Hostname: page-component-cd9895bd7-lnqnp Total loading time: 0 Render date: 2024-12-23T07:25:40.512Z Has data issue: false hasContentIssue false

Securing the Automatic Identification System (AIS): Using public key cryptography to prevent spoofing whilst retaining backwards compatibility

Published online by Cambridge University Press:  14 December 2021

Gareth Wimpenny*
Affiliation:
The General Lighthouse Authorities of the United Kingdom and Ireland
Jan Šafář
Affiliation:
The General Lighthouse Authorities of the United Kingdom and Ireland
Alan Grant
Affiliation:
The General Lighthouse Authorities of the United Kingdom and Ireland
Martin Bransby
Affiliation:
The General Lighthouse Authorities of the United Kingdom and Ireland
*
*Corresponding author. E-mail: [email protected]

Abstract

The civilian Automatic Identification System (AIS) has no inherent protection against spoofing. Spoofed AIS messages have the potential to interfere with the safe navigation of a vessel by, amongst other approaches, spoofing maritime virtual aids to navigation and/or differential global navigation satellite system (DGNSS) correction data conveyed across it. Acting maliciously, a single transmitter may spoof thousands of AIS messages per minute with the potential to cause considerable nuisance; compromising information provided by AIS intended to enhance the mariner's situational awareness. This work describes an approach to authenticate AIS messages using public key cryptography (PKC) and thus provide unequivocal evidence that AIS messages originate from genuine sources and so can be trusted. Improvements to the proposed AIS authentication scheme are identified which address a security weakness and help avoid false positives to spoofing caused by changes to message syntax. A channel loading investigation concludes that sufficient bandwidth is available to routinely authenticate all AIS messages whilst retaining backwards compatibility by carrying PKC ‘digital signatures’ in a separate VHF Data Exchange System (VDES) side channel.

Type
Research Article
Copyright
Copyright © The Author(s), 2021. Published by Cambridge University Press on behalf of The Royal Institute of Navigation

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Androjna, A., Perkovič, M., Pavic, I. and Mišković, J. (2021). AIS data vulnerability indicated by a spoofing case-study. Applied Sciences, 11 , 5015.CrossRefGoogle Scholar
Barker, E. (2020). Recommendation for Key Management. Special Publication 800-57, Part 1 Revision 5. National Institute of Standards and Technology, Gaithersburg, MD.CrossRefGoogle Scholar
BIMCO, et al. (2020) The Guidelines on Cyber Security Onboard Ships. Version 4.0. Available at: https://www.bimco.org/about-us-and-our-members/publications/the-guidelines-on-cyber-security-onboard-shipsGoogle Scholar
Boyes, H., Isbell, R. and Luck, A. (2016). Code of Practice: Cyber Security for Ports and Port Systems. Institution of Engineering and Technology, London, UK. Available at: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/642598/cyber-security-code-of-practice-for-ships.pdfGoogle Scholar
ENISA. (2013). Algorithms, Key Sizes and Parameters Report, Version 1.0. European Union Agency for Network and Information Security.Google Scholar
Goudossis, A. and Katsikas, S. (2019). Towards a secure automatic identification system (AIS). Journal of Marine Science and Technology 24, 410423.CrossRefGoogle Scholar
Goudossis, A. and Katsikas, S. (2020). Secure AIS with identity-based authentication and encryption. TransNav: International Journal on Marine Navigation and Safety of Sea Transportation 14(2), 287298.10.12716/1001.14.02.03CrossRefGoogle Scholar
Hall, J., Lee, J., Benin, J., Armstrong, C. and Owen, H. (2015). IEEE 1609 Influenced Automatic Identification System (AIS). IEEE 81st Vehicular Technology Conference (VTC Spring). Glasgow, UK.CrossRefGoogle Scholar
IALA. (2019). Guideline G1139: The Technical Specification of VDES. 3rd Edition. Available at: https://www.iala-aism.org/product/g1139-technical-specification-vdes/Google Scholar
IEC. (2021). IEC 63154:2021. Maritime navigation and radiocommunication equipment and systems - Cybersecurity - General requirements, methods of testing and required test results. International Electrotechnical Commission.Google Scholar
IMO. (2016). MSC 96/4/1. Measures to Enhance Maritime Security.Google Scholar
IMO. (2017). Resolution MSC.428(98). Maritime Cyber Risk Management in Safety Management Systems.Google Scholar
International Telecommunication Union. (2014). Recommendation ITU-R M.1371-5. Technical characteristics for an automatic identification system using time division multiple access in the VHF maritime mobile frequency band.Google Scholar
Kessler, G. (2020). Protected AIS: a demonstration of capability scheme to provide authentication and message integrity. TransNav: International Journal on Marine Navigation and Safety of Sea Transportation. 14(2), 279286.CrossRefGoogle Scholar
MCP. (2021). Maritime Connectivity Platform. https://maritimeconnectivity.net. Accessed 30 June 2021Google Scholar
Sciancalepore, S., Tedeschi, P., Aziz, A. and Pietro, R. (2021). Auth-AIS: secure, flexible, and backward-compatible authentication of vessels AIS broadcasts. IEEE Transactions on Dependable and Secure Computing. DOI:10.1109/TDSC.2021.3069428.10.1109/TDSC.2021.3069428CrossRefGoogle Scholar
Stewart, A., Rice, E. and Safonov, P. (2018). Digital Authentication Strategies for the Automated Identification System. Proceedings of the Midwest Instruction and Computing Symposium (MICS). 6–7 April 2018, Duluth, MN, USA.Google Scholar
Wimpenny, G., Šafář, J., Grant, A., Bransby, M. and Ward, N. (2017) Cyber-Security and a Potential Role for the Maritime Cloud. ION GNSS+. 25–29 September 2017, Portland, OR, USA,.CrossRefGoogle Scholar
Wimpenny, G., Šafář, J., Grant, A., Bransby, M. and Ward, N. (2018). Public Key Authentication for AIS and the VHF Data Exchange System (VDES). Proceedings of the 31st International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2018). 24–28 September 2018, Miami, FL, USA.10.33012/2018.15948CrossRefGoogle Scholar