Identity Authentication and Blockchain Technologies for Maritime Systems
Identity, Authentication and Blockchain Technologies for Maritime Systems ENAV Underway 2019, Feb 8 th Axel Hahn Benjamin Weinert Sibylle Frösche
Table of content 1. Maritime Communication Services and Cyber Threats 2. Identity and Authentication with the Maritime Connectivity Platform (MCP) 3. Two Applications with Activities to Integrate Strong Security 1. Long-Range Identification and Tracking (LRIT) 2. Electronic Bill of Lading with blockchain (Project HAPTIK) 4. Extending the MCP towards Public Key Infrastructure (PKI) 5. Conclusions
Maritime Communication Services Automatic Identification System (AIS) GMDSS 10. 04. 2018 GPS / Electronic Nautical Charts Vessel Traffic Services / Logistics OFFIS - Institut für Informatik 3
Maritime Communication Services t o n e r Automatic Identification System (AIS) a GMDSS 10. 04. 2018 d e r u c se GPS / Electronic Nautical Charts Vessel Traffic Services / Logistics OFFIS - Institut für Informatik 4
Cyber Threats Eavesdropping e. g. on route information unsecured channel „Man in the middle“ e. g. manipulate route negotiation during collision avoidance unsecured channel 10. 04. 2018 OFFIS - Institut für Informatik 5
Cyber Threats Data manipulation on physical channel e. g. pirates manipulate GPS signal Impersonation E. g. by injecting fake AIS signal attacker pretends to be ship of country A to cause disagreements between parties I’m ship Alice 10. 04. 2018 OFFIS - Institut für Informatik 6
Background: Public Key Encryption Ship B pb. B is my public key Ship A authentication msg pv. B is my private key encryption But how does A know that the public key is indeed B’s public key? 10. 04. 2018 OFFIS - Institut für Informatik 7
Public Key Encryption with PKI Certificates Certification Authority (CA) trusts pb. B is B’s public key trusts SIG of CA Ship A authentication msg Ship B pb. B is my certified public key pv. B is my private key encryption 10. 04. 2018 OFFIS - Institut für Informatik 8
Public Key Infrastructure (PKI) pb 1 is CA 1’s public key Root CA SIG of root CA CA 1 pb. B is B’s public key . . . Issuing CAs SIG of CA 1 B 10. 04. 2018 End entities OFFIS - Institut für Informatik 9
Example: Long-Range Identification and Tracking (LRIT) > Provides for global identification and tracking of ships > LRIT information provided to governments contracting to the 1974 SOLAS Convention through a system of national, regional, and cooperative data centres > Begins with LRT information transmitted from shipborne equipment 10. 04. 2018 OFFIS - Institut für Informatik 10
Approach: Maritime Connectivity Platform (MCP) Enabling efficient, secure, reliable and seamless electronic information exchange between authorized stakeholder > Focus on e-Navigation technical services > IALA Guideline 1128 for specification of technical services > Provides Identity Management > Common authentication standards > Federated approach 10. 04. 2018 OFFIS - Institut für Informatik 11
Maritime Identity Registry (MIR) Core Component of MCP Goal: globally unique identity management > > Actors can provide their own MIR-instances Synchronization with other instances Exchange of public information only Entities can be handled by different organizations, without sharing sensitive data inside the MIR Any Service Registration of Maritime Entities MIR Maritime Identity Registry (MIR) Integration of ID Registries DFDS … 10. 04. 2018 Bimco STM OFFIS - Institut für Informatik … 12
Trading of Bill of Lading (B/L) The physical exchange of the B/L $ Bank G gu ives ar an te e transmit creates Exporteur 10. 04. 2018 transmit updates Ship owner OFFIS - Institut für Informatik receives Importeur 13
Blockchain - 10. 04. 2018 ID („Hash“) Block 3 Block 4 Block 5 Previous Hash Timestamp Nonce Merkle tree hash - tx 0, tx 1, tx 2 - tx 3, tx 4, tx 5 - tx 6, tx 7, tx 8 Port A Vessel B Port C OFFIS - Institut für Informatik 14
Concept for Electronic B/L – German Project HAPTIK Using the MCP for authentication Root CA $ MIR 1 „Europe“ MIR 2 „America“ Bank B/L Token as Blockchain Authentification Exporteur 10. 04. 2018 Ship owner Authentification Ship owner OFFIS - Institut für Informatik Importeur 15
Vision and Conclusion „Local trust between communicating parties rather than global trust. “ To see instead to hear: use it for implentig blockchain for HAPTIK Provide reference design and implementations for new standards Security is the Killer Application of the MCP 10. 04. 2018 OFFIS - Institut für Informatik 16
- Slides: 16