EU-iNSPIRE

Menu

IoT Security

──

IoT Security

This course equips students with the theoretical and practical skills needed to audit, assess, and defend the security of Internet of Things systems and their network environments. Starting from IoT fundamentals  –  architectures, layers, and the distinctions between IoT and traditional IT , it progressively covers threat modelling, cryptographic primitives, and the most common attack vectors targeting connected devices.

Main Topics
  • IoT Fundamentals
  • Threat Modeling
  • Cryptographic primitives in the context of IoT
  • Cryptanalysis
  • IoT-Specific Communication and Security Patterns
  • Key Exchange Protocols
  • Web and Network Security in the context of IoT
  • Defence mechanisms
  • Current Research, Gaps, and Directions

The General Competences that students should have acquired include:

  • Search for, analysis and synthesis of data and information, with the use of the necessary technology
  • Adapting to new situations
  • Decision-making
  • Working independently

Based on the above, upon completion of the course, students are expected to be able to:

  • Perform threat-modelling of IoT architectures using STRIDE, OCTAVE or MITRE ATT&CK for ICS/IoT.
  • Plan and execute penetration testing of IoT systems
  • Decompose typical IoT systems, and identify and analyse vulnerabilities
  • Develop scripts to exploit identified vulnerabilities
  • Evaluate and secure typically utilized  IoT communication schemes like MQTT. .
  • Monitor current security research trends regarding IoT systems.

The course IoT Security introduces the required theoretical background to understand, audit, report and ultimately defend the security state of typical Internet of Things (IoT) systems and their network environment. By leveraging both practical penetration testing engagements in the form of simulated Capture The Flag (CTF)-events, as well as theoretical discussion of the covered security mechanisms, students learn to evaluate real-world IoT systems, detect possible vulnerabilities, and finally design and implement countermeasures.

 

Upon successful completion of the course, students will be capable of the following:

  • Understand fundamental concepts of IoT systems
  • Understand and communicate the most common cybersecurity threats targeting modern IoT systems
  • Understand offensive penetration testing procedures tailored to the IoT system context
  • Demonstrate knowledge about relevant threat modelling techniques in the context of typical IoT Systems
  • Demonstrate knowledge about the landscape of available penetration testing toolsets
  • Critically analyse current research trends and novel real-world attacks on IoT systems

Students will be able to:

  • Exercise autonomy in overseeing organizational privacy governance and leading cross-functional privacy programmes.
  • Assume responsibility for balancing legal, ethical, and business requirements in complex data ecosystems.
  • Integrate privacy-by-design principles throughout the system-development life cycle and vendor supply-chain.
  • Critically evaluate emerging technologies (e.g., AI, ad-tech) and formulate organizational policy positions.
  • Mentor multidisciplinary teams on cultivating a privacy-respecting culture