This website lists information for the 2018/2019 course Security Services for the IoT (SSI) at the University of Twente. Last updated at 8th July 2019. # Overview  |  ----|----- Course code | 201700083 Coordinator | Cristian Hesselman (SIDN Labs and University of Twente) (c.e.w.hesselman@utwente.nl) Credits | 5EC (140 hours) Lecturers| - dr. Cristian Hesselman (SIDN Labs and University of Twente)
- dr. Elmer Lastdrager (SIDN Labs)
- Caspar Schutijser MSc (SIDN Labs)
- prof.dr. Aiko Pras (University of Twente)
Room|RA 2237 ([except 15/5 and 5/6](#room-exceptions)) Mailing list|ssi@mailman.sidn.nl Quartile | 2B: 22 April to 5 July 2019 # Assessment SSI uses papers and (draft) IETF [RFCs](https://en.wikipedia.org/wiki/Request_for_Comments) in combination with a lab assignment to assess to what extend you attained the course’s learning outcomes (see Background). Your individual assessment will be based on your deliverables for SSI, which are: - A **presentation** based on an in-depth study of one of the papers/RFCs - A **completed review form** for two other SSI papers/RFCs - A four-page report on your **lab assignment** To pass SSI, your score will need to be 5.5 or higher, which we calculate as follows: (score presentation) $\times$ 25% + (score two reviews) $\times$ 25% + (score lab assignment) $\times$ 50% Where each of the scores (a) is between 1 (worst) and 10 (best) and (b) must be larger than or equal to 5.5. We will not evaluate the third learning goal (operational business of DNS operators), which serves as a bonus to help you understand how the Internet works operationally. ## Presentation SSI involves 9 interactive technical lectures (see Schedule), in one of which you'll need to present a scientific paper or an IETF (draft) RFC on IoT security. Your lecturers will assign a paper to you based on a random number generator (see [Python code](assign-tasks.py)). In total, SSI involves 26 presentations distributed over 9 lectures. You'll need to study the paper/RFC in depth and present it in 30 minutes, including 10 minutes of questions and discussion. Please use slides to explain what the paper is about and include your observations and critique. RFCs are typically longer than papers, but also contain a lot of detail you can skip, while the information density in academic papers is typically much higher than in RFCs. RFCs cover technical standards (e.g., protocols and best practices) and give you a broader view on the IoT beyond academic papers. RFCs are peer-reviewed in IETF working groups, which typically consist of engineers of equipment manufacturers, service providers, and network operators. Your fellow students score the clarity of your presentation through a simple **presentation review form**, which your lecturers may use to round off the score for your presentation. We'll hand out the evaluation forms at the beginning of each lecture and you must return them before leaving the room. We will put your presentations on the SSI site so they’re available to everyone taking SSI. ## Paper Reviews In addition to your presentation on a paper/RFC, you will need to study two other papers/RFCs and complete the SSI paper review form ([docx](reviewform.docx) or [pdf](reviewform.pdf), see also an [example](reviewform-example.pdf)) for each. Your lecturers will score both review forms and their average score is the score that will account for 25% of your overall score (see [Assessment](#assessment)). The SSI paper review form enables us to evaluate to what degree you understood a paper. It will also help you developing your academic skills because the review form is similar to the review forms typically used in academic paper reviewing. We'll explain the academic reviewing process in the introduction lecture and will provide an example of a completed review form (for a paper not covered in SSI). The SSI paper review form is a separate document that your lecturers will send you and that you must hand in before the lecture in which one of your fellow students presents the paper. Please email it to c.e.w.hesselman@utwente.nl and elmer.lastdrager@sidn.nl. Please prefix the subject line with "[ssi]" (without the quotes). Your lecturers will assign the two papers/RFCs to you, as shown in Table [reviews]. Paper | Reviewed by (individually) -----|-------------- [#1] | Dion & Dylan [#2] | Ahmed & Mathay [#3] | Danique & Thomas [#4] | Samarjeet & Shubham [#5] | Harry & Wouter [#6] | Noël & FangFang [#7] | Sam & Mathay [#8] | Sander & Ahmed [#9] | Julik & Shubham [#10] | Tariq & Tom [#11] | Jeroen & Thanasis [#12] | Samarjeet & Tariq [#13] | Dennis & Samiksha [#14] | Niek & Sander [#15] | Joël & Danique [#16] | Harry & Thomas [#17] | Zewei & Jeroen [#18] | Niek & FangFang [#19] | Thanasis & Ruben [#20] | Wouter & Zewei [#21] | Dion & Ander [#22] | Dennis & Noël [#23] | Tom & Dylan [#24] | Julik & Sam [#25] | Samiksha & Joël [#26] | Ruben & Ander [Table [reviews]: The paper assignment for the reviews.] ## Lab Assignment The goal of the lab assignment is for you to gain hands-on experience with measuring and analyzing the network behavior of IoT devices and capturing this behavior in a device profile. In SSI, we'll be using the emerging Manufacturer Usage Description (MUD) standard [#28] [#29] for this purpose. We ask you to measure the network traffic of an IoT device because it gives you insight into how an IoT device works, for instance how it responds to external triggers and what services on the Internet it uses. MUD is an easy to understand language that the IETF standardized in March of 2019. We will provide a GLiNet mini-router for you to carry out the traffic measurements. It runs OpenWRT and [SIDN Labs' software module for IoT security in homenets](https://spin.sidnlabs.nl/en/). We'll be handing out the mini-routers at the beginning of the course and it’s yours to keep. If you're measuring an IoT device of your own, then please use one with a limited number of tasks such as a light bulb, an audio speaker, or a light switch. The reason is that these types of devices interact with people’s physical world rather, while multi-purpose devices (like web browsers and smart speakers) focus on enabling human users to interact with content and services. We also have a few IoT devices at our disposal that you can use in case you do not have one at home. Your output for the lab assignment consists of: 1. A **four-page report** in the [standard two-column IEEE format](https://www.ieee.org/conferences/publishing/templates.html) that discusses the results of your measurements and your proposal on how to use or extend the MUD specification to describe the behavior you measured (an actual MUD spec). You may use text, graphs, tables, or a combination thereof. 2. A **capture** of the IoT device’s network traffic, for instance using TCPdump. You will need to carry out the lab assignment in teams of two (see Table [labs]). Please send your report and traffic captures to c.e.w.hesselman@utwente.nl and elmer.lastdrager@sidn.nl. The deadline for both is Sunday June 23, 2019, 23:59 CET. In addition to checking SSI’s learning goals, we’ll also be evaluating your report on parameters such as clarity and soundness of the methodology you used. Team | Members -----|-------- 1 | Ahmed & Dion 2 | Wouter & Julik 3 | Mathay & Niek 4 | Dennis & Thomas 5 | Ruben & Sander 6 | Sam & Joël 7 | Noël & Tom 8 | Shubham & Ander 9 | Jeroen & Tariq 10 | Samarjeet & Thanasis 11 | Danique & Samiksha 12 | FangFang & Dylan 13 | Zewei & Harry [Table [labs]: Lab teams.] # Schedule Table [schedule] shows SSI’s schedule for 2018-2019, which consists of a total of 11 lectures: an introduction, 1 guest lecture, and 9 interactive technical sessions with presentations on papers and RFCs. Upon request, we can also provide a Q&A slot to help you with the SSI lab assignment following one of the lectures. You **must** attend all lectures because of their interactive nature and because you’ll need to provide feedback on the presentations of your fellow students (see We will not evaluate the third learning goal (operational business of DNS operators), which serves as a bonus to help you understand how the Internet works operationally. Lecture | Date | Contents | Presentation #1 | Presentation #2 | Presentation #3 --------|------|----------|-----------------|-----------------|---------------- 1 | April 24 | **Course Introduction**
Lecturer: Elmer Lastdrager
- SSI assessment, schedule, and background.
- Admin matters, such as signing up for the lab assignment
[Lecture slides (pdf)](slides/lecture1a.pdf)

**Guest lecture**: IoT: DDoS victims and device cleanup
Lecturer: Arman Noroozian (TU Delft)
[Lecture slides (pdf)](slides/lecture1b.pdf) 2 | May 1 | **Guest lecture on how the core of the internet is organized**
Lecturer: Marco Davids (SIDN Labs)
Host: Cristian Hesselman
[Lecture slides (pdf)](slides/lecture2.pdf) 3 | May 8 | **Interactive lecture**: IoT Concepts and Applications
Papers/RFCs: [#1] [#2] [#3]
Lecturer: Cristian Hesselman, Elmer Lastdrager, Caspar Schutijser | Jeroen [#1]
[Slides](slides/lecture3a.pdf) | Sander [#2]
[Slides](slides/lecture3b.pdf) | Tom [#3]
[Slides](slides/lecture3c.pdf) 4 | May 15 | **Interactive lecture**: Iot Architectural Considerations
Papers/RFCs: [#4] [#5] [#6]
Lecturer: Cristian Hesselman, Elmer Lastdrager
**Room: CR 3B (!)** | Niek [#4]
[Slides](slides/lecture4a.pdf) | Zewei [#5]
[Slides](slides/lecture4b.pdf) | Joël [#6]
[Slides](slides/lecture4c.pdf) 5 | May 22 | **Interactive lecture**: IoT Standards and Requirements
Papers/RFCs: [#7] [#8] [#9]
Lecturer: Cristian Hesselman, Elmer Lastdrager
[Slides](slides/lecture5intro.pdf) | n/a | Harry [#8]
[Slides](slides/lecture5b.pdf) | Danique [#9]
[Slides](slides/lecture5c.pdf) 6 | May 29 | **Interactive lecture**: IoT Botnet Measurements
Papers/RFCs: [#10] [#11] [#12]
Lecturer: Cristian Hesselman | Noël [#10]
[Slides](slides/lecture6a.pdf) | Dylan [#11]
[Slides](slides/lecture6b.pdf) | Wouter [#12]
[Slides](slides/lecture6c.pdf) 7 | Jun 5 | **Interactive lecture**: Threat & Compromise Detection
Papers/RFCs: [#13] [#14] [#15]
Lecturer: Elmer Lastdrager
**Room: CR 3B (!)** | Ahmed [#13]
[Slides](slides/lecture7a.pdf) | Ruben [#14]
[Slides](slides/lecture7b.pdf) | FangFang [#15]
[Slides](slides/lecture7c.pdf) 8 | Jun 12 | **Interactive lecture**: IoT Device Abuse
Papers/RFCs: [#16] [#17] [#18]
Lecturer: Cristian Hesselman, Elmer Lastdrager | Ander [#16]
[Slides](slides/lecture8a.pdf) | Dion [#17]
[Slides](slides/lecture8b.pdf) | Mathay [#18]
[Slides](slides/lecture8c.pdf) 9 | Jun 19 | **Interactive lecture**: Edge IoT Security Sytems 1
Papers/RFCs: [#19] [#20] [#21]
Lecturer: Elmer Lastdrager, Caspar Schutijser | Sam [#19]
[Slides](slides/lecture9a.pdf) | Samiksha [#20]
[Slides](slides/lecture9b.pdf) | Julik [#21]
[Slides](slides/lecture9c.pdf) 10 | June 26 | **Interactive lecture**: Edge IoT Security Sytems 2
Papers/RFCs: [#22] [#23] [#24]
Lecturer: Elmer Lastdrager, Caspar Schutijser | Samarjeet [#22]
[Slides](slides/lecture10a.pdf) | Thomas [#23]
[Slides](slides/lecture10b.pdf) | Shubham [#24]
[Slides](slides/lecture10c.pdf) 11 | Jul 3 | **Interactive lecture**: IoT Device Profiling
Papers/RFCs: [#25] [#26]
Lecturer: Cristian Hesselman, Elmer Lastdrager | Thanasis [#25]
[Slides](slides/lecture11a.pdf) | Tariq [#26]
[Slides](slides/lecture11b.pdf) | Dennis [#7]