In 1903 the radio pioneer Guglielmo Marconi staged a demonstration of the new technique of ‘wireless telegraphy’. Marconi had set up his wireless transmitting equipment at a clifftop location in Cornwall and had arranged to send a message using Morse code over 300 miles to an audience gathered at the London lecture theatre of the Royal Institution. At this prestigious event and in front of a crowd of onlookers, the wireless Morse code receiver tapped out its message;
“Rats Rats Rats Rats Rats”
“There was a young fellow of Italy
Who diddled the public quite prettily”
Marconi had become the first victim of a hacked radio message.
Fast forward 114 years and the ‘wireless telegraphy’ developed by Marconi has evolved, creating the radio communications and the Global Maritime Distress and Safety System (GMDSS) we are familiar with today.
Yet many of these modern maritime systems are just as vulnerable to malicious actors as the wireless telegraphy demonstrated by Marconi at the beginning of the 20th century.
Radio voice communications are vulnerable to misuse with jamming and false distress calls being two such examples. However, when computer systems communicate using radio—data communications as opposed to voice communications—the potential for harm increases.
The Automatic Identification System (AIS) is one example of maritime data communications which is vulnerable to malicious use. AIS makes use of two channels in the maritime VHF band and is primarily used as a situational awareness tool, allowing vessels to provide identification and location data from ship to ship and from ship to shore. However, AIS messages are not authenticated. This means anybody may transmit any conceivable AIS message (either by reprogramming a commercially available AIS unit or using freely available open source software and a low cost radio) and it will be taken at face value; displayed on any AIS receiver within range as if the message was genuine.
An example of this is shown in Figure 1 where a spoofed AIS message is generated describing a vessel whose path spells out ‘pwned’ meaning ‘hacked’ or ‘I own your system’. A simple spoofing attack such as this is unlikely to cause serious harm and the mariner may quickly notice a discrepancy between radar returns and AIS data which will indicate something is amiss.
However, a similar spoofing of AIS messages may be used to carry out a variety of much more nefarious attacks, one of which is spoofing ‘AIS Message 17’.
Message 17 is used to send Differential Global Navigation Satellite System (DGNSS) corrections. The message contains GNSS pseudo-range corrections which the receiver applies to improve its estimated position. It therefore follows that spoofed AIS Message 17 broadcasts could be used to broadcast false DGNSS correction data. This would cause significant problems to the safe navigation of vessels in the vicinity as spoofed DGNSS could report the vessel’s position incorrectly, leading the crew or autopilot to correct for a non-existent error and potentially lead a vessel into harm (it should be noted that AIS message 17 is not used by the General Lighthouse Authorities, but is used elsewhere).
Spoofing attacks like the ones described may all be prevented by authenticating radio transmissions; making use of digital signatures to confirm the identity of the data provider. The most practical approach to authentication is to use Public Key Cryptography (PKC), a technique commonly used with online banking and other such activities.
PKC makes use of public and private ‘keys’, essentially mathematical codes. The message sender uses a private key (kept secret and known only to them) to digitally sign data transmissions. Any recipient may then use an openly available public key to verify the digital signature to confirm authentication. This is represented in Figure 2. Such digital signatures prove that transmissions are authentic and originate from the vessel or entity they purport to be from and not a malicious third party.
PKC is not a new approach, it is used as part of the ‘International Hydrographic Organisation (IHO) S‑63 Data Protection Scheme’ to authenticate electronic navigational chart (ENC) data, thereby providing the mariner with proof that their navigational charts are authentic and may be considered safe to use.
Retrofitting existing maritime communications systems—such as AIS—with PKC would require an overhaul of the current infrastructure which is unlikely to be accomplished easily. It is, however, evident that new maritime systems—and particularly those systems which may affect a vessel’s ability to navigate safely—must incorporate an authentication mechanism (and almost certainly one based on PKC) as standard. This is particularly relevant to the developers of new e‑navigation systems, as these systems are expected to increase the integration of ships’ navigation, communications and control systems as well as provide ever larger communications bandwidths to vessels; all of which undoubtedly offer a greater potential for cyber-attacks.
One approach to the authentication of e-navigation communications is that put forward by the ‘Maritime Cloud’.
The Maritime Cloud (not to be confused with ‘cloud computing’) aims to improve data organisation, data exchange and data security by providing a set of open standards for the development of e-navigation systems. To date, the maritime cloud has been developed through several different collaborative projects, including EfficenSea, ACCSEAS, EfficienSea 2, STM (Sea Traffic Management) and the SMART Navigation project.
A key component of the Maritime Cloud is the Maritime Identity Register (MIR). Using PKC, the MIR aims to provide every maritime entity from vessels to coastal authorities with a unique verifiable identity which may be used to digitally sign communications, providing a chain of trust to prevent spoofing and corruption. Adoption of PKC using the MIR may therefore enable the provision of authenticated maritime communications allowing the wider and safer provision of critical navigation and control systems, improving the mariner’s safety.
114 years ago the response of Marconi’s colleagues was to write a letter to The Times claiming the hack was an incidence of “scientific hooliganism”. Shortly afterwards the perpetrator came forward, a Mr Nevil Maskelyne, who (in a similar manner to writing ‘pwned’ using AIS data) had carried out his hack to demonstrate publicly the new communications system as being insecure. By applying authentication to modern maritime communications, hacks such as these can be prevented allowing safe and secure data exchange for all.
This article originally appeared in the Autumn 2017 edition of Flash.