CIS 4930 - Secure IoT
Class Schedule
This schedule will be updated as the semester progresses. Find the tentative syllabus here.
| Date | Topics | Recommended Readings | Other Activities/Notes |
|---|---|---|---|
| 08/27/2024 | Course Introductions [slides] | 1. Ken Thompson, Reflections on Trusting Trust. Turing Award Lecture, 1983. (link) |
1. Homework 1 assigned; due 09/03 2. Project Phase 1 (Idea and Team formation) assigned; due 09/05 11:59 pm |
| 08/29/2024 | 1. IoT Security fundamentals 2. Intro to HomeAssistant [slides] |
1. Security Engineering, Chapter 1 [link] 2. HomeAssistant Architecture [link1, link2] and Integrations [link1, link2] |
08/30 Last day to add/drop classes |
| 09/03/2024 | Crypto 1: Secret Key Crypto [slides] | Security Engineering, Chapter 5.1-5.5 [link] | Homework 1 Due |
| 09/05/2024 | Crypto 2: Hashes and Message Authentication [slides] | 1. Security Engineering, Chapter 5.6 [link] 2. Ross Anderson, Why Cryptosystems fail [link] |
1. Project Phase 1 Due 2. Homework 2 assigned; due 09/19 11:59 pm |
| 09/10/2024 | Crypto 3: Public Key Cryptography [slides] | Security Engineering, Chapter 5.7 [link] | Project Phase 2 assigned (HomeAssistant Integration Design and Implementation); due 10/22 11:59 pm |
| 09/12/2024 | SSL/TLS [slides] | SSL and TLS: A Beginner’s Guide [link] | |
| 09/17/2024 | Access Control Basics [slides] | 1. Operating System Security, Chapters 1,2 and 5 [link] 2. [Only Section I-A] J. Saltzer and M. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9) (1975) pp. 1278-1308 [link] |
Project Plan due |
| 09/19/2024 | Information Flow Control [slides] [reading-papers] | 1. [BB] How risky are real users’ IFTTT applets? [link] | Homework 2 due |
| 09/24/2024 | Trigger-Action Programs [slides] | 1. [BB] Soteria: Automated IoT Safety and Security Analysis [link] 1. [BB] Towards a natural perspective of Smart Homes for Practical Security and Safety Analyses [link] |
Homework 3 assigned; due 10/08 due |
| 09/26/2024 | |
1. [BB] Security Analysis of Emerging Smart Home Applications [link] | |
| 10/01/2024 | Smart Home Platforms: Lateral Privilege escalation [slides] | 1. [BB] A Study of Data Store-based Home Automation [link] | |
| 10/03/2024 | Smart Home Security: Situational Access Control and Integrity Validation [slides] | 1. [BB] Situational Access Control in IoT [link] 2. [BB] Practical Integrity Validation in the Smart Home [link] |
|
| 10/08/2024 | |
1. |
|
| 10/10/2024 | 2. Midterm exam review |
1. |
|
| 10/15/2024 | |
1. [BB] Rethinking Access Control and Authentication for the Home IoT [link] | |
| 10/17/2024 | Asynchronous Class 2: ‘Crypto- API Misuses in IoT Apps' | 1. [BB] Jin et. al., Understanding IoT Security from a Market-Scale Perspective, CCS 2022 [link] | |
| 10/22/2024 | 1. Integrity Validation (contd..) 2. Class updates, Midterm notice [slides] |
||
| 10/24/2024 | Midterm Exam | Homework 3 due | |
| 10/29/2024 | 1. Async classes recap 2. Permission Models and Platform Defenses |
1. [BB] Android Permissions Demystified [link] | |
| 10/31/2024 | Smart Home Wrap-Up: Privacy Issues [slides] | 1. [BB] Smart Home Privacy Policies Demystified [link] | |
| 11/05/2024 | 1. Network Security: TCP/IP 2. Smart Home Quiz! [slides] |
1. A look back at “Security problems in the TCP/IP protocol suite” [link] | Project Phase 2 report due |
| 11/07/2024 | Network Security: Worms and Botnets [slides] | 1. S. Staniford and V. Paxson and N. Weaver. "How to 0wn the Internet in Your Spare Time". In Proceedings of the 11th USENIX Security Symposium, August 2002. [link] | 1. Project Phase 3 (IoT app analysis proposal) assigned; due 11/12
2. Homework 4 assigned; due 11/26 |
| 11/12/2024 | Network Security: Routing [slides] | 1. "Why is it Taking so Long to Secure Internet Routing?" [link] | 1. Project Phase 3 due 2. Project Phase 4 (Implementation and Evaluation) assigned; due 12/12 |
| 11/14/2024 | Network Security: Wireless [slides] | 1. Brenza et al. "A Practical Investigation of Identity Theft Vulnerabilities in Eduroam". In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec). 2015 [link] | |
| 11/19/2024 | Network Security: Intrusion Detection and Firewalls [slides] | 1. S. Axelsson, "The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection". In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999. [link] | |
| 11/21/2024 | Network Security: User Authentication 1 | 1. Troy Hunt, "The science of password selection" [link] | |
| 11/26/2024 | Network Security: User Authentication 2 | 1. P. G. Kelley et al., "Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms". IEEE Symposium on Security and Privacy, 2012. [link] | Homework 4 due |
| 11/28/2024 | No Class. Happy Thanksgiving! |
||
| 12/03/2024 | Finals review and Project Updates 1 | ||
| 12/05/2024 | Finals review and Project Updates 2 | ||
| 12/10/2024 | Final Exam | ||
| 12/12/2024 | Project Phase 4 report due |