• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Targeted Attacks   »   Evaluating the Security of Cyber-Physical Systems: AIS (Paper and Source Code Now Available)

Evaluating the Security of Cyber-Physical Systems: AIS (Paper and Source Code Now Available)

  • Posted on:December 16, 2014 at 8:32 am
  • Posted in:Targeted Attacks
  • Author:
    Marco Balduzzi (Senior Threat Researcher)
0

When I am in the United States I tend to overwork, especially up in the air as many planes today are WiFi-enabled. I just got back from New Orleans, a city with a vibrant atmosphere that I found musically and culturally rich.

New Orleans was the venue of this year’s Annual Computer Security Applications Conference (ACSAC), which celebrated its 30th anniversary this year. An outstanding program of 47 selected papers (out of 237 submissions) were presented during the three-day conference.

One of these was our work titled A Security Evaluation of AIS: Automated Identification System. AIS is a cyber-physical system (CPS) commonly used in the marine industry for vessels traffic monitoring and assistance. Given its importance in collision detection, search and rescue operations and piracy prevention, we conducted a unique security evaluation. Our findings show that both the implementation of AIS, as well as the protocol specification, are affected by several threats including spoofing, hijacking and availability disruption.

More broadly, we expect to see a rise in the number of attacks against cyber-physical systems in the near future. Recent attacks on SCADA systems highlight the importance – and vulnerability – of these important systems.

This publication concludes our investigation of AIS, as well as our multiple presentations at leading industrial and academic conferences all over the world.

In addition to the paper which we linked to earlier, we are also making available our presentation slides, as well as the source code of the AIS transmitter we used in this research project. We would like to give special thanks to the forward-looking research team who supported the research in different forms.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: AISautomated identification systemmaritimevessels traffic monitoring

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.