Course & option:
Diploma in Infocomm Security Management
Low Shien Kiat, Darren Neo, Bijjala Naga Krishna Suteja, Cheong Zun Jie
Dr. Lu Liming (email@example.com)
Mr. Christopher Lek (The Honeynet project- Singapore Chapter)
HTTP, SSH, XMPP, Raspberry Pi, Python
A study released by Hewlett-Packard found that 70% of devices connected to the Internet are vulnerable to some form of attack. With the exponential growth of “Internet of Things”, there is a rising concern on the increasing attack vectors for attackers into user devices. In order to study attacker methods and to facilitate the collection of the statistics of such attacks, we have made a honeypot that can emulate IoT services. This will allow us to understand the new threat landscape of IoT.
The project aims to deliver an Internet of Things Honeypot, where an internet of thing will be simulated. For the project, a webcam interface will be simulated and hosted on a server which is open to the outside world, so that it will attract attackers to the interface, where their activities will be logged down. Anything attackers try to do, be it uploading malicious files, trying to redirect to another page, will be recorded down and analyzed. The webcam interface will be simulated via HTTP, where it will display a live footage of a webcam stream, such that it will be the main attraction of attackers. Not only HTTP, protocols such as SSH and XMPP will also be tested on. The data these protocols have collected will be analyzed to derive the pattern and forms of attacks that are currently being used. Not only the project aims to deliver a product, it will also spread awareness to the public that Internet of Things are not completely secure, attacks are commonly performed under the cloud. Therefore, honeypot can be used to derive the commonly used attacks and their methods, where countermeasures can be implemented to prevent them from happening.
These honeypots can be a useful tool for determining the weaknesses of an IoT protocol and for the testing of these protocols. They can help us map out the threat landscape for IoT devices, allowing for increased awareness in the Industry.