Back to Squawk list
  • 45

Everything you wanted to know about SSL/TLS/PKI (But were too busy to ask)

Encryption is all around us. From the websites we visit to the emails we send; from important business and governmental contracts to automated API interactions, SSL/TLS and PKI are there to ensure we can conduct our business safely and securely. Or so we are told. But how do these inscrutable yet omnipresent technologies work? What benefits do they actually provide? And what are some of the risks and pitfalls of their implementation? Most importantly, what is the difference between SSL and TLS,… ( More...

Sort type: [Top] [Newest]

gez 4
simple really, stops aircraft being hacked/taken over as they should only accept info/instructions from a verified source. Technology is advancing at a significant rate.
Greg S 2
It's not used on aircraft at all.
flanneryb 2
These types of encryption technologies are used on ACFT (both MIL/CIV).
gez 1
MrTommy 2
I couldn't get halfway through the article. Had to bail.
flanneryb 1
If you are a commercial pilot that has operated a Boeing, Airbus, mid to large business jet ACFT, you have and do rely on these technologies to keep you safe.  DOT/FAA/AR-03/77, DOT/FAA/AR-07/39, AC_450.141-1, MIL_STD-1553, do talk about how/when these technologies should be used and tested.  While the use of encryption in RTOS (Real Time Operating Systems) avionics systems is "limited" for safety, speed, and interoperability some of the (sensor/data/actuator/relay) feeds do use hashing for safety (integrity/assurance) usually in the form of a hash or checksum.  As expected in the AVN community the standards that developers like me have to follow are very strict.  Companies like Wind River make the operating systems that run a lot of commercial and military ACFT avionics systems.  Right now the development standards for Military, passenger/cargo AVN are pretty close.  Drone's are not treated the same; even military (class 1-3) are not, class 4-5; "usually" do follow FAA basic guidance. The reason why Adam's post is important is due to what is to come in Cargo AVN and Drone Class 1-3. It comes down to "Trust", how do we ensure that the communications between an unmanned system and controller have integrity and assurance.  How do we make sure that the data, firmware that is fed into these systems and received from these systems can be trusted.  The federal government relies on NIST and NSA to help evaluate and set common criteria standards.  Right now the FAA looks at those standards and sifts through them to pick the highest standards for the AVN community.  If you think that these standards still do not impact you, right now in central Africa (Rwanda) and Australia UAS systems are moving medical supplies with little to no human involvement other than to launch and recover the drone.  The plans are on the table to convert Boeing 787, 737, 747 and Airbus A380, A321, A350, A330 to unmanned operation; the commercial protocols that Adam is talking about are what developers, engineers, and cryptographers are trying to decide on, as we move to further automate the community.
Highflyer1950 1
And this is aviation related how?
Jim Myers 7
It's about part of the technology that makes FlightAware work.
Highflyer1950 2
Same question?
Jim Allen 5
Agreed. How is this NEWS?
Greg S -2
No, not at all. Bizarre squawk.
Greg Kusiak 7
The author(s) gave the example of maintaining ads-b network integrity - you wouldn’t want a malicious actor putting lives in jeopardy by hacking in and inserting (or deleting) code, adding or deleting aircraft (possibly yours) randomly, would you? Do you want this underlying security protocol to protect you from someone beyond the reach of law enforcement by establishing barriers to entry? What if the person doing penetration testing is in 32D and they wanted to access the FMC to get them home/to their GF’s faster, because they saw a weather report of a killer jet stream tailwind at FL043 and you told everybody you’re planning on FL034? What if 32D has 1000 hours on their iPad flight sim and wants to show you what they can do with your aircraft?

Having standards eliminates “what ifs”. Understanding them might save your butt someday, and that day could be today.
Brian Hanafee 3
If FMC is accessible from on board wifi, the levels of design incompetence will not be fixed by better encryption. You are on a deathtrap, and the mistake made by the passengers and crew was boarding the aircraft.
Jim Allen 3
Still haven’t answered the first question: what does it have to do with aviation? I’m in IT.. I understand these terms. It’s transparent to the pilot.. the FMS is a tool. It’s not like they’re going get a sniffer mid-flight to detect a problem. Is it i formative? Yes. Useful to an aviator? Questionable.
Greg S 2
I do understand the technology, and evidently you do not. ADS-B is completely insecure and TLS can do nothing to change that. 32D wins.
Brian Hanafee 3
Two reasons this comment is correct:

1. TLS sits on top of an even lower level technology referred to as TCP/IP. Technically, TCP and IP are themselves separate standards. ADS-B doesn’t use either one of them.

2. TLS secures point-to-point transmissions based on an initial exchange between the two stations. ADS-B receivers are just that: receivers. They don’t transmit at all. TLS doesn’t work for one-way broadcast.

It *might* be possible to create a system similar to ADS-B with better security, but it would be more similar to something like GPS rather than TCP.

Barking up entirely the wrong tree.

[This poster has been suspended.]

Greg S 2
Look at that, another smooth-brained genocidalist! Your type are as numerous as grains of sand, but less intelligent.


Don't have an account? Register now (free) for customized features, flight alerts, and more!
Did you know that FlightAware flight tracking is supported by advertising?
You can help us keep FlightAware free by allowing ads from We work hard to keep our advertising relevant and unobtrusive to create a great experience. It's quick and easy to whitelist ads on FlightAware or please consider our premium accounts.