[Cryptography] Zero Knowledge for Opening the Cockpit of an Airbus
Natanael
natanael.l at gmail.com
Thu Mar 26 11:57:58 EDT 2015
Den 26 mar 2015 14:01 skrev "Thomas Asta" <thomasasta at googlemail.com>:
>
>
http://m.bild.de/news/ausland/flug-4u9525/germanwings-flug-4u9524-warum-war-die-crew-so-machtlos-40308982,variante=S,wantedContextId=17410084.bildMobile.html
>
> Hello
> I think this is the appropriate list to solve this problem.
> Maybe you have heard of the airbus crash in Germany. The door to the
cockpit was locked and one pilot was inside and one outside. Even for the
toilet pilots have to leave the locked space. And the crew knows the pin to
open the door and there exists even a crew wide known and for the plane or
company never changed security code, which opens the door for 30 secs.
> In case a person wants to attack one person outside the cockpit this in
many cases possible.
> At the turkish or cyprus airport even glas bottles, Coke oneway metal
bottles or forks from the restaurant are available at the gates.
> If we suggest a setting that no one outside knows the code, Does a zero
knowledge approach (see wikipedia) work or is a third party authentication
from tower needed to unlock the doors? Any suggstions?
I'm not sure what the exact threat model is. Stolen code?
Why not use replay resistant auth mechanisms, like with a properly
configured smartcard and a challenge-response protocol? Then you can also
have revocable personal PINs. The crewmember can also disable his own card
easily to resist attackers - use the wrong code (or an alert code), or
simply break it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150326/d19885b2/attachment.html>
More information about the cryptography
mailing list