The present application relates to a method of protecting information fields of National Marine Electronics Association (NMEA) protocols, and also to options for building systems that implement this method. These NMEA protocols are used in vehicle control systems.
Recently, the number of cyberattacks has increased dramatically, including in the case of vehicles. Since the existing control systems of vehicles do not have the means of protection against information attacks of this kind, the attacker is not difficult to implement the desired. Using special technical means, an attacker can easily substitute information about the current coordinates of the vehicle, speed, direction of movement, coordinates of neighboring vehicles, etc. This information is used by the control system for subsequent decision-making in automatic or manual mode. Incorrectly transmitted data can lead to undesirable consequences such as:
Thus, there is an urgent need to develop a method of providing protection against cyber attacks of this kind. One option to provide this kind of protection as described in this method.
The main purpose of the method as herein described is to prevent unauthorized attacks (caused, but not limited to the substitution of transmitted data) on the vehicle control system. The implementation of the described method can be represented as a separate system or as an add-in to an existing system. The construction of the system has various options for its implementation: hardware, software or hardware.
The technology as described herein determines a method of protection of transmitted data by the NMEA protocols. Protection against unauthorized intrusion and substitution of information in the data fields of the Protocol is provided. The authentication process between devices is also provided. The implementation is an add-on to the NMEA protocols.
The NMEA protocols define the rules for the organization of data exchange between the equipment of the vehicle (mainly, but not limited to sea and rail transports). The NMEA standard is designed to provide a communication channel between the navigation equipment (time signal receiver) and the control center or control device(s).
The present invention deals with a method of protecting individual fields of NMEA message data containing, inter alia, information on the geographical coordinates of the vehicle (but not limited to). This data is the most important element of the information transmitted through NMEA.
According to the NMEA standard, vehicle navigation coordinates can only be transmitted in two types of messages: talker sentences and proprietary sentences.
The NMEA standard defines a large number (more than 50) of message variants for the output message type. Each of them is defined in the message ID field (202), namely through the SSS parameter (message ID). The message format for «the output message» type is shown in
The geographical coordinates of the vehicle for “talker sentences” are transmitted with the following SSS message IDs (202):
Geographic coordinates of transport for some established “proprietary sentences” are transmitted with the following message identifiers:
The navigation coordinates of the vessel are determined by two parameters: latitude and longitude.
The latitude value for the “talker sentences”/“proprietary sentences” types is located in one of the dataset fields (204) in
The latitude value has the following presentation format—BBBB.BBBB,a (BB—degrees; BB.BBBB—whole and fractional minutes; a—N/S).
The longitude value for the “talker sentences”/“proprietary sentences” types is in one of the dataset fields (204)
The longitude value has the following representation format—LLLLL.LLLL,a (LLL—degrees; LL.LLLL—whole and fractional minutes; a—E/W).
The information intended for protection consists of two components: BBBB.BBBB,a +LLLLL.LLLL,a (latitude+longitude).
As a way to protect these data, it is proposed to use the AES block encryption algorithm with the encryption key length 128 (AES128). However, to use this encryption method, the following conditions must be met—the length of each block must be equal to the length of the encryption key (key), namely 128 bits.
There are several ways to solve the problem of different length of the cipher key (128 bit) and the message block (76 bit) when using a block encryption algorithm. In the proposed method, the variant of using AES128 in the CFB mode is considered (Cipher Feedback mode).
To use the AES128 encryption algorithm, all devices must have the same cipher key. Therefore, this information must be communicated to the devices before they can start working. Methods and channels of transmission of the cipher key can be different and determined by organizational activities.
For CFB mode, you must additionally use the Initialization Vector (IV) parameter. This parameter, as well as the encrypted key, must be identical on all devices.
In the proposed method, parameter IV is used as a device authentication factor. The same IV can be used on a permanent basis or at each new communication session. Methods can be different and are determined by organizational activities.
Based on the above measures, the NMEA Protocol provides:
An asynchronous serial interface RS-422/485 or CAN interface is used as a communication interface to combine the device of the time signal receiver or navigation device (101) and control modules (102, 103, 104).
The NMEA protocols describe the format of transmitted messages, as well as the speed of exchange. For different standards (NMEA-0183, NMEA-2000), these parameters have different values, which are written directly in the standards.
The NMEA standard is a text Protocol (ASCII format). Messages can be of three types:
In modern vehicles, especially in shipping and rail transport, the NMEA (serial data transmission) standard is widely used for the transmission of control and control data by ship (including geographical coordinates). These serial networks are often “connected” at several points to higher-level vessel control networks, including GPS, satellite terminal, ECDIS, etc.
These serial networks (based on NMEA) are used not only to transmit geographical coordinates, but also to monitor the operation of individual parts, such as steering gears, engines, ballast pumps, etc.
In particular, due to the fact that the publication of the first versions of the NMEA standard took place in the 90-ies of XX century, this standard is not fully able to ensure the security of the transmitted data.
However, subsequent versions of the standard (including the new generation of the NMEA-2000 standard) did not solve the above problems. The main drawbacks of the NMEA standard are that all messages do not have authentication, encryption, or validation. All data is transmitted in text format as ASCII characters. This allows an attacker to change data without hindrance when connecting to a serial network (for example, by means of «a man-in-the-middle» attack). For example, using GPS-spoofing can “embed” subtle errors to slowly but surely knock the ship off course or another vehicle. Incorrect information about the position of transport can cause consequences such as:
By attacking, intruders change information about the position and speed of transport (but not limited to the substitution of these data)—that is, the data that the control system collects and transmits, for example, the port Manager, to avoid a collision with other ships. An attack on the GPS signal or connection to the control system is fraught with navigation problems up to the collision of vehicles, which always leads to serious damage, and sometimes to human victims.
The cause of these attacks is a software vulnerability of the NMEA standard. A set of measures to protect, inform, and eliminate such attacks refers to the information security of vehicles (primarily, but not limited to modern ships, railway transport).
There are several ways to protect against the presented variants of attacks: protection at the software level; and/or hardware protection.
The method presented in the present invention is designed to provide protection based on encryption/decryption of data fields of the NMEA standard, without changing the structure and sequence of fields.
After receiving the encrypted text, the NMEA message packet is generated.
The generated final parcel is sent to the communication channel. Becomes available to receivers. After receiving this parcel on the receiver side, the reverse process of de-encapsulation and decryption is performed.
Number | Date | Country | Kind |
---|---|---|---|
10201901191Y | Feb 2019 | SG | national |
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/SG2020/050059 | 2/7/2020 | WO | 00 |