Cybersecurity Attacks on Software Logic and Error Handling Within AIS Implementations: A Systematic Testing of Resilience

To increase situational awareness of maritime vessels and other entities to enable their exchange various information, the International Maritime Organization mandated use Automatic Identification System (AIS) in 2004. The AIS is a self-reporting system that uses VHF radio link. However, any radio-based prone forgery, especially situations where authentication message not designed into architecture. As was 1990s when cyberattacks were infancy, it does implement or encryption; thus, can be seen as fundamentally vulnerable against cyberattacks. This paper demonstrates evaluates impact multiple on via remote frequency (RF) links using transmission-enabled software-defined (SDR). Overall, we implemented tested total 11 different tests/attacks 19 setups, controlled environment. configurations derived from heterogeneous platforms such Windows, Android, generic receivers, commercial transponders. Our aim enhance early discovery new vulnerabilities effectively address attacks nearest future. results showed approximately 89% setups affected by Denial-of-Service (DoS) at protocol level. Besides implementing some existing attack ideas (e.g., spoofing, DoS, flooding), novel concepts context coordinated attack, overwhelming alerts, logical vulnerabilities, all which have potential cause software/system crashes worst-case scenarios. Moreover, an implementation/specification flaw related preamble identified during experiments, may affect interoperability devices. error-handling also investigated. Unlike aviation sector’s Dependent Surveillance-Broadcast (ADS-B), support error correction method, contribute RF pollution less effective overall system. consistency our for comprehensive range hardware-software indicated reliability approach, test system, evaluation results.