Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Securing IoT devices using Geographic and Continuous Login Blocking: A honeypot study
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0001-7884-966X
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0003-3089-3885
2020 (English)Conference paper, Published paper (Refereed)
Abstract [en]

IoT (Internet of Things) devices have grown exponentially in the last years, both in the sheer number of devices and concerning areas of applications being introduced. Together with this rapid development we are faced with an increased need for IoT Security. Devices that have previously been analogue, such as refrigerators, door locks, and cars are now turning digital and are exposed to the threats posed by an Internet connection. This paper investigates how two existing security features (geographic IP Blocking with GeoIP and rate-limited connections with fail2ban) can be used to enhance the security of IoT devices. We analyze the success of each method by comparing units with and without the security features, collecting and comparing data about the received attacks for both kinds. The result shows that the GeoIP security feature can reduce attacks by roughly 93% and fail2ban by up to 99%. Further work in the field is encouraged to validate our findings, create better GeoIP tools, and to better understand the potential of the security techniques at a larger scale. The security features are implemented in aws instances made to simulate IoT devices, and measured with honeypots and IDSs (Intrusion Detection Systems) that collect data from the received attacks. The research is made as a fundamental work to later be extended by implementing the security features in more devices, such as single board computers that will simulate IoT devies even more accurately.

Place, publisher, year, edition, pages
2020.
Keywords [en]
IoT, GeoIP, Fail2ban, Honeypot, Cowrie, p0f, Conpot, Snort, Suricata, Geographic Blocking
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:kth:diva-266446OAI: oai:DiVA.org:kth-266446DiVA, id: diva2:1384538
Conference
International Conference on Information Systems Security and Privacy (ICISSP), Valletta, Malta, 25-27 Feb 2020
Note

QC 20200218

Available from: 2020-01-10 Created: 2020-01-10 Last updated: 2020-02-18Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Paper

Authority records BETA

Heiding, FredrikOmer, Mohammad-AliWallström, Andreas

Search in DiVA

By author/editor
Heiding, FredrikOmer, Mohammad-AliWallström, AndreasLagerström, Robert
By organisation
Network and Systems Engineering
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 55 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf