|Module title||Mobile Systems Security|
|Module lecturer||dr inż. Michał Ren|
|Faculty||Faculty of Mathematics and Computer Science|
Module aim (aims)
The course teaches the principles of programming secure applications on mobile platforms. Students will be expected to write several very simple applications, where focus will be on secure design, and learning the security mechanisms in the mobile platform chosen by them. The overall aim is to teach the security mindset in design, programming and deployment of mobile applications, giving an overview of the most popular platforms, but without imposing any one of them.
Pre-requisites in terms of knowledge, skills and social competences (where relevant)
Prior experience in programming on any mobile platforms (particularly on Android/iOS) is helpful, however the course is structured in such a way that it is not required, and the majority of students attending it do not possess any. The course is typically taught to computer science students in their third or fourth year, but many ambitious second-year students have been very successful in it.
Basic security principles and the AIC/CIA triad.
Basic cryptography, historical ciphers, modern symmetric ciphers, cipher modes of operation - from ECB to CTR.
Password storage, hashing, key stretching, rainbow tables, common attacks.
Multi-factor authentication - S/KEY, HOTP, TOTP, FIDO U2F.
Biometrics - test design, ROC curves, fingerprint scanning, iris scanning, face recognition common attacks.
GSM structure and security features - SS7 vulnerabilities, man-in-the-middle IMSI catching, A5/1 cipher.
Hardware fault analysis and exploitation - Drammer attack, side channel attacks.
Elements of wireless security - TEMPEST attack and countermeasures, optical TEMPEST.
Android platform security design and features.
Mobile platform security feature comparison.
Hardware security features on modern mobile terminals - TEE/REE, secure/authenticated booting, KeyStore, Global Platform, TPM.
Most of the reading list is extracurricular, and meant to provide broader context. Developer documentation regarding one's chosen mobile platform will be the most helpful.
Mobile Platform Security
Synthesis Lectures on Information Security, Privacy, and Trust
N. Asokan, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Kari
Kostiainen, Elena Reshetova, Ahmad-Reza Sadeghi
Wireless and Mobile Device Security
Android Security Cookbook
Keith Makan, Scott Alexander-Bown
Android Developer Documentation
Apple Developer Documentation