16 | Seaways | May 2019 Read Seaways online at http://www.nautinst.org/seaways
VHF threats to AIS [RF]
VHF protocols were designed in a hardware epoch before software
defined radio (SDR) entered the commercial scene. In those days,
hacking was difficult and expensive, and neither authentication nor
integrity checks were required. SDR today operates in many device
applications, such as radio and TV receivers, and is accessible to radio
amateurs and pirates. SDR transmitters, which are quite cheap to buy,
make it easy to hack and spoof AIS signals.
‘Man in the water spoofing’ [AIS-SART RF]
An attacker could activate a man in the water distress beacon, thereby
exploiting established protocols that trigger SART SOS alerts at up to
60km range. These could lure vessels into hostile or pirate-controlled
seas. Given that response to SART alerts is mandated by law, this threat
could pose a serious problem.
Frequency hopping [RF]
Frequency hopping disables AIS transponders by switching them to
adjacent non-default frequencies. It can target a specific geographical
region, so pirates could place ships ‘off-grid’, effectively making
them invisible upon entering a given area. Frequency hopping is
one example of an availability disruption threat. Others include slot
starvation and timing attacks.
Closest point of approach [RF]
An attacker could set off a collision warning alert, triggering an
estimate of the time until collision and an alarm, which could appear
acoustically (siren) or visually (on the Captain’s display console).
Application layer attacks [SW]
The application layer is where information is processed and can also be
attacked. AIS AIVDM transmit messages are exchanged wirelessly [RF]
and processed at the application layer with back-end software. Once
input data goes to the database on the server, hackers can easily swap
real for fake data without the user being aware.
Malicious software payloads [SW], eg Heartbleed attack, can
cause buffer overflow if data input is not checked properly, as data
may exceed the array size (too much data). For example, SQLi is a
code injection technique that targets data-driven applications where
attackers spoof identity by tampering with data or destroying it. This is
no theoretical threat but a serious existential one. In August 2009 the
US Justice Department charged Albert Gonzalez and two unnamed
Russian citizens with the theft of 130 million credit card numbers using
an SQL injection attack. An attack on AIS system data might be an
equally attractive option.
Lower tech issues
If all this fails for the would-be hacker, they can still flood devices with
noise jamming on AIS or GPS channels, rendering them useless.
Having AIS and not using it is also an issue. A representative from
AIS tracking provider Fleetmon stated: ‘SE Asian boats are usually
without AIS or, if in the act of illegal fishing, will turn off AIS’. The
Indonesian government now insists that all vessels be fitted with
GPS, which provides a low-cost way of tracking vessels. Nevertheless,
some Captains disable the GPS and are only likely to be caught if a
coastguard vessel comes across them on the water.
Proposed digital electronic countermeasures
AIS authentication must:
O Ensure transmitters are genuine
O Add time checks to avoid ‘replay’ data attacks
O Introduce integrity tampering checks to monitor for hijack of AIS
messages.
Valid data content checking is needed, such as asking whether the
geographical information is likely to be correct. AIS is a widely used
mandatory technology in maritime safety, but its security may be
compromised at both the implementation and protocol level, as Trend
Micro’s research has shown. As the protocol is unencrypted, vessel
position data can be tampered with. AIS data can be encrypted, for
example by warships, but the system’s safety benefits are lost if nearby
vessels cannot decrypt data. This can create problems with non-
encrypted, but otherwise operationally compliant, systems.
Owing to the lack of encryption and message validation it is
possible to spoof AIS over RF or from the data server side. Because
transmissions are made over VHF, very little equipment is required for
spoofing. Transmit antennae are less than 1 metre high and short-range
transmission needs only about 20 watts of power. It is easy to overpower
legitimate AIS signals locally. Some AIS message types can interfere
with safe shipping through modification of data fields. For example,
meteorological and hydrological data can be altered to indicate high
waves. False reports can be generated to warn ships of drifting mines, a
vessel listing or capsizing, or other hazards and emergencies.Cyber-security
Good cyber-security at both the corporate and the personal level is
essential if threats to AIS and other data are to be minimised. Software
security company CyberKeel recently evaluated the top 50 container
carriers and found 37 of them seemed to be open to simple attack over
back-end systems. Six allowed harvesting of usernames, while eight
carriers – which between them control 38% of global trade – actually
allowed ‘password’ as a password to access sensitive e-commerce
applications! Almost 70% of malware is shared inadvertently through
social media, and around 99% of cyber-security breaches with known
vulnerabilities – valuable information for hackers – are listed in
accessible national vulnerability databases. For about 90% of such
breaches, however, software patch updates containing the required
security fixes are available.
As the commercial value and sensitivity of data increases, we can be
sure the threats to our digital maritime navigation-related systems are
not going to disappear. It is incumbent upon all service providers and
users to work together to improve the security of our electronic aids
against deliberate attack. The sheer size of geospatial vectors in raster
and point cloud data make them perfect targets for computer-based-
learning algorithms.
We should all be alert to the dangers posed by ‘bad actors’ – rogue
individuals, organisations and enemy states that can generate ‘fake
geography’ or imaginary platforms. Secure and accurate location data,
and the technology that provides it, are fundamental to our daily lives
and activities. Without these validated services, we could easily fall prey
to digital pirates at considerable financial cost, or even risk to life itself.Feature: Electronic warfare in the digital age