[EAS] Fallout Over False Alert Continues
Mike McCarthy
towers at mre.com
Thu Oct 30 19:41:32 CDT 2014
Since it was my idea, let me elaborate. The authentication code would be
made available and circulated either as the RWT or a referenced attached
file to the RWT retrieved by the EAS box each week. The code would then
be stored in the local unit until updated the following week. Thus when
there is such an alert, the box need not reach back to the mother ship
and probably through a very congested internet and server.
A safety would be either a two week overlap where either of two codes
would work and/or the box "phone home" if it should receive a request it
doesn't recognize or can confirm.
The key here is to 1) Make the authentication process lightning fast so
the relaying box can react accordingly. The process could be similar to
Kerbos to insure the code remains uncompromised. And 2) create something
in the message header compels the ENDEC to refer to that authentication
code and cross check to the companion code in the header.
This would require a bit of standards modification and rules changes for
a code field (say 6 alpha-numeric digits) embedded as part of the EAN
only header. Such as possibly placed after the All USA location code.
The EAN message type would cause the box to look for that trigger field
and compare to the internally stored code. Just like the red envelop
comparison done manually. If the code adds-up or matches what was sent,
the box continues with the EAN process...in less than a second.
While this also isn't full proof, it's a long ways towards taking the
system security up by a two orders of magnitude.
MM
On 10/30/2014 1:19 PM, Ed Czarnecki wrote:
> Are you thinking of a validation code for the CAP message (which is not EAN
> at this point) ... or ... a validation code that the EAS device would reach
> back and grab from the aggregator, if it receives an EAN via broadcast/PEP?
>
> That's a really interesting idea, basically a "digital red envelope" or a
> rough two-factor authentiation ... But raises the issue of what happens in
More information about the EAS
mailing list