Security and Privacy for the Internet of Things

Master's programme(s):
MSc in Mobile and Web Computing: Internet of Things Applications
Course code(s):

-

Instructors:
Nikolaos Athanasios Anagnostopoulos
Course type:

Elective

Semester (Full-time/Part-time students):

2/4

Learning outcomes:

Skills/Knowledge

Students acquire basic knowledge of the Internet of Things (IoT), of its different segments that include devices of varying capabilities, of the industrial IoT, as well as of the concept of IoT 2.0, which combines IoT with advanced technologies, such as artificial intelligence and the blockchain. The students gain knowledge of potential security and privacy solutions for the IoT, ranging from the design level to security and privacy protocol implementations for particular use cases, such as device authentication, device attestation, and sensor data aggregation. Additionally, practical knowledge on how to gather sensor data and secure them is also provided by examining the relevant topic with the help of the STM B-L475E-IOT01A board.

Abilities

Students gain the ability to outline and potentially implement security and privacy solutions, ranging from design-level solutions to use case protocols, both in theory and in practice. Students gain the ability to theoretically analyze potential threats in the framework of the IoT and to phrase out relevant requirements, potentially leading to the corresponding security specifications.

Competencies

Students learn to analyze the security and privacy requirements, specifications, threat models and analyses associated with the IoT, and select appropriate security and privacy solutions to address them, without affecting the practicality and efficiency of the relevant IoT systems. Practical competencies for the design and implementation of security and privacy solutions in the framework of the IoT are also acquired, to a limited extent.

General competences:
  • Search for, analysis and synthesis of data and information, with the use of the necessary technology
  • Decision Making
  • Working independently
  • Working in an interdisciplinary environment
  • Production of free, creative, and inductive thinking
Syllabus:

The course introduces fundamental concepts, solutions, tools, and countermeasures regarding Security and Privacy for the Internet of Things. The following topics are covered:

  • Basic concepts (definition of the Internet of Things (IoT), examination of the different segments of the IoT and their diversity, applications of the IoT, the need for (lightweight) security and privacy in the IoT)
  • Requirements, specifications, threat modelling, attack surface analysis for the IoT
  • The ENISA reports regarding good practices for security and privacy of the IoT
  • The Industrial Internet of Things (IIoT) and the concept of IoT 2.0
  • Introduction of security and privacy in the IoT in the design phase
  • Lightweight security primitives: Physical Unclonable Functions (PUFs), True Random-Number Generators (TRNGs), Trusted Platform Modules (TPMs), and other solutions
  • Lightweight cryptography for the IoT: Standards and proposed solutions
  • Authentication protocols in the context of the IoT
  • Attestation of IoT devices in the field
  • Advanced security and privacy solutions for the IoT utilizing the blockchain, machine learning, post-CMOS technologies and/or advanced artificial intelligence (Security and Privacy for the IoT 2.0 concept)
  • Secure sensor data aggregation in the context of the IoT: Issues and potential solutions
  • Sensor measurements with the STM B-L475E-IOT01A board
  • Security and privacy in the framework of the STM B-L475E-IOT01A board
  • Exploring a comprehensive security and privacy solution for the STM B-L475E-IOT01A board in the framework of a network forming a small segment of the IoT
Full course outline (PDF):
PDF