NBAA has been asking for a solution since 2013...

[denverpilot]

... to the problem with Mode-S being a one to one relationship with an aircraft and the proliferation of really cheap receivers.

http://www.aviationtoday.com/2017/03/01/ads-b-complication-still-needs-solution/

And now they're staring to leverage the press to get attention on it, looks like. Which is usually a sign they ran out of more "civil" options (begging government not to be retarded, which is hard for them, we know...).

System should have been encrypted from the start.

Major screw up, when designing any RF-based data network, not encrypting it, if the data is only intended to be received by one party.

 

[wsuffa]

... to the problem with Mode-S being a one to one relationship with an aircraft and the proliferation of really cheap receivers.

http://www.aviationtoday.com/2017/03/01/ads-b-complication-still-needs-solution/

And now they're staring to leverage the press to get attention on it, looks like. Which is usually a sign they ran out of more "civil" options (begging government not to be retarded, which is hard for them, we know...).

System should have been encrypted from the start.

Major screw up, when designing any RF-based data network, not encrypting it, if the data is only intended to be received by one party.

Challenging to do in an open aviation environment where key control is difficult to impossible. Some municipalities are learning that with respect to mutual-aid radio transmissions on Apco 25 and their desire to encrypt routine traffic.

If you exchange keys, you still open the chance of intercept and frequency congestion as the amount of airtime increases. And if a key gets garbled or the retransmit takes too long there are safety consequences. And there are international implications as any reasonable encryption would be covered by various export laws. So the FAA is in a situation where they can't win.

 

[denverpilot]

So the FAA is in a situation where they can't win.

They painted themselves into that corner via over-engineeerintg and an unnecessary poorly thought out design. I have little sympathy for that other than knowing it happens to all overly-complex systems that didn't pay attention to the software goal.

We've mentioned it before, but if it's not accidental then the whole system isn't really about safety. It's about something else.

Something it's not being sold as.

A changeable four digit code (Mode C) was plenty of information to separate traffic. Mode-S didn't need a unique identifier. (And still doesn't if the goal is "safety".)

 

[wsuffa]

They painted themselves into that corner via over-engineeerintg and an unnecessary poorly thought out design. I have little sympathy for that other than knowing it happens to all overly-complex systems that didn't pay attention to the software goal.

We've mentioned it before, but if it's not accidental then the whole system isn't really about safety. It's about something else.

Something it's not being sold as.

A changeable four digit code (Mode C) was plenty of information to separate traffic. Mode-S didn't need a unique identifier. (And still doesn't if the goal is "safety".)

Don't forget, Nate, that many of the avionics standards are set internationally. Mode S is one of those international standards. The 978 system is on the FAA, but the other is international.

The 4 digit code, once the "special" codes were eliminated are not enough to uniquely identify each aircraft, which is necessary in a global system with the intent to eventually operate without controllers. That may never happen, but it was one of the international goals. The unique code is a non-issue for airlines, but privacy concerns raised by GA added complexity domestically.

We both know that the FAAs track record has been mixed, especially with major systems like AAS and the consolidated ATC systems. Heck, the differentiation between Center and Tracon would probably not happen if designed today. The big systems are like horses designed by committee. I'm sure you've seen that cartoon.

I've been on international standards committees, and I know of two other folks that have been members of this board who currently are in the international standards business. I can tell you a lot of stories about how the sausage is made, and the amount of time it takes. 5G is moving exceptionally fast compared to stuff in the aviation industry where a whole different set of 'politics' is involved. And then the FAA added complexity to the ADS-B system by adding 978. Adding encryption, and the complexity there, would have set things back even further and added more costs (look up the AAS debacle sometime).

 

[wsuffa]

@denverpilot the search term is FAA AAS debacle

 

[jsstevens]

And I know personally (and have since we were teenagers) the tech guy at the FAA who architected much of ADS-B. No I won't publish his name. He's a smart and savvy technologist with a deep understanding of software (we worked on some projects together long before he landed at the FAA). Some of these "shortcomings" were absolutely forced by other constituencies.

And remember the formula for group IQ: for a group of n people, with IQs of IQP(1)-IQP(n), the group IQ is the lowest of the set IQP divided by n.

John

 

[GeorgeC]

My understanding is that things like ACAS-X will only use ADS-B information if it has been correlated to an existing active surveillance track. See also: https://en.wikipedia.org/wiki/Aviation_transponder_interrogation_modes .

I suspect the short answer is "you (GA) are not the customer".

 

[wsuffa]

Is this where we can say "If you've got nothing to hide, you've got nothing to fear"?



(ducks and runs for cover)

 

[denverpilot]

The 4 digit code, once the "special" codes were eliminated are not enough to uniquely identify each aircraft, which is necessary in a global system with the intent to eventually operate without controllers.

I can think of a number of numerical ways that four digits can work for traffic separation worldwide, but the ground system has to know which specific radar facilities would be passed through or adjacent to the flight path.

My 2345 isn't going to show up in Calcutta, for example, so code reuse is easy in the ATC systems, even done on a global scale. For putting it all into a database, you'd have another column for which radar site heard it.

There was no tech requirement for a larger number, unless you needed to identify aircraft specifically. You don't outside of an "operating area" for a flight for only traffic/safety. Only for "surveillance". And you can even accomplish the surveillance role by associating the tail number on the ground not in the end user device.

 

[wsuffa]

I can think of a number of numerical ways that four digits can work for traffic separation worldwide, but the ground system has to know which specific radar facilities would be passed through or adjacent to the flight path.

My 2345 isn't going to show up in Calcutta, for example, so code reuse is easy in the ATC systems, even done on a global scale. For putting it all into a database, you'd have another column for which radar site heard it.

There was no tech requirement for a larger number, unless you needed to identify aircraft specifically. You don't outside of an "operating area" for a flight for only traffic/safety. Only for "surveillance". And you can even accomplish the surveillance role by associating the tail number on the ground not in the end user device.

The system was designed to cover large aircraft and small. In most parts of the world there is NT the numbe of GA planes there are here. In theory, yes, three digits can operate with appropriate handoffs, but that doesn't always exist. A plane flying from LA to London or DFW to Sydney crosses a bunch of centers and facilities. The idea is to make radar go away, and to allow aircraft-to-aircraft communication and independent operation. Can't do that unless you can uniquely ID the aircraft.

If you are over the Atlantic or Pacific you will be out of radar range. And aside from satcom with the attendant delays, you may not even have voice/data with the ground. Part of the system design was to allow inter-aircraft interrogation over the water. Yes, it's possible to do it with less codes, but that would require more human intervention.

GA is just one constituent in the system. Stuff was added by the FAA to get small GA to buy in (like 978) and in turn, GA had to accept some stuff that the core users wanted to get them to buy in. Like adding ornaments to the Festivus pole.

 

[denverpilot]

The system was designed to cover large aircraft and small. In most parts of the world there is NT the numbe of GA planes there are here. In theory, yes, three digits can operate with appropriate handoffs, but that doesn't always exist. A plane flying from LA to London or DFW to Sydney crosses a bunch of centers and facilities. The idea is to make radar go away, and to allow aircraft-to-aircraft communication and independent operation. Can't do that unless you can uniquely ID the aircraft.

If you are over the Atlantic or Pacific you will be out of radar range. And aside from satcom with the attendant delays, you may not even have voice/data with the ground. Part of the system design was to allow inter-aircraft interrogation over the water. Yes, it's possible to do it with less codes, but that would require more human intervention.

GA is just one constituent in the system. Stuff was added by the FAA to get small GA to buy in (like 978) and in turn, GA had to accept some stuff that the core users wanted to get them to buy in. Like adding ornaments to the Festivus pole.

Still easy. You cross multiple "areas" you get pre-assigned the codes for those areas. Not like it'd be hard to switch codes when going "feet wet" and the area covered by a code for the jets could be enormous.

Point really is, direct identification of the airframe by the longer code wasn't necessary. Just have to system assign a code at departure and dump it back into the reuse pool upon landing. The design could have avoided tying one piece of data to the other.

Just like us folks who process medical data. We get a number for the thing we are processing. The table that associates that thing back to the human being (which would be the airplane in the ATC system) is kept only where the correlation needs to be made. Not sent over an unencrypted RF link to say, the blood testing machine. It sends the one time use code, not the *identifying* piece of information.

Separation of identifying information and real-time unsecured code (and rotating them) would have been a piece of cake, if anyone had bothered to think far enough ahead about the ramifications of an insecure RF network.

 

[jsstevens]

Still easy. You cross multiple "areas" you get pre-assigned the codes for those areas. Not like it'd be hard to switch codes when going "feet wet" and the area covered by a code for the jets could be enormous.

Point really is, direct identification of the airframe by the longer code wasn't necessary. Just have to system assign a code at departure and dump it back into the reuse pool upon landing. The design could have avoided tying one piece of data to the other.

Just like us folks who process medical data. We get a number for the thing we are processing. The table that associates that thing back to the human being (which would be the airplane in the ATC system) is kept only where the correlation needs to be made. Not sent over an unencrypted RF link to say, the blood testing machine. It sends the one time use code, not the *identifying* piece of information.

Separation of identifying information and real-time unsecured code (and rotating them) would have been a piece of cake, if anyone had bothered to think far enough ahead about the ramifications of an insecure RF network.

Not to mention that in medical systems you're pretty much required to separate the ID from the data for HIPPA compliance. (OK, not strictly required but otherwise your security compliance is, shall we say, painful.)

 

[murphey]

@denverpilot the search term is FAA AAS debacle

Or we can chat about it sometime at the Perfect Landing. I spent 4 years working on it as a consultant to ATC. We were hired by FAA, not IBM.

What isn't usually mentioned in the news reports is the over arching chnages to everything FAA, not just the consoles and software. It included the physical plant such as airport lighting and a host of other things that the FAA loaded the contract with.

 

[wsuffa]

Or we can chat about it sometime at the Perfect Landing. I spent 4 years working on it as a consultant to ATC. We were hired by FAA, not IBM.

What isn't usually mentioned in the news reports is the over arching chnages to everything FAA, not just the consoles and software. It included the physical plant such as airport lighting and a host of other things that the FAA loaded the contract with.

Yes, I was very close with someone that worked on it for IBM at the time. Some stories there....

 

[denverpilot]

Or we can chat about it sometime at the Perfect Landing. I spent 4 years working on it as a consultant to ATC. We were hired by FAA, not IBM.

What isn't usually mentioned in the news reports is the over arching chnages to everything FAA, not just the consoles and software. It included the physical plant such as airport lighting and a host of other things that the FAA loaded the contract with.

Not surprising. Market the new things as doing stuff they don't do, to get a budget to do the stuff you're supposed to be doing within the existing budget. Sounds like D.C.

 

[denverpilot]

Not to mention that in medical systems you're pretty much required to separate the ID from the data for HIPPA compliance. (OK, not strictly required but otherwise your security compliance is, shall we say, painful.)

Yup. That's how I know the four digit thing is infinitely possible. No need for a correlation between the actual airframe and the number transmitted at all.

Just use other metadata to do that correlation on the ground, instead of transmitting a unique ID across an insecure broadcast RF network.