Cybersecurity Attacks on Software Logic and Error Handling within AIS Implementations : A Systematic Testing of Resilience
Khandker, S., Turtiainen, H., Costin, A., & Hämäläinen, T. (2022). Cybersecurity Attacks on Software Logic and Error Handling within AIS Implementations : A Systematic Testing of Resilience. IEEE Access, 10, 29493-29505. https://doi.org/10.1109/access.2022.3158943
Julkaistu sarjassa
IEEE AccessPäivämäärä
2022Oppiaine
TekniikkaTietotekniikkaSecure Communications Engineering and Signal ProcessingEngineeringMathematical Information TechnologySecure Communications Engineering and Signal ProcessingTekijänoikeudet
© Authors, 2022
To increase situational awareness of maritime vessels and other entities and to enable their exchange of various information, the International Maritime Organization mandated the use of the Automatic Identification System (AIS) in 2004. The AIS is a self-reporting system that uses the VHF radio link. However, any radio-based self-reporting system is prone to forgery, especially in situations where authentication of the message is not designed into the architecture. As AIS was designed in the 1990s when cyberattacks were in their infancy, it does not implement authentication or encryption; thus, it can be seen as fundamentally vulnerable against modern-day cyberattacks. This paper demonstrates and evaluates the impact of multiple cyberattacks on AIS via remote radio frequency (RF) links. Overall, we implemented and tested a total of 11 different tests/attacks on 18 AIS setups, using a controlled environment. The tested configurations were derived from heterogeneous platforms such as Windows, Android, generic receivers, and commercial transponders. The results showed that approximately 89Denial-of-Service (DoS) attacks at the AIS protocol level. Besides implementing some existing attack ideas (e.g., spoofing, DoS, and flooding), we showed some novel attack concepts in the AIS context such as a coordinated attack, overwhelming alerts, and logical vulnerabilities, all of which have the potential to cause software/system crashes in the worst-case scenarios. Moreover, an implementation/specification flaw related to the AIS preamble was identified during the experiments, which may affect the interoperability of different AIS devices. The error-handling system in AIS was also investigated. Unlike the aviation sector’s Automatic Dependent Surveillance-Broadcast (ADS-B), the maritime sector’s AIS does not effectively support any error correction method, which may contribute to RF pollution and less effective use of the overall system. The consistency of our results for a comp...
...
Julkaisija
Institute of Electrical and Electronics Engineers (IEEE)ISSN Hae Julkaisufoorumista
2169-3536Asiasanat
Julkaisu tutkimustietojärjestelmässä
https://converis.jyu.fi/converis/portal/detail/Publication/104607269
Metadata
Näytä kaikki kuvailutiedotKokoelmat
Lisätietoja rahoituksesta
This work was supported in part by the Finnish Grid and Cloud Infrastructure (FGCI) (persistent identifier urn:nbn:fi:research-infras-2016072533), in part by the Decision of the Research Dean on Research Funding within the Faculty of Information Technology of the University of Jyväskylä, and in part by the Finnish Cultural Foundation under Grant Decision 00211119.Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
Cybersecurity attacks on software logic and error handling within ADS-B implementations : systematic testing of resilience and countermeasures
Khandker, Syed; Turtiainen, Hannu; Costin, Andrei; Hämäläinen, Timo (Institute of Electrical and Electronics Engineers (IEEE), 2022)Automatic Dependent Surveillance-Broadcast (ADS-B) is a cornerstone of the next-generation digital sky and is now mandated in several countries. However, there have been many reports of serious security vulnerabilities in ... -
GDL90fuzz : Fuzzing “GDL-90 Data Interface Specification” Within Aviation Software and Avionics Devices : A Cybersecurity Pentesting Perspective
Turtiainen, Hannu; Costin, Andrei; Khandker, Syed; Hämäläinen, Timo (Institute of Electrical and Electronics Engineers (IEEE), 2022)As the core part of next-generation air transportation systems, the Automatic Dependent Surveillance-Broadcast (ADS-B) is becoming very popular. However, many (if not most) ADS-B devices and implementations support and ... -
Smart Terminal System of Systems’ Cyber Threat Impact Evaluation
Simola, Jussi; Pöyhönen, Jouni; Lehto, Martti (Academic Conferences International, 2023)Systems of system-level thinking is required when the purpose is to develop a coherent understanding of the ecosystem where every user and system requirements are divided into specific parts. The smarter project, as a part ... -
Cybersecurity risk assessment subjects in information flows
Pöyhönen, Jouni; Hummelholm, Aarne; Lehto, Martti (Academic Conferences International Ltd, 2022)A modern society includes several critical infrastructures in which digitalization can have positive impacts on the levels of autonomy and efficiency in the use of infrastructure systems. Maritime transportation is an ... -
The Impact of Operational Technology Requirements in Maritime Industries
Simola, Jussi; Paavola, Jarkko; Satopää, Piia; Vanharanta, Jani (Academic Conferences International Ltd, 2024)The maritime ecosystem and industry require more efficient and coordinated cybersecurity governance. No common cybersecurity mechanism in the maritime sector may steer the whole supply chain management, for example, in the ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.