[aprssig] Callsign Verification (Was: Pirates on APRS IS)
steve at dimse.com
Fri Mar 15 09:30:11 CDT 2013
On Mar 15, 2013, at 8:47 AM, Georg Lukas wrote:
> We are doing a significant amount of callsign validation to give out
> passcodes for APRSdroid users
I won't go so far as to say all this effort is wasted, since it does keep some non-hams from accessing the APRS-IS, but it is important to keep in mind that the APRS-IS itself is completely open. It cannot be fixed with any add-on security. The only option is to create a new APRS-IS that is secure. As we have seen time and again, hams don't make changes unless something new gives them a clear and significant benefit. If someone spent the effort to create a system that was truly secure, and others diligently performed the required verification, you still need to give the users a reason to switch. Since nothing on the APRS-IS side could be considered secure anyone moving to the other side would see only those using the secure system. On the other hand, the APRS-IS side would see all the data on the new system, which provides a pretty big incentive to staying put.
Since it has been more than a year, perhaps it is worth it to explain how we got here -
When I first created the APRS IS it was receive only. I developed the protocol for third party packets allowing internet to RF messaging two years later. At that point it was necessary to provide some sort of authentication to meet US regulations. The model at the time was the TCP/IP ham software (sorry forget the name and I think Phil Karn was the author), which verified that one was a ham by asking what was the standard 2 meter split (600 kHz). Answer that question correctly and you could log into a TCP/IP server on the internet and access the RF side. Hardly secure, but it met the FCC requirements.
I wanted something automatic, so I came up with a simple 15 bit hash on the callsign. It was NEVER meant to be something secure, just to meet the very low standard of the FCC to verify ham radio status. This worked because the only APRS client programs back then were sold. The software authors verified ham radio status, once the ham paid the registration fee their software automatically generated the 15 bit number.
Easy, and since only 4 people knew the algorithm, it did provide some security. But then Dale Heatherington wrote a clone of APRServ, aprsd. He needed a way to provide the algorithm to open source users. Initially he did this by supplying an object module to check algorithms, and users asked him for their code. This was not really secure, because you could run a brute force attack to guess your code by checking at most 32k numbers against the object module, and because you could recompile the source code of aprsd to remove the checks completely.
So to keep the APRS IS somewhat secure I took on the task of checking each aprsd site to be sure the testing for the callsign worked as designed. As APRS IS grew this was obviously untenable. At that point there was really no choice other than to make the algorithm public, which happened about 12 years ago.
The fact is that despite the complete lack of security there have been no significant problems in these 12 years. Hackers have much more interesting and valuable networks to target. I would propose that the effort to create a secure APRS-IS would be better spent elsewhere.
More information about the aprssig