IoT Security

Module Number: EI71084

Duration: 1 Semester

Ocurrence: Winter Semester and Summer Semester

Language: English

Number of ECTS: 5

Staff

Professor in charge: Sebastian Steinhorst

Amount of work

Contact hours: 45

Self-study hours: 105

Total: 150

Description of Achievement and Assessment Methods

Achievement of the intended learning outcomes is assessed in a single oral exam at the end of the semester (40% of the final grade). Additionally, three assignments given during the semester are evaluated and contribute for the 60% of the final grade (20% for each).

Assessment criteria are:
- Ability to explain the basic security terms and attacks against the different layers of the IoT stack.
- Ability to perform basic penetration testing of IoT applications and protocols.
- Ability to define and implement some of the security mitigation mechanisms against various attacks.

Prerequisites (recommended)

Must: good programming skills.
Preferable: basic knowledge of computer networking.

Intended Learning Outcomes

Upon successful completion of the module, the student should be able to:
- Explain the basic concepts of IoT (computer) security and the most common threats that threaten the modern IoT systems.
- Plan and execute pen testing for IoT systems.
- Choose, design and implement some protection techniques to secure IoT systems.

Content

This course focuses on the security aspects within the IoT protocol stack (i.e., data, application, and network). The course starts by looking at the IoT stack and discussing the most common IoT applications and some recent attacks against those applications. The course discusses some of the famous crypto algorithms applied to secure the (exchanged) data. Students shall implement some of these algorithms and try some techniques to break them (if possible). The course also introduces some of the authentication protocols that shall be adopted to solve some security issues in modern IoT applications. Students must implement these protocols and, later, try to break them. Attacks such as DoS and MITM are discussed in detail during the course. The students need to perform such attacks using existing tools (e.g., using Kali Linux tools) or writing their own tools. The course investigates the SSL protocol as an excellent example of securing IoT communication. Students need to integrate this protocol to ensure secure communication between smart devices. Finally, the course discusses some of the IoT software vulnerabilities and attacks which exploit these security weaknesses and how to harden the system.

Teaching and Learning Methods

The content will be taught using slides. Tutorials will be given to the students to exercise what they learned in the lectures and help them solve the assignments.

Media

The following media are used:
- Presentations (Projector, Blackboard)
- E-learning platform Moodle

Reading List

- Book: Bruce Schneier, Applied Cryptography Protocols, Algorithms, and Source Code in C.
- Ziegler, Sébastien, ed. Internet of Things Security and Data Protection. Springer International Publishing, 2019.
- Dhanjani, Nitesh. Abusing the internet of things: blackouts, freakouts, and stakeouts. " O'Reilly Media, Inc.", 2015.