14-829 / 18-638: Mobile and IoT Security - Fall 2020

Logistics:

Class Structure & Schedule:

Lectures will be pre-recorded, and videos will be available via Canvas. Students are expected to watch each week's videos prior to the corresponding class. Class time will be dedicated to detailed discussions of the lecture materials, discussion of course tasks, and occasional demos. Classes are scheduled for Tuesdays & Thursdays, 8:40-10:00am PST / 11:40am-1:00pm EST, and half of the class will be assigned to attend in-person or remotely on each of these days. Students can choose to attend their assigned class days in person (B23 109/110 in SV, CIC DEC in Pgh) or via Zoom (link available on Canvas). The week-by-week schedule of topics, deadlines, assigned reading, and other details is available on the weekly schedule. Please note that the topic schedule may change at any time, but the deadlines will not change.

Course Description:

For many people, mobile and embedded devices have become an essential part of life and work. As such devices represent many and varied combinations of technologies, they have unique security and privacy issues that potentially impact users, developers, service providers, manufacturers, and regulators. This course will focus on various aspects of security and privacy that are faced by mobile and Internet of Things devices, including aspects of wireless communication and networking, mobile computing, data analytics, security, and privacy. The course will include studies of security and privacy aspects of networking (including telecom, enterprise, personal, etc.), applications, and data analytics as relevant to mobile and embedded/IoT devices. One of the main goals of the course is to improve knowledge and awareness of security issues faced by mobile application developers, embedded system builders, and smart system designers. Material will cover standards, best practices, and research challenges in both deployed and emerging systems. Topics of study include (but are not limited to) telecom protocols and vulnerabilities; mobile/IoT network security; security and privacy in edge computing; mobile application security; and location and activity privacy. In addition to individual homework assignments, students will participate in an intensive group project involving significant research, development, and experimentation. Graduate standing is required to register for this course.

Evaluation & Grading:

Students will be individually evaluated on all course deliverables. Contributions to the final grade will be 30% for individual mini lab assignments; 25% for group presentations; 25% for written reports; and 20% for the exam.

Prerequisites:

Graduate standing and (18631 or 18730 or 14741) and (14740 or 18756 or 15641).

Contact the instructor directly with questions about prerequisites.

Reading Material & Textbooks:

Textbooks will not be explicitly used; course material will be based primarily on research papers. Students are expected to lightly read the assigned research papers to get an understanding of the main concepts and contributions. Optional textbooks can be suggested by the instructor to students interested in brushing up on relevant background topics.

Course Deliverables:

Students will participate in a significant group project in addition to individual homework assignments and an exam. All submissions are to be made through Canvas. Email submissions will not be accepted.

Project:

Teams of students will work on a collaborative project for the duration of the semester. Students are responsible for forming their own teams based on common interests and/or complementary skills. Through the semester, teams will prepare multiple project presentations and written reports as follow.

• Project Pitch: Due Sep 24
• Statement of Work: Due Oct 8
• Project Updates: Due Oct 22, Nov 5, and Nov 19
• Final Report: Due Dec 15 (in-class presentations earlier)
• Peer Evaluations: Due Oct 15 and Nov 12

These deliverables are also briefly summarized on the Project Info page.

Exam:

An online exam will take place during the week of Nov 16. Please contact the instructor as soon as possible if special arrangements or accommodations are needed.

Mini Lab Assignments:

The mini lab assignments are tasks to give you deeper familiarity with the lecture content and surrounding areas. Labs must be done individually. Discussion is encouraged, but each student must submit their own work.

• Lab #1: Understanding Android Apps & Permissions -- Due Sep 11
• Lab #2: Subverting Android Permissions for Fun and Profit -- Due Sep 25
• Lab #3: Analyzing Mobile Apps in the Wild -- Due Oct 9
• Lab #4: Exploring Android App Protections -- Due Oct 16
• Lab #5: Surveying IoT Application Platforms -- Due Oct 23
• Lab #6: Analyzing IoT Apps in the Wild -- Due Nov 6
• Lab #7: Security & Privacy of IoT Sensing -- Due Dec 4

Policies, Ethics, etc.:

Students taking the Mobile Security course are expected to follow various academic policies set forth by the departments, colleges, and university, as well as additional policies specific to this course. Please see this course's policy overview page for more details.