Skip to main content
Springer Nature Link
Log in

From Click to Sink: Utilizing AIS for Command and Control in Maritime Cyber Attacks

  • Conference paper
  • First Online:
Computer Security – ESORICS 2022 (ESORICS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13556))

Included in the following conference series:

Abstract

The maritime domain is among the critical sectors of our way of life. It is undergoing a major digital transformation introducing changes to its operations and technology. The International Maritime Organization urged the maritime community to introduce cyber risk management into their systems. This includes the continuous identification and analysis of the threat landscape. This paper investigates a novel threat against the maritime infrastructure that utilizes a prominent maritime system that is the Automatic Identification System (AIS) for establishing covert channels. We provide empirical evidence regarding its feasibility and applicability to existing and future maritime systems as well as discuss mitigation measures against it. Additionally, we demonstrate the utility of the covert channels by introducing two realistic cyber attacks against an Autonomous Passenger Ship (APS) emulated in a testing environment. Our findings confirm that AIS can be utilized for establishing covert channels for communicating Command & Control (C &C) messages and transferring small files for updating the cyber arsenal without internet access. Also, the establishment and utilization of the covert channels have been found to be possible using existing attack vectors and technologies related to a wide range of maritime systems. We hope that our findings further motivate the maritime community to increase their efforts for integrating cyber security practices into their systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
€34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (Germany)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 42.79
Price includes VAT (Germany)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 53.49
Price includes VAT (Germany)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

') var buybox = document.querySelector("[data-id=id_"+ timestamp +"]").parentNode var buyingOptions = buybox.querySelectorAll(".buying-option") ;[].slice.call(buyingOptions).forEach(initCollapsibles) var buyboxMaxSingleColumnWidth = 480 function initCollapsibles(subscription, index) { var toggle = subscription.querySelector(".buying-option-price") subscription.classList.remove("expanded") var form = subscription.querySelector(".buying-option-form") var priceInfo = subscription.querySelector(".price-info") var buyingOption = toggle.parentElement if (toggle && form && priceInfo) { toggle.setAttribute("role", "button") toggle.setAttribute("tabindex", "0") toggle.addEventListener("click", function (event) { var expandedBuyingOptions = buybox.querySelectorAll(".buying-option.expanded") var buyboxWidth = buybox.offsetWidth ;[].slice.call(expandedBuyingOptions).forEach(function(option) { if (buyboxWidth <= buyboxMaxSingleColumnWidth && option != buyingOption) { hideBuyingOption(option) } }) var expanded = toggle.getAttribute("aria-expanded") === "true" || false toggle.setAttribute("aria-expanded", !expanded) form.hidden = expanded if (!expanded) { buyingOption.classList.add("expanded") } else { buyingOption.classList.remove("expanded") } priceInfo.hidden = expanded }, false) } } function hideBuyingOption(buyingOption) { var toggle = buyingOption.querySelector(".buying-option-price") var form = buyingOption.querySelector(".buying-option-form") var priceInfo = buyingOption.querySelector(".price-info") toggle.setAttribute("aria-expanded", false) form.hidden = true buyingOption.classList.remove("expanded") priceInfo.hidden = true } function initKeyControls() { document.addEventListener("keydown", function (event) { if (document.activeElement.classList.contains("buying-option-price") && (event.code === "Space" || event.code === "Enter")) { if (document.activeElement) { event.preventDefault() document.activeElement.click() } } }, false) } function initialStateOpen() { var buyboxWidth = buybox.offsetWidth ;[].slice.call(buybox.querySelectorAll(".buying-option")).forEach(function (option, index) { var toggle = option.querySelector(".buying-option-price") var form = option.querySelector(".buying-option-form") var priceInfo = option.querySelector(".price-info") if (buyboxWidth > buyboxMaxSingleColumnWidth) { toggle.click() } else { if (index === 0) { toggle.click() } else { toggle.setAttribute("aria-expanded", "false") form.hidden = "hidden" priceInfo.hidden = "hidden" } } }) } initialStateOpen() if (window.buyboxInitialised) return window.buyboxInitialised = true initKeyControls() })()

Institutional subscriptions

Similar content being viewed by others

References

  1. European defence agency, maritime domain (2017). https://eda.europa.eu/docs/default-source/eda-factsheets/2017-09-27-factsheet-maritime

  2. How mitre att &ck alignment supercharges your siem (2019). www.securonix.com/how-mitre-attack-alignment-supercharges-your-siem/

  3. Ocean shipping and shipbuilding (2019). www.oecd.org/ocean/topics/ocean-shipping/

  4. Transport modes (2019). https://ec.europa.eu/transport/modes_en

  5. Alternate network mediums (2021). https://attack.mitre.org/techniques/T1438/. Accessed 30 Jan 2022

  6. Backdoor built in to widely used tax app seeded last week’s notpetya outbreak (2021). https://arstechnica.com/information-technology/2017/07/heavily-armed-police-raid-company-that-seeded-last-weeks-notpetya-outbreak/. Accessed 20 Dec 2021

  7. Data encoding (2021). https://attack.mitre.org/techniques/T1132/. Accessed 30 Jan 2022

  8. Data obfuscation (2021). https://attack.mitre.org/techniques/T1001/. Accessed 30 Jan 2022

  9. Encrypted channel (2021). https://attack.mitre.org/techniques/T1573/. Accessed 30 Jan 2022

  10. Enhancing with mitre (2021). https://documentation.wazuh.com/current/user-manual/ruleset/mitre.html

  11. Enisa threat landscape 2021 (2021). https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021

  12. Hardware additions (2021). https://attack.mitre.org/techniques/T1200/

  13. Hijack execution flow: Dll search order hijacking (2021). https://attack.mitre.org/techniques/T1574/001/. Accessed 14 Mar 2022

  14. How large is a piece of malware? (2021). https://nakedsecurity.sophos.com/2010/07/27/large-piece-malware/. Accessed 20 Dec 2021

  15. Mitre att &ck (2021). https://attack.mitre.org/. Accessed 14 Dec 2021

  16. Project file infection (2021). https://collaborate.mitre.org/attackics/index.php/Technique/T0873

  17. Protocol tunneling (2021). https://attack.mitre.org/techniques/T1572/. Accessed 30 Jan 2022

  18. Transient cyber asset (2021). https://collaborate.mitre.org/attackics/index.php/Technique/T0864

  19. Two-way radio range, the facts about distance (2021). https://quality2wayradios.com/store/radio-range-distance. Accessed 14 Dec 2021

  20. Amro, A.: Cyber-physical tracking of IoT devices: a maritime use case. In: Norsk IKT-konferanse for forskning og utdanning. No. 3 (2021)

    Google Scholar 

  21. Amro, A., Gkioulos, V.: Communication and cybersecurity testbed for autonomous passenger ship. In: European Symposium on Research in Computer Security, pp. 5–22. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-95484-0_1

  22. Amro, A., Gkioulos, V., Katsikas, S.: Communication architecture for autonomous passenger ship. Proc. Inst. Mech. Eng. Part O: J. Risk Reliabil., 1748006X211002546 (2021)

    Google Scholar 

  23. Amro, A., Oruc, A., Gkioulos, V., Katsikas, S.: Navigation data anomaly analysis and detection. Information 13(3) (2022). www.mdpi.com/2078-2489/13/3/104. https://doi.org/10.3390/info13030104

  24. Aziz, A., Tedeschi, P., Sciancalepore, S., Di Pietro, R.: Secureais-securing pairwise vessels communications. In: 2020 IEEE Conference on Communications and Network Security (CNS), pp. 1–9. IEEE (2020)

    Google Scholar 

  25. Balduzzi, M., Pasta, A., Wilhoit, K.: A security evaluation of AIS automated identification system. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 436–445 (2014)

    Google Scholar 

  26. BIMCO: the guidelines on cyber security onboard ships. BIMCO (2016)

    Google Scholar 

  27. Blauwkamp, D., Nguyen, T.D., Xie, G.G.: Toward a deep learning approach to behavior-based AIS traffic anomaly detection. In: Dynamic and Novel Advances in Machine Learning and Intelligent Cyber Security (DYNAMICS) Workshop, San Juan, PR (2018). https://faculty.nps.edu/Xie/papers/ais_analysis_18.pdf

  28. Circular, I.D.S.: Guidance on the use of AIS application-specific messages—IMO NAV55/21/Add 1

    Google Scholar 

  29. Commission, I.I.E., et al.: Iec 61162–1 (2010)

    Google Scholar 

  30. Commission, I.I.E., et al.: Iec 61162–450 (2016)

    Google Scholar 

  31. Committee, T.M.S.: Interim guidelines on maritime cyber risk management (msc-fal.1/circ.3/rev.1). https://cutt.ly/6R8wqjN

  32. Committee, T.M.S.: International maritime organization (imo) guidelines on maritime cyber risk management (2017). www.imo.org/en/OurWork/Security/Pages/Cyber-security.aspx

  33. Enoch, S.Y., Lee, J.S., Kim, D.S.: Novel security models, metrics and security assessment for maritime vessel networks. Comput. Netw. 189, 107934 (2021)

    Article  Google Scholar 

  34. Glomsrud, J., Xie, J.: A structured stpa safety and security co-analysis framework for autonomous ships. In: European Safety and Reliability conference, Germany, Hannover (2019)

    Google Scholar 

  35. Goudosis, A., Katsikas, S.: Secure AIS with identity-based authentication and encryption. TransNav: Int. J. Marine Navig. Saf. Sea Transp. 14(2) (2020)

    Google Scholar 

  36. Greenberg, A.: The untold story of notpetya, the most devastating cyberattack in history. https://bit.ly/MaerskAttack

  37. Hareide, O.S., Jøsok, Ø., Lund, M.S., Ostnes, R., Helkala, K.: Enhancing navigator competence by demonstrating maritime cyber security. J. Navig. 71(5), 1025–1039 (2018)

    Article  Google Scholar 

  38. Havdal, G., Heggelund, C.T., Larssen, C.H.: Design of a Small Autonomous Passenger Ferry. Master’s thesis, NTNU (2017)

    Google Scholar 

  39. Hemminghaus, C., Bauer, J., Padilla, E.: Brat: a bridge attack tool for cyber security assessments of maritime systems (2021)

    Google Scholar 

  40. Hooper, J.L.: Considerations for operationalizing capabilities for embedded communications signals in maritime radar. Technical report, NAVAL POSTGRADUATE SCHOOL MONTEREY CA (2018)

    Google Scholar 

  41. IMO: Resolution a.1106(29) revised guidelines for the onboard operational use of shipborne automatic identification systems (AIS) (2015)

    Google Scholar 

  42. Iphar, C., Ray, C., Napoli, A.: Data integrity assessment for maritime anomaly detection. Expert Syst. Appl. 147, 113219 (2020)

    Article  Google Scholar 

  43. Jo, Y., Choi, O., You, J., Cha, Y., Lee, D.H.: Cyberattack models for ship equipment based on the mitre att &ck framework. Sensors 22(5), 1860 (2022)

    Article  Google Scholar 

  44. Kessler, G.: Protected ais: a demonstration of capability scheme to provide authentication and message integrity. TransNav: Int. J. Marine Navig. Saf. Sea Transp. 14(2) (2020)

    Google Scholar 

  45. Kovanen, T., Pöyhönen, J., Lehto, M.: epilotage system of systems’ cyber threat impact evaluation. In: ICCWS 2021 16th International Conference on Cyber Warfare and Security. p. 144. Academic Conferences Limited (2021)

    Google Scholar 

  46. Leite Junior, W.C., de Moraes, C.C., de Albuquerque, C.E., Machado, R.C.S., de Sá, A.O.: A triggering mechanism for cyber-attacks in naval sensors and systems. Sensors 21(9), 3195 (2021)

    Google Scholar 

  47. Lund, M.S., Hareide, O.S., Jøsok, Ø.: An attack on an integrated navigation system (2018)

    Google Scholar 

  48. Maritime, N.R.F.N.: 46 ais safety-related messaging. https://puc.overheid.nl/nsi/doc/PUC_2045_14/1/

  49. NMEA: National marine electronics association - nmea0183 standard (2002)

    Google Scholar 

  50. NTNU Autoferry: Autoferry - Autonomous all-electric passenger ferries for urban water transport (2018). www.ntnu.edu/autoferry

  51. Papastergiou, S., Kalogeraki, E.-M., Polemi, N., Douligeris, C.: Challenges and issues in risk assessment in modern maritime systems. In: Tsihrintzis, G.A., Virvou, M. (eds.) Advances in Core Computer Science-Based Technologies. LAIS, vol. 14, pp. 129–156. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-41196-1_7

    Chapter  Google Scholar 

  52. Pavur, J., Moser, D., Strohmeier, M., Lenders, V., Martinovic, I.: A tale of sea and sky on the security of maritime vsat communications. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1384–1400. IEEE (2020)

    Google Scholar 

  53. Raymond, E.S.: Aivdm/aivdo protocol decoding. https://gpsd.gitlab.io/gpsd/AIVDM.html

  54. Standard, S., Greenlaw, R., Phillips, A., Stahl, D., Schultz, J.: Network reconnaissance, attack, and defense laboratories for an introductory cyber-security course. ACM Inroads 4(3), 52–64 (2013)

    Article  Google Scholar 

  55. Std, I.: 61162–2. Maritime Navigation and radiocommunication equipment and systems-Digital interfaces-Part2: single talker and multiple listeners, high-speed transmission (1998)

    Google Scholar 

  56. Std, I.: 61162-3. Maritime Navigation and radiocommunication equipment and systems-Digital interfaces-Part3: serial data instrument network (2008)

    Google Scholar 

  57. Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., Thomas, C.B.: Mitre att &ck: design and philosophy. Technical report (2018)

    Google Scholar 

  58. Tam, K., Jones, K.: Macra: a model-based framework for maritime cyber-risk assessment. WMU J. Maritime Aff. 18(1), 129–163 (2019)

    Article  Google Scholar 

  59. Thieme, C.A., Guo, C., Utne, I.B., Haugen, S.: Preliminary hazard analysis of a small harbor passenger ferry-results, challenges and further work. In: Journal of Physics: Conference Series, vol. 1357, p. 012024. IOP Publishing (2019)

    Google Scholar 

  60. Tran, K., Keene, S., Fretheim, E., Tsikerdekis, M.: Marine network protocols and security risks. J. Cybersecur. Priv. 1(2), 239–251 (2021)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Ahmed Amro & Vasileios Gkioulos

Authors
  1. Ahmed Amro
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vasileios Gkioulos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ahmed Amro .

Editor information

Editors and Affiliations

  1. Rutgers University, Newark, NJ, USA

    Vijayalakshmi Atluri

  2. Hamad Bin Khalifa University, Doha, Qatar

    Roberto Di Pietro

  3. Technical University of Denmark, Kongens Lyngby, Denmark

    Christian D. Jensen

  4. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Amro, A., Gkioulos, V. (2022). From Click to Sink: Utilizing AIS for Command and Control in Maritime Cyber Attacks. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds) Computer Security – ESORICS 2022. ESORICS 2022. Lecture Notes in Computer Science, vol 13556. Springer, Cham. https://doi.org/10.1007/978-3-031-17143-7_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-17143-7_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-17142-0

  • Online ISBN: 978-3-031-17143-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics