14-829 / 18-638: Mobile and IoT Security - Fall 2021

Logistics:

Class Structure & Schedule:

Class time will be used for lecture, discussion, activities, and general Q/A. Class recordings will not be available by default. Classes are scheduled for Mondays & Wednesdays, 3:15-4:35pm PT in B23 Room 211 / 6:15-7:35pm ET in INI DEC, and students are expected to attend all class sessions. The week-by-week schedule of topics, deadlines, assigned reading, and other details is available on the weekly schedule. Please note that the topic schedule may change at any time, but the deadlines will usually not change. In the event that deadlines change, they will move to later dates/times.

Course Description:

For many people, mobile and embedded devices have become an essential part of life and work. As such devices represent many and varied combinations of technologies, they have unique security and privacy issues that potentially impact users, developers, service providers, manufacturers, and regulators. This course will focus on various aspects of security and privacy that are faced by mobile and Internet of Things devices, including aspects of wireless communication and networking, mobile computing, data analytics, security, and privacy. The course will include studies of security and privacy aspects of networking (including telecom, enterprise, personal, etc.), applications, and data analytics as relevant to mobile and embedded/IoT devices. One of the main goals of the course is to improve knowledge and awareness of security issues faced by mobile application developers, embedded system builders, and smart system designers. Material will cover standards, best practices, and research challenges in both deployed and emerging systems. Topics of study include (but are not limited to) telecom protocols and vulnerabilities; mobile/IoT network security; security and privacy in edge computing; mobile application security; and location and activity privacy. In addition to individual homework assignments, students will participate in an intensive group project involving significant research, development, and experimentation. Graduate standing is required to register for this course.

Evaluation & Grading:

Students will be individually evaluated on all course deliverables. Contributions to the final grade will be roughly 30% for individual mini lab assignments; 25% for group presentations; 25% for written project reports; and 20% for quizzes and exams.

Prerequisites:

In general, the course is open to graduate students who have some background/experience with networking and security.

Officially, the prerequisites of the course are: graduate standing and (18631 or 18730 or 14741) and (14740 or 18756 or 15641).

Contact the instructor directly with any questions about prerequisites.

Reading Material & Textbooks:

Textbooks will not be explicitly used; course material will be based primarily on research papers. Students are expected to lightly read the assigned research papers to get an understanding of the main concepts and contributions. Optional textbooks can be suggested by the instructor to students interested in reviewing relevant background topics.

Academic Integrity, Policies, Rules, and Ethics:

Students taking the Mobile & IoT Security course are expected to follow various academic policies set forth by the departments, colleges, and university, as well as additional policies specific to this course. Please see this course's policy overview page for more details.

Course Deliverables:

Students will participate in a significant group project in addition to individual homework assignments and an exam. All submissions are to be made through Canvas. Email submissions will not be accepted.

Project:

Teams of students will work on a collaborative project for the duration of the semester. Students are responsible for forming their own teams based on common interests and/or complementary skills, though course staff will assist as needed. Through the semester, teams will prepare multiple project presentations and written reports as follow.

• Project Pitch: Due Sep 24
• Statement of Work: Due Oct 8
• Project Updates: Due Oct 22, Nov 5, Nov 19
• Final Report: Due Dec 10 (in-class presentations earlier)
• Peer Evaluations: Due Oct 15 and Nov 12

These deliverables are also briefly summarized on the Project Info page.

Quizzes and Exams:

Quizzes and exams will gauge student comprehension of materials covered in lectures and in-class discussions. Quizzes will be online using Canvas or Gradescope, and students must complete each quiz entirely on their own. Exams will either be in class or online and will be announced once the schedule has been finalized.

Please contact the instructor as soon as possible if special arrangements or accommodations are needed.

Lab Assignments:

The lab assignments are tasks to give you deeper familiarity with the lecture content and surrounding areas. Labs must be done individually. Discussion is encouraged, but each student must do their own work and submit their own content.

• Lab #1: Understanding Android Apps & Permissions -- Due Sep 10
• Lab #2: Subverting Android Permissions for Fun and Profit -- Due Sep 17
• Lab #3: Analyzing Mobile Apps in the Wild -- Due Sep 24
• Lab #4: Exploring Android App Protections -- Due Oct 1
• Lab #5: Surveying IoT Application Platforms -- Due Oct 15
• Lab #6: Analyzing IoT Apps in the Wild -- Due Oct 29
• Lab #7: Security & Privacy of IoT Sensing -- Due Nov 23