14-829: Mobile and IoT Security

For many people, mobile and embedded devices have become an essential part of life and work. As such devices represent many and varied combinations of technologies, they have unique security and privacy issues that potentially impact users, developers, service providers, manufacturers, and regulators. This course will focus on various aspects of security and privacy that are faced by mobile and Internet of Things devices, including aspects of wireless communication and networking, mobile computing, data analytics, security, and privacy. The course will include studies of security and privacy aspects of networking (including telecom, enterprise, personal, etc.), applications, and data analytics as relevant to mobile and embedded/IoT devices. One of the main goals of the course is to improve knowledge and awareness of security issues faced by mobile application developers, embedded system builders, and smart system designers. Material will cover standards, best practices, and research challenges in both deployed and emerging systems. Topics of study include (but are not limited to) telecom protocols and vulnerabilities; mobile/IoT network security; security and privacy in edge computing; mobile application security; and location and activity privacy. In addition to individual homework assignments, students will participate in an intensive group project involving significant research, development, and experimentation. Graduate standing is required to register for this course.

Students will be individually evaluated on all course deliverables. Contributions to the final grade will be roughly 30% for individual mini lab assignments; 25% for group presentations; 25% for written project reports; and 20% for quizzes and exams.

In general, the course is open to graduate students who have some background/experience with networking and security.

Officially, the prerequisites of the course are: graduate standing and (18631 or 18730 or 14741) and (14740 or 18756 or 15641).

Contact the instructor directly with any questions about prerequisites.

Textbooks will not be explicitly used; course material will be based primarily on research papers. Students are expected to lightly read the assigned research papers to get an understanding of the main concepts and contributions. Optional textbooks can be suggested by the instructor to students interested in reviewing relevant background topics.

Project: Teams of students will work on a collaborative project for the duration of the semester. Students are responsible for forming their own teams based on common interests and/or complementary skills, though course staff will assist as needed. Through the semester, teams will prepare multiple project presentations and written reports.

Quizzes and Exams: Quizzes and exams will gauge student comprehension of materials covered in lectures and in-class discussions. Quizzes will be online using Canvas or Gradescope, and students must complete each quiz entirely on their own. Exams will either be in class or online and will be announced once the schedule has been finalized.

Lab Assignments: The lab assignments are tasks to give you deeper familiarity with the lecture content and surrounding areas. Labs must be done individually. Discussion is encouraged, but each student must do their own work and submit their own content.

• Lab #1: Understanding Android Apps & Permissions
• Lab #2: Subverting Android Permissions for Fun and Profit
• Lab #3: Analyzing Mobile Apps in the Wild
• Lab #4: Exploring Android App Protections
• Lab #5: Surveying IoT Application Platforms
• Lab #6: Analyzing IoT Apps in the Wild
• Lab #7: Security & Privacy of IoT Sensing