Skip to main content Accessibility help
×
Home
Hostname: page-component-7ccbd9845f-xwjfq Total loading time: 0.278 Render date: 2023-01-28T15:02:10.989Z Has data issue: true Feature Flags: { "useRatesEcommerce": false } hasContentIssue true

Securing the Automatic Identification System (AIS): Using public key cryptography to prevent spoofing whilst retaining backwards compatibility

Published online by Cambridge University Press:  14 December 2021

Gareth Wimpenny*
Affiliation:
The General Lighthouse Authorities of the United Kingdom and Ireland
Jan Šafář
Affiliation:
The General Lighthouse Authorities of the United Kingdom and Ireland
Alan Grant
Affiliation:
The General Lighthouse Authorities of the United Kingdom and Ireland
Martin Bransby
Affiliation:
The General Lighthouse Authorities of the United Kingdom and Ireland
*
*Corresponding author. E-mail: gareth.wimpenny@gla-rad.org

Abstract

The civilian Automatic Identification System (AIS) has no inherent protection against spoofing. Spoofed AIS messages have the potential to interfere with the safe navigation of a vessel by, amongst other approaches, spoofing maritime virtual aids to navigation and/or differential global navigation satellite system (DGNSS) correction data conveyed across it. Acting maliciously, a single transmitter may spoof thousands of AIS messages per minute with the potential to cause considerable nuisance; compromising information provided by AIS intended to enhance the mariner's situational awareness. This work describes an approach to authenticate AIS messages using public key cryptography (PKC) and thus provide unequivocal evidence that AIS messages originate from genuine sources and so can be trusted. Improvements to the proposed AIS authentication scheme are identified which address a security weakness and help avoid false positives to spoofing caused by changes to message syntax. A channel loading investigation concludes that sufficient bandwidth is available to routinely authenticate all AIS messages whilst retaining backwards compatibility by carrying PKC ‘digital signatures’ in a separate VHF Data Exchange System (VDES) side channel.

Type
Research Article
Copyright
Copyright © The Author(s), 2021. Published by Cambridge University Press on behalf of The Royal Institute of Navigation

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Androjna, A., Perkovič, M., Pavic, I. and Mišković, J. (2021). AIS data vulnerability indicated by a spoofing case-study. Applied Sciences, 11 , 5015.CrossRefGoogle Scholar
Barker, E. (2020). Recommendation for Key Management. Special Publication 800-57, Part 1 Revision 5. National Institute of Standards and Technology, Gaithersburg, MD.CrossRefGoogle Scholar
BIMCO, et al. (2020) The Guidelines on Cyber Security Onboard Ships. Version 4.0. Available at: https://www.bimco.org/about-us-and-our-members/publications/the-guidelines-on-cyber-security-onboard-shipsGoogle Scholar
Boyes, H., Isbell, R. and Luck, A. (2016). Code of Practice: Cyber Security for Ports and Port Systems. Institution of Engineering and Technology, London, UK. Available at: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/642598/cyber-security-code-of-practice-for-ships.pdfGoogle Scholar
ENISA. (2013). Algorithms, Key Sizes and Parameters Report, Version 1.0. European Union Agency for Network and Information Security.Google Scholar
Goudossis, A. and Katsikas, S. (2019). Towards a secure automatic identification system (AIS). Journal of Marine Science and Technology 24, 410423.CrossRefGoogle Scholar
Goudossis, A. and Katsikas, S. (2020). Secure AIS with identity-based authentication and encryption. TransNav: International Journal on Marine Navigation and Safety of Sea Transportation 14(2), 287298.10.12716/1001.14.02.03CrossRefGoogle Scholar
Hall, J., Lee, J., Benin, J., Armstrong, C. and Owen, H. (2015). IEEE 1609 Influenced Automatic Identification System (AIS). IEEE 81st Vehicular Technology Conference (VTC Spring). Glasgow, UK.CrossRefGoogle Scholar
IALA. (2019). Guideline G1139: The Technical Specification of VDES. 3rd Edition. Available at: https://www.iala-aism.org/product/g1139-technical-specification-vdes/Google Scholar
IEC. (2021). IEC 63154:2021. Maritime navigation and radiocommunication equipment and systems - Cybersecurity - General requirements, methods of testing and required test results. International Electrotechnical Commission.Google Scholar
IMO. (2016). MSC 96/4/1. Measures to Enhance Maritime Security.Google Scholar
IMO. (2017). Resolution MSC.428(98). Maritime Cyber Risk Management in Safety Management Systems.Google Scholar
International Telecommunication Union. (2014). Recommendation ITU-R M.1371-5. Technical characteristics for an automatic identification system using time division multiple access in the VHF maritime mobile frequency band.Google Scholar
Kessler, G. (2020). Protected AIS: a demonstration of capability scheme to provide authentication and message integrity. TransNav: International Journal on Marine Navigation and Safety of Sea Transportation. 14(2), 279286.CrossRefGoogle Scholar
MCP. (2021). Maritime Connectivity Platform. https://maritimeconnectivity.net. Accessed 30 June 2021Google Scholar
Sciancalepore, S., Tedeschi, P., Aziz, A. and Pietro, R. (2021). Auth-AIS: secure, flexible, and backward-compatible authentication of vessels AIS broadcasts. IEEE Transactions on Dependable and Secure Computing. DOI:10.1109/TDSC.2021.3069428.10.1109/TDSC.2021.3069428CrossRefGoogle Scholar
Stewart, A., Rice, E. and Safonov, P. (2018). Digital Authentication Strategies for the Automated Identification System. Proceedings of the Midwest Instruction and Computing Symposium (MICS). 6–7 April 2018, Duluth, MN, USA.Google Scholar
Wimpenny, G., Šafář, J., Grant, A., Bransby, M. and Ward, N. (2017) Cyber-Security and a Potential Role for the Maritime Cloud. ION GNSS+. 25–29 September 2017, Portland, OR, USA,.CrossRefGoogle Scholar
Wimpenny, G., Šafář, J., Grant, A., Bransby, M. and Ward, N. (2018). Public Key Authentication for AIS and the VHF Data Exchange System (VDES). Proceedings of the 31st International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2018). 24–28 September 2018, Miami, FL, USA.10.33012/2018.15948CrossRefGoogle Scholar
1
Cited by

Save article to Kindle

To save this article to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Securing the Automatic Identification System (AIS): Using public key cryptography to prevent spoofing whilst retaining backwards compatibility
Available formats
×

Save article to Dropbox

To save this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you used this feature, you will be asked to authorise Cambridge Core to connect with your Dropbox account. Find out more about saving content to Dropbox.

Securing the Automatic Identification System (AIS): Using public key cryptography to prevent spoofing whilst retaining backwards compatibility
Available formats
×

Save article to Google Drive

To save this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you used this feature, you will be asked to authorise Cambridge Core to connect with your Google Drive account. Find out more about saving content to Google Drive.

Securing the Automatic Identification System (AIS): Using public key cryptography to prevent spoofing whilst retaining backwards compatibility
Available formats
×
×

Reply to: Submit a response

Please enter your response.

Your details

Please enter a valid email address.

Conflicting interests

Do you have any conflicting interests? *