Sorry Dick, that was you I wanted to quote about LotW.
As you state, forging a fake log that seems genuine enough but harmful to the
score is something with a low probability.
Making the submission delay shorter for the top-contenders is also a way to
reduce this probability.
Yannick DEVOS - XV4Y
> Don, you are a man after my own heart! I'm totally paranoid about security
> scenarios, which is one reason LoTW security is so tight.
> However, I think the scenario you describe isn't plausible. As I understand
> it, the scheme would be used in a case where two stations are close in
> score. It would involve the second-place station uploading an altered log
> for the first-place station after the first-place station uploaded his/her
> real log. The altered log would be mostly the same as the real log, but with
> a few QSOs omitted or a few calls or exchanges busted. It has to be an
> altered copy of the first-place station's log because if the log was a
> complete fake, none of the QSOs would match during log checking. I'm sure in
> such a scenario, where the log for a high claimed score generated a huge UBN
> deduction, the log would be visually inspected by a person. That would alert
> the contest sponsor and the first place station that something very fishy
> had happened. Therefore, the altered log must be a copy of the first-place
> station's log, with just enough QSOs altered to affect the standings.
> The question is, how does the second-place station get a copy of the
> first-place station's log? ARRL doesn't publish logs. I think CQ WW waits to
> do that until after log checking, but I'm not sure. If they don't, they
> The only way I can see pulling this off is if the cheater had a confederate
> who operated in the contest and generated a relatively high score, slightly
> less than the second place station's score. The confederate's log would be
> submitted under the call of the first-place station. But that depends on how
> the log-checking software determines the call sign. Is it solely from the
> Cabrillo header, or is the call in the header checked against the sender's
> call in the individual QSO records? In any case, this is a very risky ploy
> for the confederate because if the log is inspected visually by a person,
> which I believe happens with most high-scoring logs, the jig will be up.
> So, I don't think it would work. However, if there is a scenario that would
> work, the best solution would be to use the LoTW authentication system for
> log submissions. That would have the dual advantage of verifying the call
> sign in the log and allowing automatic submission of the log to the LoTW QSL
> system (something many have asked for.)
> 73, Dick WC1M
Le 6 juin 2012 à 18:18, Yannick DEVOS (XV4Y) a écrit :
> Dear Katsuhiro, Michael,
> Katsuhiro, you are right this is a serious security flaw in the way the log
> submission are handled.
> It can lead to spoofing (someone use your identity to upload logs) and
> flooding (trying to overload the server).
> However, as Michael stated, this issue is mitigated by the difficulty in
> forging logs that could be really harmful to the whole contest integrity.
> A well designed server will also discard bad crafted logs without too much
> database load.
> The only way to have a 100% secure system is the way LotW goes.
> However it is not easy to handle and will increase contest handling costs a
> If I were a contest server administrator, what I will do is the following :
> - for 95% of the participant, nothing at all just like today
> - optionally, participant who want to secure their log can request an "ID
> token" upon sending one hand written dated and signed scan of their license
> - an additional filed in the Carbrillo format will content this token and it
> will be checked while the log is processed
> This is not fully secured as someone can "sniff" the token on the network (it
> is never crypted in the process) or hack the contestant computer and copy it.
> However if someone is serious enough to do this, this means all the security
> on the server and the contestant computer has to be checked, and this raises
> the bar significantly.
> For me, it add a fair level of authentication for a marginal managing cost
> Yannick DEVOS - XV4Y
>> I'm not sure this was discussed before, but this reminds me that
>> someone who has malicious intention may submit other station's
>> log to defeat the station after first submission by actual station.
>> There looks no authentication method to verify the station for major
>> contests(please correct me if I am wrong). Complicated method to
>> authenticate the station may lead decreasing the number of log
>> submission, so this may not be applied to all stations. But I think
>> there should be some method to authenticate at least for stations who
>> want to win a prize.
>> Please ignore this message if my concern is baseless fear, the
>> contest sponsors have already taken care of this, or we can trust
>> everybody since we all have good morals.
CQ-Contest mailing list