SecureAIS - Securing Pairwise Vessels Communications

Ahmed Aziz, Pietro Tedeschi, Savio Sciancalepore, Roberto Di Pietro

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Scopus citations

Abstract

Modern vessels increasingly rely on the Automatic Identification System (AIS) digital technology to wirelessly broadcast identification and position information to neighboring vessels and ports. AIS is a time-slotted protocol that also provides unicast messages-usually employed to manage self-separation and to exchange safety information. However, AIS does not provide any security feature. The messages are exchanged in clear-text, and they are not authenticated, being vulnerable to several attacks, including forging and replay. Despite the existing contributions in the literature propose some strategies to overcome the exposed weaknesses, some are insecure, others do not comply with the standard, while the remaining few ones would introduce an unacceptable overhead-that is, they would require a relevant number of AIS-time slots, because of the limited payload available for each time-slot. In this paper, we propose SecureAIS, a key agreement scheme that allows any pair of vessels in reach of an AIS radio to agree on a shared session key of the desired length, by requiring just a fraction of the AIS time-slots of competing solutions. Further, the scheme is fully standard compliant and does not require any modification to the available hardware. The proposed scheme integrates the Elliptic Curve Qu-Vanstone (ECQV) implicit certification scheme and the Elliptic Curve Diffie Hellman (ECDH) key agreement technique, requiring moderate computational overhead while enjoying an optimal usage of the available bandwidth. When configured with the highest security level of 256 bits, SecureAIS allows two AIS transceivers to agree on a shared session key in 20 time-slots, against the 96 time-slots required by the competing solution based on traditional X.509 certificates. The proposed solution has been implemented and tested in a real scenario, while its security has been formally evaluated through the ProVerif tool. Finally, the source code of our Proof-of-concept using GNURadio and Ettus Research X310 has been also released as open-source to pave the way to further research by both Industry and Academia in maritime communication security.
Original languageEnglish (US)
Title of host publication2020 IEEE Conference on Communications and Network Security, CNS 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Print)9781728147604
DOIs
StatePublished - Jun 1 2020
Externally publishedYes

Fingerprint

Dive into the research topics of 'SecureAIS - Securing Pairwise Vessels Communications'. Together they form a unique fingerprint.

Cite this