Syllabus

Structure of Every Class

Every Thursday, we meet from 2:00 - 4:30 PM (New York Time) on Zoom. Here’s an approximate breakdown of activities, with ample breaks in between activities.

• Overview by instructor
  • Recaps previous class
  • Discusses logistical matters
  • Outlines the day’s themes
• Paper Discussion
  • Presentation by a student.
  • Paper discussion, moderated by Instructor.
• Instructor explains background knowledge for the next class.
• Instructor wraps up and discusses project ideas.

The Zoom link can be found in this Google Doc.

Tentative Weekly Schedule

The weekly schedule is subject to change. Feel free to email the instructor if you have any questions.

Jan 28: Overview of the course

Agenda

• What is IoT security and privacy?
• Class structure
  • Reviewing papers
  • Presenting papers
  • Debating papers
  • Final project

Readings

No readings.

Feb 4: Discovering IoT devices based on proprietary data

Readings

Students are expected to read and review the following paper before class. A student should also sign up to present this paper.

• Kumar: All Things Considered

Agenda

• Intro by instructor
• Paper presentation, led by a student
• Paper discussion, moderated by the instructor
• Instructor’s explains background knowledge for the next class
  • Primer on networking: TCP/IP stack, DNS, HTTP, servers, client
  • Primer on Internet scanning: SYN scan, Shodan
  • Botnet and malware
  • Honeypots

Feb 11: Discovering IoT devices based on scanning

Readings

Students are expected to read and review the following paper before class. A student should also sign up to present this paper.

• Ma: Understanding the Mirai Botnet

Agenda

• Intro by instructor
• Paper presentation, led by a student
• Paper discussion, moderated by the instructor
• Projects
• Instructor’s explains background knowledge for the next class
  • Packet capture with Wireshark

Feb 18: No class

Legislative Day - Classes will meet according to a Monday schedule. See Academic Calendar

Feb 25: Analyzing IoT device traffic in the lab

Agenda

• Intro by instructor
• Paper presentation a student, followed by an instructor-moderated discussion
• Paper presentation another student, followed by an instructor-moderated discussion
• Discuss pre-proposal project ideas.
• Instructor’s explains background knowledge for the next class
  • ARP spoofing

Readings

Students are expected to read and review the following papers before class. Two students should also sign up to present these papers.

• Ren: Information Exposure From Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach. See Project Website for additional details.
• Acar: Web-based Attacks to Discover and Control Local IoT Devices

March 4: Analyzing IoT device traffic in real smart homes

Agenda

• Intro by instructor
• Paper presentation a student, followed by an instructor-moderated discussion
• Instructor’s explains background knowledge for the next class
  • App security and privacy

Readings

Students are expected to read and review the following paper before class. A student should also sign up to present this paper.

• Huang: IoT Inspector: Crowdsourcing Labeled Network Traffic from Smart Home Devices at Scale

March 11: Smart TVs are watching you

Agenda

• Intro by instructor
• Paper presentation a student, followed by an instructor-moderated discussion
• Paper presentation another student, followed by an instructor-moderated discussion
• Instructor’s explains background knowledge for the next class

Readings

Students are expected to read and review the following paper before class. A student should also sign up to present this paper.

• Moghaddam: Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices

Optional Readings

The following readings will not be covered in class. Students do not need to review them. I have included the readings below in case you’d like to know more about other related work.

• Varmarken: The TV is Smart and Full of Trackers: Measuring Smart TV Advertising and Tracking

March 18: Alexa: Are you listening to me?

Agenda

• Intro by instructor
• Paper presentation a student, followed by an instructor-moderated discussion
• Paper presentation another student, followed by an instructor-moderated discussion
• Instructor’s explains background knowledge for the next class

Readings

Students are expected to read and review the following paper before class. A student should also sign up to present this paper.

• Kumar: Skill Squatting Attacks on Amazon Alexa

March 25: Presentation of project proposals and progress update

TBD

Apr 1: IoT devices could leak your health information

Agenda

• Intro by instructor
• Paper presentation a student, followed by an instructor-moderated discussion
• Paper presentation another student, followed by an instructor-moderated discussion
• Instructor’s explains background knowledge for the next class

Readings

Students are expected to read and review the following paper before class. A student should also sign up to present this paper.

• Apthorpe: Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping

Optional Readings

The following readings will not be covered in class. Students do not need to review them. I have included the readings below in case you’d like to know more about other related work.

• Wood: Cleartext Data Transmissions in Consumer IoT Medical Devices

Apr 8: Human factors in IoT security and privacy

Readings

Students are expected to read and review the following paper before class. A student should also sign up to present this paper.

• Mare: Smart Devices in Airbnbs: Considering Privacy and Security for both Guests and Hosts

Optional Readings

The following readings will not be covered in class. Students do not need to review them. I have included the readings below in case you’d like to know more about other related work.

• Zeng: Understanding and Improving Security and Privacy in Multi-User Smart Homes: A Design Exploration and In-Home User Study

Apr 15: Labeling IoT devices in the wild

Readings

Students are expected to read and review the following paper before class. A student should also sign up to present this paper.

• Saidi: A Haystack Full of Needles: Scalable Detection of IoT Devices in the Wild

Optional Readings

The following readings will not be covered in class. Students do not need to review them. I have included the readings below in case you’d like to know more about other related work.

• Feng: Acquisitional Rule-based Engine for Discovering Internet-of-Thing Devices

Apr 22: IoT and vulnerable populations

Readings

Students are expected to read and review the following paper before class. A student should also sign up to present this paper.

• Le: SkillBot: Identifying Risky Content for Children in Alexa Skills

Optional Readings

The following readings will not be covered in class. Students do not need to review them. I have included the readings below in case you’d like to know more about other related work.

• Shezen: VerHealth: Vetting Medical Voice Applications through Policy Enforcement
• Chu: Security and Privacy Analyses of Internet of Things Children’s Toys

Apr 29: Privacy and Contextual Integrity

Readings

Students are expected to read and review the following paper before class. A student should also sign up to present this paper.

• Apthorpe: Evaluating the Contextual Integrity of Privacy Regulation: Parents’ IoT Toy Privacy Norms Versus COPPA

May 6: Final Project Presentation

TBD