Skip to content

Feat/spoof tier1#52

Merged
ifnull merged 2 commits into
mainfrom
feat/spoof-tier1
Jun 23, 2026
Merged

Feat/spoof tier1#52
ifnull merged 2 commits into
mainfrom
feat/spoof-tier1

Conversation

@ifnull

@ifnull ifnull commented Jun 23, 2026

Copy link
Copy Markdown
Owner

No description provided.

ifnull and others added 2 commits June 22, 2026 23:55
The Self-ID message fields shipped in the consumer (ha-airspace parses self_id
since 0.2.32) and in dump3411 v1.0.0, but the canonical wire contract never
documented them. Add both as optional detection-object fields, note self_id is
untrusted operator free-text, and thread self_id_seen through the relative-time
and serialize-time notes. Additive — no schema_version bump.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
A replay test using previously-seen REAL serials surfaced the gap: those
serials resolve in the FAA registry, so identity/registry validation cannot
detect a spoof. RID has no cryptographic authentication. Detection therefore has
to be behavioral.

Add a SpoofDetector (mirrors OrbitDetector — derived flag, runs in ingest after
enrich, pruned on purge) with the two cheap Tier-1 signals: a malformed serial
(id_type "serial" but not shaped like ANSI/CTA-2063-A, e.g. the 0x00
placeholder), and a self_id shared across multiple distinct serials in the air
(the observed "Spoofing test" across three serials). The flag lands in
state.flags, so it composes with alerts, count_by_flag, the flag feed, journaling
and the payloads for free.

Gated by a new SpoofConfig (off by default) and the enable_spoof_detection add-on
toggle. Tier-2 kinematic/cross-time signals need the durable sighting store and
are scoped in DESIGN.md, not built here.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@ifnull ifnull merged commit aede114 into main Jun 23, 2026
3 checks passed
@ifnull ifnull deleted the feat/spoof-tier1 branch June 26, 2026 03:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant