Demonstrating the Broadcast of Authenticated AIS Messages Using VDES While Retaining Backwards Compatibility ^†

Abstract

The spoofing of Automatic Identification System (AIS) messages presents a hazard to safe maritime navigation. To prevent such spoofing, we present an authentication system based on Public Key Cryptography (PKC) that is both fully open source and backwards compatible with mariners’ existing use of the AIS. Using this, we have successfully demonstrated the ‘live’, over-the-air broadcast of authenticated AIS messages in a busy radio environment. The technique used is an improvement upon earlier work in that digital signatures are carried using the terrestrial VHF Data Exchange (VDE-TER) component of the VHF Data Exchange System (VDES). This prevents additional channel loading on the AIS and offers greater flexibility.

1. Introduction

The Automatic Identification System (AIS) has been a cornerstone of maritime communication for years, providing a data exchange between nearby ships, as well as between ships and nearby coastal stations. The VHF Data Exchange System (VDES) emerges as a natural extension, building upon AIS by incorporating three additional components: the Application Specific Message (ASM) component, the terrestrial VHF Data Exchange (VDE-TER) component, and the satellite VHF Data Exchange (VDE-SAT) component. Together, these four components all operate on frequencies in the maritime VHF band [1].

At the time of writing, no authentication system has been determined for VDES user messages (i.e., those AIS, ASM, VDE-TER, or VDE-SAT messages intended for end users). Without an authentication system, it is possible for a bad actor to transmit (spoof) any such user message, which will be taken at face value; received and processed by any VDES receiver within range as if the message was sent by a genuine actor.

Whilst all VDES user messages may be spoofed, of particular concern is the spoofing of AIS messages broadcasting data such as marine Virtual Aids to Navigation (VAtoN) and Differential Global Navigation Satellite System (DGNSS) corrections. This is because, unlike spoofing the presence of a physical Aid to Navigation (AtoN) or vessel position, this data cannot be verified visually or against data from another system, such as radar, and the mariner is forced to rely on AIS data alone. This is further compounded as the mariner will not normally know the legitimate position from which these particular messages are broadcast, meaning radio direction finding or radiolocation techniques are useless in helping determine whether the message is from a genuine actor.

Also of concern are ‘hijacking’ attacks, demonstrated in Section 4.2 of this paper, in which genuine AIS message data, such as data describing an AtoN or VAtoN character, is modified by a bad actor through the broadcast of a specially constructed spoofed message. Acting maliciously, it is possible for a single transmitter to spoof and/or hijack thousands of such user messages per minute by simply ignoring time-division multiple access (TDMA) allocations.

Developing an authentication system for the AIS component of VDES presents a particular challenge as the authentication system must remain backwards compatible with the existing AIS standards, noting that significant numbers of ‘legacy’ AIS transceivers are installed and operated throughout the world’s fleet and by maritime authorities based ashore. This paper describes how backwards compatibility has been accomplished by carrying a cryptographic ‘digital signature’ separately from the AIS message in a VDE-TER channel. This paper further reports on the outcome of successful trials in which this technique was used to authenticate a VAtoN, preventing its hijacking and giving categoric proof that the VAtoN was genuine and broadcast by the General Lighthouse Authorities of the UK and Ireland (GLA) and not by an impostor. This paper also briefly describes initial steps taken to develop international VDES authentication standards incorporating this technique.

2. VDES Overview

As described previously, VDES consists of four components, namely AIS, ASM, VDE-TER and VDE-SAT [1].

AIS uses four 25 kHz VHF channels (two of which are reserved for ‘long range’ AIS messages, intended for reception by satellite) and employs Gaussian minimum-shift keying (GMSK) modulation [2]. Use of AIS is compulsory for all vessels subject to the International Maritime Organisation (IMO) convention on the Safety of Life at Sea (SOLAS) [3]. AIS supports safety of navigation and maritime domain awareness by conveying a vessel‘s identity, position, and other static, dynamic, and voyage-related information to appropriately equipped shore stations, other vessels, and aircraft. Furthermore, AIS is used to broadcast the position and characteristics of both physical and virtual AtoN, as well as, amongst a range of many other functions, convey met-hydro data and DGNSS data.

In an effort to enhance the functionality of AIS and support the development of new services, the VDES ASM, VDE-TER and VDE-SAT components were later introduced [4]. The ASM component of VDES uses two 25 kHz channels and is somewhat comparable to AIS; however, ASM supports larger message sizes due to the use of π∕4-quadrature phase shift keying (π∕4-QPSK) modulation. This offers higher spectral efficiency than the GMSK modulation used by AIS. Nonetheless, the symbol rates for AIS and ASM are both 9.6 ksym/s.

The VDE-TER component is of most relevance to this work. It has two 100 kHz-wide blocks of spectrum available in various channel configurations and offers the use of π∕4-QPSK and 16-Quadrature Amplitude Modulation (16-QAM) schemes. The net result of this is that the terrestrial VDE component supports symbol rates of 19.2 and 76.8 ksym/s as well as larger message sizes than either AIS or ASM, all of which facilitate higher data throughput.

The fourth component, VDE-SAT, extends VDES services beyond terrestrial coverage into remote areas by utilizing polar-orbiting satellites. Similar to the VDE-TER component, VDE-SAT supports multiple channel configurations with symbol rates ranging from 2.1 to 56.4 ksym/s.

3. Method of VDES Authentication

The authentication system developed by the authors makes use of public key cryptography (PKC). This is a widely used technique described in detail by Paar et al. [5]. PKC accomplishes message authentication using a system of public and private ‘keys’, essentially mathematical codes. The message sender uses a private key (kept secret and known only to them) to digitally sign the messages they send. Any recipient of those messages may then use a corresponding and openly available public key to verify the digital signature to confirm authenticity. This provides proof that the message is genuine and could only have been sent by the private key holder.

A representation of how PKC is used to authenticate an AIS message is shown in Figure 1. In this figure, a shore station is shown broadcasting a VAtoN to a nearby vessel using the standard AIS ‘message 21’ format as described by ITU-R M.1371-5 [2]. The diagram shows a simplified schematic of the AIS message 21 structure, consisting of a message header containing the Maritime Mobile Service Identity (MMSI) number of the transmitting station, and a message body describing details of the VAtoN, such as its position and character. In this particular example, the broadcast VAtoN is a north cardinal mark. Whilst this north cardinal mark is shown on the diagram, it should be remembered that VAtoN do not physically exist and are seen only on the mariner’s electronic AIS and ECDIS displays.

Figure 1 then shows that the digital signature is broadcast separately in a ‘follow-on’ message carried in a VDE-TER channel. A simplified schematic is shown of the VDE-TER message, consisting of a message header (containing the MMSI number of the transmitting station), along with a message body containing the transmission time of the message being signed (i.e., the broadcast time of the previous AIS message 21) as well as the actual digital signature.

The purpose of including the transmission time of the message being signed is twofold. Firstly, it links the VDE-TER signature message to the initial AIS message, thus allowing the recipient to identify, from amongst other radio traffic, which signature message belongs to which AIS message. Secondly, including a timestamp prevents replay attacks, preventing a bad actor from simply recording signed messages and re-broadcasting them at a later date to cause confusion (A caveat is that the timestamp must be digitally signed to prevent replay attacks, as well as the AIS message. This may be accomplished using a single digital signature using the technique described by Wimpenny et al. [6]).

In using PKC, various algorithms are available offering differing levels of speed and security. The preferred option chosen by the authors is the Elliptic Curve Digital Signature Algorithm (ECDSA) using a 256 bit key size. This combination offers a robust degree of security whilst producing digital signatures just 512 bits in size, which is small enough to fit within the limited message space available [6].

When the approach described above was first developed by Wimpenny et al., the digital signatures and timestamp were not broadcast using a VDE-TER message, but instead using a second AIS message (namely within an AIS ‘message 8’ binary broadcast message). Whilst this approach was successfully demonstrated by the authors in live broadcast trials [7], it had the disadvantage of introducing a considerable additional load on the AIS channels and so could only be practical if used to authenticate a small subset of all AIS messages broadcast. Further work by Wimpenny et al., therefore, proposed using VDE-TER channels to carry digital signatures [6]. It was shown that if using this approach, VDE-TER has sufficient bandwidth available to support the ‘universal’ authentication of all AIS messages, further noting that removing additional loading from the AIS channels helps keep them free for their original purposes [6]. Consequently, this paper will describe live broadcast trials using signatures and timestamps carried in VDE-TER channels.

It should be noted that whilst this paper focuses on the authentication of AIS messages (and AIS VAtoN in particular), the same technique of carrying a timestamp and digital signature in a separate ‘follow-on’ message may also be used to authenticate any other AIS, VDES ASM, VDE-TER and VDE-SAT message.

4. Results of ‘Live’ AIS Authentication Trials

Before conducting trials, a licence was obtained from the UK spectrum regulator, OFCOM, allowing the use of AIS and VDES frequencies within designated UK waters for experimental purposes on a non-interference basis. These trials were then conducted in September 2024, during which a signed AIS VAtoN was broadcast, then received and verified. The software used during these trials to generate, broadcast and verify AIS messages was developed by the authors and is all available under an open source licence from the GRAD GitHub page [8].

4.1. Trial Setup and Broadcast of a Digitally Signed AIS Message

A schematic diagram of the trials is shown in Figure 2. To the left of the diagram, it can be seen that broadcasts were made from the GRAD radio laboratory using a ‘CML Microcircuits VDES 1000’ transceiver. This was controlled using a IBM Thinkpad laptop computer labeled ‘Tx Laptop’ running ‘GRAD VDES Controller v0.05’ software. To the right of the diagram, it can be seen that these broadcasts were received by two separate systems aboard a ship (namely the THV Alert). These were the ship’s own systems displaying data on the ship’s ‘SAAB R5’ AIS transceiver and the ship’s ‘Sperry Marine VisionMaster’ ECDIS display, as well as a separate ‘GRAD’ system incorporating another VDES 1000 transceiver and displaying data on an IBM Thinkpad ‘Rx laptop’ computer. The Rx laptop computer ran GRAD ‘ser_ais_validator v0.1’ software and presented data on a text display as well as an ‘OpenCPN v5.10.0’ chart display, the latter as a stand-in for an ECDIS. Figure 3 is a photograph taken during the trials showing both these systems aboard THV Alert.

Before the trials began, ECDSA public and private keys were first generated and installed onto the GRAD Rx and Tx laptop computers, respectively. These keys were generated using software developed for the Maritime Identity Registry (MIR). This is a decentralised platform that aims to secure maritime data exchange through the use of PKC. The MIR concept is described by the International Organization for Marine Aids to Navigation (IALA) guideline G1183 [9].

The GRAD radio laboratory from which the broadcasts were made is at position 51.94574° N, 1.28567° E. This position is immediately adjacent to the Port of Felixstowe, one of the UK’s largest container ports. Consequently, the surrounding area is busy with AIS radio traffic from many other ships and shore-based stations.

From the GRAD radio laboratory, using ‘GRAD VDES Controller v0.05’ software, a standard ‘AIS message 21’ was first broadcast describing a VAtoN; namely a virtual north cardinal mark with the MMSI ‘992356720’ (a number allocated to the GLA) and the name ‘GRAD MARK’, appearing at position 51.89166° N, 1.423333° E. This position is within a designated GLA buoy testing ground known as the ‘Cork Hole’ and was chosen so as not to cause confusion to nearby mariners. Immediately after this AIS broadcast, the ‘follow-on’ VDE-TER broadcast was made carrying the timestamp and signature.

4.2. Receiving AIS Messages: Ship’s Systems Susceptible to Spoofing (Hijacking Attack)

Figure 4 shows photographs of the AIS transceiver and the ECDIS display aboard the ship THV Alert. Here, it can be seen that the virtual north cardinal mark is displayed correctly, as intended, on the ship’s AIS transceiver and ECDIS display. This demonstrates that the authenticated AIS message is fully backwards compatible with the ITU-R M.1371-5 AIS standard [2] and existing AIS and ECDIS systems.

However, as is the case with all ships today, the AIS and ECDIS aboard THV Alert are unable to read the VDE-TER signature message and so remain vulnerable to spoofing. To demonstrate this vulnerability, the authors chose to simulate a particularly nefarious spoofing attack in which a spoofed AIS message sent by a bad actor is used to change the VAtoN character.

This was accomplished by the simulated bad actor (using the same GRAD VDES Controller v0.05 software) broadcasting an AIS message near identical to the ‘legitimate’ AIS message, consisting of the same AIS message type (message 21) with the same name (GRAD MARK) and same MMSI (992356720), appearing at the same position (51.89166° N, 1.423333° E), except that the AtoN character is changed from a virtual north cardinal mark into a virtual south cardinal mark.

Figure 5 shows photographs of THV Alert’s AIS and ECDIS taken in by this AtoN ‘hijacking’ and displaying the incorrect character; the correct AtoN character is immediately overwritten by the spoofed message. Whilst these trials left a gap between the legitimate (north cardinal) and spoofed (south cardinal) VAtoN message broadcasts, it should be noted that if the spoofed broadcast was sent immediately after the legitimate one (within a following AIS transmission slot), the mariner would have no chance to see the legitimate message, as it would be gone too quickly.

4.3. Receiving AIS Messages and Signature: GRAD System Detects Spoofing

Whilst the ship’s systems were shown to be vulnerable to spoofing, the GRAD system is programmed to detect the presence of a signature message carried within a VDE-TER channel and attempts to verify the corresponding AIS message.

Output from the GRAD system is shown in Figure 6. The main body of this figure is a screenshot taken from the GRAD Rx laptop showing the terminal text display. This display shows all the AIS AtoN and VAtoN messages (sent using AIS message 21) received by the VDES 1000 unit. Several such AIS messages were received during the trial period; however, the two relevant to these trials are ringed in green and red.

The message ringed in green is the genuine, digitally signed north cardinal mark, appearing with the correct MMSI (992356720), correct name (GRAD MARK), and at the correct position (51.89166° N, 1.423333° E). However, the ‘follow-on’ VDE-TER signature message has also been received. Using the GRAD ‘ser_ais_validator v0.1’ software installed on the Rx Laptop computer, the VDE-TER signature message has been matched to the correct AIS message (by means of the timestamp), and through the use of the public key, the signature has been verified as genuine. This gives proof that the AIS message could only have been sent by the private key holder; in this case, the GLA. The user is therefore notified that the AIS message is genuine by the word ‘Yes’ appearing in the verified column.

Some seconds later, the AIS message is received from the simulated bad actor spoofing an AIS message in an attempt to hijack the VAtoN. This message, ringed in red, can be seen to have the same name, MMSI, and position as the genuine message, albeit with an incorrect south cardinal mark. As this message is not signed (the bad actor is incapable of correctly signing the message without the correct GLA private key), it cannot be verified, and the verified column is left blank. The mariner is thus able to determine which message is genuine and from the GLA.

Inset into Figure 6 is a screenshot taken from the ‘OpenCPN’ chart displayed on the RX Laptop computer, used as a stand-in for an ECDIS display. This shows the correct north cardinal mark and has automatically rejected the spoofed AIS ‘south cardinal mark’ message; thus, the OpenCPN display continues to show the correct mark.

Whilst the above shows the technique to be practical, it is noted that this is a ‘proof of concept’ demonstration. Further work and appropriate standardization are needed for the display of authenticated data to be integrated into ECDIS and other displays in an intuitive manner.

5. Standardization of VDES Authentication

Over the last decade, awareness of cyberthreats has been growing within the maritime industry. Consequently, cybersecurity guidelines have been published by various maritime industry bodies, including guidance from IALA (noting that IALA recommends working to provide all data in the IALA domain with a means of authentication) [10] and technical standards published by the International Electrotechnical Commission (IEC) [11]. Efforts to improve the security of maritime communications include the development of the IEC ‘SECOM’ standard, intended for the secure exchange of that data based on the International Hydrographic Organizations (IHO) S-100 Universal Hydrographic Data Model [12].

Against this background, and whilst the need to secure AIS is recognised internationally at the IMO level [13], steps to develop guidelines and standards for securing VDES (including AIS) have begun only comparatively recently. At the time of writing, these are primarily being developed through IALA and include:

• IALA G1183 Provision of MCP Identities [9]

IALA guideline G1183 describes the use of the Maritime Identity Registry (MIR), a component of the Maritime Connectivity Platform (MCP) [14]. The MIR is introduced in Section 4.1 as a decentralised platform aimed at securing maritime data exchange through the use of PKC. Importantly, the MIR provides a public key infrastructure (PKI) that is compatible with SECOM and may be used to help secure a range of other maritime services and systems, thereby ensuring cross-compatibility. The PKI provided by the MIR is well-suited to use with VDES authentication and was the PKI successfully used by the authors in these trials.

• IALA Guideline on VDES Authentication Techniques.

The IALA Digital Technologies Committee (DTEC) is developing this guideline as a harmonized approach to VDES (including AIS) authentication. The guideline is currently pending approval by the IALA Council. It has an expected publication date of June 2025 and is expected to significantly influence concurrent efforts at the IMO and IEC. The guideline provides approaches to authenticating data transmitted over VDES informed by the technique developed by the authors and identifies VAtoN authentication as a primary use case for VDES authentication.

6. Conclusions

The need to develop an authentication system for VDES (including AIS) is recognized by the maritime community and is acknowledged at the IMO level. The need is particularly recognized for services such as VAtoN where spoofing attacks cannot be verified visually or against data from another system and (as the position from which these messages are broadcast is not known) radio direction finding or radiolocation techniques are useless in determining if the message is from a genuine actor, meaning the mariner is forced to rely on AIS data alone.

The authors have developed an open-source authentication system for AIS and VDES based on PKC and have demonstrated its use in authenticating AIS messages (and in particular, a VAtoN broadcast using AIS message 21) in a backwards compatible manner in a busy AIS radio environment. The technique makes use of cryptographic digital signatures carried in a separate VDE-TER channel.

Whilst the technique is agnostic as to what PKI is used, the demonstration presented here made use of the decentralised MIR PKI, noting this may be used to support the easier adoption of VDES authentication and integration with other maritime systems (such as SECOM).

Software developed by the authors to conduct these trials is available from the GRAD GitHub page [9] and guidelines for VDES authentication informed by the approach used by the authors are under development at IALA. IALA is actively working to harmonise approaches to VDES authentication and carry them forward into international standards.