CQ-Contest
[Top] [All Lists]

Re: [CQ-Contest] authentication for log submission

To: cq-contest@contesting.com
Subject: Re: [CQ-Contest] authentication for log submission
From: brian coyne <g4odv@yahoo.co.uk>
Date: Wed, 6 Jun 2012 07:25:59 +0100 (BST)
List-post: <cq-contest@contesting.com">mailto:cq-contest@contesting.com>
There is a simple safeguard to prevent this occurrence.

It may not be so simple.
 
Whilst, prima facia, the earlier analogy of 'howitzers and unicorns'  may 
appear an apt one, Dick, and  guys who administer our contests have good cause 
to be concerned now that this notion has been floated here for all the ham 
world to see, the cat is now out of the bag.
 
There are some strange folk out there and our hobby has it's share. It is a 
good guess also that this hobby has a larger proportion of computer whizz kids 
than any other, so whilst we may not need to be so paranoid as the 
banking/financial sectors about security we do require a higher level than 
other social pastimes.
 
Forget for the moment attacks on the top entrants, easier to spot as mentioned 
before, and consider those targeted at a lower  level, say for all or single 
band call area/national record. This is unlikely to be spotted until the 
results are published, an amendment on p84 of the following months magazine 
doesn't cut it when all the glory was in the writeup and tables of the results. 
Then we have individuals who have some sort of grudge against ARRL or 
whoever, also  the just plain malicious who wish to cause mischief like those 
who create and distribute viruses. Simply by looking at the 'logs rcv' d page 
guys can tell exactly what my entry was and even mirror a claimed score if it 
was there, no alarm bells would be rung as the logs have not yet been checked.
 
Requiring proofs of the level of LOTW is unlikely to suceed, log submissions 
will take a nosedive. Maybe the number of re-submissions out of say 4 or 5k 
original submissions is too great for human inspection but a primary precaution 
could be for the acknowledgement to be mailed to the mail address of the 
original entry which will trigger an immediate alert.
 
All in all these are sad times which we live in when all we wish to do is relax 
in the enjoyment of our hobby rather than be concerning ourselves with issues 
such as this, who would be a CC member?
 
73  Brian 5B4AIZ / C4Z.. 


--- On Wed, 6/6/12, VE1DT <VE1DT@infinichron.com> wrote:


From: VE1DT <VE1DT@infinichron.com>
Subject: Re: [CQ-Contest] authentication for log submission
To: cq-contest@contesting.com
Date: Wednesday, 6 June, 2012, 2:06


There is a simple safeguard to prevent this occurrence.

Whenever I enter a log, I look for confirmation that the log was received by
the sponsor. I prefer the type of feedback that confirms my log was received
and that the claimed score and category matches my expectations. If I was
concerned, I would again check just before the deadline. All the contests I
enter have helpful people on the other end willing to help resolve
shenanigans like this.

--
Gerald Boutin, VE1DT


Re: [CQ-Contest] authentication for log submission
from [Dick Green WC1M]
To:     "'Katsuhiro Kondou'"    <cq-contest@contesting.com>
Subject:     Re: [CQ-Contest] authentication for log submission
From:     "Dick Green WC1M" <wc1m73@gmail.com>
Date:     Tue, 5 Jun 2012 13:40:46 -0400
List-post:
<cq-contest@contesting.com">mailto:cq-contest@contesting.com>
Don, you are a man after my own heart! I'm totally paranoid about security
scenarios, which is one reason LoTW security is so tight.

However, I think the scenario you describe isn't plausible. As I understand
it, the scheme would be used in a case where two stations are close in
score. It would involve the second-place station uploading an altered log
for the first-place station after the first-place station uploaded his/her
real log. The altered log would be mostly the same as the real log, but with
a few QSOs omitted or a few calls or exchanges busted. It has to be an
altered copy of the first-place station's log because if the log was a
complete fake, none of the QSOs would match during log checking. I'm sure in
such a scenario, where the log for a high claimed score generated a huge UBN
deduction, the log would be visually inspected by a person. That would alert
the contest sponsor and the first place station that something very fishy
had happened. Therefore, the altered log must be a copy of the first-place
station's log, with just enough QSOs altered to affect the standings.

The question is, how does the second-place station get a copy of the
first-place station's log? ARRL doesn't publish logs. I think CQ WW waits to
do that until after log checking, but I'm not sure. If they don't, they
should.

The only way I can see pulling this off is if the cheater had a confederate
who operated in the contest and generated a relatively high score, slightly
less than the second place station's score. The confederate's log would be
submitted under the call of the first-place station. But that depends on how
the log-checking software determines the call sign. Is it solely from the
Cabrillo header, or is the call in the header checked against the sender's
call in the individual QSO records? In any case, this is a very risky ploy
for the confederate because if the log is inspected visually by a person,
which I believe happens with most high-scoring logs, the jig will be up.

So, I don't think it would work. However, if there is a scenario that would
work, the best solution would be to use the LoTW authentication system for
log submissions. That would have the dual advantage of verifying the call
sign in the log and allowing automatic submission of the log to the LoTW QSL
system (something many have asked for.)

73, Dick WC1M

> -----Original Message-----
> From: Katsuhiro Kondou [mailto:kondou@voyackey.net]
> Sent: Monday, June 04, 2012 10:29 PM
> To: cq-contest@contesting.com
> Subject: [CQ-Contest] authentication for log submission
> 
> Change the subject from the original, and removed related References
> headers.
> 
> In article <4FCC7194.3080802@ei5di.com>,
>       "Paul O'Kane" <pokane@ei5di.com> wrote,
>       on "Mon, 04 Jun 2012 09:28:04 +0100";
> 
> } In the days of paper logs, we had to submit a signed } declaration
> with each log.  With electronic logs, the } declaration is assumed, but
> largely forgotten.  One } practical solution is for the logging software
> to } display the declaration and ask for the operator's } agreement, by
> having to type the word YES, before the } Cabrillo log is created.
> }
> } The declaration, in effect a pledge that is renewed } with each entry,
> is good enough for me.
> 
> I'm not sure this was discussed before, but this reminds me that someone
> who has malicious intention may submit other station's log to defeat the
> station after first submission by actual station.
> There looks no authentication method to verify the station for major
> contests(please correct me if I am wrong).  Complicated method to
> authenticate the station may lead decreasing the number of log
> submission, so this may not be applied to all stations.  But I think
> there should be some method to authenticate at least for stations who
> want to win a prize.
> 
> Please ignore this message if my concern is baseless fear, the contest
> sponsors have already taken care of this, or we can trust everybody
> since we all have good morals.
> --
> Katsuhiro "Don" Kondou, JH5GHM
> Tokyo, JAPAN


_______________________________________________
CQ-Contest mailing list
CQ-Contest@contesting.com
http://lists.contesting.com/mailman/listinfo/cq-contest
_______________________________________________
CQ-Contest mailing list
CQ-Contest@contesting.com
http://lists.contesting.com/mailman/listinfo/cq-contest

<Prev in Thread] Current Thread [Next in Thread>