The tracking system for the ships of the AIS "hacked", but is it?
The work was presented at the HiTB conference in Kuala Lumpur 2013. Presentation slides are available here .
From the official Trend Micro blog:
Authors Marco Balduzzi and Kyle Wilhoit
')
It seems to me that those who investigated the security of these systems (AIS), had a good time having received a portion of the fan. But “security” has nothing to do with it.
Ship Identification Systems
AIS is an automatic tracking system that is installed and used by ships and navigation services to identify and locate ships through data exchange with other nearby ships, ground-based AIS stations, and satellites. When satellites are used to transmit messages, then such a link is referred to as Satellite-AIS (C-AIS). Information obtained through the AIS complements the data obtained from the radar, which are still the main source of navigation for water transport.
AIS is used for the following purposes:
• Data exchange between ports and ships
• Data exchange between ships on the high seas
• Navigation, course, location and speed
Where applied:
• Marine Traffic Management Service
• Avoid collisions
• Coast Guard
• Navigation assistance
• Rescue operations
• Short message, such as weather forecast
The data (unique identification number, location, course and speed) that these tracking systems provide is displayed either on screens or on ECDIS. Automatic identification systems help navigators and various maritime services to monitor maritime transport and its movement. The heart of the system is a standard UHF transmitter and satellite positioning system such as LORAN-C, GPS, or Glonass, plus other additional navigation sensors, such as a gyro or an angular velocity sensor. Vessels that are equipped with AIS transceivers and transponders can be monitored from land through special base stations located along the coast, or through satellites that have equipment for receiving and transmitting AIS signals.
Transponders via built-in UHF transmitters automatically send their location, speed and navigation status at regular intervals. Information is taken from the ship’s navigation sensors, usually a satellite navigation system or a gyrocompass. Other information, such as the vessel's name and UHF identifier, is stitched into the equipment when it is installed. Signals are received by AIS transponders installed on other ships or ground stations, for example, the system of traffic control. The resulting data is then projected onto screens or interactive maps for further analysis and coordination of movement.
The conclusion reached by the researchers is that the identification system of the courts can be used quite easily for all sorts of “dirty tricks”. In fact, AIS is the usual UHF radio, which broadcasts various kinds of navigation data to the public, which means that all security problems are connected to the radio. To assert that the AIS is completely compromised is at least incorrect, if only because this system was developed at a time when the danger of intercepting this data was minimal. Now, with the advent of software-defined radio communication systems, the task of intercepting and retransmitting these messages has become much simpler.
Let us now analyze the possible scenarios of malicious use of these systems, which researchers report in their report.
Likely clash
Imagine for a moment that we have a tanker. And here in the cockpit is the navigator and, suddenly, the screen receives a signal of a possible collision with another vessel. By the way, all such signals are recorded in a sort of “black” box (the same as on airplanes or racing cars) and must be confirmed by the navigator. At this point, the navigator must perform strictly regulated actions and verify potentially dangerous data with the performance of other systems, at least from the radar, satellite navigation systems, and visually. As a result, the event will be recorded and the alarm will be canceled.
Man overboard
A similar scenario with a ship in which the crew receives a signal about another ship in distress. In most cases, such information is immediately transmitted to land by the coast guard, who will coordinate all subsequent actions. They are obliged to double-check the received data and notify the team about further actions. As a result, almost all the risks considered by the researchers in their report are minimized.
Disable AIS transponders on other vessels
In some cases, the crew is allowed to completely disable their identification systems. In this case, there are clear rules that describe the actions of the team, for example, constant visual observation.
Substitution of weather data
AIS is just one of several sources of weather data. Data received through this channel is (usually) rechecked and verified with other sources.
All other options for the abuse of these systems are related to online services, such as marinetraffic.com, where data is provided solely for informational purposes and therefore are unlikely to harm anyone.
From the very beginning, ship identification systems were designed to be open, and, most likely, will remain the same in the near future. The introduction of encryption will mean a huge change, because all equipment on ships will need to be changed. In view of the fact that most of the risks are minor, I think that the international maritime organization will hardly reconsider the security of this system.
From the official Trend Micro blog:
Trend Micro researchers found that security problems in the AIS (Automatic Identification System) can intercept communications between ships, create ghost ships, send SOS signals or collision messages, or disable AIS altogether on any ship.
Authors Marco Balduzzi and Kyle Wilhoit
')
It seems to me that those who investigated the security of these systems (AIS), had a good time having received a portion of the fan. But “security” has nothing to do with it.
Ship Identification Systems
AIS is an automatic tracking system that is installed and used by ships and navigation services to identify and locate ships through data exchange with other nearby ships, ground-based AIS stations, and satellites. When satellites are used to transmit messages, then such a link is referred to as Satellite-AIS (C-AIS). Information obtained through the AIS complements the data obtained from the radar, which are still the main source of navigation for water transport.
AIS is used for the following purposes:
• Data exchange between ports and ships
• Data exchange between ships on the high seas
• Navigation, course, location and speed
Where applied:
• Marine Traffic Management Service
• Avoid collisions
• Coast Guard
• Navigation assistance
• Rescue operations
• Short message, such as weather forecast
The data (unique identification number, location, course and speed) that these tracking systems provide is displayed either on screens or on ECDIS. Automatic identification systems help navigators and various maritime services to monitor maritime transport and its movement. The heart of the system is a standard UHF transmitter and satellite positioning system such as LORAN-C, GPS, or Glonass, plus other additional navigation sensors, such as a gyro or an angular velocity sensor. Vessels that are equipped with AIS transceivers and transponders can be monitored from land through special base stations located along the coast, or through satellites that have equipment for receiving and transmitting AIS signals.
Transponders via built-in UHF transmitters automatically send their location, speed and navigation status at regular intervals. Information is taken from the ship’s navigation sensors, usually a satellite navigation system or a gyrocompass. Other information, such as the vessel's name and UHF identifier, is stitched into the equipment when it is installed. Signals are received by AIS transponders installed on other ships or ground stations, for example, the system of traffic control. The resulting data is then projected onto screens or interactive maps for further analysis and coordination of movement.
The conclusion reached by the researchers is that the identification system of the courts can be used quite easily for all sorts of “dirty tricks”. In fact, AIS is the usual UHF radio, which broadcasts various kinds of navigation data to the public, which means that all security problems are connected to the radio. To assert that the AIS is completely compromised is at least incorrect, if only because this system was developed at a time when the danger of intercepting this data was minimal. Now, with the advent of software-defined radio communication systems, the task of intercepting and retransmitting these messages has become much simpler.
Let us now analyze the possible scenarios of malicious use of these systems, which researchers report in their report.
Likely clash
Imagine for a moment that we have a tanker. And here in the cockpit is the navigator and, suddenly, the screen receives a signal of a possible collision with another vessel. By the way, all such signals are recorded in a sort of “black” box (the same as on airplanes or racing cars) and must be confirmed by the navigator. At this point, the navigator must perform strictly regulated actions and verify potentially dangerous data with the performance of other systems, at least from the radar, satellite navigation systems, and visually. As a result, the event will be recorded and the alarm will be canceled.
Man overboard
A similar scenario with a ship in which the crew receives a signal about another ship in distress. In most cases, such information is immediately transmitted to land by the coast guard, who will coordinate all subsequent actions. They are obliged to double-check the received data and notify the team about further actions. As a result, almost all the risks considered by the researchers in their report are minimized.
Disable AIS transponders on other vessels
In some cases, the crew is allowed to completely disable their identification systems. In this case, there are clear rules that describe the actions of the team, for example, constant visual observation.
Substitution of weather data
AIS is just one of several sources of weather data. Data received through this channel is (usually) rechecked and verified with other sources.
All other options for the abuse of these systems are related to online services, such as marinetraffic.com, where data is provided solely for informational purposes and therefore are unlikely to harm anyone.
From the very beginning, ship identification systems were designed to be open, and, most likely, will remain the same in the near future. The introduction of encryption will mean a huge change, because all equipment on ships will need to be changed. In view of the fact that most of the risks are minor, I think that the international maritime organization will hardly reconsider the security of this system.
Source: https://habr.com/ru/post/198654/
All Articles