Tuesday, October 22, 2013

AIS Spoofing - Should We Be Concerned?

Recently there's been a few posts about fake AIS "tracks" on marinetraffic.com and other web-based AIS tracking sites. Indeed this is pretty easy to do because those sites accept "raw" AIS data over publicly accessible internet ports.

They do that because their data is crowd-sourced by thousands of volunteer "stations" around the world.
Those stations take raw received AIS data streams from an inexpensive AIS receiver and essentially just pipe it from the user's PC to their servers. So anyone with a copy of the AIS specifications could fake those sentences with an ordinary PC and this doesn't take hacking genius or unique skills or knowledge. Of course, this could be diminished by special PC software on the many receive sites that encrypt the data and/or authenticate with their servers and perhaps they will do that.

Although this is currently an issue in the design of the web-based AIS sites, more importantly it points out a potential flaw in people's thinking about what to do with those sites. The web-based AIS traffic sites aren't really designed for navigation or collision avoidance, even though there are some proponents of doing that. Rather, they are designed for viewing vessel traffic for informational purposes. The IMO some time ago even tried to discourage their use - without success due to their popularity. But people using these sites for anything other than monitoring a friend's boat positions or entertainment should consider the potential for both incorrect as well as missing data. These sites rely on monitoring stations which in some areas are sparsely populated and may have delays and coverage gaps.

So, can someone spoof actual AIS transmissions that are then received by an AIS system on-board a vessel? Yes, they could but it isn't the same thing as sending some text strings over the internet. You need an AIS transmitter and you need to control it. Easily available type approved Class B AIS transponders specifically have compliance tests to prevent this. They can only transmit autonomous Class B messages, require their own internal GPS receiver so an external position can't be given to them, and they can't be used to fake a Class A container ship message. Since Class B is single-slot, they can't transmit the multi-slot messages such as those produced by large ships to identify their names and types.

They can't be used to make a "lighthouse appear out of nowhere" as has been reported because AIS aids-to-navigation use a different message type. The Class A shipping and aids to navigations message types, access schemes, and slot timing are different than Class B making this harder to do without the manufacturer's cooperation.

None of this is impossible of course, but probably not so easy with readily available consumer AIS transponders. But of course, someone could buy an AIS base station or develop their own AIS transmitter (perhaps using an SDR platform), or the manufacturer of an existing AIS transponder might have an exploitable interface that someone could use to transmit unauthorized messages.

AIS was always designed to be an open-standard so it would completely function using many different interoperable products. And given it relies on radio transmissions, all you really need to disrupt the system is a high power transmitter tuned to the AIS frequencies. This of course isn't spoofing, but even anti-jamming technology has it's limitations. So would the extra cost and development effort justify resistance to the occasional spoof? 15 years ago it wasn't so easy to develop RF hardware so the answer was probably no, but with the latest technologies it is becoming easier.

In some ways this really isn't all that different from the much-publicized GPS spoofing concerns. What are your thoughts?

1 comment:

  1. I came across another version of the story today that said with an AIS transponder remote control commands could be sent to prevent other vessels from transmitting. I'm not sure what equipment is being used.

    But indeed, all AIS transponders are required to respond to channel management messages. However, there are some safe guards in place. For example, current Class B compliance requires that the channel management messages must come from a verified base station. This is done by looking at other messages sent by that station and its MMSI. To help prevent impersonating basestations, under the standard a Class B can't be configured to use a basestation MMSI.

    Channel management messages can also be sent via DSC to an AIS transponder. And DSC is of course also used for all sorts of things including search and rescue. Same story....