First, before you read this... AIS actually does work amazingly well
under normal conditions. The world survived for several thousand years
without AIS for ships. But we can and should do better. We have
many of these problems elsewhere:
Jamming 4G cell [Bruce Schneier]: One Simple Trick Could Disable a City's 4G Phone Network [MIT Technology Review]
Back in 2006 when I first really started taking a look deep into AIS, I quickly realized that people were trying to use this system for things far from its original design goal of helping to reduce the changes of ships colliding by making it easier for ships to identify each other and to be able to know generally where a ship was even if radar did not detect the other ship. Post Septeber 2001, the US pushed hard for this technology to become a law-enforcement maritime domain awareness and legal tool. However, the specifications for AIS do not consider security and integrity of the system beyond anything other than friendly transceivers trying to share the spectrum and politely tell others who they are and where they are. There was zip for real authentication, encryption or protection from denial-of-service (DOS). I brought this up at the AIS06 conference (now called eNavigation). It took only a couple minutes to come up with simple and cheap mechanisms to create massive confusion from the small scale (project a ship location elsewhere) to massive global issues (commanding transceivers to random other channels or lauching ghost fleets).
I mentioned to the USCG that I'd like to write up the general issues with the hopes that we could address some of these issues as the specifications were updated. The response was direct and clear. The USCG representative said that writing such a document would be "career limiting". I'm no longer worried about my career in that way and many of the issues I mentioned have been brought up in public now. For example, Spain admitted to practicing ghost fleet generation to give their military an edge during operations. Not that their strategy is likely to work well as a deception as the opposing force is going to wonder why the attack force is broadcasting their location. The USCG actually did one of these things to real mariners by accidents. They commanded a number of unlucky ship AIS transceivers to switch marine channels on the US East Coast.
So I might as well get more of my list out there and get the discussion going. I'd like to dispelled some of the myths out there or at least get people arguing their points of view so that future iterations of AIS are more robust.
Eric Raymond (ESR) and I already started with our draft of Toils of AIS (text in asciidoc format), but that only gets to the aspects related to parsing AIS and why the specifications directly lead to increased software cost and number of bugs, which lead to less adoption and innovation in the use of AIS.
I spent about 2 hours back in April of 2011 on my white board trying to breakdown where the trouble spots are. I'm missing tons of the issues and it reflects my background (e.g. I do not know much about how the particular RF encoding impacts channel stability and direction finding).
Many of the problems that I've found are easy to solve. For example, trusting the time of the transmitters is not smart. Most AIS receiving devices have a GPS in them. If those devices logged time to the best precision possible, all sorts of issues go away and others tracked down. As it is, most receivers do not timestamp at all and those that do either log only to the nearest second or (worse yet) log the time the data was logged. For example, the USCG logged ORBCOM satellite data with the timestamp of when the data was bulk downloaded from the satellite. While that time is interesting, any really interesting processing needs to know when the signal hit the antenna.
I could go on a lot more and I hopefully will. But that's enough for now. You will find bits and pieces of this stuff strewn throughout my blog (e.g. my guess that they are using the windows time protocol inside the USCG classified network).
As a reader, you should take some of these ideas and think them through. A good experiment is think like a drug runner. How can you get some vessel into another country without raising suspicions? Is using blind spots in the receiving network, turning off your AIS transceiver, or fiddling with the settings going help or hurt your ability to avoid notice of that country's coast guard? Remember that you are running drugs as a long term business, so one time solutions do you little good. You are trying to achieve the maximum percentage of your illegal cargo getting through. Then turn around each of your ideas and try to devise how you would, as the coast guard, try to find those illegal cargos without hurting legal commerce and setting all mariners against you. Then iterate a couple of times. It can also help to take a couple people to play the role of each side with third team to evaluate both sides. I think most people will find some surprises, especially when it comes to the constraints of commerce and not pissing off the mariners who are playing by the rules. Also remember, just because you do not know how to build radios or write software and might think it is hard to do, it really is easy enough to purchase time from radio or software engineers.
![]( "AIS Security and Integrity notes from April 2011")
20110429-ais-security-integrity.jpg
Jamming 4G cell [Bruce Schneier]: One Simple Trick Could Disable a City's 4G Phone Network [MIT Technology Review]
Back in 2006 when I first really started taking a look deep into AIS, I quickly realized that people were trying to use this system for things far from its original design goal of helping to reduce the changes of ships colliding by making it easier for ships to identify each other and to be able to know generally where a ship was even if radar did not detect the other ship. Post Septeber 2001, the US pushed hard for this technology to become a law-enforcement maritime domain awareness and legal tool. However, the specifications for AIS do not consider security and integrity of the system beyond anything other than friendly transceivers trying to share the spectrum and politely tell others who they are and where they are. There was zip for real authentication, encryption or protection from denial-of-service (DOS). I brought this up at the AIS06 conference (now called eNavigation). It took only a couple minutes to come up with simple and cheap mechanisms to create massive confusion from the small scale (project a ship location elsewhere) to massive global issues (commanding transceivers to random other channels or lauching ghost fleets).
I mentioned to the USCG that I'd like to write up the general issues with the hopes that we could address some of these issues as the specifications were updated. The response was direct and clear. The USCG representative said that writing such a document would be "career limiting". I'm no longer worried about my career in that way and many of the issues I mentioned have been brought up in public now. For example, Spain admitted to practicing ghost fleet generation to give their military an edge during operations. Not that their strategy is likely to work well as a deception as the opposing force is going to wonder why the attack force is broadcasting their location. The USCG actually did one of these things to real mariners by accidents. They commanded a number of unlucky ship AIS transceivers to switch marine channels on the US East Coast.
So I might as well get more of my list out there and get the discussion going. I'd like to dispelled some of the myths out there or at least get people arguing their points of view so that future iterations of AIS are more robust.
Eric Raymond (ESR) and I already started with our draft of Toils of AIS (text in asciidoc format), but that only gets to the aspects related to parsing AIS and why the specifications directly lead to increased software cost and number of bugs, which lead to less adoption and innovation in the use of AIS.
I spent about 2 hours back in April of 2011 on my white board trying to breakdown where the trouble spots are. I'm missing tons of the issues and it reflects my background (e.g. I do not know much about how the particular RF encoding impacts channel stability and direction finding).
Many of the problems that I've found are easy to solve. For example, trusting the time of the transmitters is not smart. Most AIS receiving devices have a GPS in them. If those devices logged time to the best precision possible, all sorts of issues go away and others tracked down. As it is, most receivers do not timestamp at all and those that do either log only to the nearest second or (worse yet) log the time the data was logged. For example, the USCG logged ORBCOM satellite data with the timestamp of when the data was bulk downloaded from the satellite. While that time is interesting, any really interesting processing needs to know when the signal hit the antenna.
I could go on a lot more and I hopefully will. But that's enough for now. You will find bits and pieces of this stuff strewn throughout my blog (e.g. my guess that they are using the windows time protocol inside the USCG classified network).
As a reader, you should take some of these ideas and think them through. A good experiment is think like a drug runner. How can you get some vessel into another country without raising suspicions? Is using blind spots in the receiving network, turning off your AIS transceiver, or fiddling with the settings going help or hurt your ability to avoid notice of that country's coast guard? Remember that you are running drugs as a long term business, so one time solutions do you little good. You are trying to achieve the maximum percentage of your illegal cargo getting through. Then turn around each of your ideas and try to devise how you would, as the coast guard, try to find those illegal cargos without hurting legal commerce and setting all mariners against you. Then iterate a couple of times. It can also help to take a couple people to play the role of each side with third team to evaluate both sides. I think most people will find some surprises, especially when it comes to the constraints of commerce and not pissing off the mariners who are playing by the rules. Also remember, just because you do not know how to build radios or write software and might think it is hard to do, it really is easy enough to purchase time from radio or software engineers.
20110429-ais-security-integrity.jpg