4.1 Identity Authentication and Blockchain Technologies For Maritime Systems HAHN

Identity, Authentication and
Blockchain Technologies for

Maritime Systems
ENAV Underway 2019, Feb 8th
Axel Hahn
Benjamin Weinert
Sibylle Frösche
Table of content
1. Maritime Communication Services and Cyber Threats

2. Identity and Authentication with the Maritime Connectivity Platform (MCP)
3. Two Applications with Activities to Integrate Strong Security
1. Long-Range Identification and Tracking (LRIT)
2. Electronic Bill of Lading with blockchain (Project HAPTIK)
4. Extending the MCP towards Public Key Infrastructure (PKI)
5. Conclusions
Maritime Communication Services
Automatic Identification System (AIS) GPS / Electronic Nautical Charts
GMDSS Vessel Traffic Services / Logistics

10.04.2018 OFFIS - Institut für Informatik 3
Maritime Communication Services
u re d
o t
Automatic Identification System (AIS)
n sec GPS / Electronic Nautical Charts
are
GMDSS Vessel Traffic Services / Logistics
Cyber Threats
Eavesdropping
unsecured
e.g. on route information
channel
„Man in the middle“

e.g. manipulate route
negotiation during collision
unsecured
channel
avoidance

Cyber Threats
Data manipulation on physical

channel
e.g. pirates manipulate GPS signal
Impersonation
I’m ship E.g. by injecting fake AIS signal
Alice attacker pretends to be ship of
country A to cause disagreements
between parties

Background: Public Key Encryption
Ship B
pbB is my
Ship A public key
pvB is my
private key
authentication msg
encryption
But how does A know that the public key is indeed B’s public key?

Public Key Encryption with PKI Certificates
Certification Authority (CA)
trusts pbB is B’s trusts

public key
SIG of CA
pbB is my
certified
public key pvB is my
Ship A Ship B private key
authentication msg
encryption
Public Key Infrastructure (PKI)
pb1 is CA1’s
public key Root CA
SIG of
root CA
CA1
pbB is B’s
public key ... Issuing CAs
SIG of
CA1
B End entities

Example: Long-Range Identification and Tracking (LRIT)
> Provides for global identifi-cation

and tracking of ships
> LRIT information provided to

governments contracting to the
1974 SOLAS Convention through
a system of national, regional,
and cooperative data centres
> Begins with LRT information

transmitted from shipborne
equipment
Approach: Maritime Connectivity Platform (MCP)
Enabling efficient, secure, reliable and

seamless electronic information exchange
between authorized stakeholder
> Focus on e-Navigation technical
services
> IALA Guideline 1128 for specification
of technical services
> Provides Identity Management
> Common authentication
standards
> Federated approach

Maritime Identity Registry (MIR)
Core Component of MCP
Goal: globally unique identity management

> Actors can provide their own MIR-instances
> Synchronization with other instances
> Exchange of public information only
> Entities can be handled by different organizations, without sharing sensitive data inside the MIR
Any Service
Registration of Maritime Entities

MIR Maritime Identity Registry (MIR)
Integration of ID Registries
DFDS
Bimco STM …
…
Trading of Bill of Lading (B/L)
The physical exchange of the B/L
$ Gi
gu ves
ar
an
transmit transmit transmit
Bank te
e
creates updates updates receives
Exporteur Ship owner Ship owner Importeur

Blockchain
ID ID ID
(„Hash“) („Hash“) („Hash“)
Block 3 Block 4 Block 5

- Previous Hash - Previous Hash - Previous Hash
- Timestamp - Timestamp - Timestamp
- Nonce - Nonce - Nonce
- Merkle tree hash - Merkle tree hash - Merkle tree hash
- tx0, tx1, tx2 - tx3, tx4, tx5 - tx6, tx7, tx8
Port A Vessel B Port C

Concept for Electronic B/L – German Project HAPTIK
Using the MCP for authentication
Root CA
$ MIR 1
„Europe“
MIR 2
„America“
Bank
B/L Token as
Blockchain
Authentification Authentification Authentification

Exporteur Ship owner Ship owner Importeur

Vision and Conclusion
„Local trust between communicating parties

rather than global trust.“
To see instead to hear: use it for implentig blockchain for HAPTIK

Provide reference design and implementations for new standards
Security is the Killer Application of the MCP

4.1 Identity Authentication and Blockchain Technologies For Maritime Systems HAHN

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

4.1 Identity Authentication and Blockchain Technologies For Maritime Systems HAHN

Uploaded by

Copyright:

Available Formats

Identity, Authentication and

Blockchain Technologies for

1. Maritime Communication Services and Cyber Threats

Automatic Identification System (AIS) GPS / Electronic Nautical Charts

GMDSS Vessel Traffic Services / Logistics

n sec GPS / Electronic Nautical Charts

„Man in the middle“

10.04.2018 OFFIS - Institut für Informatik 5

Data manipulation on physical

10.04.2018 OFFIS - Institut für Informatik 6

10.04.2018 OFFIS - Institut für Informatik 7

Certification Authority (CA)

trusts pbB is B’s trusts

10.04.2018 OFFIS - Institut für Informatik 9

> Provides for global identifi-cation

> LRIT information provided to

> Begins with LRT information

Enabling efficient, secure, reliable and

10.04.2018 OFFIS - Institut für Informatik 11

Goal: globally unique identity management

Registration of Maritime Entities

creates updates updates receives

Exporteur Ship owner Ship owner Importeur

10.04.2018 OFFIS - Institut für Informatik 13

Block 3 Block 4 Block 5

- tx0, tx1, tx2 - tx3, tx4, tx5 - tx6, tx7, tx8

Port A Vessel B Port C

10.04.2018 OFFIS - Institut für Informatik 14

Authentification Authentification Authentification

10.04.2018 OFFIS - Institut für Informatik 15

„Local trust between communicating parties

To see instead to hear: use it for implentig blockchain for HAPTIK

10.04.2018 OFFIS - Institut für Informatik 16

You might also like