Litcius/Paper detail

Auth-AIS: Secure, Flexible, and Backward-Compatible Authentication of Vessels AIS Broadcasts

Savio Sciancalepore, Pietro Tedeschi, Ahmed Aziz, Roberto Di Pietro

2021IEEE Transactions on Dependable and Secure Computing25 citationsDOIOpen Access PDF

Abstract

Automatic Identification System (AIS) is the de-facto communication standard used by vessels to broadcast identification and position information. However, being AIS communications neither encrypted nor authenticated, they can be eavesdropped and spoofed by adversaries, leading to potentially threatening scenarios. Existing solutions, including the ones conceived in the avionics domain, do not consider integration with the AIS standard, and they do not provide protection against rogue messages flooding. In this article, we propose Auth-AIS, a secure, flexible, standard-compliant, and backward-compatible authentication framework to secure AIS broadcast messages. Auth-AIS leverages existing sound cryptographic tools, including TESLA and Bloom Filters, inheriting their security properties while contextualizing them in the AIS technology. Auth-AIS is a software-only solution, that can be seamlessly integrated into existing AIS deployments, without requiring any hardware replacement. Its innovative design also provides backward-compatibility—i.e., Auth-AIS messages can be received also by AIS users not adopting Auth-AIS, while renouncing at its security guarantees. Auth-AIS can work in either two configuration modes: Deterministic Security Configuration, able to achieve low-delay authentication with a message overhead of 75 percent, or Probabilistic Security Configuration, reducing the message overhead down to 35.71 percent, while experiencing a marginal increase in the authentication delay. All these security configurations guarantee an 80 bits equivalent security level and false-positive rate less than 2 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">--40</sup> . Note that these latter security parameters can easily be tuned to fit different security requirements. Finally, the source code of Auth-AIS in the GNURadio ecosystem has been released as open-source, to foster research activities from both Industry and Academia on secure AIS communications.

Topics & Concepts

Computer scienceComputer securityAuthentication (law)Spoofing attackMessage authentication codeCryptographyOverhead (engineering)Computer networkOperating systemNetwork Security and Intrusion DetectionUnderwater Vehicles and Communication SystemsMaritime Navigation and Safety
Auth-AIS: Secure, Flexible, and Backward-Compatible Authentication of Vessels AIS Broadcasts | Litcius