Ludus: Use honeypots smartly to secure your home router
The rising number of attacks against home network routers brings up the importance of securing these devices better. However, the range of available means of defense for home routers is limited. Additional constraints, such as performance of the devices, has to be considered when designing a defense strategy. In our talk we will present project Ludus, which is the result of almost 3 years of research in collaboration with CZ.NIC. It brings the idea of collaborative defense for a large groups of users. That means users can join forces to defend against attackers, and help each other to better secure their devices.
The primary tool that we use for defense is a honeypot: a trap which is designed to stop or stall the attacker while extracting information about the intruder and the course of the attack. There are dozens of types of honeypots, but bearing in mind the technical limitations of the devices, users have to choose where to deploy them.
Attacks against home routers can be modeled as a two-player game. A Game-Theoretical approach provides us with a means of using this model for generating optimal strategies where to deploy the honeypots.
In this talk, we will show our open-source tool Ludus, which utilizes those concepts and is a fully automated honeypot manager for Turris routers and other OpenWRT devices. Moreover, we will discuss the problem of external measurement of the defense strategy efficiency. For that, we propose a combination of security metrics as well as an overall measure of the security. This is intended to give the users and analysts a numerical value on the state of security enabling them to act on this information and further adjust the defense mechanisms. For this metrics, aggregated anonymized data from individual devices are collected and analysed using Kibana. These visualizations are available for all the community for further research.