Presentation is loading. Please wait.

Presentation is loading. Please wait.

ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) This Network is Infected: HoSTaGe - a Low-Interaction Honeypot for Mobile.

Published byCameron Briana Price Modified over 7 years ago

Similar presentations

Presentation on theme: "ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) This Network is Infected: HoSTaGe - a Low-Interaction Honeypot for Mobile."— Presentation transcript:

1 ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM)
This Network is Infected: HoSTaGe - a Low-Interaction Honeypot for Mobile Devices Emmanouil Vasilomanolakis, Shankar Karuppayah, Mathias Fischer, Max Mühlhäuser, Mihai Plasoianu, Lars Pandikow and Wulf Pfeiffer

2 Introduction Increasing number of cyber attacks
Availability of open wireless access, e.g., airports, coffee shops Many mobile devices are used Malware propagation hub/medium Users blindly connect to these networks Defense mechanism usually known to users Firewall Antivirus Notifies AFTER being attacked © Jeremy Brooks, Flickr © Daniel Duclos, Flickr © Jeremey Keith, Flickr HosTaGe - a Low-Interaction Honeypot for Mobile Devices

3 © Calgary Reviews, Flickr
Introduction (cont.) What else can the users use? Honeypots provide an early alert system Designed to be probed, attacked or compromised Emulate vulnerabilities Identify potential malware/attacker BEFORE an attack Requires dedicated machine/hardware (not portable) Honeypot-to-go A mobile (application) honeypot Easily accessible Analysis before connecting to a network © Calgary Reviews, Flickr HosTaGe - a Low-Interaction Honeypot for Mobile Devices

4 Outline Requirements Architecture Proof-of-concept
Performance analysis Limitations & Future work Conclusion HosTaGe - a Low-Interaction Honeypot for Mobile Devices

5 HosTaGe: A low-interaction honeypot for mobile devices
Requirements Requirements Honeypot High interaction Low interaction 1. Visibility 2. Usability 3. Security & Containment 4. Min. Resource Utilization 5. Extendability & Interoperability Define Mobile Honeypot’s definition HosTaGe: A low-interaction honeypot for mobile devices HosTaGe - a Low-Interaction Honeypot for Mobile Devices

6 Graphical User Interface (GUI)
Architecture Logger SQLite database JSON format Text file Port Binder Android OS security policy prevents access to port < 1024 Work around needed HosTaGe Core Emulator: SMB, FTP, … Connection Guard Max connections Timeouts Graphical User Interface (GUI) Single glance overview Network security health indicator Usability Graphical User Interface (GUI) HosTaGe Core Extendability & Interoperability Visibility Emulator Logger Security & Containment Connection Guard Min. Resource Utilization Port Binder Protocol Emulation SMB FTP Connection 1 Connection 2 Dalvik VM Linux Kernel HosTaGe - a Low-Interaction Honeypot for Mobile Devices

7 Proof-of-concept Isolated testbed 3x Computers 1x HosTaGe
1x Wireless access point HosTaGe - a Low-Interaction Honeypot for Mobile Devices

8 Proof-of-concept (cont.)
HosTaGe - a Low-Interaction Honeypot for Mobile Devices

9 Performance Analysis (cont.)
Resource Utilization Automated attacks: 0-5 connection/30s 60 minutes Measured using PowerTutor [1] Other applications measured: WhatsApp Facebook AVG Free Antivirus HosTaGe Under Stress HosTaGe - a Low-Interaction Honeypot for Mobile Devices

10 Limitations & Future Work
Requirement of a rooted device i.e., access to ports < 1024 Malware specific behaviors: Influence detection efficiency, i.e., time required before detection Future Work Extending protocol(s) Call Home feature Geographical location attack mapping Enhancing HosTaGe, e.g., anti-fingerprinting Malware behavior.. Doesn’t affect if it’s a malicious user conducting scan and then attack HosTaGe - a Low-Interaction Honeypot for Mobile Devices

11 shankar.karuppayah@cased.de Conclusion
Proposed the idea of Honeypot-to-go HosTaGe, first low-interaction honeypot for mobile devices Showed the feasibility of such a system Tool to boost security awareness On-the-go security analysis for network administrators Shankar Karuppayah, Doctoral Researcher CASED Mornewegstr. 32 64293 Darmstadt/Germany Phone Fax HosTaGe available at : HosTaGe - a Low-Interaction Honeypot for Mobile Devices

12 References [1] M. Gordon, L. Zhang, B. Tiwana, R. Dick, Z. M. Mao, and L. Yang, “PowerTutor: A power monitor for android-based mobile platforms”, [2] C. Mulliner, S. Liebergeld, and M. Lange. “Poster : HoneyDroid - Creating a Smartphone Honeypot”. In IEEE Symposium on Security and Privacy (S&P), [3] M. Wählisch, T. C. Schmidt, A. Vorbach, C. Keil, J. Schönfelder, and J. Schiller. “Design, Implementation, and Operation of a Mobile Honeypot”. Technical report, [4] M. Wählisch, S. Trapp, C. Keil, J. Schönfelder, T. C. Schmidt, and J. Schiller. “First Insights from a Mobile Honeypot”. In ACM SIGCOMM conference on Applications, technologies, architectures, and protocols for computer communication, pages 305–306. ACM, [5] S. Antonatos, E. P. Markatos, and K. G. Anagnostakis. home : A New Approach to Large-Scale Threat Monitoring”. In ACM workshop on Recurring malcode, pages 38–45. ACM, 2007. HosTaGe - a Low-Interaction Honeypot for Mobile Devices

Download ppt "ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) This Network is Infected: HoSTaGe - a Low-Interaction Honeypot for Mobile."

Similar presentations

A Comprehensive Study for RFID Malwares on Mobile Devices TBD.

A Comprehensive Study for RFID Malwares on Mobile Devices TBD.
Android architecture overview

Android architecture overview
ANDROID OPERATING SYSTEM Guided By,Presented By, Ajay B.N Somashekar B.T Asst Professor MTech 2 nd Sem (CE)Dept of CS & E.

ANDROID OPERATING SYSTEM Guided By,Presented By, Ajay B.N Somashekar B.T Asst Professor MTech 2 nd Sem (CE)Dept of CS & E.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.

Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department.

Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Case study 2 Android – Mobile OS.

Case study 2 Android – Mobile OS.
IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris.

IOS & Android Security, Hacking and Tweaking Workshop D.Papamartzivanos University Of the Aegean – Info Sec Lab Android Security – Cydia Substrate Dimitris.
Graduate Programs in Computer Science Design of cyber security awareness game utilizing a social media framework WA Labuschagne.

Graduate Programs in Computer Science Design of cyber security awareness game utilizing a social media framework WA Labuschagne.
Presentation By Deepak Katta

Presentation By Deepak Katta
Android Introduction Platform Overview.

Android Introduction Platform Overview.
A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Towards A User-Centric Identity-Usage Monitoring System - ICIMP 2008 - Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.

Towards A User-Centric Identity-Usage Monitoring System - ICIMP Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.
Android Introduction Based on slides made by

Android Introduction Based on slides made by
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)

Similar presentations

Ads by Google