With the rapid advancement of IoT, it is being widely integrated and applied in with, many application domains for instance military, agriculture, smarty city, surveillance, healthcare, and so on, offering a wide variety of benefits for the goodness of mankind. This recent advancement of IoT, made it a fast-growing technology conquering all other technologies present, creating a huge impact on the society as well as many of the business operations [1]-[5]. The IoT has gradually permeated most of the aspects of human life such as medical care, agriculture, military, and so on, making the technology affordable for everyone [6]-[10]. In recent years, owing to the rapid demand and various socio-economic factors the number of IoT devices, that are commissioned has shown an exponential growth making this IoT is a part of our daily life. On the other hand, this also poses another doubt about robust security approaches in response to this rapid demand over the years, as the number of cyber-attacks that target digital infrastructure becomes more robust, intuitive, and complex owing to the vast threat landscape. Not only that but it is also evident that the number of potential attackers is also increasing with novel sophisticated tools and techniques, which necessitates the implementation of appropriate security measures [1],[10]-[15]. Inspired by analyzing these IoT security attacks that target digital objects in the pervasive IoT environment, in this study we do an experimental evaluation to set up a Honeypot IoT devices using Raspberry Pi devices along with open source technologies and we will keep open the Secure Shell (SSH) connection service of Raspberry Pi for more than six consecutive days to log all the requests, that is received via the open SSH service, that are coming to the internal network, from the outside Internet.

When it comes to a Honeypot it looks and functions exactly like a genuine computer system, including all programs and data, deceiving hackers into believing it as a legitimate target. A honeypot, for example, may imitate a company's customer billing system, which is a common target for intruders looking for credit card data [1]-[3]. Once the hackers have gained access, their activities may be recorded and analyzed for clues on how to make the real network more secure and resilient which is highly beneficial for further research and security product development. On the other hand, honeypots are made appealing to attackers by including intentional security flaws, which is the exact theory that our research is built upon. For example, it may include ports that respond to a port scan or weak passwords. Then to attract attackers into the honeypot environment, vulnerable ports may be left open so attackers will lure into the honeypot instead of the real system [18]-[20]. By monitoring traffic coming into the honeypot system, we can assess; where the cybercriminals are coming from (01), the level of threat (02), what data or applications they are interested in (03), and how well the security measures are working to against towards stopping cybercriminals (04).

Based on the literature it is evident that; there are already studies available about this honeypot where several reviews /surveys have also been done [3]-[10]. On the other hand variety of research has also been carried out about implementing honeypot systems and then using artificial intelligence towards identifying threats. But in our study, we intend to use cost-effective devices and open source freely available technologies towards making an IoT honeypot device to assess the threats and derive conclusions for further research [15]-[22]. Nevertheless, in the literature; there was less research has done about IoT honeypot architecture and assessments hence we believe our research experiment would be useful for carrying out further research in this area [22]-[25].

To represent our research work the rest of the paper is organized as follows. Section two (02) describes the objectives of our study and section (03) depict our methodology. After that in section four (04), we highlight our results, and finally, we conclude our paper with the conclusion section.

1.1    Objectives of the study

The main objective of our research is to analyze the cyber-attacks that target typical IoT objects in the pervasive IoT environment using a really simple cost-effective setup, and have an exact idea about what these external intruders are trying to do along with their source, when it comes to exploiting a remote IoT device, in a typical IoT network; and then suggest recommendations for stopping these threats and future research.

2. Methodology

For setting up the research environment; configuration and the environmental setup were done and is comprised of four (04) key steps as follows.

1.       First, for setting up the IoT honeypot device, in an internet-facing network; a Raspberry Pi derive is used which has the pre-configured Raspberry Pi OS.

2.       Secondly to make our Raspberry Pi module a honeypot; an open-source SSH Pluggable Authentication Module (PAM) is set up on the device (For setting the authentication of OS), which is an open source software package freely available on GitHub.

3.       Next after implementing the PAM module an open-source portable OpenSSH is configured on the Raspberry Pi device, which is also an open-source software package freely available on GitHub. (This OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution, and file transfer)

4.       Then upon the completion of all these configurations, all the login requests that may receive from external parties are configured to log in to the PAM database by default which is in the Raspberry device, where we can use them for our analysis task using a Microsoft SQL server database collating them into a single CSV file, afterward.

5.       For better understanding the Figure. 1 depicts the high-level architecture of our honeypot setup

Figure 1.  The IoT Honeypot architecture

After setting all these configurations, the SSH service which is set up on the Raspberry Pi kept open all the time. Then we connected the Raspberry Pi device with the internet via a broadband router and it was the sole device that is connected to the Internet. The Internet connection itself was a standard residential broadband ADSL service. Finally, the configured IoT SSH honeypot was kept online for over six (06) days, and afterward, logs were taken out and imported to the local computers Microsoft SQL server database for further analysis.

3. Results and Discussion

The SSH service which is set up on the Raspberry Pi was running all the time and was the sole device on the Internet connection. The Internet connection itself was a standard residential broadband ADSL service. Finally, the configured IoT SSH honeypot was kept online for over six (06) days of time. During the time we witnessed a total of 105764 logging attempts. While further breaking down all these requests; the interesting thing what we noted was the vast majority of requests came from four (04) major hosts (sources), which accounted for 90175 requests on the whole. (around 85% from all the requests). Figure. 2 depicts the analysis based on the dispersion of the requests based on geographic area.

Figure 2. Dispersion of the requests based on the geographic area (based on the IP) - Top 05 only

Most of these hosts were attempting to exploit the credentials and they were carrying out a dictionary attack on the root user. The following is a list of the top 20 users that were attempted to exploit the login via the open SSH service.

·         root - 101634

·         admin - 967

·         0 - 98

·         pi - 87

·         test - 76

·         user - 74

·         support - 33

·         odroid - 28

·         ftpuser - 26

·         postgres - 25

·         ubnt - 24

·         guest - 23

·         ubuntu – 18

·         Administrator - 16

·         ftp - 14

·         oracle - 14

·         vagrant - 14

·         webmaster - 14

·         administrator - 13

·         dietpi - 13

Then in the following, we depict the passwords that were attempted. The following is the list of the top

20 passwords we have noted.

·         admin

·         0

·         123456

·         password

·         1234

·         raspberry

·         root

·         ubnt

·         administrator

·         welcome

·         guest

·         openelec

·         test

·         pi

·         alpine

·         default

·         12345

·         postgres

·         alex

·         ftpuser

Based on the results of this simple experiment, the following are the recommendations and conclusions that we have derived from our research.

·         It is evident that most of the intruder sources are dispersed around China which accounts for more than 85% of the exploitation attacks, which we can clearly say most of the attackers are located in China which we needed to be aware of.

·         Followed by China we have the United Arab Emirates, France, Russia and Unites states in the top list, which these malicious hosts are based on; whereas the number of requests received to our honeypot was negligible from these sources as opposed to the number of requests that were received from China.

·         Based on most of the dictionary attacks performed it is evident that most of the attackers are trying to exploit the default user names or passwords (factory fitted username and password). For instance, the default username and password for Kali Linux distribution are root and toor. For some other distributions, it is admin and admin for both username and password.

More examples (See Table 1 below):

Table 1. More examples for default credentials of IoT devices

So we can clearly assume all these external attacks that target these IoT devices are trying to find a simple vulnerability from the end-users end. (e.g.: not changing the default user name and password and keeping open the device connection for the internet), where it would be the easiest way for attackers to exploit your IoT devices for planting malware, used in a botnet for performing Distributed Denial of Service (DDOS) attacks, or performing other types of malicious attacks. Hence based on these conclusions what we can recommend is, it is always advisable to use a reliable antivirus in your personal commuter or smart mobile device .where it would hinder the path of attackers towards infecting your device. On the other hand end users needed to be vigilant for their operating system, inbuilt firewall activities as some software’s may change the configurations on these firewall settings especially with Microsoft window 8, 8.1, and 10 operating systems, as even your smart mobile device or personal computer can act as an IoT device. On the other hand, when it comes to other types of IoT devices such as smart TV, webcams, surveillance cameras, and routers it is more advisable to change the factory-fitted default user names and passwords as it would make it super easy for attackers to intrude into the system. At last but not least whenever you are connecting with the internet it is advisable to think that you are one step close to getting hacked.

5. Conclusions 

Inspired by evaluating the IoT security attacks that target objects in the pervasive IoT environment, we have configured a simple cost effective IoT honeypot architecture and we then provide a comprehensive analysis of requests received along with our observations and recommendations; in this study. Based on our analysis it is evident that leaving services such as SSH open can result in a large number of malicious requests. Hence the users need to be sure to lock down any ports you do not require; from the firewall regardless of their operating system. All these external attacks that target these IoT devices are trying to find a simple vulnerability and if the end-users are not aware of any of the things (not changing the default user name and password and keeping open the connection for the internet), it would be the easiest way to attackers to exploit your IoT devices such as your smart watch, desktop computer, and laptop device and etc. Thus we believed this study would be useful for anyone, who seeks to protect their digital privacy. On the other hand in this study, we have showcased a simple IoT honeypot architecture and demonstrated its ability by connecting with the real Internet, where this would be highly useful for carrying out further research.

Funding: “This research received no external funding”

Conflicts of Interest: “The authors declare no conflict of interest.”

References

[1]    Abomhara, M., & Køien, G. M. (2015). Cyber security and the internet of things: vulnerabilities, threats, intruders, and attacks. Journal of Cyber Security and Mobility, 65-88.

[2]    Soe, Y. N., Feng, Y., Santosa, P. I., Hartanto, R., & Sakurai, K. (2020). Towards a lightweight detection system for cyber attacks in the IoT environment using corresponding features. Electronics, 9(1), 144.

[3]    Stellios, I., Kotzanikolaou, P., Psarakis, M., Alcaraz, C., & Lopez, J. (2018). A survey of IoT-enabled cyberattacks: Assessing attack paths to critical infrastructures and services. IEEE Communications Surveys & Tutorials, 20(4), 3453-3495.

[4]    Radanliev, P., De Roure, D., Cannady, S., Montalvo, R. M., Nicolescu, R., & Huth, M. (2018). The economic impact of IoT cyber risk-analysing past and present to predict the future developments in IoT risk analysis and IoT cyber insurance.

[5]    Thilakarathne, N. N. (2021). Review on the Use of ICT Driven Solutions Towards Managing Global Pandemics. Journal of ICT Research & Applications, 14(3).

[6]    Soe, Y. N., Feng, Y., Santosa, P. I., Hartanto, R., & Sakurai, K. (2020). Towards a lightweight detection system for cyber-attacks in the IoT environment using corresponding features. Electronics, 9(1), 144.

[7]    Dvorkin, Y., & Garg, S. (2017, September). IoT-enabled distributed cyber-attacks on transmission and distribution grids. In 2017 North American Power Symposium (NAPS) (pp. 1-6). IEEE.

[8]    Genge, B., & Enăchescu, C. (2016). ShoVAT: Shodan‐based vulnerability assessment tool for Internet‐facing services. Security and communication networks, 9(15), 2696-2714.

[9]    Bodenheim, R. C. (2014). Impact of the Shodan computer search engine on internet-facing industrial control system devices. AIR FORCE INSTITUTE OF TECHNOLOGY WRIGHT-PATTERSON AFB OH GRADUATE SCHOOL OF ENGINEERING AND MANAGEMENT.

[10] Quinkert, F., Leonhardt, E., & Holz, T. (2019). Dorkpot: A honeypot based analysis of google dorks. In Proceedings of the Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb ‘19), San Diego, CA.

[11] Pelizzi, R., Tran, T., & Saberi, A. (2011). Large-scale, automatic xss detection using google dorks. Stony Brook University, Department of Computer Science. URL: http://www3. cs. stonybrook. edu/~ rpelizzi/gdorktr. pdf (besucht am 23.06. 2016).

[12] Thilakarathne, N. N. (2020). Security and privacy issues in iot environment. International Journal of Engineering and Management Research, 10.

[13] Kagita, M. K., Thilakarathne, N., Gadekallu, T. R., Maddikunta, P. K. R., & Singh, S. (2020). A review on cyber crimes on the Internet of Things. arXiv preprint arXiv:2009.05708.

[14] Kagita, M. K., Thilakarathne, N., Gadekallu, T. R., & Maddikunta, P. K. R. (2020). A review on security and privacy of internet of medical things. arXiv preprint arXiv:2009.05394.

[15] Thilakarathne, N. N., & Wickramaaarachchi, D. (2020). Improved hierarchical role based access control model for cloud computing. arXiv preprint arXiv:2011.07764.

[16] Kagita, M. K., Thilakarathne, N., Rajput, D. S., & Lanka, D. S. (2020). A Detail Study of Security and Privacy issues of Internet of Things. arXiv preprint arXiv:2009.06341.

[17] Thilakarathne, N. N., Kagita, M. K., & Priyashan, W. M. (2022). Green Internet of Things: The Next Generation Energy Efficient Internet of Things. In Applied Information Processing Systems (pp. 391-402). Springer, Singapore.

[18] Nawrocki, M., Wählisch, M., Schmidt, T. C., Keil, C., & Schönfelder, J. (2016). A survey on honeypot software and data analysis. arXiv preprint arXiv:1608.06249.

[19] Nawrocki, M., Wählisch, M., Schmidt, T. C., Keil, C., & Schönfelder, J. (2016). A survey on honeypot software and data analysis. arXiv preprint arXiv:1608.06249.

[20] Pouget, F., & Dacier, M. (2004, May). Honeypot-based forensics. In AusCERT Asia Pacific Information Technology Security Conference.

[21] Thilakarathne, N. N., Kagita, M. K., & Gadekallu, T. R. (2020). The role of the Internet of Things in health care: a systematic and comprehensive study. International Journal of Engineering and Management Research (IJEMR), 10(4), 145-159.

[22] Elhoseny, M., Thilakarathne, N. N., Alghamdi, M. I., Mahendran, R. K., Gardezi, A. A., Weerasinghe, H., & Welhenge, A. (2021). Security and Privacy Issues in Medical Internet of Things: Overview, Countermeasures, Challenges and Future Directions. Sustainability, 13(21), 11645.

[23] Mahendran, R. K., & Velusamy, P. (2020). A secure fuzzy extractor based biometric key authentication scheme for body sensor network in Internet of Medical Things. Computer Communications, 153, 545-552.

[24] Mahendran, R. K., Prabhu, V., Parthasarathy, V., Thirunavukkarasu, U., & Jagadeesan, S. (2021). An energy-efficient centralized dynamic time scheduling for internet of healthcare things. Measurement, 186, 110230.

[25] Kalaiselvan, S. A., Parthasarathy, V., Kumar, M. R., & Geetha, R. An Efficient Technique in Bio Engineering for FMMS with Effective Data Communication in UWSN.