Cryptographic techniques (whether based on symmetric key cryptography or asymmetric key cryptography or both) have been used in various systems and networks to secure both data and messages. The appropriate choice of cryptographic primitives in a specific context may depend on various factors, such as for example, computational resource constraints or threat models.
Warning messages have been used to provide timely and accurate alerts, warnings and critical information regarding disasters and other emergencies. Examples of warning messages include the Public Warning System (PWS) messages described in the context of the Third Generation Partnership Project (3GPP). PWS provides a framework for Korean Public Alert System (KPAS), European Warning System (EU-ALERT), and Commercial Mobile Alert System (CMAS) messages which may fall into three classes: Presidential; Imminent Threat and Child Abduction Emergency; and Earthquake and Tsunami Warning System (ETWS) messages. Warning messages may include multiple components; for example, the warning message may include a description of the event, the geographical area affected by the event, a recommended action, an expiration time for the warning message; and the identity of an agency responsible for the warning message. Regulatory requirements may determine the components of the warning messages.
There is a general interest to enhance the reliability, resiliency, and security of warning messages to enable the public to take appropriate action to protect their families and themselves from serious injury, or loss of life or property. Therefore, the transmission of warning messages over communication networks may require that certain security requirements be met. For example, security requirements for warning messages may include any one or more of the following: (a) the integrity of the warning message or notification is protected; (b) the communication network will protect against false warning messages; and (c) only warning messages from authorized and authenticated sources will be transmitted via the communication network. Such security requirements may serve to minimize the reception of false warning messages that may cause hazardous conditions and/or widespread panic.
The security requirements for warning messages may be subject to regulatory policies and may also vary from region to region. An example of security requirements for warning messages may be found in the requirements for Public Warning System (PWS) messages broadcast in 3GPP, as specified in the document, 3GPP TS 22.268 v11.2.0, “Public Warning System (PWS) requirement (Release 11)”.
In addition to the security requirements, the warning messages may also be associated with certain latency requirements. For example, the Earthquake and Tsunami Warning System (ETWS) being standardized may contain a requirement that the warning messages transmitted in these systems have a latency of less than 4 seconds. Such requirements may ensure that warning messages are received by users in a timely fashion. Such latency and/or other requirements may place constraints on the number of bytes used for the warning messages and/or any associated fields (e.g., security bits).
Communication networks should be designed to ensure that the security and latency requirements for these warning messages are satisfied while ensuring minimal bandwidth overhead and minimal resource consumption both in the core network and in the radio interface. In addition, the network design may have to ensure that legacy communication devices on the network are also able to process warning messages, so as to avoid liability caused due to users of such legacy devices not being aware of warning messages. The network design may also have to account for mobile devices that may roam from one network to another.
Various cryptographic techniques (whether based on symmetric key cryptography or asymmetric key cryptography or both) have been used in various systems to provide integrity and authentication for data and messages. The network designs for warning messages should make appropriate selection of cryptographic primitives so as to meet the other requirements (e.g., latency requirements) for warning messages, and also consider appropriate key management and distribution techniques to support the chosen cryptographic primitives.
Like reference numerals and designations in the various drawings indicate like elements.