First off, thank you to the mods for reconsidering their decision to remove this thread. Glad we can continue to have a reasonable discussion on this matter.
Let me take a step back for a minute; as I understand it (and I don't claim to be an expert) the two main issues with ADS-B that were revealed in the DEFCON talks were essentially the following:
1. There is no mechanism to verify that a position report transmitted on ADS-B actually originated from the aircraft it claims to be from.
2. There is no geographical protection to the receiver system; in other words a message could be received in the UK giving a position report in the US and the ADS-B network would propagate even though it is clearly not possible (if the plane was really in the US a UK receiver would not pick it up)
The latter could easily be fixed in software; in fact it probably already has been (I would certainly hope so!) but the former is a lot more complicated.
Certainly encryption is not the answer for the fundamental reason that in order to read the data every device must have they key to decrypt and once that key gets into the open suddenly your encryption is broken. This is what happened with DVD - someone managed to extract a decryption key and made it public. There are other reasons to encrypt of course, for example to make your traffic difficult or obscure (as FLARM does) but ultimately if you sell a device containing a decryption key (which any receiver would need to have) it will be a possible to recover that key and break the encryption.
What ADS-B needs is a way of signing a clear text message with a cryptographic system that proves that the message was sent from the aircraft it claims to be from. Something like an
RSA signature or a
PGP signature on an email. Such systems are based on a public and private key.
Adding this signature to the ADS-B message is not a huge issue but the problem comes when you realise that in order to implement this a receiver would need to maintain a database of the public keys of all aircraft it is likely to come across. This is not a huge problem for modern electronic systems* but certainly beyond the scope of transponders as we know them. Maybe someone will come up with an add-on box that authenticates ADS-B transmissions - in fact I suspect that is quite likely - but really the powers that be in the aviation industry should be taking the opportunity to come up with a better solution that takes into account all users (ie not just the 'big boys') and solves the inherent issues with ADS-B.
However, like any technology this comes down to critical mass, and ADS-B certainly has that in the commercial aviation sector. As such we are unlikely to see changes any time soon, and given that fact an interim solution of allowing non-approved GPS units to be connected to ADS-B is probably a sensible step, if it ever happens of course.
Back on to FLARM and OpenFLARM, the question really is 'Why is everyone not carrying a FLARM?'. Personally I think the answer is that it is too expensive for what it actually achieves, and part of that lack of functionality is down to critical mass. If all light aircraft carried one (as well as all the gliders that already do) it would be a far more useful device.
The whole aim of the OpenFLARM project is to put the technology within the 'why wouldn't you?' price bracket therefore stimulating the market to achieve this critical mass.
Chris
*A quick Google brought up
this article which suggests a figure of 150,000 planes ever being produced. It's not clear whether that figure includes light aircraft, but it is sufficient for an order of magnitude. So let's say each aircraft needed a 64bit public key, that's 8 bytes x 150,000 keys = 1.1 megabytes. Even if we allowed for 100x that number it would still be a tiny amount of data in today's world.