A Pragmatic Approach to VDES Authentication

The very-high-frequency data exchange system (VDES) is an emerging maritime radio communication system that will pave the road for novel e-navigation applications. A key problem in e-navigation is that of data authentication: determining that the data originate from a trusted party and have not undergone changes after transmission. This work considers the authentication requirements in VDES, while considering the constraints typical of the maritime environment, and analyzes several possible solutions. The proposed solution is two-tiered, with the default approach relying on digital signatures in low-traffic areas where available wireless capacity is sufficient. For areas under the control of a shore station for which available wireless capacity is low, we consider a low-overhead authentication scheme using the timed efficient stream loss-tolerant authentication (TESLA) protocol to authenticate all shore-to-ship traffic. TESLA is particularly attractive for future-proof quantum-safe cryptography, offering increased authentication data under the conditions of the low-data-rate VDES.