Skip to main content
SpringerLink
Log in

A decentralized honeypot for IoT Protocols based on Android devices

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

A Correction to this article was published on 29 October 2022

This article has been updated

Abstract

The exponential growth of internet connected devices in this past year has led to a significant increase in IoT targeted attacks. The lack of proper integration of security in IoT development life cycle along with a plethora of different protocols (e.g., Zigbee, LoRa, MQTT, etc.) have greatly impacted the resilience of such devices against cyber-attacks, a fact also exacerbated by the size and physical hardware structure of these devices. Thus, it is imperative to develop effective and efficient countermeasures that can also be applied post-production to help build resilience in modern IoT systems. Honeypots are prime example of this notion. Being designed to act as vulnerable computer components or systems, they provide useful intelligence regarding potential attackers. Nevertheless, honeypots have seen little use in protection IoT systems and their underlying protocols, especially in cases where honeypots can leverage the decentralized nature of IoT. In this research, we enhance the HosTaGe honeypot to build an IoT protocol honeypot that runs over mobile devices. The purpose of this paper is to introduce a honeypot specifically for IoT communication protocols over public networks that is easy-to-use and utilizes Android devices. The protocol honeypot utilizes the cellular network to establish decentralized, simulated infrastructures of IoT systems over different types of IoT network protocols. We test four IoT network implementations, one for each of the newly implemented MQTT, CoAP and AMQP protocols. Additionally, we upgrade existing Telnet and SSH protocols used in IoT systems to work over the simulated mobile honeypot. We use the virtualized honeypot networks to capture log, and analyze real-world public attacks on these protocols from the internet and provide an interface for interaction with the implemented honeypot.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Data Availability

All data generated or analyzed during this study are included in this published article. Compliance with Ethical Standards This study was not funded.

Change history

References

  1. Abomhara, M., Køien, G. M.: “Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks,” Journal of Cyber Security and Mobility, 65–88, (2015)

  2. AbuseIPDB. Abuseipdb. [Online]. Available: https://www.abuseipdb.com/check/218.92.0.189 (2020)

  3. Adkins, P.: Kako honeypot. [Online]. Available: https://github.com/darkarnium/kako (2017)

  4. Ahmed, H.M., Hassan, N.F., Fahad, A.A.: Designing a smartphone honeypot system using performance counters. Karbala International Journal of Modern Science 3(1), 46–52 (2017)

    Article  Google Scholar 

  5. Alriksson.: Critical internet of things (iot) connectivity is ideal for a wide range of time-critical use cases across most industry verticals, and mobile network operators are uniquely positioned to deliver it (2020)

  6. Andrews, R., Hahn, D. A., Bardas, A. G.: “Measuring the prevalence of the password authentication vulnerability in ssh,” in ICC 2020-2020 IEEE International Conference on Communications (ICC). IEEE, 1–7 (2020)

  7. Bansal, M, et al.: “Performance comparison of mqtt and coap protocols in different simulation environments,” Inventive Communication and Computational Technologies, 549–560, (2021)

  8. Bernieri, G., Conti, M., Pascucci, F.: “Mimepot: A model-based honeypot for industrial control networks,” in,: ieee international conference on systems, man and cybernetics (smc). IEEE 2019, 433–438 (2019)

  9. Bevywise.: An exhaustive iot simulator for iot/mqtt application testing. [Online]. Available: https://www.bevywise.com/iot-simulator/ (2022)

  10. Blackhat.: Black hat directory. [Online]. Available: https://blackhat.directory/ip/171.240.199.80 (2020)

  11. Bosch-s.: Mqtt simulator. [Online]. Available: http://documentation.bosch-si.com/iot/RM/v7/en/101937.htm (2022)

  12. Buza, D. I., Juhász, F., Miru, G., Félegyházi, M., Holczer, T.:“Cryplh: Protecting smart energy systems from targeted attacks with a plc honeypot,” in International Workshop on Smart Grid Security. Springer, 181–192 (2014)

  13. Cimpanu, C.: The coap protocol is the next big thing for ddos attacks. [Online]. Available: https://www.zdnet.com/article/the-coap-protocol-is-the-next-big-thing-for-ddos-attacks/ (2020)

  14. Cimpanu, C.: Hacker leaks passwords for more than 500,000 servers, routers, and iot devices. [Online]. Available: https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/ (2020)

  15. CloudAMQP. Amqp. [Online]. Available: https://www.cloudamqp.com/docs/amqp.html (2020)

  16. Communications, G.: Mimic mqtt simulator - for iot simulation. [Online]. Available: https://www.gambitcomm.com/site/mqttsimulator.php (2022)

  17. Demeter, D., Preuss, M., Shmelev, Y.: Iot: a malware story. [Online]. Available: https://securelist.com/iot-a-malware-story/94451/ (2019)

  18. ENISA.: Enisa threat landscape 2020 - botnet. [Online]. Available: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2020-botnet (2020)

  19. Erdem, O., Pektas, A., Kara, M.: Honeything: A new honeypot design for cpe devices. KSII Transactions on Internet and Information Systems (TIIS) 12(9), 4512–4526 (2018)

    Google Scholar 

  20. Ericsson, A.: “Cellular networks for massive iot–enabling low power wide area applications,” no. January, pp. 1–13, (2016)

  21. Franik, M. C.: Serious flaws found in multiple smart home hubs: Is your device among them? [Online]. Available: https://www.welivesecurity.com/2020/04/22/serious-flaws-smart-home-hubs-is-your-device-among-them/ (2020)

  22. GreenDAO.: greeendao. [Online]. Available: https://greenrobot.org/greendao/ (2021)

  23. Hakim, M. A., Aksu, H., Uluagac, A. S., Akkaya, K.: “U-pot: A honeypot framework for upnp-based iot devices,” in 2018 IEEE 37th International Performance Computing and Communications Conference (IPCCC).IEEE, 1–8 (2018)

  24. Higgins, A.: “Adaptive containerised honeypots for cyber-incident monitoring,” Integrated Masters in Computer Engineering (MAI), (2018)

  25. Hilt, S., Maggi, F., Perine, C., Remorin, L., Rösler, M., Vosseler, R.: Caught in the act: Running a realistic factory honeypot to capture real threats. Trend Micro, Shibuya City, Japan, White Paper (2020)

    Google Scholar 

  26. Ho, C. C., Ting, C.-Y.: “A conceptual framework for smart mobile honeypots,” Academia, http://www.academia.edu/download/31058450/KasperskyConferen cecchocyting.Pdf, (2014)

  27. Jaikar, S.P., Iyer, K.R.: A survey of messaging protocols for iot systems. International Journal of Advanced in Management, Technology and Engineering Sciences 8(2), 510–514 (2018)

    Google Scholar 

  28. Kendrick, M.M., Rucker, Z.A.: Energy-grid threat analysis using honeypots. Tech. Rep, Naval Postgraduate School Monterey United States (2019)

    Google Scholar 

  29. Krishnaprasad, P.: “Capturing attacks on iot devices with a multi-purpose iot honeypot,” INDIAN INSTITUTE OF TECHNOLOGY KANPUR, (2017)

  30. Litchfield, S., Formby, D., Rogers, J., Meliopoulos, S., Beyah, R.: Rethinking the honeypot for cyber-physical systems. IEEE Internet Computing 20(5), 9–17 (2016)

    Article  Google Scholar 

  31. Luo, T., Xu, Z., Jin, X., Jia, Y., Ouyang, X.: “Iotcandyjar: Towards an intelligent-interaction honeypot for iot devices,” Black Hat, 2017, (2017)

  32. mqtt.org.: Mqtt: The standard for iot messaging. [Online]. Available: https://mqtt.org/ (2021)

  33. Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: Iotpot: A novel honeypot for revealing current iot threats. Journal of Information Processing 24(3), 522–533 (2016)

    Article  Google Scholar 

  34. Pliatsios, D., Sarigiannidis, P., Liatifis, T., Rompolos, K., Siniosoglou, I.: “A novel and interactive industrial control system honeypot for critical smart grid infrastructure,” in,: IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD). IEEE 2019, 1–6 (2019)

  35. Qing, Z., Guangdong, B.: 3g/4g intranet scanning and its application on the worm hole vulnerability (2017)

  36. Safaei, B., Monazzah, A. M. H., Bafroei, M. B., Ejlali, A.: “Reliability side-effects in internet of things application layer protocols,” in 2017 2nd International Conference on System Reliability and Safety (ICSRS). IEEE, 207–212 (2017)

  37. Seals, T.: Fritzfrog botnet attacks millions of ssh servers. [Online]. Available: https://threatpost.com/fritzfrog-botnet-millions-ssh-servers/158489/ (2020)

  38. Sentanoe, S., Taubmann, B., Reiser, H. P.: “Sarracenia: enhancing the performance and stealthiness of ssh honeypots using virtual machine introspection,” in Nordic Conference on Secure IT Systems. Springer, 255–271 (2018)

  39. Srinivasa, S., Pedersen, J. M., Vasilomanolakis, E.: “Open for hire: Attack trends and misconfiguration pitfalls of iot devices,” in Proceedings of the 21st ACM Internet Measurement Conference, ser. IMC ’21. New York, NY, USA: Association for Computing Machinery, 195-215. [Online]. Available: https://doi.org/10.1145/3487552.3487833 (2021)

  40. Srinivasa, S., Pedersen, J. M., Vasilomanolakis, E.: “Riotpot: a modular hybrid-interaction iot/ot honeypot,” in 26th European Symposium on Research in Computer Security (ESORICS) 2021. Springer, (2021)

  41. SSH.: Ssh protocol. [Online]. Available: https://www.ssh.com/ssh/protocol/ (2020)

  42. Stahie, S.: ver 500,000 credentials for telnet exposed iot devices and servers leaked online. [Online]. Available: https://www.bitdefender.com/box/blog/iot-news/500000-credentials-telnet-exposed-iot-devices-servers-leaked-online/ (2020)

  43. Stahie, S.: Iot botnet attacks on the rise in 2020. [Online]. Available: https://www.bitdefender.com/box/blog/iot-news/iot-botnet-attacks-rise-2020/ (2020)

  44. Tabari, A. Z., Ou, X.: “A first step towards understanding real-world attacks on iot devices,” arXiv preprint arXiv:2003.01218, (2020)

  45. Vaccari, I., Aiello, M., Cambiaso, E.: Slowite, a novel denial of service attack affecting mqtt. Sensors 20(10), 2932 (2020)

    Article  Google Scholar 

  46. Vasilomanolakis, E., Karuppayah, S., Mühlhäuser, M., Fischer, M.: “Hostage: a mobile honeypot for collaborative defense,” in Proceedings of the 7th International Conference on Security of Information and Networks,330–333 (2014)

  47. Wang, B., Dou, Y., Sang, Y., Zhang, Y., Huang, J.: “Iotcmal: Towards a hybrid iot honeypot for capturing and analyzing malware,” in ICC 2020-2020 IEEE International Conference on Communications (ICC). IEEE, 1–7 (2020)

  48. Wang, H., He, H., Zhang, W., Liu, W., Liu, P., Javadpour, A.: Using honeypots to model botnet attacks on the internet of medical things. Computers and Electrical Engineering 102, 108212 (2022)

  49. Wang, M., Santillan, J., Kuipers, F.: “Thingpot: an interactive internet-of-things honeypot,” arXiv preprint arXiv:1807.04114, (2018)

  50. Xiao, F., Chen, E., Xu, Q.: “S7commtrace: A high interactive honeypot for industrial control system based on s7 protocol,” in International Conference on Information and Communications Security. Springer, 412–423 (2017)

Download references

Author information

Authors and Affiliations

  1. Department of Informatics, Athens University of Economics and Business, Athens, Greece

    Irini Lygerou & Dimitris Gritzalis

  2. Aalborg University, Aalborg East, Denmark

    Shreyas Srinivasa

  3. Department of Info. and Comm. Systems Engineering, University of the Aegean, Samos, Greece

    George Stergiopoulos

  4. Technical University of Denmark, Kongens Lyngby, Denmark

    Emmanouil Vasilomanolakis

Authors
  1. Irini Lygerou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shreyas Srinivasa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Emmanouil Vasilomanolakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. George Stergiopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dimitris Gritzalis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dimitris Gritzalis.

Ethics declarations

Competing Interests

None of the authors have received any research grants. None of the authors have received a speaker honorarium from any company. All authors declare that none of them has any conflict of interest.

Ethical Approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

The original online version of this article was revised: Dr. Emmanouil Vasilomanolakis’s affiliation has been updated.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lygerou, I., Srinivasa, S., Vasilomanolakis, E. et al. A decentralized honeypot for IoT Protocols based on Android devices. Int. J. Inf. Secur. 21, 1211–1222 (2022). https://doi.org/10.1007/s10207-022-00605-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-022-00605-7

Keywords

Search

Navigation