My comments interspersed below...
> -----Original Message-----
> From: David Robbins K1TTT [mailto:k1ttt@arrl.net]
> Sent: Thursday, July 28, 2005 5:58 PM
> To: cq-contest@contesting.com
> Subject: Re: [CQ-Contest] L.O.T.W.
>
> > The simple answer is that doing security at the ARRL end would not
> > change or eliminate the registration requirements. Further, such a
> > system would have to rely on password logon, which is not secure.\
>
> it is secure enough for me to handle my personal finances
> which are much more important to me than any number of qsl
> cards. If it really were so insecure why aren't there daily
> reports of banks getting hacked into and peoples accounts wipe out?
Because big banks with online services spend enormous amounts of money to
prevent unauthorized access to their systems by network hackers and
insiders. ARRL can't afford to do that, which is why LoTW's PKI-based system
makes sense. It's a relatively inexpensive way to ensure that no one can
alter the database without detection.
By spending a lot of money, banks do a pretty good job of preventing
widescale fraud or data destruction. However, they do little to prevent
someone from accessing your account by hacking the password. This is easier
than it sounds. For example, I know of one major financial institution that
uses the customer's social security number as a logon id. That information
is easy to get, so all they have to do is guess the password. Like I said,
there are programs out there to do that. There are other ways to violate
your account besides password hacking -- the hacker simply needs to know
enough personal information about you to convince the bank's telephone
customer service rep to generate a new password -- address, phone number,
date of birth, social security number, etc. I've been appalled at how little
information some banks require to grant access to an account. The point is
that bank security is pretty good at the back end, but not so good at your
end. You are more vulnerable than you think.
A crucial point here is that the consequences of a password violation would
actually affect more people with a password-based LoTW than a password-based
online banking system. If the hacker guesses your online banking password,
only you are affected. If a hacker guesses VU4RBI's password, then the
integrity of the entire DXCC program is at risk, with consequences to all
participants. I'm not saying that undermining confidence in DXCC is as
serious as someone stealing money from you, but it will affect thousands of
people. It's an error to compare LoTW security with online banking. The
applications are different and the consequences of the various security
breaches are totally different.
> > Where Security is Done -- A somewhat more complicated
> reason for doing
> > security at the user end is that one of the goals was for each log
> > record to be permanently associated with its authenticated
> owner. This
> > provides long-term assurance that the log records upon
> which DXCC and
> > other awards programs are based have not been altered, and
> any records
> > found to be fraudulent can be easily eliminated. The only
> secure way
> > to do this is to use a cryptographic digital signature system. In
> > theory, this could be done at the ARRL end, but the above-mentioned
> > password-based logon leads to numerous security holes
> beyond just the
> > inherent vulnerability of the password itself. Further,
> doing digital
> > signatures at the ARRL end would potentially require
> enormous amounts
> > of CPU power when large numbers of users upload logs at the
> same time,
> > resulting in unacceptably slow response time for uploads
> and queries.
>
> Ah, here is the real reason! The arrl doesn't trust it's own
> database! The only reason to keep records digitally signed
> by the originator is so they could not be forged in the
> database. So apparently the dxcc administrators do not have
> a system they can use to securely store their data. That is
> a real shame that the whole world has to jump through hoops
> to digitally sign every qso because the administrators are
> afraid of someone getting into their database.
I don't know the specifics of the League's internal security systems, but
I'm sure they're the best they can do with the resources available to them.
Like I said, it takes a lot of money to effectively protect systems from
unauthorized network or internal access. PKI is a great way to reduce worry
if you don't have a mountain of money to spend.
Besides, there are other good reasons to digitally sign QSO records. If LoTW
records are someday made available to non-ARRL awards programs, then the
authenticity of each QSO can be traced back to its origin regardless of the
security of the receiving system and the methods used to transfer the data.
Basically, the data can be spread all over creation and still maintain its
integrity. That's a very worthwhile feature.
Jump through hoops? The LoTW user has to do a one-time registration.
Thereafter, it's a simple matter of running a program to sign extracted log
records. It's only one step in a three step process (extract, sign and
upload.) It's a heck of a lot easier and faster than getting cards printed,
generating QSL labels, affixing labels to cards and mailing the cards. We're
talking about minutes or seconds versus hours. After registration, the time
delta between LoTW and something like EQSL is trivial. IMHO, it's a very
small price to pay for integrity of the DXCC awards program.
73, Dick WC1M
>
> David Robbins K1TTT
> e-mail: mailto:k1ttt@arrl.net
> web: http://www.k1ttt.net
> AR-Cluster node: 145.69MHz or telnet://dxc.k1ttt.net
>
>
>
>
>
_______________________________________________
CQ-Contest mailing list
CQ-Contest@contesting.com
http://lists.contesting.com/mailman/listinfo/cq-contest
|