary, so unless you have the configuration file then good luck trying to parse it.

[RevDisk]

The stuff I work with is strictly binary, so unless you have the configuration file then good luck trying to parse it.

All data is strictly binary, until you parse it.

 

There's actually a good number of tools for yanking text, picture or audio out of binary blobs. Some of these tools are for debugging. Others for modifying video game files or other software. Others for trawling data exploited from a security vulnerability.

[Hawkmoon]

The news makes a big deal about the "black box" but flight data is stored in several different control units on an aircraft.

Many of which are non-required, and may or may not be examined in the event of a crash. The two mandatory black boxes are the cockpit voice recorder and the flight data recorder, which keeps a record of a number of different operating parameters.

[Fly320s]

AFAIK, the data is unencrypted, but the subject has never been discussed in any of my classes.

[birdman]

AFAIK, the data is unencrypted.  Encryption of the emergency FDR data doesn't serve any purpose, as anything other than ECC has the potential to compromise data.  In fact, I would actually bet its mirrored streams, across multiple chips, for that purpose as well.

The nice thing is, to access the data, post crash. you likely have to take it apart (the IO cables are designed to burn/break away to prevent their being a thermal or mechanical force shunt into the data store).  Since if tried to rewrite/compromise the data, you'd have to take it apart, it would be then questionable.

So encryption? Doubt it.  A priorietary additional data stream with some hashed time code to provide verification? Sure, I would (like a time + salt + sub-selection of the data at that time, hashed into another small data stream) to provide verification, but the rest, I would make it as dead simple as possible, not even compressed or block encoded.  So raw 8/16bit amplitude encoding for voice, raw values for other inputs, written as 1 block = 1 record.

That's my guess.

[RevDisk]

It'd be criminally stupid not to digitally sign, watermark or keep a hash table.

But i've been surprised before. By very expensive packages no less