Wearable Honeypot

Wearable embedded devices are in common use in the the medical industry. In today’s society security is needed in just about every electronic device. However, these devices don\u27t yet have many security standards. To prevent scenarios that involve unauthorized sources intruding on a device, a honeypot could be used as a secure lightweight (in terms of resource usage) addition to these medical devices. Honeypots typically have a monitoring component, this allows a system designer to gain knowledge of exploits which can then be patched. This project seeks to devise and implement a wearable honeypot to add security to a BAN (Body Area Network)

Wearable Honeypot

Wearable embedded devices are in common use in the medical industry. In today’s society security is needed in just about every electronic device. However, these devices don\u27t yet have many security standards. To prevent scenarios that involve unauthorized sources intruding on a device, a honeypot could be used as a secure lightweight (in terms of resource usage) addition to these medical devices. This project seeks to devise and implement a wearable honeypot to add security to a BAN (Body Area Network)

Management and Security of IoT systems using Microservices

Devices that assist the user with some task or help them to make an informed decision are called smart devices. A network of such devices connected to internet are collectively called as Internet of Things (IoT). The applications of IoT are expanding exponentially and are becoming a part of our day to day lives. The rise of IoT led to new security and management issues. In this project, we propose a solution for some major problems faced by the IoT devices, including the problem of complexity due to heterogeneous platforms and the lack of IoT device monitoring for security and fault tolerance. We aim to solve the above issues in a microservice architecture. We build a data pipeline for IoT devices to send data through a messaging platform Kafka and monitor the devices using the collected data by making real time dashboards and a machine learning model to give better insights of the data. For proof of concept, we test the proposed solution on a heterogeneous cluster, including Raspberry Pi’s and IoT devices from different vendors. We validate our design by presenting some simple experimental results

Enhancing Plug and Play Capabilities in Body Area Network Protocols

This project aimed to create a plug-and-play protocol for Body Area Networks (BANs). This protocol enables communication between a diverse number of devices and a base station, regardless of equipment manufacturer. Previous BANs rely on proprietary software, or protocols that are specialized to the physical device. Our protocol takes a more universal approach, allowing any device to participate in a BAN without introducing any significant overhead or running cost to the operation of that BAN. Unlike previous approaches, any existing motes and the base station will not have to be updated. Only new devices being added to the BAN will have to implement the protocol before connecting. Our protocol introduces overhead that reduced the performance and lifetime of the motes used in our BAN

Examining Effectiveness of Web-Based Internet of Things Honeypots

The Internet of Things (IoT) is growing at an alarming rate. It is estimated that there will be over 25 billion IoT devices by 2020. The simplicity of their function usually means that IoT devices have low processing power, which prevent them from having intricate security features, leading to vulnerabilities. This makes IoT devices the prime target of attackers in the coming years. Honeypots are intentionally vulnerable machines that run programs which appear as a vulnerable device to a would-be attacker. They are placed on a network to entice and trap an attacker and then gather information on them, including place of origin and method of attack. Due to their prevalence and propensity for having vulnerabilities, IoT devices are a perfect candidate for honeypots placed on a network. Honeyd is popular open-source software written by Niels Provos that creates lowinteraction virtual honeypots. It is able to simulate everything at the network level, allow the user to create various Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) services, and allow Operating System (OS) simulation for scanning tools such as Nmap. This research seeks to determine if Honeyd is capable of producing convincing IoT honeypots. Three IoT devices: a TITAThink camera, a Proliphix thermostat, and an ezOutlet2 power outlet, had their Hypertext-Transfer Protocol (HTTP) services simulated through Python scripts and integrated with Honeyd to create three IoT honeypots. These honeypots were then compared to the actual devices to determine how similar they were. The devices and honeypots are both queried in the exact same manner and have their response times, code, headers, and Nmap scan results compared to see how they differ

HoneyProxy Implementation in Cloud Environment with Docker HoneyFarm

Pilveteenustel põhinev infotehnoloogia süsteemide taristu on saamas tavapäraseks nii idufirmades, keskmise suurusega ettevõtetes kui ka suurtes korporatsioonides, toetades agiilsemat tarkvara arendust ning lihtsustades andmekeskuste haldamist, kontrollimist ja administreerimist. See kiirelt arenev tehnoloogiavaldkond tõstatas palju turvalisusega seotud küsimusi seoses pilves hoitavate teenuste ligipääsetavuse kontrollimisega ning sellega, kas pakutud lahenduste jõudlus ning viiteaeg (latentsus) jäävad aktsepteeritavatesse piiridesse. Käesolev teadustöö tutvustab honeypot peibutusmehhanismi pilves revolutsioonilisel viisil, mis rakendab HoneyProxy lahendust honeynet lüüsina pöördproksile, mis kontrollib sissetulevaid ja väljaminevaid päringuid back-end teenustesse. Vastav HoneyProxy on ühendatud HoneyFarm lahendusega, mida käitatakse samal masinal (pilveserveril). Iga honeypot jookseb eraldi Docker’i konteineris ning omab unikaalset IP-d, mistõttu on võimalik igat ründesessiooni isoleerida ühte konteinerisse võimalusega vahetada erinevate konteineritüüpide vahel, ajades ründaja segadusse honeypot’i kasutust paljastamata. See kaitsemehhanism suudab tuvastada ja logida ründaja tegevusi, mis võivad omakorda paljastada uusi ründetehnikaid ning isegi “nullpäeva” (zero-day) haavatavusi. Käesoleva töö fookus on tutvustada raamistikku HoneyProxy implementeerimiseks pilveteenustel Docker’i konteinereid kasutades.Cloud hosting services is a common trend nowadays for small startups, medium sized business and even for large big cooperations, that is helping the agility and scaling of resources and spare the overhead of controlling, managing and administrating the data-centers. The fast growing technology raised security questions of how to control the access to the services hosted on the cloud, and whether the performance and the latency of the solutions offered to address these questions are within the bearable limits. This research is introducing the honeypots to the cloud in a revolutionary way that exposes and applies what is called a HoneyProxy to work as a honeynet gateway for a reverse proxy that is controlling the incoming and outgoing flow to the back-end services. This HoneyProxy is connected to a HoneyFarm that is hosted on the same machine (cloud server) each honeypot is serviced in a docker container dedicated for every unique IP, so that each attack session can be isolated within one container with the ability to switch between different types of containers that can fool the attacker without suspecting the existence of a honeypot. This defending mechanism can detect and log attackers behavior which can reveal new attack techniques and even zero day exploits. The contribution of this work is introducing the framework to implement the HoneyProxy on the cloud services using Docker containers

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

How to build a faraday on the cheap for wireless security testing

The commonly known security weaknesses associated with the 802.11b wireless standard have introduced a variety of security measures to countermeasure attacks. Using a wireless honeypot, a fake wireless network may be configured through emulation of devices and the TCP/IP fingerprinting of OS network stacks. TCP/IP fingerprinting is one of the most popular methods employed to determine the type of OS running on a target and this information can then be used to determine the type of vulnerabilities to target on the host. Testing the effectiveness of this technique to ensure that a wireless honeypot using honeyd may deceive an attacker has been an ongoing study due to problems conducting TCP/IP fingerprinting in the wireless environment. Research conducted in a university laboratory showed that the results were ineffective and the time taken to conduct testing could be as long as 60 hours. The subsequent exploration of different testing methods and locations illuminated on an ideal research facility called a faraday cage. The design and construction of the faraday is discussed in this paper as an affordable solution for controlled and reliable testing of TCP/IP fingerprinting against the scanning tool Network Mapper (NMAP). The results are useful when looking to deploy a deceptive honeypot as a defence mechanism against wireless attackers