The Mirai Distributed Denial-of-Service (DDoS) attack exploited security vulnerabilities of Internet-of-Things (IoT) devices and thereby clearly signalled that attackers have IoT on their radar. Securing IoT is therefore imperative, but in order to do so it is crucial to understand the strategies of such attackers. For that purpose, in this paper, a novel IoT honeypot called ThingPot is proposed and deployed. Honeypot technology mimics devices that might be exploited by attackers and logs their behavior to detect and analyze the used attack vectors. ThingPot is the first of its kind, since it focuses not only on the IoT application protocols themselves, but on the whole IoT platform. A Proof-of-Concept is implemented with XMPP and a REST API, to mimic a Philips Hue smart lighting system. ThingPot has been deployed for 1.5 months and through the captured data we have found five types of attacks and attack vectors against smart devices. The ThingPot source code is made available as open source.
[1]
Tsutomu Matsumoto,et al.
IoTPOT: A Novel Honeypot for Revealing Current IoT Threats
,
2016,
J. Inf. Process..
[2]
Roy Fielding,et al.
Architectural Styles and the Design of Network-based Software Architectures"; Doctoral dissertation
,
2000
.
[3]
Jesus Alonso-Zarate,et al.
A Survey on Application Layer Protocols for the Internet of Things
,
2015
.
[4]
Jorge Sá Silva,et al.
Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues
,
2015,
IEEE Communications Surveys & Tutorials.
[5]
Michael Schukat,et al.
A ZigBee honeypot to assess IoT cyberattack behaviour
,
2017,
2017 28th Irish Signals and Systems Conference (ISSC).