Home // SECURWARE 2019, The Thirteenth International Conference on Emerging Security Information, Systems and Technologies // View article

Implementation of MQTT/CoAP Honeypots and Analysis of Observed Data

Authors:
Hajime Shimada
Katsutaka Ito
Hirokazu Hasegawa
Yukiko Yamaguchi

Keywords: Honeypod; Internet of Things; MQTT; CoAP.

Abstract:
Recently, there are many systems that utilize Internet of Things (IoT) effectively. Those systems often use simple IoT-aimed protocols, such as Message Queue Telemetry Transport (MQTT) or Constrained Application Protocol (CoAP). However, recent cyber-attacks have been targeting IoT systems (e.g., the ``Mirai'' malware) so we concerned that malicious person could also exploit IoT-aimed protocols in cyber-attacks. Thus, we proposed MQTT/CoAP honeypots to observe possible cyber-attack or scouting activities related to cyber-attack. To imitate real IoT systems, the proposed honeypots hold imitated sensing data which is updated periodically. Also, to avoid ill use by attackers, the proposed honeypot, accepts update requests from the Internet but the updated value is only visible to the same request source IP address. The proposed honeypots were deployed in December 2016 (MQTT) and August 2017 (CoAP) and requests were observed from the Internet continuously. We observed several mysterious requests to both MQTT and CoAP honeypots. We observed that the MQTT honeypot received some non-MQTT protocol based requests to 1883/TCP and some of them are wrongly interpreted as MQTT protocol. We determined that an effective MQTT server must be robustly implemented to handle there types of requests.

Pages: 35 to 40

Copyright: Copyright (c) IARIA, 2019

Publication date: October 27, 2019

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-746-7

Location: Nice, France

Dates: from October 27, 2019 to October 31, 2019