Mobile, Embedded, & Wireless Security

14-829: Mobile Security - Fall 2013

Cross-listed as 18-638 & 96-835

Instructor: Patrick Tague
Email: tague [at] cmu [dot] edu
Office: B19 1029
Phone: 650-335-2827
Skype: ptague
Teaching Assistant: Yuan Tian
Email: yt [at] cmu [dot] edu
Office hours: Wednesday 4:30-5:30pm Eastern Time
Office hours location: CIC 2206
Skype: yuantiansec

Logistics:

Contacting the instructor & TAs:
For sensitive or critical questions or concerns, please contact the instructor at the address above. For all other course-related questions, comments, or concerns, please email both the instructor and TA using the addresses above.

Class Meetings:
Mondays & Wednesdays, 10:30-11:50am PDT (1:30-2:50pm EDT)
B23 118 in SV, INI DEC in Pgh

Course Description:
Mobile devices continue to evolve and penetrate our everyday lives, leading to increased importance of mobile security - a topic living in the intersection of wireless communication, mobile computing, and computer security. This course focuses on aspects of information and network security that arise in this challenging and ever-evolving space of mobile communication systems, primarily focusing on smartphones and mobile telecommunication systems, but also including aspects of mobile ad hoc and sensor networks. One of the main goals of the course is to improve knowledge and awareness of security issues faced by mobile application and system developers. Material will cover standards and research challenges in both deployed and future systems. Possible topics of study include (but are not limited to) telecom vulnerabilities; smartphone security; mobile Internet security; mobile location privacy; and ad hoc, mesh, and sensor network security. In addition to short homework assignments, students will survey and present recent research papers and participate in an intensive group project involving significant research, development, and/or implementation.

Evaluation & Grading:
Students will be individually evaluated on all course deliverables. Contributions to the final grade will be 25% for individual assignments; 30% for group presentations; 25% for written reports; and 20% for the exam.

Prerequisites:
Graduate standing; students are expected to be comfortable with security at the level of 14-741 or 18-730 and telecommunications / networking at the level of 14-740 or 15-441. Contact the instructor directly with questions about requirements.

Reading Material & Textbooks:
Textbooks will not be explicitly used; course material will be based primarily on research papers. Students are expected to read the assigned research papers (reading material may show up on assignments and exam), but reading reviews are not required. For students who are not familiar with relevant background, the following optional textbooks may help.
  • Frank Adelstein, Sandeep K.S. Gupta, Golden G. Richard III, and Loren Schwiebert, Fundamentals of Mobile and Pervasive Computing, 2005.
  • Noureddine Boudriga, Security of Mobile Communications, 2010.
  • Levente Buttyán and Jean-Pierre Hubaux, Security and Cooperation in Wireless Networks, 2008. [Available Online]
  • Abhishek Dubey and Anmol Misra, Android Security: Attacks and Defenses, 2013.
  • Himanshu Dwivedi, Chris Clark, and David Thiel, Mobile Application Security, 2010.
  • Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World, 2002.
  • William Stallings, Wireless Communications & Networks, 2004.
  • Patrick Traynor, Patrick McDaniel, and Thomas La Porta, Security for Telecommunications Networks, 2008.
  • David Tse and Pramod Viswanath, Fundamentals of Wireless Communication, 2005. [Available Online]

Course Deliverables:

Students will participate in a significant group project in addition to individual homework assignments, an exam, and an individual audit of a mobile application or service. All submissions are to be made through Blackboard. Email submissions will not be accepted.

Project:
Teams of students will work on a collaborative project for the duration of the semester. Students are responsible for forming their own teams based on common interests and/or complementary skills. Teams will provide five primary deliverables: a topic survey, a project proposal, a progress report, a final presentation, and a final report.
  • Survey: During the first half of the course, each team will give a survey presentation on the background and challenges in their chosen project area. Deadline: October 9
  • Proposal: Each team will provide a detailed proposal of their project tasks for the duration of the semester. Deadline: October 14
  • Progress report: During the eleventh week, each team will provide a report of their progress toward the proposed tasks and propose any changes to the project. Deadline: November 4-6
  • Final Presentation: Each team will present their project results to the class. Deadline: December 2-4
  • Final Report: Before the end of the term, each team will provide a written report detailing their project activities and outcomes; this can take the form of a conference paper submission if desired. Deadline: December 11

Mobile App Audit:
Over the duration of the semester, each student will progressively perform an audit of a "feature-rich" existing or envisioned mobile application. Each student will apply the knowledge gained across topic areas covered during the semester to describe potential security/privacy issues of their chosen app and come up with a "blueprint" for how the app could be re-designed to potentially address these issues. At the end of the semester, each student will submit a written report (max 5 pages) that 1) describes functionality, features, and interactions involved in the mobile application; 2) details the vulnerabilities and threats in specific smartphone system components that are relevant to the security of the chosen application; and 3) provides a list of recommendations or considerations that could be used to design and develop an improved app in the future. Deadline: December 11

Exam:
Open-book, open-notes, in-class exam: November 18

Assignments:
Assignments must be done individually. Discussion is encouraged, but each student must submit her/his own work.

Daily Schedule and Reading Material:

Students should consult the daily schedule for relevant reading materials and a complete list of the topics covered, important dates, and events. Note that this daily schedule is tentative and can change at any time.