Nomadic Honeypots A Novel Concept for Smartphone Honeypots Steffen Liebergeld , Matthias Lange and Collin Mulliner Security in Telecommunications Technische Universit¨ at Berlin, Germany { steffen,mlange } @sec.t-labs.tu-berlin.de Northeastern University crm@ccs.neu.edu May 23, 2013
Smartphones are a Valuable Target for Attackers Ubiquitous Precious personal information ◮ Login credentials for email, social networks ... ◮ Banking credentials, Wallet ◮ Location Always online Directly generate money Lots of infection vectors Liebergeld (TUB) Nomadic Honeypots May 23, 2013 1 / 9
Motivation Users conscious about security Having countermeasures can be valuable market asset for cellular operators Requires information on current threats How can we collect information on mobile threats? Liebergeld (TUB) Nomadic Honeypots May 23, 2013 2 / 9
Infection Vectors on Smartphones User interaction required: ◮ Apps ◮ QR-Codes Phone needs to be placed within reach of: ◮ NFC ◮ Bluetooth ◮ WiFi, ◮ FM-radio Insight: Static Honeypots will not work Liebergeld (TUB) Nomadic Honeypots May 23, 2013 3 / 9
Idea: Collect Threat Information Directly on Smartphone Smartphone infected with Nomadic Honeypots Bluetooth worm Ordinary Smartphones I n f o Inform r m Malicious WiFI Warn n a r W Operator Liebergeld (TUB) Nomadic Honeypots May 23, 2013 4 / 9
Concept of Nomadic Honeypots Functional requirements: ◮ Collect threat information ◮ Send collected information to operator ◮ Confine attack: pose no harm to others Threat Model: ◮ Allow smartphone OS to be completely compromised Liebergeld (TUB) Nomadic Honeypots May 23, 2013 5 / 9
Concept of Nomadic Honeypots Partition the device Isolate partitions from one another Honeypot Partition: ◮ Runs smartphone OS ◮ Interacts with the user ◮ Hosts user information and Apps ◮ Cannot directly communicate ◮ Cannot tamper with data in second partition even when compromised Infrastructure Partition: ◮ Mediates access to all communication devices ◮ Sensors for threat information collection ◮ Snapshot mechanism for Honeypot partition ◮ Backchannel to operator (e.g VPN) Liebergeld (TUB) Nomadic Honeypots May 23, 2013 6 / 9
Practical Design Honeypot VM Infrastructure VM Applications Mobile OS (ABI unmodified) Virtual Devices Sensors Backchannel Microkernel Hardware Communication Devices Liebergeld (TUB) Nomadic Honeypots May 23, 2013 7 / 9
Challenges Social challenges: How to find people who use nomadic honeypot as their primary phone ? Privacy issue: information is sent to operator Usability issue: Battery duration, performance degraded Technical challenges: How to virtualize efficiently? ◮ Must ensure performance ◮ Keep battery duration at reasonable levels How to build reasonable sensors? ◮ Which data streams to monitor? ◮ Sweet spot: Processing on device versus sending data to operator Liebergeld (TUB) Nomadic Honeypots May 23, 2013 8 / 9
Take Away Nomadic Honeypots: New concept for smartphone honeypots Threat collection directly on the device Two isolated partitions: Honeypot and Infrastructure Practical design proposed Work has just started Contributions welcome: steffen@sec.t-labs.tu-berlin.de Liebergeld (TUB) Nomadic Honeypots May 23, 2013 9 / 9
Prototype Based on Fiasco.OC, L4Re and L4Android Runs on Galaxy S2 smartphone Mediates baseband access Parts missing: Sensors, mediating NFC, Bluetooth, secure backchannel Lots of optimization needed Battery duration of about a day Liebergeld (TUB) Nomadic Honeypots May 23, 2013 9 / 9
Recommend
More recommend
