Marco Balduzzi
Alessandro Pasta
ABSTRACT
AIS, Automatic Identification System, is an application of cyber-physical systems (CPS) to smart transportation at sea. Being primarily used for collision avoidance and traffic monitoring by ship captains and maritime authorities, AIS is a mandatory installation for over 300,000 vessels worldwide since 2002. Other promoted benefits are accident investigation, aids to navigation and search and rescue (SAR) operations. In this paper, we present a unique security evaluation of AIS, by introducing threats affecting both the implementation in online providers and the protocol specification. Using a novel software-based AIS transmitter that we designed, we show that our findings affect all transponders deployed globally on vessels and other maritime stations like lighthouses, buoys, AIS gateways, vessel traffic services and aircraft involved in SAR operations. Our concerns have been acknowledged by online providers and international standards organizations, and we are currently and actively working together to improve the overall security.
- C. Ambjorn. Seatrack web forecasts and backtracking of oil spills. efficient tool to find illegal spills using ais.Google Scholar
- M. Balduzzi. Personal Page. http://iseclab.org/people/embyte/.Google Scholar
- Bloomberg. Iran Oil Tankers Said by Zanzibar to Signal Wrong Flag. http://www.bloomberg.com/news/2012-10-19/iranian-oil-tankers-said-by-zanzibar-to-be-signaling-wrong-flag.html.Google Scholar
- C. Carthel, S. Coraluppi, and P. Grignan. Multisensor tracking and fusion for maritime surveillance.Google Scholar
- C.-C. Chen, I.-T. Chen, C.-M. Cheng, M.-Y. Chih, and J.-R. Shih. A practical experience with rfid security.Google Scholar
- Claudio, Guarnieri. Spying on the Seven Seas with AIS.Google Scholar
- A. Costin and A. Francillon. Ghost in the Air(Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices. In BLACKHAT 2012.Google Scholar
- N. Foster. GnuRadio AIS Receiver. https://www.cgran.org/wiki/AIS.Google Scholar
- R. Housley, W. Ford, W. Polk, and D. Solo. Rfc 5280: Internet X. 509 Public Key Infrastructure Certificate and CRL profile, 2008.Google Scholar
- R. S. I.-R. International Telecommunication Union. AIS AIVDM Message Types. http://www.navcen.uscg.gov/?pageName=AISMessages.Google Scholar
- ITU-R. Technical characteristics for an automatic identification system using time-division multiple access in the VHF maritime mobile band. http://www.itu.int/dms pubrec/itu-r/rec/m/R-RECM.1371-4-201004-I!!PDF-E.pdf.Google Scholar
- M. Jakobsson, P. Finn, and N. Johnson. Why and how to perform fraud experiments. Security Privacy, IEEE. Google ScholarDigital Library
- M. Jakobsson and J. Ratkiewicz. Designing ethical phishing experiments: a study of (rot13) ronl query features. In Proceedings of WWW 2006. Google ScholarDigital Library
- X. Ji, Z. Shao, J. Pan, and C. Tang. A New AIS-Based Way to Conduct OLAP of Maritime Traffic Flow.Google Scholar
- L.-n. LI, S.-h. YANG, B.-g. CAO, and Z.-f. LI. A summary of studies on the automation of ship collision avoidance intelligence. Journal of Jimei University.Google Scholar
- L. Li-na. Determination of the factors about safe distance of approach and etc on the research of ship automatic avoidance collision.Google Scholar
- B. L. P. Bloomberg Commodities. http://www.bloomberg.com/professional/markets/commodities/.Google Scholar
- K. F. Mathapo. A software-defined radio implementation of maritime AIS. https://scholar.sun.ac.za/handle/10019.1/2215.Google Scholar
- Z. Shao, C. Tang, J. Pan, and X. Ji. The application of database techniques in the integrated vessel information service system.Google Scholar
- D. P. Shepard, T. E. Humphreys, and A. A. Fansler. Evaluation of the vulnerability of phasor measurement units to gps spoofing attacks.Google Scholar
- O.-S. Software. Gnu AIS. http://gnuais.sourceforge.net/.Google Scholar
- H. Teso. Aircraft Hacking - Practical Aero Series.Google Scholar
- B. Tetreault. Use of the automatic identification system (ais) for maritime domain awareness.Google Scholar
- TrendMicro. Security Intelligence Blog. http://blog.trendmicro.com/trendlabs-security-intelligence/category/internet-of-everything/.Google Scholar
- R. Undheim. Ais-Tools. http://www.funwithelectronics.com/?id=9.Google Scholar
- F. van den Broek. Eavesdropping on gsm:state-of-affairs. 2011.Google Scholar
Recommendations
Improved Agent Model for Network Security Evaluation Based on AIS
ICICTA '11: Proceedings of the 2011 Fourth International Conference on Intelligent Computation Technology and Automation - Volume 01This paper proposes a novel distributed agent model for network security evaluation. The method, which uses antibody concentration to quantitatively describe the degree of intrusion danger, is demonstrated. A new network security evaluation method using ...
Dynamic IP Switch System for AIS Data Sharing
ISDEA '10: Proceedings of the 2010 International Conference on Intelligent System Design and Engineering Application - Volume 01AIS (automatic identification system) is a new kind of maritime communication and navigation system, it includes navigation information (ship identity, location, course, speed and etc.) which can be automatically exchanged between vessels, vessels and ...
Development of the integrated target information system of the marine radar and AIS based on ECDIS
WiCOM'09: Proceedings of the 5th International Conference on Wireless communications, networking and mobile computingAIS (Automatic Identification System), a new type of marine equipment, together with radar, are all the key navaid for a ship to navigate. Now in the seafaring, it is one of the most attentive research issues how to adequately and effectively use their ...
Comments