A Hash-Based Lightweight Integrity Protocol Against Overshadowing Attack in Mobile Radio Networks

초록

In current 5G systems, broadcast messages such as System Information (SI) and Public Warning System (PWS) notifications are processed outside the established UE-network security context before initial access, leaving their integrity structurally unprotected. This vulnerability enables overshadowing attacks where adversaries inject manipulated SI/PWS messages, potentially causing large-scale service disruption and false public alerts. To attend to this gap, we propose a SHA-256-based lightweight integrity protocol that operates consistently across Radio Resource Control (RRC) Connected, Inactive, and Idle states without relying on Public Key Infrastructure (PKI). The User Equipment (UE) computes a hash of received PWS-related SIB content and attaches it to existing RRC/Non-Access Stratum (NAS) state-transition control signaling, enabling the Next Generation NodeB (gNB) to validate broadcast content integrity and feedback verification results to the UE. Security protocols often harbor non-intuitive vulnerabilities that deviate from designer intent, even in standardized protocols where authentication, integrity, and freshness assumptions are repeatedly challenged. Thus, we formally verify our proposed protocol using SVO-Logic and Scyther to establish trustworthiness results, confirming that it satisfies integrity, mutual authentication, freshness, and replay resistance under an active attacker model. Performance evaluation against public-key- and Message Authentication Code (MAC)-based alternatives demonstrates that our hash-based approach achieves significantly lower computational load on gNB while maintaining moderate signaling overhead, making it suitable for large-scale 5G/6G PWS deployments. These results position the protocol as a promising candidate for future 3rd Generation Partnership Project (3GPP) broadcast integrity enhancements.

키워드