General information

Module title Mobile Systems Security
Language English
Module lecturer dr Michał Ren
Lecturer's email renmich@amu.edu.pl
Lecturer position adiunkt
Faculty Faculty of Mathematics and Computer Science
Semester 2021/2022 (summer)
Duration 60
ECTS 6
USOS code 06-DBSMLI0-E

Timetable

Module aim (aims)

The course teaches the principles of programming secure applications on mobile platforms. Students will be expected to write several very simple applications, where focus will be on secure design, and learning the security mechanisms in the mobile platform chosen by them. The overall aim is to teach the security mindset in design, programming and deployment of mobile applications, giving an overview of the most popular platforms, but without imposing any one of them.

Pre-requisites in terms of knowledge, skills and social competences (where relevant)

Prior experience in programming on any mobile platforms (particularly on Android/iOS) is helpful, however the course is structured in such a way that it is not required, and the majority of students attending it do not possess any. The course is typically taught to computer science students in their third or fourth year, but many ambitious second-year students have been very successful in it.

Syllabus

Basic security principles and the AIC/CIA triad.

Basic cryptography, historical ciphers, modern symmetric ciphers, cipher modes of operation - from ECB to CTR.

Password storage, hashing, key stretching, rainbow tables, common attacks.

Multi-factor authentication - S/KEY, HOTP, TOTP, FIDO U2F.

Biometrics - test design, ROC curves, fingerprint scanning, iris scanning, face recognition common attacks.

GSM structure and security features - SS7 vulnerabilities, man-in-the-middle IMSI catching, A5/1 cipher.

Hardware fault analysis and exploitation - Drammer attack, side channel attacks.

Elements of wireless security - TEMPEST attack and countermeasures, optical TEMPEST.

Android platform security design and features.

Mobile platform security feature comparison.

Hardware security features on modern mobile terminals - TEE/REE, secure/authenticated booting, KeyStore, Global Platform, TPM.

Reading list

Most of the reading list is extracurricular, and meant to provide broader context. Developer documentation regarding one's chosen mobile platform will be the most helpful.

Mobile Platform Security

Synthesis Lectures on Information Security, Privacy, and Trust

N. Asokan, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Kari

Kostiainen, Elena Reshetova, Ahmad-Reza Sadeghi

https://www.morganclaypool.com/doi/abs/10.2200/S00555ED1V01Y201312SPT009

Wireless and Mobile Device Security

Jim Doherty

https://www.jblearning.com/catalog/productdetails/9781284059274

Security Engineering

Ross Anderson

https://www.cl.cam.ac.uk/~rja14/book.html

Android Security Cookbook

Keith Makan, Scott Alexander-Bown

https://www.packtpub.com/application-development/android-security-cookbook

Android Developer Documentation

https://developer.android.com/docs

Apple Developer Documentation

https://developer.apple.com/documentation