Advanced Computer Networks / Mobile Security

Course Number 705010 and 705010 | Sommersemester 2020

Content

This course is a seminar-style class which focuses on security aspects of mobile devices. We study the security mechanisms of smartphones and show how to employ them to protect sensitive information. Based on that, we analyze mobile applications regarding security-critical deficiencies, examine platform and application vulnerabilities and discuss how they can be exploited by attackers.

  • Security features of mobile platforms, e.g. Android, iOS, …
    • Access protection (PIN, Patterns, …), Secure Element, OS updates, permissions, sandboxing concept, …
    • Which mechanisms are provided in order to protect sensitive data?
    • How do they work?
  • Key and data storage on mobile devices
    • Device encryption, key derivation functions, key management, risks
    • Which kind of keys do you manage on your device?
    • In practice, what are the risks you have to cope with?
  • Using mobile devices for identity management
    • Mobile e-signatures, threats
  • Application analysis
    • Tools and approaches, vulnerabilities and exploits, handling sensitive data, security-critical mistakes
  • Attacking today’s smartphones
    • Side-channels, Man-in-the-middle, jailbreaking, consequences
  • Mobile Phone Networks
    • IMSI Catchers, attacking phones, vulnerabilities in communication networks

Material

Lecture Slides

The lecture for Advanced Computer Networks enables you to acquire knowledge about trending topics in the field of mobile security. Attendance is not mandatory but you are encouraged to participate continuously in order to get the “big picture”. More organisational details are outlined in the first set of slides and below.

Date Topic
05.03.2020 Introduction & Motivation
12.03.2020 Key & Data Storage on Mobile Devices , Assignment 1Lecture Recording
02.04.2020 iOS Platform SecurityLecture Recording
Also see: iOS Security Guide
23.04.2020 iOS Application SecurityLecture Recording
Also see: iOS of Sauron – How iOS Tracks Everything You Do, Malicious MDM
30.04.2020 Android Platform SecurityLecture Recording
Also see: Kr00k, KRACK, BlueBorne, The Android Platform Security Model
07.05.2020 Android Application SecurityLecture Recording
Also see: Lippizan (1, 2), WhatsApp Backups
14.05.2020 Static & Dynamic Application AnalysisLecture Recording
04.06.2020 Mobile Network SecurityLecture Recording
Also see: LTE Ciphercheck, Reporters are looking for IMSI catchers in the UK
18.06.2020 Presentations of Task 2 ResultsLecture Recording
30.06.2020 Main exam from 13:00-14:30 in HS i1.
02.07.2020 Additional exam possibility from 10:30-12:00 in HS i1

Practicals and Misc

Everything related to the practicals and further material can be found in the Wiki.

Administrative Information

Lecture Exams

Basically, each student who wants to obtain a grade for the lecture has to pass an exam. You may select and register for an exam date via TUGRAZonline.

Exams

Course Date Begin End Slots Location
Lehrveranstaltungsprüfung 2020/09/18 13:00 14:30 5/20

Lecturers

Johannes Feichtner
Johannes
Feichtner

PostDoc

View more