Abstract
The exponential growth of internet connected devices in this past year has led to a significant increase in IoT targeted attacks. The lack of proper integration of security in IoT development life cycle along with a plethora of different protocols (e.g., Zigbee, LoRa, MQTT, etc.) have greatly impacted the resilience of such devices against cyber-attacks, a fact also exacerbated by the size and physical hardware structure of these devices. Thus, it is imperative to develop effective and efficient countermeasures that can also be applied post-production to help build resilience in modern IoT systems. Honeypots are prime example of this notion. Being designed to act as vulnerable computer components or systems, they provide useful intelligence regarding potential attackers. Nevertheless, honeypots have seen little use in protection IoT systems and their underlying protocols, especially in cases where honeypots can leverage the decentralized nature of IoT. In this research, we enhance the HosTaGe honeypot to build an IoT protocol honeypot that runs over mobile devices. The purpose of this paper is to introduce a honeypot specifically for IoT communication protocols over public networks that is easy-to-use and utilizes Android devices. The protocol honeypot utilizes the cellular network to establish decentralized, simulated infrastructures of IoT systems over different types of IoT network protocols. We test four IoT network implementations, one for each of the newly implemented MQTT, CoAP and AMQP protocols. Additionally, we upgrade existing Telnet and SSH protocols used in IoT systems to work over the simulated mobile honeypot. We use the virtualized honeypot networks to capture log, and analyze real-world public attacks on these protocols from the internet and provide an interface for interaction with the implemented honeypot.
Similar content being viewed by others
Data Availability
All data generated or analyzed during this study are included in this published article. Compliance with Ethical Standards This study was not funded.
Change history
29 October 2022
A Correction to this paper has been published: https://doi.org/10.1007/s10207-022-00628-0
References
Abomhara, M., Køien, G. M.: “Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks,” Journal of Cyber Security and Mobility, 65–88, (2015)
AbuseIPDB. Abuseipdb. [Online]. Available: https://www.abuseipdb.com/check/218.92.0.189 (2020)
Adkins, P.: Kako honeypot. [Online]. Available: https://github.com/darkarnium/kako (2017)
Ahmed, H.M., Hassan, N.F., Fahad, A.A.: Designing a smartphone honeypot system using performance counters. Karbala International Journal of Modern Science 3(1), 46–52 (2017)
Alriksson.: Critical internet of things (iot) connectivity is ideal for a wide range of time-critical use cases across most industry verticals, and mobile network operators are uniquely positioned to deliver it (2020)
Andrews, R., Hahn, D. A., Bardas, A. G.: “Measuring the prevalence of the password authentication vulnerability in ssh,” in ICC 2020-2020 IEEE International Conference on Communications (ICC). IEEE, 1–7 (2020)
Bansal, M, et al.: “Performance comparison of mqtt and coap protocols in different simulation environments,” Inventive Communication and Computational Technologies, 549–560, (2021)
Bernieri, G., Conti, M., Pascucci, F.: “Mimepot: A model-based honeypot for industrial control networks,” in,: ieee international conference on systems, man and cybernetics (smc). IEEE 2019, 433–438 (2019)
Bevywise.: An exhaustive iot simulator for iot/mqtt application testing. [Online]. Available: https://www.bevywise.com/iot-simulator/ (2022)
Blackhat.: Black hat directory. [Online]. Available: https://blackhat.directory/ip/171.240.199.80 (2020)
Bosch-s.: Mqtt simulator. [Online]. Available: http://documentation.bosch-si.com/iot/RM/v7/en/101937.htm (2022)
Buza, D. I., Juhász, F., Miru, G., Félegyházi, M., Holczer, T.:“Cryplh: Protecting smart energy systems from targeted attacks with a plc honeypot,” in International Workshop on Smart Grid Security. Springer, 181–192 (2014)
Cimpanu, C.: The coap protocol is the next big thing for ddos attacks. [Online]. Available: https://www.zdnet.com/article/the-coap-protocol-is-the-next-big-thing-for-ddos-attacks/ (2020)
Cimpanu, C.: Hacker leaks passwords for more than 500,000 servers, routers, and iot devices. [Online]. Available: https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/ (2020)
CloudAMQP. Amqp. [Online]. Available: https://www.cloudamqp.com/docs/amqp.html (2020)
Communications, G.: Mimic mqtt simulator - for iot simulation. [Online]. Available: https://www.gambitcomm.com/site/mqttsimulator.php (2022)
Demeter, D., Preuss, M., Shmelev, Y.: Iot: a malware story. [Online]. Available: https://securelist.com/iot-a-malware-story/94451/ (2019)
ENISA.: Enisa threat landscape 2020 - botnet. [Online]. Available: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2020-botnet (2020)
Erdem, O., Pektas, A., Kara, M.: Honeything: A new honeypot design for cpe devices. KSII Transactions on Internet and Information Systems (TIIS) 12(9), 4512–4526 (2018)
Ericsson, A.: “Cellular networks for massive iot–enabling low power wide area applications,” no. January, pp. 1–13, (2016)
Franik, M. C.: Serious flaws found in multiple smart home hubs: Is your device among them? [Online]. Available: https://www.welivesecurity.com/2020/04/22/serious-flaws-smart-home-hubs-is-your-device-among-them/ (2020)
GreenDAO.: greeendao. [Online]. Available: https://greenrobot.org/greendao/ (2021)
Hakim, M. A., Aksu, H., Uluagac, A. S., Akkaya, K.: “U-pot: A honeypot framework for upnp-based iot devices,” in 2018 IEEE 37th International Performance Computing and Communications Conference (IPCCC).IEEE, 1–8 (2018)
Higgins, A.: “Adaptive containerised honeypots for cyber-incident monitoring,” Integrated Masters in Computer Engineering (MAI), (2018)
Hilt, S., Maggi, F., Perine, C., Remorin, L., Rösler, M., Vosseler, R.: Caught in the act: Running a realistic factory honeypot to capture real threats. Trend Micro, Shibuya City, Japan, White Paper (2020)
Ho, C. C., Ting, C.-Y.: “A conceptual framework for smart mobile honeypots,” Academia, http://www.academia.edu/download/31058450/KasperskyConferen cecchocyting.Pdf, (2014)
Jaikar, S.P., Iyer, K.R.: A survey of messaging protocols for iot systems. International Journal of Advanced in Management, Technology and Engineering Sciences 8(2), 510–514 (2018)
Kendrick, M.M., Rucker, Z.A.: Energy-grid threat analysis using honeypots. Tech. Rep, Naval Postgraduate School Monterey United States (2019)
Krishnaprasad, P.: “Capturing attacks on iot devices with a multi-purpose iot honeypot,” INDIAN INSTITUTE OF TECHNOLOGY KANPUR, (2017)
Litchfield, S., Formby, D., Rogers, J., Meliopoulos, S., Beyah, R.: Rethinking the honeypot for cyber-physical systems. IEEE Internet Computing 20(5), 9–17 (2016)
Luo, T., Xu, Z., Jin, X., Jia, Y., Ouyang, X.: “Iotcandyjar: Towards an intelligent-interaction honeypot for iot devices,” Black Hat, 2017, (2017)
mqtt.org.: Mqtt: The standard for iot messaging. [Online]. Available: https://mqtt.org/ (2021)
Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: Iotpot: A novel honeypot for revealing current iot threats. Journal of Information Processing 24(3), 522–533 (2016)
Pliatsios, D., Sarigiannidis, P., Liatifis, T., Rompolos, K., Siniosoglou, I.: “A novel and interactive industrial control system honeypot for critical smart grid infrastructure,” in,: IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD). IEEE 2019, 1–6 (2019)
Qing, Z., Guangdong, B.: 3g/4g intranet scanning and its application on the worm hole vulnerability (2017)
Safaei, B., Monazzah, A. M. H., Bafroei, M. B., Ejlali, A.: “Reliability side-effects in internet of things application layer protocols,” in 2017 2nd International Conference on System Reliability and Safety (ICSRS). IEEE, 207–212 (2017)
Seals, T.: Fritzfrog botnet attacks millions of ssh servers. [Online]. Available: https://threatpost.com/fritzfrog-botnet-millions-ssh-servers/158489/ (2020)
Sentanoe, S., Taubmann, B., Reiser, H. P.: “Sarracenia: enhancing the performance and stealthiness of ssh honeypots using virtual machine introspection,” in Nordic Conference on Secure IT Systems. Springer, 255–271 (2018)
Srinivasa, S., Pedersen, J. M., Vasilomanolakis, E.: “Open for hire: Attack trends and misconfiguration pitfalls of iot devices,” in Proceedings of the 21st ACM Internet Measurement Conference, ser. IMC ’21. New York, NY, USA: Association for Computing Machinery, 195-215. [Online]. Available: https://doi.org/10.1145/3487552.3487833 (2021)
Srinivasa, S., Pedersen, J. M., Vasilomanolakis, E.: “Riotpot: a modular hybrid-interaction iot/ot honeypot,” in 26th European Symposium on Research in Computer Security (ESORICS) 2021. Springer, (2021)
SSH.: Ssh protocol. [Online]. Available: https://www.ssh.com/ssh/protocol/ (2020)
Stahie, S.: ver 500,000 credentials for telnet exposed iot devices and servers leaked online. [Online]. Available: https://www.bitdefender.com/box/blog/iot-news/500000-credentials-telnet-exposed-iot-devices-servers-leaked-online/ (2020)
Stahie, S.: Iot botnet attacks on the rise in 2020. [Online]. Available: https://www.bitdefender.com/box/blog/iot-news/iot-botnet-attacks-rise-2020/ (2020)
Tabari, A. Z., Ou, X.: “A first step towards understanding real-world attacks on iot devices,” arXiv preprint arXiv:2003.01218, (2020)
Vaccari, I., Aiello, M., Cambiaso, E.: Slowite, a novel denial of service attack affecting mqtt. Sensors 20(10), 2932 (2020)
Vasilomanolakis, E., Karuppayah, S., Mühlhäuser, M., Fischer, M.: “Hostage: a mobile honeypot for collaborative defense,” in Proceedings of the 7th International Conference on Security of Information and Networks,330–333 (2014)
Wang, B., Dou, Y., Sang, Y., Zhang, Y., Huang, J.: “Iotcmal: Towards a hybrid iot honeypot for capturing and analyzing malware,” in ICC 2020-2020 IEEE International Conference on Communications (ICC). IEEE, 1–7 (2020)
Wang, H., He, H., Zhang, W., Liu, W., Liu, P., Javadpour, A.: Using honeypots to model botnet attacks on the internet of medical things. Computers and Electrical Engineering 102, 108212 (2022)
Wang, M., Santillan, J., Kuipers, F.: “Thingpot: an interactive internet-of-things honeypot,” arXiv preprint arXiv:1807.04114, (2018)
Xiao, F., Chen, E., Xu, Q.: “S7commtrace: A high interactive honeypot for industrial control system based on s7 protocol,” in International Conference on Information and Communications Security. Springer, 412–423 (2017)
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Competing Interests
None of the authors have received any research grants. None of the authors have received a speaker honorarium from any company. All authors declare that none of them has any conflict of interest.
Ethical Approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
The original online version of this article was revised: Dr. Emmanouil Vasilomanolakis’s affiliation has been updated.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Lygerou, I., Srinivasa, S., Vasilomanolakis, E. et al. A decentralized honeypot for IoT Protocols based on Android devices. Int. J. Inf. Secur. 21, 1211–1222 (2022). https://doi.org/10.1007/s10207-022-00605-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-022-00605-7