SecureAIS is a key establishment protocol specifically designed to meet the features and bandwidth constraints of the Automatic Identification System (AIS) communication technology. It has been designed as a standard-compliant AIS application, that can be installed by Class-A and Class-B AIS transceivers to establish secure pairwise session keys with neighboring entities, being them either vessels or port authorities. SecureAIS integrates and concatenates well-known cryptographic blocks, such as the Elliptic Curve Qu-Vanstone implicit certification scheme and the Elliptic Curve Diffie Hellman key agreement algorithm, and its security has been formally verified using the automated tool ProVerif.
A Proof of Concept using GNURadio and Ettus Research X310 SDRs on how to set up key exchange between two AIS transceivers for secure communication. It supports different security levels: none, 80, 128, 192, and 256 bits.
For further details, please refer to the paper.
Nobody has done it in a way that is standard compliant or requires just a software update to make a security service work on AIS. In theory two friendly ships can implement all of this before leaving harbour and then communicate in secrecy.
This project has two parts, a C++ program and a flowgraph in GNURadio. To set them up:
- Install gnuradio software
- Install gr-aistx_with_input block to gnuradio (instructions inside the block folder on how to compile and install it). If you are using PyBOMBS, please initialize your environment first.
- Open ais_transceiever.grc flowgraph in GNURadio.
- Make sure ports 51999 and 5200 are not adopted by any network protocol.
- Execute main or compile code from the source.
To compile from source or use a different security level:
g++ -O2 main.cpp -DSECURITY_LEVEL=1 ./secure_ais_protocol.cpp ./ais_receiver/*.c core-master/cpp/core.a -o main
In order to set a different security level, you can add flag -DSECURITY_LEVEL=t that ranges from 0 to 4.
Security Level (bits) | t |
---|---|
80 | 1 |
128 | 2 |
192 | 3 |
256 | 4 |
Other flags include:
-DPORT_SEND or -DPORT_RECEIVE to set another port for send/receive sockets
-DGEN_KEYS = true or false to set whether to generate keys or not
The security properties of SecureAIS have been verified formally and experimentally by using the open-source tool ProVerif, demonstrating enhanced security protection with respect to state-of-the-art approaches.
In order to test the security properties, download the file sais.pv and run: proverif sais.pv | grep "RESULT"
.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
- Ahmed Aziz (aaziz@mail.hbku.edu.qa)
- Pietro Tedeschi (ptedeschi@mail.hbku.edu.qa)
- Savio Sciancalepore (ssciancalepore@hbku.edu.qa)
- Roberto Di Pietro (rdipietro@hbku.edu.qa)
Division of Information and Computing Technology (ICT), College of Science and Engineering (CSE)
Hamad Bin Khalifa University (HBKU), Doha, Qatar
Credits go to the original authors of MIRACL Core Crypto library, gr_aistx and ais_receiver whose original efforts made this possible:
https://github.com/miracl/core
https://github.com/trendmicro/ais
https://github.com/juan0fran/ais_rx
SecureAIS is released under the BSD 3-Clause license.