HONEYSCOPE: IoT Device Protection with Deceptive Network Views

  • Reham Mohamed
  • Terrence O’Connor
  • Markus Miettinen
  • William EnckEmail author
  • Ahmad-Reza Sadeghi


The emergence of IoT has brought many new device manufacturers to the market providing novel products with network connectivity. Unfortunately, many of these new entrants to the market lack security engineering experience and focus heavily on time-to-market. As a result, many home and office networks contain IoT devices with security flaws and no clear path for security updates, making them attractive targets for attacks, e.g., recent IoT-centric malware such as Mirai. In this chapter, we discuss a network centric approach to protecting vulnerable IoT devices. We describe a system called HoneyScope, which seeks to achieve two goals. First, each IoT device has a different view of its local network, which limits the damage when a device is compromised. Second, virtual IoT devices are created to confuse and deceive attacker with sophisticated motivations (e.g., fake WiFi connected cameras). To achieve these goals, HoneyScope uses an SDN-based security gateway to create virtualized views of the network and nodes therein providing fine-grained control over the communications that individual devices may have.


  1. 1.
    Amazon’s Alexa recorded private conversation and sent it to random contact. Accessed: 2018-06-20.
  2. 2.
    Linksys WRT 1900AC. Accessed: 2018-06-03.
  3. 3.
    OpenvSwitch. Accessed: 2018-06-03.
  4. 4.
    OpenWRT. Accessed: 2018-06-03.
  5. 5.
    RYU Nicira extensions. Accessed: 2018-06-03.
  6. 6.
    RYU SDN controller. Accessed: 2018-06-03.
  7. 7.
    Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J Alex Halderman, Luca Invernizzi, Michalis Kallitsis, et al. Understanding the Mirai botnet. In USENIX Security Symposium, 2017.Google Scholar
  8. 8.
    H. Chung, M. Iorga, J. Voas, and S. Lee. Alexa, can I trust you? Computer, 50(9):100–104, 2017.CrossRefGoogle Scholar
  9. 9.
    ONF Market Education Committee et al. Software-defined networking: The new norm for networks. ONF White Paper, 2012.Google Scholar
  10. 10.
    Jeremy Erickson, Qi Alfred Chen, Xiaochen Yu, Erinjen Lin, Robert Levy, and Z. Morley Mao. No one in the middle: Enabling network access control via transparent attribution. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ASIACCS ’18, pages 651–658, New York, NY, USA, 2018. ACM.Google Scholar
  11. 11.
    Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, and Jonathan Turner. OpenFlow: Enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev., 38(2):69–74, March 2008.CrossRefGoogle Scholar
  12. 12.
    Markus Miettinen, Samuel Marchal, Ibbad Hafeez, N. Asokan, Ahmad-Reza Sadeghi, and Sasu Tarkoma. IoT Sentinel: Automated device-type identification for security enforcement in IoT. In Proc. 37th IEEE International Conference on Distributed Computing Systems (ICDCS 2017), June 2017.Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Reham Mohamed
    • 1
  • Terrence O’Connor
    • 2
  • Markus Miettinen
    • 1
  • William Enck
    • 2
    Email author
  • Ahmad-Reza Sadeghi
    • 1
  1. 1.Technische Universität DarmstadtDarmstadtGermany
  2. 2.North Carolina State UniversityRaleighUSA

Personalised recommendations