HOT PRODUCTS
Simrad StructureScan® 3D

Lowrance Hook2

HDS Carbon

NSS16 evo3




   
 
Manipulating AIS, part 2
11/29/2015

Spoofing the system is possible, but there are safeguards

  

‘What’s that ship doing in a landlocked lake in Texas?’


By all accounts, the nation’s AIS—Automatic Identification System—has been very successful in bolstering maritime safety. Because of the growing use of the technology by both commercial operators and recreational boaters, we wanted to know more about reports that the system can easily be manipulated to give false information. Last week in Part 1 we discussed one type of manipulation---Internet based. In this final part, we'll talk about another type---actually altering AIS transmissions.

  

By Glenn Hayes

AIS is an automatic tracking system used on ships and by Vessel Traffic Service (VTS) facilities for identifying and locating vessels by electronically exchanging data with other nearby ships, AIS base stations and satellites. It is an open-sourced system that relies on VHF broadcasts on open frequencies. As a result, it is vulnerable to malicious transmissions and runs the risk of being manipulated by individuals seeking to deceive the system. Just how serious and far ranging those vulnerabilities are depends on whom you ask.

AIS is vulnerable to data manipulation, spoofing and hacking, which can be broken into two main components. The most common and widely recognized issue of AIS manipulation has been with Internet-related usage of AIS data on publically available websites that display data compiled from multiple sources. It is the easiest source to manipulate and the validity of data used has been called into question. The other manipulation possibility is within the live AIS network of transmissions to and from vessels via VHF.

 

Altering transmissions

The other major type of AIS manipulation is altering actual transmissions within the AIS system from ship to ship, ship to shore or from shore-based transceivers. Although the affected area is limited to small geographic or localized areas, due to the nature of the system and its VHF transmission limitations, this form of manipulation has the possibility of affecting marine traffic directly—although the severity and extent of the threat is debated. 

There are several ways the AIS system can be compromised with fake or altered transmissions. Vessels with Class A AIS systems could use a computer and a program to transmit false GPS data, bypassing the active onboard GPS. 

Jeff Robbins of Vesper Marine, an AIS manufacturer based in New Zealand, points out that with Class B units there is no way to make the transponder send the wrong position. They have to have their own internal GPS receiver and cannot use an external GPS source, which is a built-in safety feature that is a part of type approval for the class. He points out that transmitting false data is possible, but creating false GPS information is not easy and would require equipment that is illegal in the US. (GPS data itself can also be spoofed or jammed, which we'll cover in a future blog.)

Other methods of AIS deception include turning the AIS units off and going dark while operating in port. Doing this would send up alarms, however, as the vessel could still be seen on radar and possibly visually as well. In theory a vessel near shore could configure a Class A AIS to act as a land-based AIS tower and transmit virtual AIS information or data for a phantom ship. There have been unconfirmed reports of commercial vessels transmitting false AIS information while transiting pirate-infested areas to make it appear the ships were traveling with other vessels for protection.

There is also the possibility of creating a fake terrestrial tower that transmits AIS data to onboard AIS terminals. However the Coast Guard says they now have systems in place that would detect, identify and shut down these bogus transmissions.


To the rescue

Mark and Judy Johnson of Shine Micro, an AIS manufacturer based in Gamble, WA, warn against complacency even though there have not been serious malicious issues within the AIS network. They point out that just because AIS targets show up on a screen doesn’t necessarily mean all is well. They confirmed this when a friend was demonstrating an analysis package to a client in China. Networking into a receiver in Port Townsend, WA, the friend discovered an anomaly that appeared to be a jammer of some sort. He notified Mark, who contacted the USCG VTS Center in Seattle and provided a probable location of the problem via triangulation. VTS had not detected the issue. The center in turn contacted the FCC. An investigation by a local field agent discovered that a cable near an old VHF coast station had been damaged by a backhoe, causing a constant transmission on one of the AIS frequencies. The issue was promptly resolved. 

Shine Micro solved another AIS system issue as well when one of its staff determined through data research and triangulation that a Navy vessel was inadvertently jamming signals in the San Diego area. The crew had left the ship’s AIS in warfare mode, which acted as a jammer. 

Robbins sees the threat of serious problems from AIS transmission manipulations as limited. He points out that AIS is not the only source of information that a captain or master relies on while navigating offshore, in a harbor or port. If an anomaly occurs, he says they would turn to radar, voice communication and visual verification as well as contacting port authorities and the Coast Guard. 

Jorge Arroyo, the Coast Guard’s AIS Subject Matter Expert, explains that there are far more issues with improper installation or operation of AIS than the threat of malicious spoofing or manipulation. He says that input of erroneous data or none at all into the AIS transceiver is a common issue either from laziness, ignorance or poor training. He says recent data showed that as many as 10% of vessels within the US AIS network did not enter vessel dimensions.

Dana Goward, the president and executive director of the Resilient Navigation and Timing Foundation, believes better monitoring of the system and greater enforcement of infractions are needed. There seems to be agreement that changes to the protocols are not necessarily the answer. Any changes would have to go through multiple steps and pass through various international organizations before even being considered on a national level. Doing so could take more than a decade and would not keep up with technology. There is general agreement that better funding for Coast Guard VTS centers is needed as well as support for a redundant secure verification system administered by the Coast Guard that could validate AIS transmissions. 

Arroyo summed up his thoughts this way: “AIS was designed to be an open protocol, non-secured system and because it is, widespread use has been achieved. The risks posed are very small in comparison to the benefits that can be had by using AIS, and the Coast Guard is monitoring to ensure that those risks can be mitigated.” 

 

About the author

Glenn Hayes is a freelance photographer and writer based in west central Florida. His marine and boating industry experience extends back almost three decades. A second-generation professional photographer and journalist, he specializes in marine commercial, editorial and fine art photography and writes about all aspects of the marine and travel industries. He can be reached at www.HayesStudios.com

 

 

 


Related Articles:
No News For this Zone. Please Try Later

Comments | Leave a Comment
No comments right now.

Back   
Search Articles: