Heikki Hannikainen, a.k.a. OH7LZB a.k.a. Hessu, presented on Friday morning a talk about authenticating amateur radio services on the Internet. He is best known for the aprs.fi site, which… OK, I gotta back up. And I know I’m going to butcher some of this…
What the heck is APRS?
APRS stands for Automatic Packet Reporting System and has been in development since 1982 according to Teh Wiki. APRS-equipped radios (or more conventional radios hooked up to computers running appropriate software) can report their position, send short messages, status updates, etc., over amateur radio frequencies. The APRS-IS (Internet Service) takes this a step further by providing a system of gateways that make these updates available on the Internet.
aprs.fi takes this a step further by using the APRS-IS information and automagically plotting it using Google Maps to create a semi-real time map of status updates and movement and whatnot. Try it; you’ll see who near you has been running around with APRS-equipped radios (or apps, at least).
OK, I’m creeped out by this.
For those of us creeped out by the impending big brother state, this does take a little effort to wrap our brains around. Why would you voluntarily share this kind of information? But we’re making the mistake of thinking of it like text messaging where most of us (falsely) assume some semblance of privacy; the amateur radio paradigms are actually quite different. All amateur radio is public; encryption is not allowed, and there’s nothing to stop anyone from tuning in. Theoretically, even the digital modes are coded such that anyone could readily demodulate and understand it given knowledge of the spec. (More on that to follow).
Keeping in mind historical and current uses of amateur radio, this sort of thing is a logical extension. For emergency communications, you want to have a nice Google Maps interface showing where all of your emergency responders are. If you’re hiking out in the hills, you want your significant other to know where to send the rescue helicopters.
So how does that take us to authentication? OK, I have to back up again.
It’s sort of the anti-Internet.
Another piece of the public amateur radio paradigm is that there’s no anonymity. You are who you are. Call signs are assigned to your license by the FCC (in the States), and that information is freely available. You can Google any U.S. call sign and immediately get an fcc.gov web page with their license level, name, and a valid mailing address. (Note to self: get post office box.)
This, too, makes a dim kind of sense when you think about it. Amateur radio operators are being licensed to use a public resource; no license, no transmit. If they are misusing it, they need to be identified. Anyone without a valid license for the activity they are doing needs to be found and stopped, but the only way to do that (lacking an all-powerful and heavily funded Radio Police) is for the community to do it themselves. So the information has to be public.
When do we get to authentication?
OK, so here’s the problem. aprs.fi and the like are awesome great services for looking up public information that should be public. But what happens if you want to do something more interesting? What if you want to send messages over a cool internet web page? Only licensed hams can transmit, remember. We have to have some way to authenticate people and prove that they are who they say they are before you can let them do cool things.
Hessu talked about several other sites and the approaches they took. From a security and authentication standpoint, some were hilariously bad. (Not naming names.) He then talked about ARRL’s Logbook of the World, however, and that approach offers some real possibilities.
Logbook of the what?
Apparently, making contact with other people over the radio is A Thing. There’s bragging rights involved or something. But how do you prove that someone really made a low power contact with some random guy on the other side of the planet? There’s a central registry (actually several, but let’s not cloud the issue) and you authenticate to the site, the Logbook of the World (LotW). You put up your information for the contact: when, on what frequency, what mode, what you had for breakfast, etc. The guy you talked to puts the same information up. If you have identical information, that’s a confirmed contact and you both get credit.
(“But can’t you just e-mail somebody the information and have them fake it?” Shhh.)
LotW authenticates using digital signature certificates. I’m not even going to try to explain this one, but it’s the same way that web sites prove they are who they say they are, and the way that you digitally sign e-mail messages. It not only authenticates you, but it provides for irrevocability; you can’t later claim that it wasn’t you that sent the message (used the cool service, etc.) because only you can digitally sign it.
The problem with digital certificates is that someone (an “army of volunteers” in Heikki’s parlance) still has to verify that each operator is who they say they are and issue the certificate. What a pain. And who has an army of volunteers? And who would want to go through the process for each site they want to use?
Fortunately, Hessu points out, someone already has an army of volunteers and they’ve already been doing the work. Why don’t we just accept the ARRL-issued certificates?
All of the computer security people are yelling at their screens right now because this was the obvious solution that no one thought of.
Or almost no one. It turns out Echolink has been accepting LotW certs for a decade. Hessu has set up a test site to demo the authorization method (authtest.aprs.fi) and demo’d it for us yesterday. I don’t have a certificate from LotW, but I’m kind of inspired to get one now.
The next steps:
- Create more certificate authorities.
- Build awesome sites and services.
It occurred to me that a large (150+) meatspace meeting of amateur radio operators with an interest in digital comms was a massive missed opportunity to have a digital signature certificate-issuing party.
I really enjoyed the talk, and thought he explained the ideas behind the signature certificates in a way that most everyone could understand. I hope the presentation makes it to the TAPR site.
[Edit: Link corrected. Thanks to Tom Hayward!]