CSE 708 Fall 2021

CSE 708 Fall 2021: Security and Privacy in IoT

General Information

Class Schedule

Fri 10:25am - 12:30pm, Aug 30 - Dec 10, 2021
Davis Hall 113A

Instructor

Marina Blanton
Email: mblanton at buffalo.edu
Office: 333 Davis Hall
Office hours: Tue 1-2pm via Zoom, Thu 10-10:50am in Davis 333

Course Objectives

The objectives of this course consist of developing an in-depth understanding of the current security and privacy landscape as related to constrained connected devices and Internet of Things (IoT). The focus of the course is on learning about and discussing security and privacy violations and defense mechanisms as well as new security solutions developed for the specific properties and operating environments of IoT. The course project additionally includes a research component to demonstrate the ability to evaluate a solution, build a non-trivial security mechanism, or perform a rigorous literature review.

Course Description

This course is reading-based and provides an in-depth treatment of security and privacy weaknesses, defense mechanisms, and solutions in IoT viewed broadly.

Assignments in this course will consist of research paper reading and presentations, reviews of presented papers, a course project, and one finals assignment. The course project can take the form of implementing an existing technique, using or extending an existing tool relevant to the scope of the cource, designing a new technique or application (must properly demonstrate security-related properties), or perform a literature review. Each project can be done individually or in teams of two (non-survey projects only).

All students are expected to participate in class discussions and perform all assignments regardless of the number of credit hours they are registered for.

Grading

Grading for this course will tentatively consist of 35% for presentations, 30% for the course project, 10% for the reviews, 10% for the final assignment, and 15% for class participation. The overall performance of 70% or higher is required for getting the S grade.

Course Policies

Any assignment (a paper review, project report, etc.) must be typed (diagrams can be hand-drawn).
Final assignments must be done individually.
Any external source that aided assignment preparation must be clearly referenced.
Each review must be turned in within one week of the paper's presentation in class.
Attendance and participation are mandatory. Missing more than one class period or being substantially late to multiple class periods will result in unsatisfactory grade.

Academic Integrity

Computer science, as a profession, requires us to seek truth not only in scientific discoveries, but also in dealing with the public, as the public depends on our expertise and honesty to construct their computing infrastructure. Thus, competence and trust are essential to being a scholar and a computing professional in particular.

Your instructor will treat you as a professional, and you should plan on conducting yourself in an appropriate way. No behavior that compromises academic honesty (such as use of someone else's work or code, using prohibited materials during tests, or making your work available to others) will be tolerated in this course. If you need assistance with anything, do not hesitate to contact the instructor.

It is expected that your work represents your own understanding of the problem. If work of others is used, it must be properly cited. Use of properly cited material is acceptable, but no referencing is treated as claiming the work as your own.

Academic dishonesty will not be tolerated in this course. It is the CSE policy that each case of academic integrity violation is recorded. The standing policy of the department is that all students involved in an academic integrity violation will receive an F grade for the course, unless the instructor recommends a lesser penalty for the first instance of academic integrity violation for the student in question.

Information about the CSE policies can be found here; UB academic integrity policies are available here; and UB graduate school guidelines can be found here.

Detailed Course Schedule

Assignments will not be posted on this web page and instead will be made available through UBlearns.

Sample publications in IoT security and privacy:

Surveys: paper 1, paper 2, paper 3, paper 4
Vechicle authentication: paper 1, paper 2
Smart grid authentication: paper 1, paper 2
Remote attestation: paper 1, paper 2
Privacy-preserving smart metering: paper 1, paper 2

Date	Class content
Week 1: September 3	Lecture: Introduction, security and cryptography concepts
Week 2: September 10	IoT security survey Paper 1: Internet of Things Security: A Survey Presented by Min and Matt
Week 3: September 17	IoT security survey Paper 1: Survey in Smart Grid and Smart Home Security: Issues, Challenges and Countermeasures Presented by Winston and Aditya
Week 4: September 24	IoT privacy Paper 1: Privacy in the Internet of Things: Threats and Challenges Paper 2: The Quest for Privacy in the Internet of Things
Week 5: October 1	IoT smart cities security survey Paper 1: Security and Privacy of Smart Cities: A Survey, Research Issues and Challenges
Week 6: October 8	Vehicle authentication Paper 1: Vehicle Authentication via Monolithically Certified Public Key and Attributes Paper 2: PBA: Prediction-Based Authentication for Vehicle-to-Vehicle Communications
Week 7: October 15	Smart grid authentication Paper 1: A Lightweight Message Authentication Scheme for Smart Grid Communications Paper 2: Multicast Authentication in the Smart Grid With One-Time Signature
Week 8: October 22	RUFs Paper 1: Physical Unclonable Functions and Applications: A Tutorial Paper 2: Building PUF Based Authentication and Key Exchange Protocol for IoT Without Explicit CRPs in Verifier Database
Week 9: October 29	RFID security and privacy Paper 1: RFID Security and Privacy: A Research Survey Paper 2: Defining Strong Privacy for RFID
Week 10: November 5	RFID/PUF, black SDN Paper 1: Enhancing RFID Security and Privacy by Physically Unclonable Functions Paper 2: Black SDN For The Internet of Things
Week 11: November 12	Remote attestation Paper 1: SIMPLE: A Remote Attestation Approach for Resource-constrained IoT devices Paper 2: US-AID: Unattended Scalable Attestation of IoT Devices
Week 12: November 19	Privacy-preserving smart metering Paper 1: Privacy-friendly aggreation for the smart-grid Paper 2: Differentially Private Smart Metering
Week 13: November 26	Thanksgiving
Week 14: December 3	Project presentations
Week 15: December 10	Project presentations