A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems Javier Franco1, Ahmet Aris1, Berk Canberk2, and A. Selcuk Uluagac1 1 Cyber-Physical Systems Security Lab., Florida International University, Florida, USA 2 Department of Computer Engineering, Istanbul Technical University, Istanbul, Turkey Emails: fjfran243, aaris, suluagacg@fiu.edu, [email protected] Abstract—The Internet of Things (IoT), the Industrial Internet worlds are connected by sensors that collect data about the of Things (IIoT), and Cyber-Physical Systems (CPS) have become physical elements of a system and transmit it to the logical essential for our daily lives in contexts such as our homes, elements, and to the actuators that respond to the logical buildings, cities, health, transportation, manufacturing, infras- elements and apply changes to the physical elements. At the tructure, and agriculture. However, they have become popular same time, however, Greer et al. [4] stated that IoT and CPS targets of attacks, due to their inherent limitations which create are different in that IoT places more emphasis on information vulnerabilities. Honeypots and honeynets can prove essential to understand and defend against attacks on IoT, IIoT, and CPS technology and networking things in the physical world, while environments by attracting attackers and deceiving them into CPS is more of a closed system and is focused more on thinking that they have gained access to the real systems. Hon- the exchange of information for sensing and controlling the eypots and honeynets can complement other security solutions physical world. IIoT further connects the definitions of IoT (i.e., firewalls, Intrusion Detection Systems - IDS) to form a and CPS, as it possesses characteristics from both. strong defense against malicious entities. This paper provides a comprehensive survey of the research that has been carried out IoT, IIoT, and CPS are converting almost every aspect of on honeypots and honeynets for IoT, IIoT, and CPS. It provides life to smart in the 21st century. Sensors, actuators, wearables, a taxonomy and extensive analysis of the existing honeypots embedded devices, and many other devices are becoming and honeynets, states key design factors for the state-of-the-art ubiquitous around the world with uses in diverse contexts such honeypot/honeynet research and outlines open issues for future as homes, buildings, cities, health, transportation, automotive, honeypots and honeynets for IoT, IIoT, and CPS environments. manufacturing, critical (e.g., nuclear reactors, power plants, Keywords—Honeypot, honeynet, IoT, IIoT, CPS oil refineries) and non-critical infrastructures, and agriculture. While this promises connectivity and efficiency, the various devices in IoT, IIoT, and CPS environments have their unique I. INTRODUCTION properties in terms of resource limitations, network lifetimes, and application Quality-of-Service (QoS) requirements which The Internet of Things (IoT) is a network of Internet- affect the security of such applications crucially [5]. connected devices, such as sensors, actuators, and other em- bedded devices that are able to collect data and communicate. IoT devices typically have constrained power, storage, Industrial IoT (IIoT) is the application of IoT to automation computing, and communications resources which limit the applications using industrial communication technologies [1]. accommodation of good security mechanisms [6], [7]. On the Cyber-Physical Systems (CPS) on the other hand, are networks other hand, devices used in IIoT and CPS were not initially of devices such as sensors, actuators, Programmable Logic designed with security in mind and they had been considered arXiv:2108.02287v1 [cs.CR] 4 Aug 2021 Controllers (PLCs), Remote Terminal Units (RTUs), Intelligent secure, as they were isolated. This security by obscurity as- Electronic Devices (IEDs), and other embedded devices that sumption was broken by the uncovering of the Stuxnet (2010), monitor and control physical processes in critical and non- DuQu (2011), and Flame (2012) attacks [8]. As an increasing critical application areas. CPS includes, but is not limited to number of industrial environments are being connected to the Industrial Control Systems (ICS), Smart Grid and other smart Internet, security updates and patches are becoming serious infrastructures (e.g., water, gas, building automation), medical problems in decades-old industrial devices [8]–[11]. devices, and smart cars [2], [3]. As it can be seen from the descriptions of IoT, IIoT, and CPS, these concepts do not have In order to protect IoT, IIoT, and CPS environments from explicit separation points. Border et al. [2] and the National malicious entities, traditional security mechanisms such as Institute of Standards and Technology’s (NIST) special report cryptography, firewalls, Intrusion Detection and Prevention by Greer et al. [4] analyzed the definitions of IoT and CPS Systems (IDS, IPS), antivirus, and anti-malware solutions can in the literature and indicated that these concepts are viewed be utilized. However, they do not transparently allow security either as the same, or different but they have overlapping parts, researchers to observe and analyze how attackers perform or they are subsets of each other. Greer et al. [4] pointed attacks and find out their behaviors [12]. Honeypots and out that IoT and CPS are similar as they both connect the honeynets come to the scene as viable solutions at this point, physical world of engineered systems and the logical world as they can provide actionable intelligence on the attackers. of communications and information technology. These two A honeypot is a tool that is used with the purpose of be- Version Accepted to the IEEE Communication Surveys and Tutorials FOR EDUCATIONAL PURPOSES ONLY ing attacked and possibly compromised [13]. Two or more the threats, vulnerabilities, attacks, and defense solutions to honeypots implemented on a system form a honeynet [14]. CPS, the survey of Al-Garadi et al. [19] for machine and deep Honeypots are used to attract attackers and deceive them into learning techniques for IoT security, the comprehensive survey thinking that they gained access to real systems. Honeypots of Yu et al. [10] for CPS security and Cintuglu et al. [20] for can be integrated with firewalls and IDSs to form an IPS in CPS testbeds. There are also studies like that of Babun et order to capture all the information about attackers, study all al. [21] which develop innovative ways to protect networks of their actions, develop ways to improve system security and with vulnerable IoT devices. prevent attacks in the future [12]. The honeypot and honeynet research has been a very active Although there exist a number of honeypot and honeynet field. In terms of general honeypots and honeynets that are works on IoT, IIoT, or CPS, no study exists in the literature not specific to IoT, IIoT, or CPS, Fan et. al. [22] proposed which considers all of the honeypot and honeynet models, ana- criteria and a methodology for the classification of honeynet lyzes their similarities and differences, and extracts key points solutions and analyzed the advantages and disadvantages of in the design and implementation of honeypots and honeynets each criterion used in their taxonomy. In 2018, Fan et al. [12] for IoT, IIoT, and CPS. In order to fill this important research expanded on their earlier research and proposed a taxonomy gap, we propose our comprehensive survey on honeypot and of decoy systems with respect to decoys and captors. There honeynet models that have been proposed for IoT, IIoT, and also exist other survey studies on general honeypot and hon- CPS environments over the period 2002-2020. To the best of eynet solutions, which include but are not limited to [23], our knowledge, our work is the first study in the literature [24], and [25]. In addition, privacy and liability issues when that surveys the current state-of-the-art honeypot and honeynet honeypots are deployed were analyzed by Sokol et al. [26], models not only for IoT, but also for IIoT and CPS. [27]. In terms of honeypots and honeynets for IoT, IIoT, and CPS, only a few surveys exist in the literature. Razali Contributions: The contributions of our survey are as follows: et al. [28] analyzed types, properties, and interaction levels • Taxonomy of honeypots and honeynets proposed for of IoT honeypots and classified honeynet models based on IoT, IIoT, and CPS environments, interaction, resources, purpose, and role. Dalamagkas et al. [29] surveyed the honeypot and honeynet frameworks for • Comprehensive analysis of IoT, IIoT, and CPS honey- smart-grid environments. Dowling et al. [30] proposed a frame- pots and honeynets, and intriguing characteristics that work for developing data-centric, adaptive smart city honeynets are shared by studies, that focus on the key values of data complexity, security, and criticality. Furthermore, Neshenko et al. [7] discussed • Statement of the key design factors for future IoT, the IoT and CPS honeypots in their survey on IoT security. IIoT, and CPS honeypots and honeynets, However, they did not provide a comprehensive survey on such • Presentation of open research problems that still need honeypots since the focus of their study was on the security to be addressed in honeypot and honeynet research for of IoT. IoT, IIoT, and CPS. In addition to proposing novel honeypot/honeynet models Organization: The paper is organized as follows: Section
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages34 Page
-
File Size-