In current 5G systems, broadcast messages such as System Information (SI) and Public Warning System (PWS) notifications are processed outside the established UE-network security context before initial access, leaving their integrity structurally unprotected. This vulnerability enables overshadowing attacks where adversaries inject manipulated SI/PWS messages, potentially causing large-scale service disruption and false public alerts. To attend to this gap, we propose a SHA-256-based lightweight integrity protocol that operates consistently across Radio Resource Control (RRC) Connected, Inactive, and Idle states without relying on Public Key Infrastructure (PKI). The User Equipment (UE) computes a hash of received PWS-related SIB content and attaches it to existing RRC/Non-Access Stratum (NAS) state-transition control signaling, enabling the Next Generation NodeB (gNB) to validate broadcast content integrity and feedback verification results to the UE. Security protocols often harbor non-intuitive vulnerabilities that deviate from designer intent, even in standardized protocols where authentication, integrity, and freshness assumptions are repeatedly challenged. Thus, we formally verify our proposed protocol using SVO-Logic and Scyther to establish trustworthiness results, confirming that it satisfies integrity, mutual authentication, freshness, and replay resistance under an active attacker model. Performance evaluation against public-key- and Message Authentication Code (MAC)-based alternatives demonstrates that our hash-based approach achieves significantly lower computational load on gNB while maintaining moderate signaling overhead, making it suitable for large-scale 5G/6G PWS deployments. These results position the protocol as a promising candidate for future 3rd Generation Partnership Project (3GPP) broadcast integrity enhancements.
Park et al. (Tue,) studied this question.