Understanding Security Flaws of IoT Protocols through Honeypot Technologies
ThingPot-an IoT platform honeypot
M. Wang (TU Delft - Electrical Engineering, Mathematics and Computer Science)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Internet of Things (IoT) devices are gaining popularity in daily life as well as in specific fields such as home automation, medical facilities, among others. Many applications can be developed in each domain and new ones appear everyday, requiring a flexible, simple and secure interconnection among "things" [38]. Moreover, IoT platforms could integrate devices that have different interfaces and services. When IoT devices such as SmartTV, consoles, media devices, refrigerator, medical devices, etc. are reachable from the Internet, they
may be more vulnerable since the security mechanisms of IoT protocols are not yet developed as common systems (e.g. PC, smartphones). The need of the improvement of security mechanisms for IoT devices and platforms is more evident since more related attacks have been seen on Internet ([46]). To achieve the improvement, the Honeypot technology can be used to understand the attackers’ behaviour and techniques against emerging IoT technologies. Thus, by analysing gathered data, it is possible to provide feedback to the security domain of IoT devices by detecting and analyzing attack vectors. Results can be used to interpret the impact of such trends within the context of not only IoT devices themselves, but also to the whole IoT platform.
In this thesis, a literature study of current technologies for IoT platforms is performed, focusing on IoT security mechanism. This research includes analysis of IoT application and communication protocols such as MQTT, XMPP, HTTP REST, AMQP, CoAP, UPnP, JMS. Moreover, a novel IoT honeypot, ThingPot, is proposed to study the security problems of an IoT platform. As far of the findings of the literature review, this honeypot is the first of its type since it is focused not only the application protocols themselves (such as IoTPOT [53],
Telnet IoT honeypot [55], etc.), but on the whole IoT platform. A Proof of Concept (PoC) is implemented with XMPP and HTTP REST through the use case Philips Hue smart light IoT system. By analyzing the collected data, we find five main kind of attacks against smart devices and conclude the pros and cons of XMPP on IoT platformin terms of security. Findings also provide feedback about how a honeypot for IoT platforms can be deployed.