NDAA passed: Internet and Online Streaming Services Emergency Alert Study

Jim mysidia at gmail.com
Sun Jan 3 07:26:21 UTC 2021


On Sun, Jan 3, 2021 at 12:01 AM Mark Foster <blakjak at blakjak.net> wrote:

> And I don't see that opening up a UDP port on every end-user device to
> receive some sort of broadcast (unicast?) is going to be great security.   ...

Yeah:   This is probably best done by either requiring the streaming services to
know where their customers' location is and relay a copy of any pertinent data
to end users through their applications or to web browsers through headers,
Or by having native software included with the OS on internet-connected devices
to query a region-specific URL at a regular interval.

This is much fewer packets if the data can be transferred over the headers of
HTTPS connections which applications on end devices  already make to
various websites.

The UDP port method is inefficient,  at least if meet the requirements
that would seem reasonable for emergency alert distribution on streaming
devices (much the same as for other media...).

1. There should never be extra steps from an end user to "activate"
emergency alerts -
except steps which the device enforces must be done, before any
content can be played.
Notions such as computer users choosing to subscribe to IPAWS fail,
at least, until
some mechanism enforces that they do so.

2. If the device is able to view content, then emergency alerts must
be working.
The function to play alerts should not be able to be disabled and
should resist tampering.
If either an alert has been received,  or emergency alerts would not be able to
be received, then the normal play of content must be interrupted - the ability
to access content should be disabled and be not allowed by the device's
application or operating system until after it can be confirmed that all alerts
have been fully played, or  the error has been corrected.


Problem is that UDP packets to X port could be easily intercepted and dropped by
devices such as firewalls.    Merely broadcasting the UDP port during an alert
would not be enough, then;  it would call for a regular broadcast to
this port by
every ISP to every user every few minutes, even when there are no
alerts to relay.

That would seem to be necessary for devices to be able to verify that
alerts would
be working and are not being tampered or interfered with.   Devices would  need
to be designed to verify the latest UDP broadcast has been received
and  Self-Disable
with an error message if too much time has passed with no update
packet on that port;
some type of crypto system would also be needed to verify that messages are
authentic, and have not been forged, replayed, or altered.

The regular UDP broadcast could not be only during an emergency, then,  it
would need to be every few minutes, otherwise the devices  would have no way
of ensuring their ability to receive alerts - that's a massive number
of UDP messages
to consider..


--
-JH


More information about the NANOG mailing list