279
1 INTRODUCTION
This paper discusses the Automatic Identification
System (AIS), some of its security vulnerabilities, and
a proof-of-concept software project called Protected
AIS (pAIS) that addresses some of the identified
vulnerabilities. Sections II and III of this paper
provide a high-level overview of AIS and its security
exposures, respectively. Section IV describes public
key cryptography, the basis for the protections
provided by pAIS. Sections V and VI, respectively,
provide an overview and detailed example of the
operation of pAIS. Section VII offers some of the
limitations of pAIS as a solution and suggests further
development, followed by Summary and Conclusions
in Section VIII.
2 AIS OVERVIEW
AIS is a tracking system that allows vessels at sea to
be aware of each other’s presence (within 10-20
nautical miles or so), authorities to identify and
monitor vessels in their area of responsibility, and
ships and shore stations to exchange navigation,
meteorological, safety, and other items of information.
Following the oil spill caused when the oil tanker
Exxon Valdez ran aground in Alaska in 1989, AIS was
designed as a maritime situational awareness system
in the 1990s and adopted internationally in the 2002
International Convention for the Safety of Life at Sea
(SOLAS) [3,8].
Chapter V of the SOLAS agreement, titled "Safety
of Navigation," mandates that ships of a certain size
and/or function carry AIS transceivers as an
additional safety measure; this same mandate is
found in 33 CFR 164.46 in the United States Code of
Federal Regulations. Vessels required to operate AIS
are referred to as Class A and include ships of 300 or
Protected AIS: A Demonstration of Capability Scheme
to Provide Authentication and Message Inte
grity
.C. Kessler
-Riddle Aeronautical University, Daytona Beach, Florida, USA
ABSTRACT: The Automatic Identification System (AIS) provides situational awareness for vessels at sea. AIS
has a number of known security vulnerabilities that can lead to a several types of attacks on AIS, including the
ability to create ghost vessels, false warning or meteorological messages, or bogus virtual aids-to-navigation
(AtoN). A number of methods, with varying levels of complexity, have been proposed to better secure AIS and,
indeed, emerging AIS protocols will implement some of these mechanisms. Nevertheless, little has been done to
secure the current standards, which will remain in use for some time. This paper presents Protected AIS (pAIS),
a demonstration of capability implementation using public-key cryptography methods to address several AIS
security vulnerabilities, maintain backward compatibility, and be able to interoperate with non-pAIS devices.
International Journal
Navigation
and Safety of Sea Transportation
Volume 14
Number 2
June 2020
DOI: