Show simple item record

dc.contributor.authorKhandker, Syed
dc.contributor.authorTurtiainen, Hannu
dc.contributor.authorCostin, Andrei
dc.contributor.authorHämäläinen, Timo
dc.date.accessioned2022-03-28T05:22:45Z
dc.date.available2022-03-28T05:22:45Z
dc.date.issued2022
dc.identifier.citationKhandker, S., Turtiainen, H., Costin, A., & Hämäläinen, T. (2022). Cybersecurity Attacks on Software Logic and Error Handling within AIS Implementations : A Systematic Testing of Resilience. <i>IEEE Access</i>, <i>10</i>, 29493-29505. <a href="https://doi.org/10.1109/access.2022.3158943" target="_blank">https://doi.org/10.1109/access.2022.3158943</a>
dc.identifier.otherCONVID_104607269
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/80382
dc.description.abstractTo increase situational awareness of maritime vessels and other entities and to enable their exchange of various information, the International Maritime Organization mandated the use of the Automatic Identification System (AIS) in 2004. The AIS is a self-reporting system that uses the VHF radio link. However, any radio-based self-reporting system is prone to forgery, especially in situations where authentication of the message is not designed into the architecture. As AIS was designed in the 1990s when cyberattacks were in their infancy, it does not implement authentication or encryption; thus, it can be seen as fundamentally vulnerable against modern-day cyberattacks. This paper demonstrates and evaluates the impact of multiple cyberattacks on AIS via remote radio frequency (RF) links. Overall, we implemented and tested a total of 11 different tests/attacks on 18 AIS setups, using a controlled environment. The tested configurations were derived from heterogeneous platforms such as Windows, Android, generic receivers, and commercial transponders. The results showed that approximately 89Denial-of-Service (DoS) attacks at the AIS protocol level. Besides implementing some existing attack ideas (e.g., spoofing, DoS, and flooding), we showed some novel attack concepts in the AIS context such as a coordinated attack, overwhelming alerts, and logical vulnerabilities, all of which have the potential to cause software/system crashes in the worst-case scenarios. Moreover, an implementation/specification flaw related to the AIS preamble was identified during the experiments, which may affect the interoperability of different AIS devices. The error-handling system in AIS was also investigated. Unlike the aviation sector’s Automatic Dependent Surveillance-Broadcast (ADS-B), the maritime sector’s AIS does not effectively support any error correction method, which may contribute to RF pollution and less effective use of the overall system. The consistency of our results for a comp...en
dc.format.mimetypeapplication/pdf
dc.language.isoeng
dc.publisherInstitute of Electrical and Electronics Engineers (IEEE)
dc.relation.ispartofseriesIEEE Access
dc.rightsCC BY 4.0
dc.subject.otherAIS
dc.subject.otherattacks
dc.subject.othercybersecurity
dc.subject.otherDoS
dc.subject.othermaritime
dc.subject.otherresiliency
dc.subject.othership
dc.titleCybersecurity Attacks on Software Logic and Error Handling within AIS Implementations : A Systematic Testing of Resilience
dc.typearticle
dc.identifier.urnURN:NBN:fi:jyu-202203282067
dc.contributor.laitosInformaatioteknologian tiedekuntafi
dc.contributor.laitosFaculty of Information Technologyen
dc.contributor.oppiaineTekniikkafi
dc.contributor.oppiaineTietotekniikkafi
dc.contributor.oppiaineSecure Communications Engineering and Signal Processingfi
dc.contributor.oppiaineEngineeringen
dc.contributor.oppiaineMathematical Information Technologyen
dc.contributor.oppiaineSecure Communications Engineering and Signal Processingen
dc.type.urihttp://purl.org/eprint/type/JournalArticle
dc.type.coarhttp://purl.org/coar/resource_type/c_2df8fbb1
dc.description.reviewstatuspeerReviewed
dc.format.pagerange29493-29505
dc.relation.issn2169-3536
dc.relation.volume10
dc.type.versionpublishedVersion
dc.rights.copyright© Authors, 2022
dc.rights.accesslevelopenAccessfi
dc.subject.ysomerenkulku
dc.subject.ysokyberturvallisuus
dc.subject.ysolaivat
dc.subject.ysoverkkohyökkäykset
dc.subject.ysoidentifiointi
dc.subject.ysoresilienssi
dc.format.contentfulltext
jyx.subject.urihttp://www.yso.fi/onto/yso/p2049
jyx.subject.urihttp://www.yso.fi/onto/yso/p26189
jyx.subject.urihttp://www.yso.fi/onto/yso/p4911
jyx.subject.urihttp://www.yso.fi/onto/yso/p27466
jyx.subject.urihttp://www.yso.fi/onto/yso/p8689
jyx.subject.urihttp://www.yso.fi/onto/yso/p25253
dc.rights.urlhttps://creativecommons.org/licenses/by/4.0/
dc.relation.doi10.1109/access.2022.3158943
jyx.fundinginformationThis work was supported in part by the Finnish Grid and Cloud Infrastructure (FGCI) (persistent identifier urn:nbn:fi:research-infras-2016072533), in part by the Decision of the Research Dean on Research Funding within the Faculty of Information Technology of the University of Jyväskylä, and in part by the Finnish Cultural Foundation under Grant Decision 00211119.
dc.type.okmA1


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

CC BY 4.0
Except where otherwise noted, this item's license is described as CC BY 4.0