DOI QR코드

DOI QR Code

HoneyThing: A New Honeypot Design for CPE Devices

  • Received : 2016.11.07
  • Accepted : 2018.04.10
  • Published : 2018.09.30

Abstract

The Internet of Things (IoT) has become an emerging industry that is broadly used in many fields from industrial and agricultural manufacturing to home automation and hospitality industry. Because of the sheer number of connected devices transmitting valuable data, the IoT infrastructures have become a main target for cyber-criminals. One of the key challenges in protecting IoT devices is the lack of security measures by design. Although there are many hardware and software based security solutions (firewalls, honeypots, IPDS, anti-virus etc.) for information systems, most of these solutions cannot be applied to IoT devices because of the fact that IoT devices have limited computing resources (CPU, RAM,). In this paper, we propose a honeypot system called HoneyThing for modem/router devices (i.e. a kind of IoT device). HoneyThing emulates TR-069 protocol which is prevalent protocol used to remotely manage customer-premises equipment (CPE) devices, e.g. modems, routers. Honeything also serves an embedded web server simulating a few actual, critical vulnerabilities associated with the implementation of TR-069 protocol. To show effectiveness of the HoneyThing in capturing real world attacks, we have deployed it in the Internet. The obtained results are highly promising and facilitate to reveal network attacks targeting to CPE devices.

Keywords

References

  1. "Gartner says 4.9 billion connected things will be in use in 2015,", 2014, last accessed on 4 July 2016 URL: Article (CrossRef Link).
  2. Angrishi Kishore, "Turning Internet of Things (IoT) into Internet of Vulnerabilities (IoV): IoT Botnets," in arXiv preprint arXiv:1702.03681, 2017.
  3. Raja Benabdessalem, Mohamed Hamdi and Tai-Hoon Kim, "A Survey on Security Models, Techniques, and Tools for the Internet of Things," in Proc. of 7th IEEE Conference on Advanced Software Engineering and Its Applications (ASEA), pp. 44-48, 2014.
  4. Omer Erdem, Mehmet Kara and Abdurrahman Pektas, "Honeything: A Honeypot for Internet of TR-069 Things,", last accessed on March 2017.
  5. Handong Zhang and Lin Zhu, "Internet of things: Key technology, architecture and challenging problems," in Proc. of IEEE Conference on Computer Science and Automation Engineering (CSAE), vol. 4, pp. 507-512, June 2011.
  6. Luigi Atzori, Antonio Iera and Giacomo Morabito, "The internet of things: A survey," Computer networks, vol.54, no. 15, pp. 2787-2805, 2010. https://doi.org/10.1016/j.comnet.2010.05.010
  7. Daniele Miorandi, Sabrina Sicari, Francesco De Pellegrini and Imrich Chlamtac, "Internet of things: Vision, applications and research challenges," Ad Hoc Network, vol. 10, no. 7, pp. 1497-1516, 2012. https://doi.org/10.1016/j.adhoc.2012.02.016
  8. Iyatiti Mokube and Michele Adams, "Honeypots: concepts, approaches, and challenges," in Proc. of Proceedings of the 45th Annual Southeast Regional Conference, pp. 321-326, 2007.
  9. Spitzner Lance, "Honeypots: tracking hackers," AddisonWesley Reading, 2003.
  10. Arthur Jicha, Mark Patton and Hsinchun Chen,"SCADA honeypots: An in-depth analysis of Conpot," in Proc. of Intelligence and Security Informatics (ISI), pp. 196-198, IEEE, 2016.
  11. RC Joshi and Anjali Sardana, "Honeypots: A New Paradigm to Information Security," CRC Press, 2011.
  12. Lukas Rist, "Glastopf: Web Application Honeypot," last accessed on March 2017 URL: Article (CrossRef Link).
  13. Angelo Dell'Aera, "Thug honeypot," last accessed on March 2017 URL: Article (CrossRef Link).
  14. Juan Guarnizo, Amit Tambe, Suman Sankar Bhunia, Martín Ochoa, Nils Tippenhauer, Asaf Shabtai and Yuval Elovici, "SIPHON: Towards Scalable High-Interaction Physical Honeypots," in arXiv preprint arXiv:1701.02446, 2017.
  15. Paul Baecher, Markus Koetter, Thorsten Holz, Maximillian Dornseif and Felix Freiling, "The nepenthes platform: An efficient approach to collect malware," in Proc. of International Workshop on Recent Advances in Intrusion Detection, pp. 165-184, 2006, Springer.
  16. Yin Minn Pa Pa, Shogo Suzuki, Katsunari Yoshioka, Tsutomu Matsumoto, Takahiro Kasama and Christian Rossow, "IoTPOT: Analysing the rise of IOT compromises," in Proc. of 9th USENIX Workshop on Offensive Technologies (WOOT 15), 2015.
  17. Richard Piggin and Ian Buffey, "Active Defence Using an Operational Technology Honeypot," in Proc. of System Safety and Cyber-Security (SSCS 2016), pp. 6-15, 2016.
  18. "TR-069 CPE WAN management protocol," 2013 URL: Article (CrossRef Link).
  19. Juan Pablo Martínez Rojas, "Split management of TR069 enabled CPE devices," Master's thesis, The Regio Politecnico di Torino (Royal Turin Polytechnic), 2011.
  20. Shahar Tal and Lior Oppenheim, "The internet of TR-069 things: One exploit to rule them all," 2015, URL: Article (CrossRef Link).
  21. Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey and J Alex Halderman, "A search engine backed by internet-wide scanning," in Proc. of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 542-553, 2015.
  22. "Misfortune Cookie: CVE-2014-9222,"2014, last accessed 4 July 2016. URL: Article (CrossRef Link)
  23. Bing Chen, Joohan Lee and Annie S Wu, "Active event correlation in bro IDS to detect multi-stage attacks," in Proc. Fourth IEEE International Workshop on Information Assurance (IWIA), pp. 16, 2006.
  24. Abdurrahman Pektas and Omer Erdem, "Bro Script for TR-069," 2016.