A quote: "ARRL's Logbook of the World (LoTW) system is a repository of log records submitted by users from around the world. When both participants in a QSO submit matching QSO records to LoTW, the result is a QSL that can be used for ARRL award credit."
LoTW confirmations are valid for DXCC, so many people participate in the program for DXCC/Challenge purposes. YOUR LOGS on the LoTW could help some to get their highly desired confirmations.
Join the LoTW!
Robert HB9BZA maintains LoTW Users List, updated on daily basis: http://www.hb9bza.net/lotw/lotw1.txt
Here http://www.hb9bza.net/lotw/index.html you can download radio/telnet cluster client which can show you if spotted station uploads its logs to the LoTW. HB9BZA's quote: "Another purpose of this list was to integrate it into my free packet radio/telnet client RXCLUS to make it possible to work more LoTW participants and to get more credits for your DXCC awards! The current version 8.4 is able to identify LoTW users, import your lotwreport.adi file and generate alarms based on it. If you are interested, you can get it from my download page.".
LoTW is being permanently discussed on various e-mail reflectors. Usually all negative comments are the same, and Dick Green, WC1M, who was instrumental in the design of LoTW, has answered perfectly to all that comments. From my point of view, there can no be more "security", "excessive complexity", "registration hassle", or whatever else questions or comments :)
Q: "Why can't I send scanned license and passport images via e-mail instead of sending hard paper copies via snail-mail?"
A: Dick WC1M, May 22, 2004, "CQ-Contest" reflector
Online confirmation of identity is a complex subject. In the security biz, we call it "authentication". The bottom line is that pure online authentication of identity is not possible without using certain special techniques. After all, anyone can logon to a website and claim to be someone else. You need something extra.
One way to do it is by asking the user for some piece of information that he/she, and only he/she, is supposed to know -- such as a social security number, driver's license, credit card number, etc. This is the method used by the online financial institutions you mention. It requires that they somehow know your identifying information. If they permit you to supply the information over the Internet, the system is not very secure -- as demonstrated by the escalating nightmare of identity theft.
A more secure method is to use an "out-of-band" (non-Internet) channel through which information can be passed. The channel is usually the mail or in-person. In other words, you have to either send the identifying information by mail, usually with your signature, or give it to them in person. Mail is less secure, of course, and neither method can resist determined attack. Still, it's better than pure online authentication. Once you send in the information, the rest of the transaction can take place over the Internet. This approach is more of a hassle, but you can't get the security without the hassle. This is a golden rule of security: there is a tradeoff between convenience and security (note this the next time you have to wait for screening before you get on an airplane.)
Note that LoTW probably wouldn't be able to use these methods due to restrictions on who can verify your social security number, credit card number, driver's license, etc.
For USA hams, LoTW uses the FCC database and U.S. Postal service as an out-of-band channel. The system relies on the fact that the address in the FCC database is the actual address of the person who holds the callsign and not the address of an identity impersonator. If not, then someone perpetrated a fraud on the U.S. Government -- which is a very low-probability event (most rational people wouldn't risk jail to get Honor Roll.) Once LoTW has the address, the password can be sent through the out-of-band channel (snail mail) to ensure that only the true holder of the callsign can get the certificate.
Unfortunately, the same method can't be used for non-USA hams because most DX licensing authorities do not maintain online callsign/address databases. LoTW therefore requires a copy of the license and a government-issued identification document to complete the identification. Although the license could be faked, in theory it is much harder to fake a government ID and is a serious crime in most countries. This reduces the probability of fraud. The copies must be mailed in, not scanned and e-mailed, to verify that they come from the DXCC entity in question.
No security system is perfect. However, LoTW has been designed to substantially reduce the probability of identity theft, to detect when it has occurred, and to recover (back out bogus data) when fraud is detected.
Incidentally, the 128-bit encryption channel you mention has nothing to do with
verifying identity. It's used to prevent someone from eavesdropping on the
connection and stealing your identification information, user ID, password, etc.
73, Dick WC1M
Q: "LoTW security system IS
obsessive!!! It is even more strict than US nuclear objects and banks security
systems! DXCC is NOT a nuclear object!"
A: Dick WC1M, May 22, 2004, "CQ-Contest" reflector
A few opinions of my own (not necessarily ARRL's):
First of all, LoTW is not more strict than most well-engineered online financial systems. The person who wrote that was mistaken.
Second, although I am certainly biased on this subject, I would not characterize LoTW's security system as obsessive. In designing LoTW, ARRL understood that amateur radio is a hobby. However, many holders of DXCC and Honor Roll take the program very, very seriously. In some cases it has taken 20 years or more and hundreds or thousands in postage to attain the top awards. For decades, DXCC has meticulously checked licenses and other authentication documents for rare DX QSLs, adding significant time and cost to the program. The Honor Roll listings continue to be sorted by deleted countries because there would be a gigantic outcry if only current countries were used (resulting in no "first place".) Past attempts to defraud DXCC (e.g., Don Miller, Romeo, etc.) have resulted in cries for blood. It's not a stretch to say that some hams care as much about the integrity of DXCC as they care about money (well, almost... ;-)
So, it was very important to protect the integrity of DXCC and LoTW. Online systems are different in that they permit a much broader level of fraud than manual or paper-based systems. There is no question that among the million or more hams in the world, some bad apples will try to cheat the system -- to gain an undeserved award, to embarrass the sponsor or simply out of sheer malice. If the system can be compromised in such a way that the participants lose confidence in its integrity, then the program will collapse.
It's certainly possible that someone will find a security hole in LoTW -- no system is perfect. Hopefully, the design is strong enough that such a breach will be quickly detected and corrected. You can bet that if this ever happens, loud voices will ask why the security was not made stronger. The answer will be that it could have been made even stronger, but there would have been too large a price to pay in terms of usability. The present system balances the ever-conflicting properties of security and convenience fairly well. Hopefully, a one-time inconvenience for authentication will pay dividends in decades of hassle-free QSLing and awards submission.
73, Dick WC1M
Q: "It is unnecessarily complex. I want the security processing to occur at the ARRL's end, not at the user's end."
Dick WC1M, July 28, 2005, "CQ-Contest" reflector
I don't want to prolong this thread, but Bill didn't get a good answer to his question (see below.) The following is not an official response from ARRL, just my own:
The simple answer is that doing security at the ARRL end would not change or eliminate the registration requirements. Further, such a system would have to rely on password logon, which is not secure.
Registration -- The difference between US and DX registration procedures has nothing do with the secure digital signature system used for identifying log records. Regardless of whether a certificate or password is used, there's still the problem of authenticating the owner of the certificate or password (i.e., making sure that the person requesting access to the system really owns the call sign.) Short of a personal appearance at ARRL HQ (perhaps with an original copy of the license, passport, DNA tests, fingerprints, iris patterns, etc.), it's rather difficult to authenticate a user. The FCC database and US postal system provide a pretty good way to do this for US hams, albeit not perfect. Unfortunately, few if any other countries have accurate and available government databases that can be used to authenticate DX hams. Hopefully, this situation will improve in the future.
Passwords -- While some have asserted that password logon is secure because banks use it, they are mistaken. It's a simple matter to bust a password -- poke around on the net and you'll probably find free programs that do it. Passworded accounts are poorly protected unless you take special precautions, such as choosing randomly-generated passwords of eight characters or more with mixed alphanumerics and case, and are very careful when setting up password reminders (how many unsecure websites know your mother's maiden name?)
Where Security is Done -- A somewhat more complicated reason for doing security at the user end is that one of the goals was for each log record to be permanently associated with its authenticated owner. This provides long-term assurance that the log records upon which DXCC and other awards programs are based have not been altered, and any records found to be fraudulent can be easily eliminated. The only secure way to do this is to use a cryptographic digital signature system. In theory, this could be done at the ARRL end, but the above-mentioned password-based logon leads to numerous security holes beyond just the inherent vulnerability of the password itself. Further, doing digital signatures at the ARRL end would
potentially require enormous amounts of CPU power when large numbers of users upload logs at the same time, resulting in unacceptably slow response time for uploads and queries.
The "It's only a hobby" objection doesn't fly. Our hobby is filled with hundreds of thousands of technically competent individuals, many of whom are capable of figuring out how to bust through light security. Sadly, there's ample evidence that a small number of our comrades would gladly execute on that potential in order to gain undeserved fame or wreck the awards program.
I would hope anyone contemplating registration will bear in mind that it's a one-time minor inconvenience for a lifetime of convenience. A pretty fair trade, in my opinion.
Hope this is helpful.
73, Dick WC1M
Q: "Simple password-based system is secure enough for me to handle my personal finances which are much more important to me than any number of qsl cards. If it really were so insecure why aren't there daily reports of banks getting hacked into and peoples accounts wipe out?"
A: Dick WC1M, July 29, 2005, "CQ-Contest" reflector
Because big banks with online services spend enormous amounts of money to prevent unauthorized access to their systems by network hackers and insiders. ARRL can't afford to do that, which is why LoTW's PKI-based system makes sense. It's a relatively inexpensive way to ensure that no one can alter the database without detection.
By spending a lot of money, banks do a pretty good job of preventing widescale fraud or data destruction. However, they do little to prevent someone from accessing your account by hacking the password. This is easier than it sounds. For example, I know of one major financial institution that uses the customer's social security number as a logon id. That information is easy to get, so all they have to do is guess the password. Like I said, there are programs out there to do that. There are other ways to violate your account besides password hacking -- the hacker simply needs to know enough personal information about you to convince the bank's telephone customer service rep to generate a new password -- address, phone number, date of birth, social security number, etc. I've been appalled at how little information some banks require to grant access to an account. The point is that bank security is pretty good at the back end, but not so good at your end. You are more vulnerable than you think.
A crucial point here is that the consequences of a password violation would actually affect more people with a password-based LoTW than a password-based online banking system. If the hacker guesses your online banking password, only you are affected. If a hacker guesses VU4RBI's password, then the integrity of the entire DXCC program is at risk, with consequences to all participants. I'm not saying that undermining confidence in DXCC is as serious as someone stealing money from you, but it will affect thousands of
people. It's an error to compare LoTW security with online banking. The applications are different and the consequences of the various security breaches are totally different.
...few more reasons to leave it as is ...
I don't know the specifics of the League's internal security systems, but I'm sure they're the best they can do with the resources available to them. Like I said, it takes a lot of money to effectively protect systems from unauthorized network or internal access. PKI is a great way to reduce worry if you don't have a mountain of money to spend.
Besides, there are other good reasons to digitally sign QSO records. If LoTW records are someday made available to non-ARRL awards programs, then the authenticity of each QSO can be traced back to its origin regardless of the security of the receiving system and the methods used to transfer the data. Basically, the data can be spread all over creation and still maintain its integrity. That's a very worthwhile feature.
Jump through hoops? The LoTW user has to do a one-time registration. Thereafter, it's a simple matter of running a program to sign extracted log records. It's only one step in a three step process (extract, sign and upload.) It's a heck of a lot easier and faster than getting cards printed, generating QSL labels, affixing labels to cards and mailing the cards. We're talking about minutes or seconds versus hours. After registration, the time delta between LoTW and something like EQSL is trivial. IMHO, it's a very small price to pay for integrity of the DXCC awards program.
73, Dick WC1M
Q: " It isn't the registration I find annoying, it's the signing and uploading"
A: Dick WC1M, July 29, 2005, "CQ-Contest" reflector
What is it about this that you find annoying? It's a simple matter of running a program between two steps (log extraction and upload) that would be required whether or not the records get signed. It's a lot less complicated than learning to operate a modern transceiver! (I'm thinking of my FT-857D, which has baffled me more than once :-)
If you accept the benefits of tagging log records with digital signatures, then you should know that there would be little or no difference in the user interface if records are signed on the ARRL computer or your computer, except that the latter is much more secure. You would still have to interact with a program on the ARRL computer to specify information (like call, QTH, etc.) and wait for the records to be signed.
If you do not accept the benefits of tagging log records with digital signatures, then please refer to my reply to K1TTT. The bottom line is that they provide an affordable way to protect integrity of the DXCC database and open the potential for exporting QSL records to other awards programs.
Q: " I am not convinced that LoTW demands a higher level of security than what banks use to transfer billions of dollars every day. If anyone can show me how QSLs are more valuable or more prone to hacking than cash I will drop the whole matter"
Your argument about bank security systems do not apply because banks have stringent internal network and computer access requirements that would be far too costly for ARRL to implement. LoTW's digital signature system is a much more affordable way to ensure integrity of the DXCC database.
As I have detailed in a reply to K1TTT, while the bank's networks, computers and databases are relatively safe from hackers and malicious insiders, your online bank account is quite vulnerable. However, only one person will be affected by a violation of your account -- you. Thousands of people could be affected by a violation of VU4RBI's account by a hacker. As I said to K1TTT, I'm not saying QSLs are more important than money, but collapse of DXCC's integrity will affect many people.
It's true that many hams do not give a rat's behind about DXCC integrity. But there are many hams who do care -- a lot. I wouldn't assume that QSLs don't equate to cash for these people. Imagine if the DXCC database were to be hacked undetectably in such a way that serious questions were raised about the legitimacy of awards credits. The ham who spent many thousands of dollars for tower(s), antenna(s), rotor(s), cables, radio, computer, etc., and spent decades chasing DX, might feel every bit as violated as you would feel if someone stole $100 from your online bank account.
73, Dick WC1M
Q: "If the LoTW security method is better, why don't the banks use it? Conversely, if the bank's security method is both simpler and adequate, why doesn't LoTW use it?"
A: Joe W4TV, July 27, 2005, "CQ-Contest" reflector
... they are the same method. The only difference is where the user certificate resides.
Just today I was working on a new e-commerce site. The process to get an SSL certificate and install it (in order to be able to process credit card transactions) is identical to the LotW set-up.
1) the applicant has to "prove" who he is
2) the certificate issuing "authority" has to investigate the applicant and confirm the applicant is who he says he is (and, in some cases, do a through credit and background check)
3) the applicant needs to provide specific information on the server to be certified (the one on which the certificate will be installed)
4) the certificates have to be generated
5) the certificate must be installed
6) the system must be tested and certified
At this point, YOU can log in and generate a credit card transaction (or in the case of a bank/brokerage conduct your business). You prove to me that you're who you say you are when I process your credit card number and security ID and the gateway returns an authorization code ... I need to prove to the card processor that I am who I say I am by having that SSL certificate installed and encrypting (or signing) the data.
Again, the security and authentication for LotW is no different than all the other banking, e-commerce and secure database sites. If you have well written logging software, the process is completely transparent once the LotW certificate is issued,
Could LotW have been designed to accept an unsigned ADIF upload if you were logged into an https:// server? Probably. However, by placing the certificate on the user's computer and using it to "sign" the ADIF before uploading, you now don't even need to log in to upload data ... a DX station without access to the internet can sign an ADIF file and put it on a disk for someone else to upload or e-mail (snail mail to a QSL manager).
The current system is actually MORE flexible and MORE user-friendly than the typical bank/broker or other e-commerce site. What you see with your bank/broker is equivalent to entering one QSO at a time with LotW.
... Joe, W4TV