PL EN


Preferencje help
Widoczny [Schowaj] Abstrakt
Liczba wyników
Tytuł artykułu

BRAT: A BRidge Attack Tool for cyber security assessments of maritime systems

Treść / Zawartość
Identyfikatory
Warianty tytułu
Języki publikacji
EN
Abstrakty
EN
Today’s shipping industry is largely digitalized and networked, but by no means immune to cyber attacks. As recent incidents show, attacks, particularly those targeting on the misleading of navigation, not only pose a serious risk from an economic perspective when disrupting maritime value chains, but can also cause collisions and endanger the environment and humans. However, cyber defense has not yet been an integral part of maritime systems engineering, nor are there any automated tools to systematically assess their security level as well-established in other domains. In this paper, we therefore present a holistic BRidge Attack Tool (BRAT) that interactively offers various attack implementations targeting the communication of nautical data in maritime systems. This provides system engineers with a tool for security assessments of integrated bridge systems, enabling the identification of potential cyber vulnerabilities during the design phase. Moreover, it facilitates the development and validation of an effective cyber defense.
Twórcy
  • Fraunhofer Institute for Communication, Wachtberg, Germany
  • University of Bonn, Bonn, Germany
autor
  • Fraunhofer Institute for Communication, Wachtberg, Germany
autor
  • Fraunhofer Institute for Communication, Wachtberg, Germany
Bibliografia
  • 1. Awan, M.S., Al Ghamdi, M.A.: Understanding the Vulnerabilities in Digital Components of an Integrated Bridge System (IBS). Journal of Marine Science and Engineering. 7, 10, (2019). https://doi.org/10.3390/jmse7100350.
  • 2. Aziz, A., Tedeschi, P., Sciancalepore, S., Pietro, R.D.: SecureAIS - Securing Pairwise Vessels Communications. In: 2020 IEEE Conference on Communications and Network Security (CNS). pp. 1–9 (2020). https://doi.org/10.1109/CNS48642.2020.9162320
  • 3. Balduzzi, M., Pasta, A., Wilhoit, K.: A Security Evaluation of AIS Automated Identification System. In: Proceedings of the 30th Annual Computer Security Applications Conference. pp. 436–445 Association for Computing Machinery, New York, NY, USA (2014). https://doi.org/10.1145/2664243.2664257.
  • 4. Bhatti, J., Humphreys, T.E.: Hostile Control of Ships via False GPS Signals: Demonstration and Detection. Navigation. 64, 1, 51–66 (2017). https://doi.org/10.1002/navi.183.
  • 5. Bimco: The Guidelines on Cyber Security Onboard Ships, https://www.bimco.org/about-us-and-ourmembers/publications/the-guidelines-on-cyber-securityonboard-ships, last accessed 2021/04/19.
  • 6. BSI: IT-Grundschutz Profile for Shipping Companies - Minimum Protection for Ship Operations, https://www.bsi.bund.de/SharedDocs/Downloads/EN/B SI/Grundschutz/profiles/Profile_for_Shipping_Compani es_Minimum_Protection_for_Ship_Operations.pdf, last accessed 2021/04/19.
  • 7. ENISA: Cyber security aspects in the maritime sector, https://www.enisa.europa.eu/publications/cybersecurity-aspects-in-the-maritime-sector-1, last accessed 2021/04/19.
  • 8. Felderer, M., Büchler, M., Johns, M., Brucker, A.D., Breu, R., Pretschner, A.: Chapter One - Security Testing: A Survey. In: Memon, A. (ed.) Advances in Computers. pp. 1–51 Elsevier (2016). https://doi.org/10.1016/bs.adcom.2015.11.003.
  • 9. Goudosis, A., Katsikas, S.: Secure AIS with IdentityBased Authentication and Encryption. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation. 14, 2, 287–298 (2020). https://doi.org/10.12716/1001.14.02.03.
  • 10. Hassani, V., Crasta, N., Pascoal, A.M.: Cyber Security Issues in Navigation Systems of Marine Vessels From a Control Perspective. In: OMAE2017. , Volume 7B: Ocean Engineering (2017). https://doi.org/10.1115/OMAE201761771.
  • 11. Heering, D.: Ensuring Cybersecurity in Shipping: Reference to Estonian Shipowners. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation. 14, 2, 271–278 (2020). https://doi.org/10.12716/1001.14.02.01.
  • 12. Heering, D., Maennel, O.M., Venables, O.M.: Shortcomings in cybersecurity education for seafarers. Presented at the 5th International Conference on Maritime Technology and Engineering , Lisbon, Portugal (2020).
  • 13. Hemminghaus, C., Bauer, J., Wolsing, K.: SIGMAR: Ensuring Integrity and Authenticity of Maritime Systems using Digital Signatures. Presented at the ISNCC-TSP (2021).
  • 14. Huang, T., Zhou, J., Bytes, A.: ATG: An Attack Traffic Generation Tool for Security Testing of In-Vehicle CAN Bus. In: Proceedings of the 13th International Conference on Availability, Reliability and Security. Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3230833.3230843
  • 15. IEC 61162-450:2018: Maritime navigation and radiocommunication equipment and systems – Digital interfaces – Part 450: Multiple talkers and multiple listeners – Ethernet interconnection. (2018).
  • 16. IEC 61162-460:2018: Maritime navigation and radiocommunication equipment and systems – Digital interfaces – Part 460: Multiple talkers and multiple listeners – Ethernet interconnection – Safety and Security. (2018).
  • 17. International Maritime Organization: Guidelines on Maritime Cyber Risk Management MSC-FAL.1/Circ.3., https://www.imo.org/en/OurWork/Security/Pages/Cyber -security.aspx, last accessed 2021/04/19.
  • 18. Kessler, G.C.: Protected AIS: A Demonstration of Capability Scheme to Provide Authentication and Message Integrity. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation. 14, 2, 279–286 (2020). https://doi.org/10.12716/1001.14.02.02.
  • 19. Lund, M.S., Gulland, J.E., Hareide, O.S., Jøsok, ∅., Weum, K.O.C.: Integrity of Integrated Navigation Systems. In: 2018 IEEE Conference on Communications and Network Security (CNS). pp. 1–5 (2018). https://doi.org/10.1109/CNS.2018.8433151.
  • 20. Lund, M.S., Hareide, O.S., Jøsok, Ø.: An Attack on an Integrated Navigation System. Necesse. 3, 2, 149–163 (2018). https://doi.org/10.21339/2464-353x.3.2.149.
  • 21. Michalas, A., Murray, R.: Keep Pies Away from Kids: A Raspberry Pi Attacking Tool. In: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy. pp. 61–62 Association for Computing Machinery, New York, NY, USA (2017). https://doi.org/10.1145/3139937.3139953.
  • 22. Pavur, J., Moser, D., Strohmeier, M., Lenders, V., Martinovic, I.: A Tale of Sea and Sky On the Security of Maritime VSAT Communications. In: 2020 IEEE Symposium on Security and Privacy (SP). pp. 1384–1400 (2020). https://doi.org/10.1109/SP40000.2020.00056.
  • 23. Pfrang, S., Borcherding, A., Meier, D., Beyerer, J.: Automated security testing for web applications on industrial automation and control systems. Automatisierungstechnik. 67, 5, 383–401 (2019). https://doi.org/10.1515/auto-2019-0021.
  • 24. Psiaki, M.L., Humphreys, T.E., Stauffer, B.: Attackers can spoof navigation signals without our knowledge. Here’s how to fight back GPS lies. IEEE Spectrum. 53, 8, 26–53 (2016). https://doi.org/10.1109/MSPEC.2016.7524168.
  • 25. Santamarta, R.: White paper: Last Call for SATCOM Security, https://ioactive.com/wpcontent/uploads/2018/08/us-18-Santamarta-Last-CallFor-Satcom-Security-wp.pdf, last accessed 2021/04/19.
  • 26. Stripydog: NMEA-0183 over- IP: The unwritten rules for programmers, https://stripydog.blogspot.com/2015/03/nmea-0183-overip-unwritten-rules-for.html.
  • 27. Svilicic, B., Kristić, M., Žuškin, S., Brčić, D.: Paperless ship navigation: cyber security weaknesses. Journal of Transportation Security. 13, 3, 203–214 (2020). https://doi.org/10.1007/s12198-020-00222-2.
  • 28. Svilicic, B., Rudan, I., Frančić, V., Mohović, D.: Towards a Cyber Secure Shipboard Radar. Journal of Navigation. 73, 3, 547–558 (2020). https://doi.org/10.1017/S0373463319000808.
  • 29. Svilicic, B., Rudan, I., Jugović, A., Zec, D.: A Study on Cyber Security Threats in a Shipboard Integrated Navigational System. Journal of Marine Science and Engineering. 7, 10, (2019). https://doi.org/10.3390/jmse7100364.
  • 30. Tam, K., Jones, K.: MaCRA: a model-based framework for maritime cyber-risk assessment. WMU Journal of Maritime Affairs. 18, 1, 129–163 (2019). https://doi.org/10.1007/s13437-019-00162-2.
Uwagi
Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2021).
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-b6665c4a-9796-4422-b8b7-e2ab5ff2e2ba
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.