Examining Effectiveness of Web-Based Internet of Things Honeypots

The Internet of Things (IoT) is growing at an alarming rate. It is estimated that there will be over 25 billion IoT devices by 2020. The simplicity of their function usually means that IoT devices have low processing power, which prevent them from having intricate security features, leading to vulnerabilities for attackers. Honeyd is popular open-source software written by Niels Provos that creates low-interaction virtual honeypots. It is able to simulate everything on the network level, allow the user to create various Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) services, and allow Operating System (OS) simulation for scanning tools such as Nmap. Three IoT devices are simulated in Honeyd: a TITAThink camera, a Proliphix thermostat, and an ezOutlet2 power outlet. The common theme among all the devices is that that they utilize the Hypertext Transfer Protocol (HTTP) to display their information to the user. This research seeks to determine if Honeyd is capable of producing convincing web based IoT honeypots.