Auth-AIS: Secure, Flexible, and Backward-Compatible Authentication of Vessels AIS Broadcasts (Proof of Concept)
Auth-AIS is a Broadcast Authentication protocol specifically designed to meet the features and bandwidth constraints of the Automatic Identification System (AIS) communication technology. It has been designed as a standard-compliant AIS application, that can be installed by Class-A and Class-B AIS transceivers to establish broadcast authentication with neighboring entities, being them either vessels or port authorities.
A Proof of Concept using GNURadio and Ettus Research X310 SDRs on how to set up broadcast authentication between two AIS transceivers. It supports different security levels: 1, 2, 3, 4, 5 and 6 that can support different scenarios that a maritime vessel could require.
For further details, please refer to the paper.
A small demo showing Auth-AIS in rejecting impersonation and replay attacks. For details see the demo folder
Usage of AIS is increasing rapidly, yet literature on it is scarce. The available literature, provides contribution on it that is not standard compliant or could be done just using a simple software update. Thus, our contribution is to raise awareness about this and provide a solution that is standard compliant and backwards compatible.
This project has two parts, two C++ programs and a flowgraph in GNURadio. To set them up:
- Install gnuradio software
- Install gr-aistx_with_input block to gnuradio (instructions inside the block folder on how to compile and install it). If you are using PyBOMBS, please initialize your environment first.
- Open ais_transceiever.grc flowgraph in GNURadio.
- Make sure ports 51999 and 5200 are not adopted by any network protocol.
- Execute recvr or compile receiver.cpp code from the source to start the receiver.
- Execute main or compile main.cpp code from the source to start the transmitter.
To compile from source or use a different security level for main.cpp, go to src folder and use the following command:
g++ -O2 -DSECURITY_LEVEL=1 main.cpp BloomFilter.cpp smhasher-master/src/MurmurHash3.cpp core-master/cpp/core.a ./ais_receiver/*.c -o main
To compile from source for receiver.cpp, go to src folder and use the following command:
g++ -O2 receiver.cpp ais_receiver/*.c core-master/cpp/core.a BloomFilter.cpp smhasher-master/src/MurmurHash3.cpp -o recvr
In order to set a different security level, you can add flag -DSECURITY_LEVEL=t that ranges from 0 to 6. Following table provides information about the different security levels.
Security Level | Description |
---|---|
0 | No Security. AIS communications are still performed in clear-text, without any authentication service. |
1 | Deterministic Security Configuration, Digest Size of 49 bytes, key size of 16 bytes, sent out for every AIS message (overhead=75%) |
2 | Deterministic Security Configuration, Digest Size of 21 bytes, key size of 16 bytes, sent out for every AIS message (overhead=66.67%) |
3 | Probabilistic Security Configuration, Option 1, BloomFilter size of 17 bytes, digest Size of 32 bytes, keysize of 16 bytes, sent out for every N=2 AIS messages (overhead=60%) |
4 | Probabilistic Security Configuration, Option 1, BloomFilter size of 29 bytes, digest Size of 20 bytes, keysize of 16 bytes, sent out for every N=4 AIS messages (overhead=42.86%) |
5 | Probabilistic Security Configuration, Option 2, BloomFilter size of 65 bytes, digest Size of 20 bytes, and key size of 16 bytes, sent out every N= 9 AIS messages (overhead=35.71%) |
6 | Probabilistic Security Configuration, Option 2, BloomFilter size of 65 bytes, digest Size of 49 bytes, and key size of 16 bytes, sent out every N=9 AIS messages (overhead=40%); |
Other flags include:
-DPORT_SEND or -DPORT_RECEIVE to set another port for send/receive sockets
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
- Ahmed Aziz ([email protected])
- Pietro Tedeschi ([email protected])
- Savio Sciancalepore ([email protected])
- Roberto Di Pietro ([email protected])
Division of Information and Computing Technology (ICT), College of Science and Engineering (CSE)
Hamad Bin Khalifa University (HBKU), Doha, Qatar
Credits go to the original authors of TESLA protocol, MIRACL Core Crypto library, gr_aistx and ais_receiver whose original efforts made this possible:
https://github.com/miracl/core
https://github.com/trendmicro/ais
https://github.com/juan0fran/ais_rx
Auth-AIS is released under the BSD 3-Clause license.