Checking date: 10/07/2020


Course: 2020/2021

Mobile devices security
(15761)
Study: Bachelor in Computer Science and Engineering (218)


Coordinating teacher: FUENTES GARCIA-ROMERO DE TEJADA, JOSE MARIA DE

Department assigned to the subject: Department of Computer Science and Engineering

Type: Compulsory
ECTS Credits: 6.0 ECTS

Course:
Semester:




Students are expected to have completed
Cryptography and Computer Security Computer Networks Security Engineering
Competences and skills that will be acquired and learning results. Further information on this link
The inner features of mobile devices such as their size (small and usually constrained in terms of energy and computational resources) and their use of a wireless channel, makes many of the traditional security mechanisms useless. As a consequence lightweight mechanisms and physical security become important. The goal of the course is to make the student able to manage the particular techniques needed to guarantee security in a mobile computing scenario. In order to fulfill this goal, students must acquire certain knowledge, capacities and attitudes. (PO: a, b, c, d, e, f, g, h,, j, k) Regarding knowledge, students will be able to: - Understand the security risks inherent to a mobile scenario. (PO: b, e, j) - Know the physical security measures that can be applied to mobile devices. (PO: b, e, j) - Master the fundamental techniques to protect the information stored in mobile devices. (PO: a, b, c, e, f, j, k) - To have a good command of the main security protocols that rule mobile communications. (PO: a, e) Regarding capacities, students will be able to: - Analyze the vulnerabilities in a mobile computing scenario. (PO: b, e, j, k) - Design and deploy the appropriate security mechanisms to guarantee a predefined security level. (PO: a, b, c, d, e, j, k) Regarding attitudes, students will adopt: - A suspicious attitude towards security in mobile devices. (PO: e, g, h, j) - A curious attitude in order to find new vulnerabilities in the open systems where these devices are usually deployed. (PO: e, j, k) - An analytical perspective of technology that allows them to apply appropriate solutions to the particular security problems this kind of devices faces. (PO: e, h, j, k)
Description of contents: programme
1. Introduction 1.1. Mobile devices. Types and applications 1.2. Architecture and components 1.2.1. Architecture 1.2.2. Sensors 1.2.3. Physical protections 1.3. Security in mobile devices. Overview 1.4. Types of mobile communication networks. Threats 2. Security in mobile operating systems: Android and iOS 2.1. Android security 2.1.1. Structure and evolution 2.1.2. Security model 2.1.3. Permissions 2.1.4. User and packet management 2.1.5. Cryptographic providers and credentials 2.1.6. Communications security 2.2. iOS security 2.2.1. Structure 2.2.2. Protections provided by the Operating System 3. Mobile application security 3.1. Android applications 3.1.1. Structure 3.1.2. Third party components 3.1.3. Application analysis: static and dynamic techniques 3.2. Application markets. Types and features 3.3. Malware in mobile devices. Trends 4. Wireless and mobile communications security 4.1. Wireless security: WEP, WPA, WPA2 4.2 Mobile phone communications security 4.2.1. GSM 4.2.2. GPRS - EDGE 4.2.3. UMTS, LTE 4.2.4. 5G 4.3. Short-range communications security 4.3.1. NFC 4.3.2. Bluetooth
Learning activities and methodology
(1) Lectures to explain the main theoretical and practical concepts. Slides and documentation will be provided to students. Complementary bibliography will be pointed out to complete each topic. (PO: a, e, j, k) (2) Projects will be developed through a design problem under initial specifications, where the students have to analyze requirements and provide a working solution (P.O: a, b, c, d, e, g, j, k) (3) Critical analysis of a research paper or security-related technology. Report and, eventually, oral presentation by the students (P.O: a, d, f, g, h, i, j).
Assessment System
  • % end-of-term-examination 30
  • % of continuous assessment (assigments, laboratory, practicals...) 70
Basic Bibliography
  • Frank Thornton, Chris Lanthem.. RFID Security.. Syngress (July 7, 2005).
  • Jonathan Levin. Android Internals: A Confectioner¿s Cookbook. Jonathan Levin. 2015
  • Matthew Gast. 802.11 Wireless Networks The Definitive Guide. . O'Reilly. 2005
  • Nikolai Elenkov. Android security Internals. No starch press. 2015
  • Noureddine Boudriga.. Security of Mobile Communications.. Auerbach Publications.. 2009
  • Praphul Chandra. Bulletproof wireless security. Newnes. 2005
Recursos electrónicosElectronic Resources *
Additional Bibliography
  • Jeff Six. Application Security for the Android Platform. O'Really Media, Inc. 2011
  • Johnny Cache, Joshua Wright, Vincent Liu.. Hacking wireless exposed: wireless security secrets and solutions.. McGraw-Hill. 2010
  • Pragati Ogal Rai. Android Application Security Essentials. Packt Publishing. 2013
(*) Access to some electronic resources may be restricted to members of the university community and require validation through Campus Global. If you try to connect from outside of the University you will need to set up a VPN


The course syllabus and the academic weekly planning may change due academic events or other reasons.