TY - GEN
T1 - SecureAIS - Securing Pairwise Vessels Communications
AU - Aziz, Ahmed
AU - Tedeschi, Pietro
AU - Sciancalepore, Savio
AU - Pietro, Roberto Di
N1 - Generated from Scopus record by KAUST IRTS on 2023-09-20
PY - 2020/6/1
Y1 - 2020/6/1
N2 - Modern vessels increasingly rely on the Automatic Identification System (AIS) digital technology to wirelessly broadcast identification and position information to neighboring vessels and ports. AIS is a time-slotted protocol that also provides unicast messages-usually employed to manage self-separation and to exchange safety information. However, AIS does not provide any security feature. The messages are exchanged in clear-text, and they are not authenticated, being vulnerable to several attacks, including forging and replay. Despite the existing contributions in the literature propose some strategies to overcome the exposed weaknesses, some are insecure, others do not comply with the standard, while the remaining few ones would introduce an unacceptable overhead-that is, they would require a relevant number of AIS-time slots, because of the limited payload available for each time-slot. In this paper, we propose SecureAIS, a key agreement scheme that allows any pair of vessels in reach of an AIS radio to agree on a shared session key of the desired length, by requiring just a fraction of the AIS time-slots of competing solutions. Further, the scheme is fully standard compliant and does not require any modification to the available hardware. The proposed scheme integrates the Elliptic Curve Qu-Vanstone (ECQV) implicit certification scheme and the Elliptic Curve Diffie Hellman (ECDH) key agreement technique, requiring moderate computational overhead while enjoying an optimal usage of the available bandwidth. When configured with the highest security level of 256 bits, SecureAIS allows two AIS transceivers to agree on a shared session key in 20 time-slots, against the 96 time-slots required by the competing solution based on traditional X.509 certificates. The proposed solution has been implemented and tested in a real scenario, while its security has been formally evaluated through the ProVerif tool. Finally, the source code of our Proof-of-concept using GNURadio and Ettus Research X310 has been also released as open-source to pave the way to further research by both Industry and Academia in maritime communication security.
AB - Modern vessels increasingly rely on the Automatic Identification System (AIS) digital technology to wirelessly broadcast identification and position information to neighboring vessels and ports. AIS is a time-slotted protocol that also provides unicast messages-usually employed to manage self-separation and to exchange safety information. However, AIS does not provide any security feature. The messages are exchanged in clear-text, and they are not authenticated, being vulnerable to several attacks, including forging and replay. Despite the existing contributions in the literature propose some strategies to overcome the exposed weaknesses, some are insecure, others do not comply with the standard, while the remaining few ones would introduce an unacceptable overhead-that is, they would require a relevant number of AIS-time slots, because of the limited payload available for each time-slot. In this paper, we propose SecureAIS, a key agreement scheme that allows any pair of vessels in reach of an AIS radio to agree on a shared session key of the desired length, by requiring just a fraction of the AIS time-slots of competing solutions. Further, the scheme is fully standard compliant and does not require any modification to the available hardware. The proposed scheme integrates the Elliptic Curve Qu-Vanstone (ECQV) implicit certification scheme and the Elliptic Curve Diffie Hellman (ECDH) key agreement technique, requiring moderate computational overhead while enjoying an optimal usage of the available bandwidth. When configured with the highest security level of 256 bits, SecureAIS allows two AIS transceivers to agree on a shared session key in 20 time-slots, against the 96 time-slots required by the competing solution based on traditional X.509 certificates. The proposed solution has been implemented and tested in a real scenario, while its security has been formally evaluated through the ProVerif tool. Finally, the source code of our Proof-of-concept using GNURadio and Ettus Research X310 has been also released as open-source to pave the way to further research by both Industry and Academia in maritime communication security.
UR - https://ieeexplore.ieee.org/document/9162320/
UR - http://www.scopus.com/inward/record.url?scp=85090132178&partnerID=8YFLogxK
U2 - 10.1109/CNS48642.2020.9162320
DO - 10.1109/CNS48642.2020.9162320
M3 - Conference contribution
SN - 9781728147604
BT - 2020 IEEE Conference on Communications and Network Security, CNS 2020
PB - Institute of Electrical and Electronics Engineers Inc.
ER -