An IP/Ethernet InterfaceStandard

for Marine Electronic Devices

IMEA OneNet

OneNet

© 2017 IMEA/NMEA

OneNet

“We cannot solve problems by using the same kind of thinking we used when we created them”- Albert

Einstein

© 2017 IMEA/NMEA

4

Technology Convergence

Integrations

Consolidation and Collaboration

Electrical, Mechanical and Electronic

Device and System

Maritime Electronic Drivers

Standards, Manufacturers, Integrators © 2017 IMEA/NMEA

5

E-Navigation

Automatic Identification System

Aids to Navigation (A to N)

Maritime Electronic Drivers

Upgrades, Satellites and New Requirements

Safe Navigation and CommunicationOptimal Vessel Operation

© 2017 IMEA/NMEA

6

Demand for More Information

IT Systems

Escalating Security Concerns

Ship to Ship, Ship to Shore, Shore to Ship

Maritime Electronic Drivers

Larger Networking Systems, “Big Data”

Cyber Security Demands © 2017 IMEA/NMEA

Courtesy of Ericsson

IMEA OneNet

© 2017 IMEA/NMEA

© 2016 NMEA Courtesy of Ericsson

IMEA OneNet

© 2017 IMEA/NMEA

© 2016 NMEA Courtesy of Ericsson

IMEA OneNet

5Seconds between eachmotion measurement on a ship

2,800Sensors hardwired into vessel’s control system

200Sensors in the main engine room measuring temperature and pressure

7,000Channels monitored forsituational awareness and alarms

30TBData transfer each month

$20 millionFuel cost savings/year

Source: Maersk Group with permission from Inmarsat© 2017 IMEA/NMEA

OneNet

Hyper - Connected Society

Connectivity is GLOBAL

Connectivity is an Enabler

Connectivity is not a COST

© 2017 IMEA/NMEA

OneNet

© 2017 IMEA/NMEA

Conservative statements from Cisco Visual Networking Index 2015-2020 (June 2016)

Annual global IP traffic surpassed the Zettabyte in 2016

Global IP traffic will increase nearly threefold over thenext 5 years

Global Internet traffic in 2020 will be equivalent to 95times the volume of the entire global Internet in 2005

Traffic from wireless and mobile devices will account for66% of total IP traffic by 2020.

With permission from Inmarsat© 2017 IMEA/NMEA

© 2014 NMEA

NMEA on IPNMEA OneNet

© 2017 IMEA/NMEA

OneNet

05

101520253035404550

2015 2020

7.2 7.7

13.4

40.5 ConnectedDevicesWorldPopulation

Connected Devices vs World Population

Billio

ns

Source: Intel© 2017 IMEA/NMEA

OneNet

Internet of Things (IoT)aka Networked Society

© 2017 IMEA/NMEA

Standard Committee• 50 worldwide companies participate• All categories of electronics, electrical

represented• Drafting Working Group• Beta Testing Working Group• Radar Message Working Group

IMEA OneNet Standards CommitteeIMEA OneNet

© 2017 IMEA/NMEA

MembersNMEA OneNet

Actisense Chetco Hemisphere GNSS Mercury Marine SRT

Andy Sifferman Cisco Jeppesen Microsoft Terma NA

Airmar Digital Yacht Johnson Outdoors Molex USCG (Headquarters)

Azimut Dongseo University

Kvaser Navico USCG (R&D Center)

BEP Marine ETRI KVH Net Savvy Veedims

Blue Seas Flir Larry Anderson Offshore Limited Victron Energy

Boning Automationstechnologie GmbH

Fugawi Maretron Phoenix Contact Whisper Power

Canadian Coast Guard Furuno Mastervolt Raymarine Yaesu Standard Horizon

Carling Technologies Garmin Maritime University of South Korea

RosepointNavigation

• Embraces Ethernet for Marine Networking

• Simplifies Installation, Configuration, and Use

• Interoperates with Established Marine Standards

• Extendible, Scalable Architecture

• Supports High Bandwidth Applications

• Security – A High Priority

OneNet Goals

© 2017 IMEA/NMEA

Physical Module

DatagramSecurity Module

GatewayModule

DiscoveryModule

DatagramServiceModule

ApplicationInformation

Module

PGN Transport Module

Application Security Module

CertificationVerification

Module

Base Module

DeviceArchitecture

IMEA OneNet

CertificationTesting

© 2017 IMEA/NMEA

Application Information

© 2017 IMEA/NMEA

{"manufacturer": "2πr Electronics, Inc.",

"manufacturerCode": 628,"product": "Marine Auto-π-lot 1000","productCode": 12345,"serialNumber": "ALN-21050105","softwareVersion": "1.2.15-beta","hardwareVersion": "3B","label": "Starboard Pilot","installDesc1": "Setup by Frank Jones, MarineTEK LLC","installDesc2": "Call (206) 555-1212 with issues","requiresSecureMode": true,"powerOverEthernet": {

"deviceType": "PD","class": 2,"maxPower": 5.2

} }

Datagram Services

© 2017 IMEA/NMEA

• All Datagram Services listen to multicast data on port 10111 Registered with Internet Assigned Numbers Authority (IANA)

• 16 Multicast addresses ff02::160 to ff02::16f have been reserved with IANA

• OneNet (only ff02::160 is used at the moment)

Datagram Service Fixed Header

OneNet Signature 4bytes

0x31, 0x4e, 0x45, 0x54 –“1NET”

Header Version 2 bytes 0x0001

Next Header Optional 1 bit

Next Header Type 15 bits

Message Sequence Number

2 bytes

Reserved 2 bytes

© 2017 IMEA/NMEA

PGN Transport Header Format

Next Header Optional (must be 0) 1 bit

Next Header Type (must be 0) 15 bits

Header Length 2 bytes

PGN # 4 bytes

PGN DB Version 2 bytes

PGN Sequence Number 2 bytes

Priority 1 byte

Reserved 3 bytes

Payload uses little endian to match N2K© 2017 IMEA/NMEA

OneNet uses IP v6

IPv4 IPv6Deployed 1981 1999

Address size 32-bit number 128 bit number

Address Format Dotted Decimal Notation

192.149.252.76

Hexadecimal Notation

3FFE:F200:0234:AB00: 0123:4567:8901:ABCD

Number of Addresses

232 4,294,967,296 2128

340,282,366,920,938, 463,463,374,607,431, 768,211,456

© 2017 IMEA/NMEA

Reasons…• Improved multicast routing• Simpler header format• Simplified, more efficient routing• True quality of service (QoS), also called "flow

labeling"• Built-in authentication and privacy support• Flexible options and extensions

OneNetIPv6

© 2017 IMEA/NMEA

Why IPv6?

• Some More Reasons…• IPv6 is the the future, IPv4 is the past• IPv6 offers more flexibility in routing and configuration• IPv6 has better security and true QoS management• IPv6 Allows larger number of devices

• One Really Important Reason…• “Stateless Auto-Configuration of Link Local Addresses”

© 2017 IMEA/NMEA

IMEA OneNet Cyber Security

Cyber Security-as-a-servicebest practiceTrusted partners

Trusted devices

Secured Network

© 2017 IMEA/NMEA

IMEA OneNet Cyber Security

Generally 2 Types of Cyber Attacks• Untargeted – one of many • Targeted – specifically aimed at

Group Motivation Objective

Activists (including disgruntled employees)

• Reputational damage• Disruption of operations

• Destruction of data• Publication of sensitive data• Media attention

Criminals • Financial gain• Commercial espionage• Industrial espionage

• Selling stolen data• Ransoming stolen data• Ransoming system operability• Arranging fraudulent transportation of

cargoOpportunists • The challenge • Getting through cyber security

defenses• Financial gain

StatesState sponsored organizationsTerrorists

• Political gain• Espionage • Gaining knowledge

• Disruption to economies and critical national infrastructure.Courtesy of Bimco “Guidelines on

Cyber Security onboard Ships”© 2017 NMEA

IMEA OneNet

© 2017 IMEA/NMEA

3%

6%

6%

13%

35%

39%

0 5 10 15 20 25 30 35 40 45

Coordinating Effort

Lack of Budget

Virus/Physical Attacks

Lack of Expertise

Complexity of Systems

Lack of Training

PERCENTAGE

Cyber Security: Main Issues and Challenges

Source: Ship Operators Cyber Security Survey by FutureNautics 2017 with permission from Inmarsat

IMEA OneNet

© 2017 IMEA/NMEA

44% Do not believe their company’s current IT defenses are not effective at repelling cyber attacksSource: Ship Operators Cyber Security Survey by FutureNautics 2017 with permission from Inmarsat

IMEA OneNet

© 2017 IMEA/NMEA

50% Not confident they would know about a cyber issue on board

Source: Ship Operators Cyber Security Survey by FutureNautics 2017 with permission from Inmarsat

Lower Cyber Risks:• Raise awareness • Protect shipboard IT infrastructure• Manage users, ensuring appropriate access• Protect data used onboard ships• Authorize administrator privileges for users• Protect data being communicated between the ship and the

shore side.

IMEA OneNet

© 2017 IMEA/NMEA

Key Management

Message Authentication

Network Monitoring

IMEA OneNet

© 2017 IMEA/NMEA

Key Management (Locking)• Randomly generates a private key unique to the vessel

(or segmented network on the vessel)• Installer declares trust in a device, securely sharing the

vessel key (similar to Bluetooth Pairing)• Once keys are shared, all OneNet traffic is signed

cryptographically, and authenticated on receipt• Does not rely on public key infrastructure (PKI), avoiding

problems with certificates and revocation

IMEA OneNet

© 2017 IMEA/NMEA

Message Authentication• Every transmitted message is cryptographically signed,

certifying from a trusted device• Every device validates messages it receives as being correctly

signed, ignoring invalid messages• Rolling sequence system prevents replay attacks, even in a

multi-listener multi-talker environment• Encryption

IMEA OneNet

© 2017 IMEA/NMEA

Network Monitoring• Each OneNet node reports information on errors or network

congestion• A display or MFD can use reported information to inform

operator of potential problems that affect the integrity of navigation data

• Provides some defense against denial of service attacks or other network infrastructure attacks

• Not a replacement for a properly secured network

IMEA OneNet

© 2017 IMEA/NMEA

DatagramSecurity Module

Application Security Module

IMEA OneNet

The Security Goal: Provide a significant defense against unauthorized devices or users mitigating attacks

© 2017 IMEA/NMEA

Application Security Module

IMEA OneNet

• OneNet Applications operate with Secure Mode enabled or disabled

• Applications with Secure Mode enabled possess a copy of a 2048-bit symmetric Master Key

• Secure Mode is enabled from a Human Interface Device (HID)• HIDs must allow user to disable through user interface• Only a trusted source may disable secure mode

© 2017 IMEA/NMEA

DatagramSecurity Module

IMEA OneNet

Many ideas inspired by IPsec• Datagram Services establish a relationship before transferring

secure messages • Security Association (SA)• Security Parameters Index (SPI)• Source Port• Destination Address (unicast or

multicast)• Sequence Number (SQN) – prevents

replay• 256-bit Session Key• Declared with SA Declaration message• Must transition to a new SA when SQN

reaches maximum value© 2017 IMEA/NMEA

OneNet Modules

Physical Module

DatagramSecurity Module

GatewayModule

DiscoveryModule

DatagramServiceModule

ApplicationInformation

Module

PGN Transport Module

Application Security Module

Base Module

DeviceArchitecture

CertificationVerification

Module

Certification Verification• User is informed that a device is non-

certified• Certification is verified before enabling

secure mode• Defines 8 public/private key pairs stored in

Microsoft Azure Key Vault• Private key is used to sign certification

digital certificate

© 2017 IMEA/NMEA

OneNetGet Ready for E-Navigation Applications

• IPv6 Being Deployed in All Industries Worldwide• Maritime – Small Commercial and Leisure Vessels• Necessary for future M2M, IoT and On and Off Ship

Applications• Integration of Data, Communication, and Navigation

• Potential for decades to come with future capabilities unforeseen today• Autonomous Shipping• Ship Automation• Remote Ship Infrastructure Monitoring• “Big Data” Implementations

© 2017 IMEA/NMEA

OneNet

Get Ready for E-Navigation Applications• Ship to Ship, Ship to Shore, Shore to Ship• Share Critical Data• Safe Navigation and Communication• Optimal Ship Operation• Cyber Security• Common Marine Data Structures (CMDS)

• Information and Communication to Grow Exponentially• Full Interoperability with NMEA or IEC Interfaces

© 2017 IMEA/NMEA

OneNet

Beta Working Group Team

Drafting Working Group

Resolution

OneNet Draft Standard –

What’s Left?

© 2017 IMEA/NMEA

OneNet

Draft to OneNet

Committee

Comment Resolution

Voting

OneNet Draft Standard –

What’s Left?

© 2017 IMEA/NMEA

Physical Module

DatagramSecurity Module

GatewayModule

DiscoveryModule

DatagramServiceModule

ApplicationInformation

Module

PGN Transport Module

Application Security Module

CertificationVerification

Module

Base Module

DeviceArchitecture

© 2017 NMEA

Certification and Testing

Publication

OneNet

© 2017 IMEA/NMEA

OneNet

Next Version• Switches• Radar Messages• Device configuration• Wireless connections• Device Web Pages• Redundancy© 2017 IMEA/NMEA

OneNet

© 2017 IMEA/NMEA

“The scale of the technology and infrastructure that must be built is unprecedented, and we believe this is the most important problem we can focus on.” - Mark Zuckerberg

© 2017 IMEA/NMEA

Thank You Questions

Steve SpitzerDirector of Standardssspitzer@nmea.org

IMEA/NMEAwww.nmea.org

www.imea-marine.org

OneNet

© 2017 IMEA/NMEA