Cryptography and Computer Security Computer Networks Security Engineering

The inner features of mobile devices such as their size (small and usually constrained in terms of energy and computational resources) and their use of a wireless channel, makes many of the traditional security mechanisms useless. As a consequence lightweight mechanisms and physical security become important. The goal of the course is to make the student able to manage the particular techniques needed to guarantee security in a mobile computing scenario. In order to fulfill this goal, students must acquire certain knowledge, capacities and attitudes. (PO: a, b, c, d, e, f, g, h,, j, k) Regarding knowledge, students will be able to: - Understand the security risks inherent to a mobile scenario. (PO: b, e, j) - Know the physical security measures that can be applied to mobile devices. (PO: b, e, j) - Master the fundamental techniques to protect the information stored in mobile devices. (PO: a, b, c, e, f, j, k) - To have a good command of the main security protocols that rule mobile communications. (PO: a, e) Regarding capacities, students will be able to: - Analyze the vulnerabilities in a mobile computing scenario. (PO: b, e, j, k) - Design and deploy the appropriate security mechanisms to guarantee a predefined security level. (PO: a, b, c, d, e, j, k) Regarding attitudes, students will adopt: - A suspicious attitude towards security in mobile devices. (PO: e, g, h, j) - A curious attitude in order to find new vulnerabilities in the open systems where these devices are usually deployed. (PO: e, j, k) - An analytical perspective of technology that allows them to apply appropriate solutions to the particular security problems this kind of devices faces. (PO: e, h, j, k)

1. Introduction 1.1. Mobile devices. Types and applications 1.2. Architecture and components 1.2.1. Architecture 1.2.2. Sensors 1.2.3. Physical protections 1.3. Security in mobile devices. Overview 1.4. Types of mobile communication networks. Threats 2. Security in mobile operating systems: Android and iOS 2.1. Android security 2.1.1. Structure and evolution 2.1.2. Security model 2.1.3. Permissions 2.1.4. User and packet management 2.1.5. Cryptographic providers and credentials 2.1.6. Communications security 2.2. iOS security 2.2.1. Structure 2.2.2. Protections provided by the Operating System 3. Mobile application security 3.1. Android applications 3.1.1. Structure 3.1.2. Third party components 3.1.3. Application analysis: static and dynamic techniques 3.2. Application markets. Types and features 3.3. Malware in mobile devices. Trends 4. Wireless and mobile communications security 4.1. Wireless security: WEP, WPA, WPA2 4.2 Mobile phone communications security 4.2.1. GSM 4.2.2. GPRS - EDGE 4.2.3. UMTS, LTE 4.2.4. 5G 4.3. Short-range communications security 4.3.1. NFC 4.3.2. Bluetooth

(1) Lectures to explain the main theoretical and practical concepts. Slides and documentation will be provided to students. Complementary bibliography will be pointed out to complete each topic. (PO: a, e, j, k) (2) Projects will be developed through a design problem under initial specifications, where the students have to analyze requirements and provide a working solution (P.O: a, b, c, d, e, g, j, k) (3) Critical analysis of a research paper or security-related technology. Report and, eventually, oral presentation by the students (P.O: a, d, f, g, h, i, j).