Abstract
The maritime domain is among the critical sectors of our way of life. It is undergoing a major digital transformation introducing changes to its operations and technology. The International Maritime Organization urged the maritime community to introduce cyber risk management into their systems. This includes the continuous identification and analysis of the threat landscape. This paper investigates a novel threat against the maritime infrastructure that utilizes a prominent maritime system that is the Automatic Identification System (AIS) for establishing covert channels. We provide empirical evidence regarding its feasibility and applicability to existing and future maritime systems as well as discuss mitigation measures against it. Additionally, we demonstrate the utility of the covert channels by introducing two realistic cyber attacks against an Autonomous Passenger Ship (APS) emulated in a testing environment. Our findings confirm that AIS can be utilized for establishing covert channels for communicating Command & Control (C &C) messages and transferring small files for updating the cyber arsenal without internet access. Also, the establishment and utilization of the covert channels have been found to be possible using existing attack vectors and technologies related to a wide range of maritime systems. We hope that our findings further motivate the maritime community to increase their efforts for integrating cyber security practices into their systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
European defence agency, maritime domain (2017). https://eda.europa.eu/docs/default-source/eda-factsheets/2017-09-27-factsheet-maritime
How mitre att &ck alignment supercharges your siem (2019). www.securonix.com/how-mitre-attack-alignment-supercharges-your-siem/
Ocean shipping and shipbuilding (2019). www.oecd.org/ocean/topics/ocean-shipping/
Transport modes (2019). https://ec.europa.eu/transport/modes_en
Alternate network mediums (2021). https://attack.mitre.org/techniques/T1438/. Accessed 30 Jan 2022
Backdoor built in to widely used tax app seeded last week’s notpetya outbreak (2021). https://arstechnica.com/information-technology/2017/07/heavily-armed-police-raid-company-that-seeded-last-weeks-notpetya-outbreak/. Accessed 20 Dec 2021
Data encoding (2021). https://attack.mitre.org/techniques/T1132/. Accessed 30 Jan 2022
Data obfuscation (2021). https://attack.mitre.org/techniques/T1001/. Accessed 30 Jan 2022
Encrypted channel (2021). https://attack.mitre.org/techniques/T1573/. Accessed 30 Jan 2022
Enhancing with mitre (2021). https://documentation.wazuh.com/current/user-manual/ruleset/mitre.html
Enisa threat landscape 2021 (2021). https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021
Hardware additions (2021). https://attack.mitre.org/techniques/T1200/
Hijack execution flow: Dll search order hijacking (2021). https://attack.mitre.org/techniques/T1574/001/. Accessed 14 Mar 2022
How large is a piece of malware? (2021). https://nakedsecurity.sophos.com/2010/07/27/large-piece-malware/. Accessed 20 Dec 2021
Mitre att &ck (2021). https://attack.mitre.org/. Accessed 14 Dec 2021
Project file infection (2021). https://collaborate.mitre.org/attackics/index.php/Technique/T0873
Protocol tunneling (2021). https://attack.mitre.org/techniques/T1572/. Accessed 30 Jan 2022
Transient cyber asset (2021). https://collaborate.mitre.org/attackics/index.php/Technique/T0864
Two-way radio range, the facts about distance (2021). https://quality2wayradios.com/store/radio-range-distance. Accessed 14 Dec 2021
Amro, A.: Cyber-physical tracking of IoT devices: a maritime use case. In: Norsk IKT-konferanse for forskning og utdanning. No. 3 (2021)
Amro, A., Gkioulos, V.: Communication and cybersecurity testbed for autonomous passenger ship. In: European Symposium on Research in Computer Security, pp. 5–22. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-95484-0_1
Amro, A., Gkioulos, V., Katsikas, S.: Communication architecture for autonomous passenger ship. Proc. Inst. Mech. Eng. Part O: J. Risk Reliabil., 1748006X211002546 (2021)
Amro, A., Oruc, A., Gkioulos, V., Katsikas, S.: Navigation data anomaly analysis and detection. Information 13(3) (2022). www.mdpi.com/2078-2489/13/3/104. https://doi.org/10.3390/info13030104
Aziz, A., Tedeschi, P., Sciancalepore, S., Di Pietro, R.: Secureais-securing pairwise vessels communications. In: 2020 IEEE Conference on Communications and Network Security (CNS), pp. 1–9. IEEE (2020)
Balduzzi, M., Pasta, A., Wilhoit, K.: A security evaluation of AIS automated identification system. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 436–445 (2014)
BIMCO: the guidelines on cyber security onboard ships. BIMCO (2016)
Blauwkamp, D., Nguyen, T.D., Xie, G.G.: Toward a deep learning approach to behavior-based AIS traffic anomaly detection. In: Dynamic and Novel Advances in Machine Learning and Intelligent Cyber Security (DYNAMICS) Workshop, San Juan, PR (2018). https://faculty.nps.edu/Xie/papers/ais_analysis_18.pdf
Circular, I.D.S.: Guidance on the use of AIS application-specific messages—IMO NAV55/21/Add 1
Commission, I.I.E., et al.: Iec 61162–1 (2010)
Commission, I.I.E., et al.: Iec 61162–450 (2016)
Committee, T.M.S.: Interim guidelines on maritime cyber risk management (msc-fal.1/circ.3/rev.1). https://cutt.ly/6R8wqjN
Committee, T.M.S.: International maritime organization (imo) guidelines on maritime cyber risk management (2017). www.imo.org/en/OurWork/Security/Pages/Cyber-security.aspx
Enoch, S.Y., Lee, J.S., Kim, D.S.: Novel security models, metrics and security assessment for maritime vessel networks. Comput. Netw. 189, 107934 (2021)
Glomsrud, J., Xie, J.: A structured stpa safety and security co-analysis framework for autonomous ships. In: European Safety and Reliability conference, Germany, Hannover (2019)
Goudosis, A., Katsikas, S.: Secure AIS with identity-based authentication and encryption. TransNav: Int. J. Marine Navig. Saf. Sea Transp. 14(2) (2020)
Greenberg, A.: The untold story of notpetya, the most devastating cyberattack in history. https://bit.ly/MaerskAttack
Hareide, O.S., Jøsok, Ø., Lund, M.S., Ostnes, R., Helkala, K.: Enhancing navigator competence by demonstrating maritime cyber security. J. Navig. 71(5), 1025–1039 (2018)
Havdal, G., Heggelund, C.T., Larssen, C.H.: Design of a Small Autonomous Passenger Ferry. Master’s thesis, NTNU (2017)
Hemminghaus, C., Bauer, J., Padilla, E.: Brat: a bridge attack tool for cyber security assessments of maritime systems (2021)
Hooper, J.L.: Considerations for operationalizing capabilities for embedded communications signals in maritime radar. Technical report, NAVAL POSTGRADUATE SCHOOL MONTEREY CA (2018)
IMO: Resolution a.1106(29) revised guidelines for the onboard operational use of shipborne automatic identification systems (AIS) (2015)
Iphar, C., Ray, C., Napoli, A.: Data integrity assessment for maritime anomaly detection. Expert Syst. Appl. 147, 113219 (2020)
Jo, Y., Choi, O., You, J., Cha, Y., Lee, D.H.: Cyberattack models for ship equipment based on the mitre att &ck framework. Sensors 22(5), 1860 (2022)
Kessler, G.: Protected ais: a demonstration of capability scheme to provide authentication and message integrity. TransNav: Int. J. Marine Navig. Saf. Sea Transp. 14(2) (2020)
Kovanen, T., Pöyhönen, J., Lehto, M.: epilotage system of systems’ cyber threat impact evaluation. In: ICCWS 2021 16th International Conference on Cyber Warfare and Security. p. 144. Academic Conferences Limited (2021)
Leite Junior, W.C., de Moraes, C.C., de Albuquerque, C.E., Machado, R.C.S., de Sá, A.O.: A triggering mechanism for cyber-attacks in naval sensors and systems. Sensors 21(9), 3195 (2021)
Lund, M.S., Hareide, O.S., Jøsok, Ø.: An attack on an integrated navigation system (2018)
Maritime, N.R.F.N.: 46 ais safety-related messaging. https://puc.overheid.nl/nsi/doc/PUC_2045_14/1/
NMEA: National marine electronics association - nmea0183 standard (2002)
NTNU Autoferry: Autoferry - Autonomous all-electric passenger ferries for urban water transport (2018). www.ntnu.edu/autoferry
Papastergiou, S., Kalogeraki, E.-M., Polemi, N., Douligeris, C.: Challenges and issues in risk assessment in modern maritime systems. In: Tsihrintzis, G.A., Virvou, M. (eds.) Advances in Core Computer Science-Based Technologies. LAIS, vol. 14, pp. 129–156. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-41196-1_7
Pavur, J., Moser, D., Strohmeier, M., Lenders, V., Martinovic, I.: A tale of sea and sky on the security of maritime vsat communications. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1384–1400. IEEE (2020)
Raymond, E.S.: Aivdm/aivdo protocol decoding. https://gpsd.gitlab.io/gpsd/AIVDM.html
Standard, S., Greenlaw, R., Phillips, A., Stahl, D., Schultz, J.: Network reconnaissance, attack, and defense laboratories for an introductory cyber-security course. ACM Inroads 4(3), 52–64 (2013)
Std, I.: 61162–2. Maritime Navigation and radiocommunication equipment and systems-Digital interfaces-Part2: single talker and multiple listeners, high-speed transmission (1998)
Std, I.: 61162-3. Maritime Navigation and radiocommunication equipment and systems-Digital interfaces-Part3: serial data instrument network (2008)
Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., Thomas, C.B.: Mitre att &ck: design and philosophy. Technical report (2018)
Tam, K., Jones, K.: Macra: a model-based framework for maritime cyber-risk assessment. WMU J. Maritime Aff. 18(1), 129–163 (2019)
Thieme, C.A., Guo, C., Utne, I.B., Haugen, S.: Preliminary hazard analysis of a small harbor passenger ferry-results, challenges and further work. In: Journal of Physics: Conference Series, vol. 1357, p. 012024. IOP Publishing (2019)
Tran, K., Keene, S., Fretheim, E., Tsikerdekis, M.: Marine network protocols and security risks. J. Cybersecur. Priv. 1(2), 239–251 (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Amro, A., Gkioulos, V. (2022). From Click to Sink: Utilizing AIS for Command and Control in Maritime Cyber Attacks. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds) Computer Security – ESORICS 2022. ESORICS 2022. Lecture Notes in Computer Science, vol 13556. Springer, Cham. https://doi.org/10.1007/978-3-031-17143-7_26
Download citation
DOI: https://doi.org/10.1007/978-3-031-17143-7_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17142-0
Online ISBN: 978-3-031-17143-7
eBook Packages: Computer ScienceComputer Science (R0)