12 lines
2.8 KiB
Plaintext
12 lines
2.8 KiB
Plaintext
AIS “security” considered harmful
|
|
<p>One Kelly Sweeney is <a href="http://professionalmariner.com/ME2/dirmod.asp?sid=420C4D38DC9C4E3A903315CDDC65AD72&nm=Archives&type=Publishing&mod=Publications%3A%3AArticle&mid=8F3A7027421841978F18BE895F87F791&tier=4&id=2B7832406AF24786AA2069428247FEA0&exe=Y">publicly advocating</a> that public access to AIS ship information should be prohibited in order to foil pirates and terrorists.</p>
|
|
<p>I must respectfully disagree with the premise of this article. I’m the lead of GPSD, a widely-used open-source GPS/AIS monitor daemon, and I am thus both a <a href="http://gpsd.berlios.de/AIVDM.html">domain expert on AIS</a> and a systems architect who is required to think about data security issues all the time. Attempting to “secure” AIS data would harm the public and have no security benefits. In fact, the second-order effects would be seriously bad.</p>
|
|
<p><span id="more-2038"></span></p>
|
|
<p>The public harm is obvious; people such as your friend on Puget Sound with an interest in knowing what traffic passes near them would be hindered. But it would also fail to have security benefits, because getting actual use out of AIS is in direct contradiction with the threat model.</p>
|
|
<p>AIS information has to be widely available to anyone on the water in order for the system to achieve its design purposes (notably, automated collision avoidance). This means that credentials to get access to it have to be widely distributed as well. Pirates and terrorists would have very strong incentives to steal and spoof those credentials. </p>
|
|
<p>Any security light enough to leave the system usable would be no more than a minor, easily surmountable nuisance to the bad guys; any security heavy enough to stop them would make the friction cost of enabling AIS high enough to effectively lock out many legitimate users who have actual need for it. </p>
|
|
<p>Suppose for example that AIS receivers were password-protected so that a skipper had to enter an MMSI/password pair periodically to maintain access. The consequences you’d be begging for would include (a) most boaters never changing a factory-preset password that the bad guys would swiftly learn, (b) forgetful boaters putting their passwords on post-its near the AIS receiver, (c) boats being raided and stolen for receivers with known passwords, (d) non-forgetful boaters being threatened and tortured for their passwords.</p>
|
|
<p>Ineffective security is often worse than none at all. This would be one of those cases.</p>
|
|
<p>Also see my <a href="http://esr.ibiblio.org/?p=1616">Comment to USCG on NAIS policy</a></p>
|
|
<p>(I have attempted to leave this as a comment on Captain Sweeney’s blog,. but the UI and captcha challenge there is so badly designed that I don’t know whether or not I have succeeded.)</p>
|