Eleonora Losiouk
- Personal Information
- Google Scholar
- Scopus
- elosiouk[at]math.unipd.it
- eleonora.losiouk
- Room 530, Dipartimento di Matematica, Via Trieste 63, 35121 Padova, Italy
Course Information:
Teaching Assistant: Marco Casagrande (m.casagrande.1993@gmail.com)
Language: The course and the exam will be in English.
Credits: 6 CFU.
Lectures mode: the course will be organized by following the "dual mode", which means that each lecture will be available at the same time in the classroom and online.
Each student can choose whether to follow the lecture at the university or at home. All lectures will be recorded and uploaded at the end of the lecture.
Schedule: II semester (course schedule is published HERE).
Slack Group: Students enrolled for this course are invited to join THIS Slack group.
Course Content:
"Mobile and IoT security" is a hands-on course, where each lesson has a theoretical introduction to a new topic (~30% of the time), followed by a set of exercises related to the introduced topic (~70% of the time). The course is divided in two parts as follows.
Mobile security part. The first part covers the 80% of the course. For this part, the exercises are in the format of Capture The Flag (CTF) challenges: the student is asked to solve a problem and to find the "flag", which is nothing more than a string located somewhere. Topics of the first part are the following ones:
- Internal architecture of the Android Operating System.
- Mobile app components (Activity, Service, Content Provider, Broadcast Receiver).
- Mobile app analysis techniques.
- Mobile app reverse engineering techniques.
- Mobile app vulnerability assessment.
- Static and dynamic analysis techniques for mobile apps.
- Mobile app vulnerability exploitation.
IoT security part. The second part covers the 20% of the course. For this part, the practical component focuses on the analysis of real Bluetooth Low-Energy (BLE) traffic packets. The student is provided with a set of .pcap files previously collected and is asked to analyze them to find vulnerabilities. Eventually, students might get real fitness tracker devices and collect BLE traffic on their own. Topics of the second part are the following ones:
- Fundamentals of the Bluetooth and Bluetooth Low-Energy communication protocols.
- Pairing methods (legacy connections, secure connections).
- Authentication methods (challenge-response soultions).
- Eavesdropping and man-in-the-middle attacks.
- Impersonation attacks.
Knowledge about cybersecurity fundamentals (e.g., cryptography, access control, authentication) can be helpful, but is not mandatory.
Grading Criteria:
To complete the exam, the student has two options.
Option One (CTF). If choosing the "Option One", the student is asked to face a two-hour practical exam, in which he/she is provided a CTF challenge that covers all the topics of the course. To see the rules of the first option, please, visit this web page.
Option Two (Project). If choosing the "Option Two", the student is asked to individually work on a project (group of people for the same project are also allowed upon discussion with the Lecturer) chosen among a list of projects provided by the Lecturer. The student is required to fill in this shared file, specifying the tools he is going to analyze. Students have to analyze different tools, unless they are part of a team. The estimated effort for each project is around two full time weeks per person. The projects cover either mobile security or IoT security related topics and they are definitely research-oriented. Thus, the student has to acquire deep knowledge specific for the project topic. For more informatio about the project option, please, visit this web page. If you plan to go with the project option, please, first send an email to Marco and me to agree upon the tools you will evaluate.