BRAT: A BRidge Attack Tool for cyber security assessments of maritime systems

Hemminghaus, C.; Bauer, J.; Padilla, E.

doi:10.12716/1001.15.01.02

Artykuł - szczegóły

Tytuł artykułu

BRAT: A BRidge Attack Tool for cyber security assessments of maritime systems

Autorzy

Hemminghaus C. , Bauer J. , Padilla E.

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

DOI

10.12716/1001.15.01.02

Warianty tytułu

Języki publikacji

Abstrakty

Today’s shipping industry is largely digitalized and networked, but by no means immune to cyber attacks. As recent incidents show, attacks, particularly those targeting on the misleading of navigation, not only pose a serious risk from an economic perspective when disrupting maritime value chains, but can also cause collisions and endanger the environment and humans. However, cyber defense has not yet been an integral part of maritime systems engineering, nor are there any automated tools to systematically assess their security level as well-established in other domains. In this paper, we therefore present a holistic BRidge Attack Tool (BRAT) that interactively offers various attack implementations targeting the communication of nautical data in maritime systems. This provides system engineers with a tool for security assessments of integrated bridge systems, enabling the identification of potential cyber vulnerabilities during the design phase. Moreover, it facilitates the development and validation of an effective cyber defense.

Słowa kluczowe

cyber security Bridge Attack Tool (BRAT) cyber attack cyder defense maritime systems security assessment Integrated Bridge System (IBS) Maritime Cyber Security

Wydawca

Faculty of Navigation, Gdynia Maritime University

Czasopismo

TransNav : International Journal on Marine Navigation and Safety of Sea Transportation

Rocznik

2021

Tom

Vol. 15 No. 1

Strony

35--44

Opis fizyczny

Bibliogr. 30 poz., rys.

Twórcy

autor

Hemminghaus C.

Fraunhofer Institute for Communication, Wachtberg, Germany
University of Bonn, Bonn, Germany

autor

Bauer J.

Fraunhofer Institute for Communication, Wachtberg, Germany

autor

Padilla E.

Fraunhofer Institute for Communication, Wachtberg, Germany

Bibliografia

1. Awan, M.S., Al Ghamdi, M.A.: Understanding the Vulnerabilities in Digital Components of an Integrated Bridge System (IBS). Journal of Marine Science and Engineering. 7, 10, (2019). https://doi.org/10.3390/jmse7100350.
2. Aziz, A., Tedeschi, P., Sciancalepore, S., Pietro, R.D.: SecureAIS - Securing Pairwise Vessels Communications. In: 2020 IEEE Conference on Communications and Network Security (CNS). pp. 1–9 (2020). https://doi.org/10.1109/CNS48642.2020.9162320
3. Balduzzi, M., Pasta, A., Wilhoit, K.: A Security Evaluation of AIS Automated Identification System. In: Proceedings of the 30th Annual Computer Security Applications Conference. pp. 436–445 Association for Computing Machinery, New York, NY, USA (2014). https://doi.org/10.1145/2664243.2664257.
4. Bhatti, J., Humphreys, T.E.: Hostile Control of Ships via False GPS Signals: Demonstration and Detection. Navigation. 64, 1, 51–66 (2017). https://doi.org/10.1002/navi.183.
5. Bimco: The Guidelines on Cyber Security Onboard Ships, https://www.bimco.org/about-us-and-ourmembers/publications/the-guidelines-on-cyber-securityonboard-ships, last accessed 2021/04/19.
6. BSI: IT-Grundschutz Profile for Shipping Companies - Minimum Protection for Ship Operations, https://www.bsi.bund.de/SharedDocs/Downloads/EN/B SI/Grundschutz/profiles/Profile_for_Shipping_Compani es_Minimum_Protection_for_Ship_Operations.pdf, last accessed 2021/04/19.
7. ENISA: Cyber security aspects in the maritime sector, https://www.enisa.europa.eu/publications/cybersecurity-aspects-in-the-maritime-sector-1, last accessed 2021/04/19.
8. Felderer, M., Büchler, M., Johns, M., Brucker, A.D., Breu, R., Pretschner, A.: Chapter One - Security Testing: A Survey. In: Memon, A. (ed.) Advances in Computers. pp. 1–51 Elsevier (2016). https://doi.org/10.1016/bs.adcom.2015.11.003.
9. Goudosis, A., Katsikas, S.: Secure AIS with IdentityBased Authentication and Encryption. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation. 14, 2, 287–298 (2020). https://doi.org/10.12716/1001.14.02.03.
10. Hassani, V., Crasta, N., Pascoal, A.M.: Cyber Security Issues in Navigation Systems of Marine Vessels From a Control Perspective. In: OMAE2017. , Volume 7B: Ocean Engineering (2017). https://doi.org/10.1115/OMAE201761771.
11. Heering, D.: Ensuring Cybersecurity in Shipping: Reference to Estonian Shipowners. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation. 14, 2, 271–278 (2020). https://doi.org/10.12716/1001.14.02.01.
12. Heering, D., Maennel, O.M., Venables, O.M.: Shortcomings in cybersecurity education for seafarers. Presented at the 5th International Conference on Maritime Technology and Engineering , Lisbon, Portugal (2020).
13. Hemminghaus, C., Bauer, J., Wolsing, K.: SIGMAR: Ensuring Integrity and Authenticity of Maritime Systems using Digital Signatures. Presented at the ISNCC-TSP (2021).
14. Huang, T., Zhou, J., Bytes, A.: ATG: An Attack Traffic Generation Tool for Security Testing of In-Vehicle CAN Bus. In: Proceedings of the 13th International Conference on Availability, Reliability and Security. Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3230833.3230843
15. IEC 61162-450:2018: Maritime navigation and radiocommunication equipment and systems – Digital interfaces – Part 450: Multiple talkers and multiple listeners – Ethernet interconnection. (2018).
16. IEC 61162-460:2018: Maritime navigation and radiocommunication equipment and systems – Digital interfaces – Part 460: Multiple talkers and multiple listeners – Ethernet interconnection – Safety and Security. (2018).
17. International Maritime Organization: Guidelines on Maritime Cyber Risk Management MSC-FAL.1/Circ.3., https://www.imo.org/en/OurWork/Security/Pages/Cyber -security.aspx, last accessed 2021/04/19.
18. Kessler, G.C.: Protected AIS: A Demonstration of Capability Scheme to Provide Authentication and Message Integrity. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation. 14, 2, 279–286 (2020). https://doi.org/10.12716/1001.14.02.02.
19. Lund, M.S., Gulland, J.E., Hareide, O.S., Jøsok, ∅., Weum, K.O.C.: Integrity of Integrated Navigation Systems. In: 2018 IEEE Conference on Communications and Network Security (CNS). pp. 1–5 (2018). https://doi.org/10.1109/CNS.2018.8433151.
20. Lund, M.S., Hareide, O.S., Jøsok, Ø.: An Attack on an Integrated Navigation System. Necesse. 3, 2, 149–163 (2018). https://doi.org/10.21339/2464-353x.3.2.149.
21. Michalas, A., Murray, R.: Keep Pies Away from Kids: A Raspberry Pi Attacking Tool. In: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy. pp. 61–62 Association for Computing Machinery, New York, NY, USA (2017). https://doi.org/10.1145/3139937.3139953.
22. Pavur, J., Moser, D., Strohmeier, M., Lenders, V., Martinovic, I.: A Tale of Sea and Sky On the Security of Maritime VSAT Communications. In: 2020 IEEE Symposium on Security and Privacy (SP). pp. 1384–1400 (2020). https://doi.org/10.1109/SP40000.2020.00056.
23. Pfrang, S., Borcherding, A., Meier, D., Beyerer, J.: Automated security testing for web applications on industrial automation and control systems. Automatisierungstechnik. 67, 5, 383–401 (2019). https://doi.org/10.1515/auto-2019-0021.
24. Psiaki, M.L., Humphreys, T.E., Stauffer, B.: Attackers can spoof navigation signals without our knowledge. Here’s how to fight back GPS lies. IEEE Spectrum. 53, 8, 26–53 (2016). https://doi.org/10.1109/MSPEC.2016.7524168.
25. Santamarta, R.: White paper: Last Call for SATCOM Security, https://ioactive.com/wpcontent/uploads/2018/08/us-18-Santamarta-Last-CallFor-Satcom-Security-wp.pdf, last accessed 2021/04/19.
26. Stripydog: NMEA-0183 over- IP: The unwritten rules for programmers, https://stripydog.blogspot.com/2015/03/nmea-0183-overip-unwritten-rules-for.html.
27. Svilicic, B., Kristić, M., Žuškin, S., Brčić, D.: Paperless ship navigation: cyber security weaknesses. Journal of Transportation Security. 13, 3, 203–214 (2020). https://doi.org/10.1007/s12198-020-00222-2.
28. Svilicic, B., Rudan, I., Frančić, V., Mohović, D.: Towards a Cyber Secure Shipboard Radar. Journal of Navigation. 73, 3, 547–558 (2020). https://doi.org/10.1017/S0373463319000808.
29. Svilicic, B., Rudan, I., Jugović, A., Zec, D.: A Study on Cyber Security Threats in a Shipboard Integrated Navigational System. Journal of Marine Science and Engineering. 7, 10, (2019). https://doi.org/10.3390/jmse7100364.
30. Tam, K., Jones, K.: MaCRA: a model-based framework for maritime cyber-risk assessment. WMU Journal of Maritime Affairs. 18, 1, 129–163 (2019). https://doi.org/10.1007/s13437-019-00162-2.

Uwagi

Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2021).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-b6665c4a-9796-4422-b8b7-e2ab5ff2e2ba