When I am in the United States I tend to overwork, especially up in the air as many planes today are WiFi-enabled. I just got back from New Orleans, a city with a vibrant atmosphere that I found musically and culturally rich.
New Orleans was the venue of this year’s Annual Computer Security Applications Conference (ACSAC), which celebrated its 30th anniversary this year. An outstanding program of 47 selected papers (out of 237 submissions) were presented during the three-day conference.
One of these was our work titled A Security Evaluation of AIS: Automated Identification System. AIS is a cyber-physical system (CPS) commonly used in the marine industry for vessels traffic monitoring and assistance. Given its importance in collision detection, search and rescue operations and piracy prevention, we conducted a unique security evaluation. Our findings show that both the implementation of AIS, as well as the protocol specification, are affected by several threats including spoofing, hijacking and availability disruption.
More broadly, we expect to see a rise in the number of attacks against cyber-physical systems in the near future. Recent attacks on SCADA systems highlight the importance – and vulnerability – of these important systems.
This publication concludes our investigation of AIS, as well as our multiple presentations at leading industrial and academic conferences all over the world.
In addition to the paper which we linked to earlier, we are also making available our presentation slides, as well as the source code of the AIS transmitter we used in this research project. We would like to give special thanks to the forward-looking research team who supported the research in different forms.