How can TLS certificates Secure Smart Shipping?
by Anastasios Arampatzis
“A sea” of connected devices
Using IoT devices and sensor systems in commercial vessels helps ship owners gain a competitive edge, by harnessing the full potential of data for more effective operations and decision-making.
The ship-to-shore connectivity was revolutionized by the proliferation of IoT (Internet of Things), creating a world of opportunities that perhaps nobody dared to envision a decade ago. The most obvious benefit of maritime IoT application is how it can optimize and streamline every aspect of operations at sea, at port and across fleet – from vessel tracking and predictive maintenance to crew safety and welfare.
Benefits of maritime IoT
Distinct elements such as engine and machinery components, cargo containers, fleet management and connected ports are being brought together by onboard sensors and monitoring equipment. With increasing IoT connectivity comes vast amounts of data that can be leveraged to create insights and value to make data-driven business decisions and optimize operations at all levels.
Increased performance and safety. IoT enables ship owners and managers to deal proactively with maintenance, by monitoring shipboard equipment and machinery in real time to pinpoint issues and prevent potential failures. Ensuring continuous and optimal machinery and equipment operation not only reduces costly downtime, but it also improves crew safety.
Reduced fuel consumption. Fuel costs represent as much as 50–60% of total ship operating costs, depending on the type of ship and service. Sensors and monitoring equipment onboard can collect vessel performance data and send them to the ship owner’s offices on shore for further analysis. The analyzed data can provide the ship master and chief engineer with guidance when planning the most energy-efficient route. Identifying optimal speed and engine configuration will save considerable amounts of fuel and lower carbon emission.
The need to secure IoT communications
While these technologies and systems provide significant efficiency gains for the maritime industry, they also present risks to critical systems and processes linked to the operation of systems integral to shipping. These risks may result because of vulnerabilities and gaps in the protection of IoT connected devices.
The Guidelines on Cyber Security Onboard Ships issued by BIMCO detail that
wireless access to networks on the ship should be limited to appropriate authorized devices and secured using a strong encryption key, which is changed regularly.
The guidelines also mandate the “the use of enterprise authentication systems using asymmetric encryption.”
One important step that shipping businesses can take is to install publicly trusted SSL/TLS certificates for authentication and encryption on their devices.
TLS certificates 101
The SSL/TLS protocol uses asymmetric encryption to secure data shared between two devices connected on open networks. In addition, SSL/TLS ensures that the identities of the communicating parties are validated. In the most common scenario, an HTTPS server provides to the visitor’s browser a certificate which has been digitally signed by a publicly trusted Certificate Authority (CA) like DigiCert.
The algorithm behind the SSL/TLS protocol ensures that a CA’s digitally signed certificates are practically impossible to falsify given a large enough key size. Public CAs verify the identity of applicants before issuing certificates. These digital certificates are also subject to rigorous audits by operating system and web browser vendors to be accepted and maintained in trust stores (lists of trusted root certificates installed with browser and OS software).
TLS certificates and IoT devices
SSL certificates are widely used to ensure the security, identity, and integrity of websites, but they can also be used to increase the security of IoT devices.
The best security practices and security and privacy regulations, such as GDPR or NIS Directive, require strong security credentials to trust IoT devices on networks and in online applications. Before secure communications can take place between connected devices (e.g., device and a server or a device and a mobile phone), proper authentication must take place.
TLS certificates are installed (embedded) on connected devices and used to securely authenticate one device to another, ensure that only trusted devices are allowed to connect to a server, and enable trusted communications between devices to take place.
Further, the IoT ecosystem is composed of interconnected networks of diverse systems allowing a variety of communications. Because these communications facilitate powerful services, secure communication capabilities become a critical matter. IoT brings the benefit of being able to analyze information in real-time but that same benefit can expose systems to risks such as eavesdropping on sensitive messages and/or sending fraudulent messages.
Digital certificates guarantee that the highest level of encryption is being used to secure messages and ensures that exchanged messages are not intercepted, modified, or replaced with false messages.
Enhanced IoT security
SSL/TLS certificates can be used to greatly strengthen security in internet connected IoT devices of “smart ships”:
- An IoT device can be given a publicly trusted TLS certificate, which allows users to connect to it (via their smartphone or other device) just as they would to a secure website. Because this SSL certificate is also publicly trusted, a user will not have to click through a security warning, or to add an exception on their device for a self-signed certificate.
- An IoT device can request a client certificate from a user’s device to perform specific tasks. This is commonly used in IoT devices controlling critical systems, where the authentication and authorization of the user is required.
- Once the communicating parties (device-to-device or device-to-user) have been authenticated, their connection is encrypted. This prevents the use of weak passwords and protects critical information from being intercepted during a cyberattack.
Figure 1: IoT device identity through TLS certificates. Image source: digicert.com
Digital certificates play a crucial role in establishing identity and maintaining data and device integrity. They enable device-to-device or device-to-server identity authentication. Certificates also protect the data exchanged between devices. Digital certificates are the foundation of a network’s IoT security, protecting its data, authenticating its devices, and creating trust for everyone interacting with the network. With the proliferation of IoT in the shipping industry, networks are expanding and becoming more critical. Maintaining the integrity of data and privacy has never been more important.
How ADACOM can help
ADACOM has more than 20 years of experience in providing qualified trusted services and delivering successfully both Managed PKI and on-Premise PKI complex projects all over Eastern Europe and Cyprus. In addition, ADACOM is the PKI Provider of the two largest e–Government PKI services in Greece and can provide a full range of PKI services and related strong authentication services to its customers.
Maritime organizations may either contact ADACOM’s PKI experts to seek advice on how to secure their IoT connected devices, manage their existing SSL certificates or buy the required TLS/SSL certificates from ADACOM’s e-shop.