Course Description
Introduction to security problems associated with the emerging Internet of Things (IoT) technologies, including privacy disclosure and data manipulation. Topics studied include architectural differences leading to such issues, how adversaries launch attacks by either exploiting software vulnerabilities or physically hacking into the hardware, and mitigation techniques, such as trusted booting.
Athena Title
Internet of Things Security
Prerequisite
CSCI 4730/6730 or permission of department
Semester Course Offered
Not offered on a regular basis.
Grading System
A - F (Traditional)
Course Objectives
Students will learn about recent security incidents related to IoT technologies, such as the 2016 DDoS attack against Dyn and IoT ransomware. They will understand how IoT devices differ from traditional computing systems in architecture, how they produce data and interact with cloud and humans, and why existing security techniques cannot be directly adopted to protect IoT devices. They will also learn the latest efforts from academia and industry towards building secure IoT infrastructures. This will prepare students for doing research on IoT security and developing secure IoT systems.
Topical Outline
I. Introduction to IoT device architecture a. IoT device architecture b. IoT infrastructure III. Security challenges in IoT a. Device management b. Physical exposure c. Architecture diversity d. Architectural limitations: security features/computing power e. Case study IoT and healthcare IoT and medical cyber-physical systems IoT and wearables IoT and industrial controller IoT and smart home IV. Network security a. DDoS attack against Dyn in 2016 b. IoT ransomware c. Defense V. Firmware security a. Firmware and FreeRTOS b. ROP on ARM c. IP protection d. Defense SecureOS: tockos Trusted computing: TrustLite, Sancus, SMART ARM TrustZone for Cortex-m VI. Physical/hardware security a. Input manipulation Sensor/GPS spoofing b. Vehicle/Drone hacking c. Cold boot attack d. Exposed JTAG e. Defense
Syllabus