CS 410/510: IoT Security
Location: FAB 150 (MW 14:00-15:50)
Instructor: D. Kevin McGrath
Course Description
Introduce the concepts of hardware security, including communication buses, protocol analysis, firmware extraction, communication eavesdropping, and reverse engineering. Case studies of reference platform security models from various providers.
Course Objectives
Upon the successful completion of this class, students will be able to:
- Describe secure IoT architectures;
- Select and implement firmware extraction strategies;
- Demonstrate the use and application of a logic analyzer;
- Understand wireless communication protocols used in IoT;
- Identify and leverage ports, chips, and other peripherals on hardware devices;
- Investigate common vulnerability classes in IoT devices.
Hardware Requirements
We are using a specific set of hardware for this class. This isn’t the fastest, the most powerful, or the most feature-rich hardware, but it is the hardware that we will be using. The hardware is as follows:
- Adafruit AirLift FeatherWing – ESP32 WiFi Co-Processor
- FeatherWing Tripler Mini Kit - Prototyping Add-on For Feathers
- Adafruit Feather RP2040 with RFM95 LoRa Radio - 915MHz
- Adafruit FeatherWing OLED - 128x64 OLED Add-on For Feather
Why are we using this particular set? There are a few reasons:
- It is relatively inexpensive
- It is relatively easy to use (Adafruit has a lot of tutorials)
- It is relatively easy to program (CircuitPython is a great way to get started)
- It is relatively easy to connect other devices to it to monitor signals
- It is representative of a lot of IoT devices, so the skills learned here will be applicable to other devices
- It uses some of the major IoT communications protocols (WiFi, LoRa, and BLE) – zigbee and matter/thread support adds significant cost and complexity
Hardware can be obtained from one of the following sources:
- Digikey list
- Adafruit list
- The PSU bookstore has some of the items, but somehow not all of them. And they have some flat wrong items. So, be careful if you go there, and understand that they may not have everything you need – and several things you don’t!
A class set of various tools will be available, or the students can purchase them if they so desire:
- Black Magic Probe with JTAG Cable and Serial Cable - V2.3
- Various models of logic analyzers
- Tigard board multi-protocol analysis tool with logic analyzer
- Bus Pirate, models 3, 4, and 6 (I skipped the 5 for whatever reason)
- Other tools as needed
There are other platforms we will look at, but more as a reference than as a primary platform. These include:
- Seeed Studio Wio Terminal with LoRA and WiFi – This is a fully integrated platform with an add-on LoRA/GPS module (and battery). While roughly the same price, the integrated nature of it doesn’t lend itself to learning.
- Sparkfun MikroMod platform – This is a modular platform that allows for a lot of flexibility in design. It is more expensive, physically larger, and with a bit less in the support department than the Adafruit platform. It is awesome, though.
- Raspberry Pi 5 with LoRA bonnet – This is a more powerful platform that is also more expensive and significantly more complex. We will be using one as a gateway and for you to talk to with your devices. This is a step-change in terms of software interface – it is a full Linux system, not a microcontroller. Also, mine has quite a bit more hardware strapped to it than the bonnet.
Major Topics
Ultimately, you should leave this course with a basic understanding of IoT hardware, software, and the security implications of both. Topics include:
- Introduction to hardware
- Board level protocols
- I2C
- SPI
- UART
- JTAG/SWD
- Communications channels
- WiFi
- Bluetooth
- LoRa
- Zigbee
- Thread/Matter
- Logic analyzers
- RF capture and spectrum analysis
- Firmware extraction
- From on-device memory
- From packet captures
- Overview of IoT operating systems
- OpenWRT/embedded linux
- ARM Mbed
- VxWorks/FreeRTOS
- Win10 IoT
- Bootloaders
This isn’t necessarily an exhaustive, or ordered, list. As this is the first time I’ve offered this class, we may not get to everything in the level of detail I’d prefer. Online references will be curated and provided, as needed, for additional coverage of any particular topic.
Policies
| Grading | Attendance and participation | Academic Misconduct |
| Attendance 5% Lab notebooks 65% Final 30% |
Attendance is required and will be taken each class. If you miss class, extra credit will be given back for outside communication that indicates you are keeping up with the material. You are expected to follow this code of conduct when communicating. | * Includes allowing another student to copy your work unless specifically allowed by the instructor. * Results in a grade of 0 for the assignment or exam. * Results in the initiation of disciplinary action at the university level. |
Pages
Under construction:
- Tools of the Trade
- Hardware RE fundaments – a place to put info on the necessary skills and tools that are too minor to have their own page
- Hardware Communications Protocols
- Dumping flash
- Radio Protocols
- Software Reverse Engineering
- Attacks
These may or may not be useful. But I’m leaving them here for now in case you find utility in them.
- Software configuration
- tmux config
- Technical Writing
- FreeBSD Setup Script
- Powershell profile
- Networking Fundamentals
- tcpdump
- Wireshark
Assignmnents
Each homework will build on the previous assignment. These aren’t your typical “write answers to questions” type assignments, but rather are intended to be more hands-on. We will be adding to, modifying, or otherwise doing something to the hardware to enable us to do something else. The first assignment will be to get the dev environment set up, assembled, and configured. Subsequent assignments will build on this.
Labs and notebook
Lab assignments will be given periodically covering the course material. You will perform each one, while maintaining a lab notebook in markdown that documents your progress via screenshots with your OdinID in them. The notebook should also include answers to any questions in the labs. Notebooks should be done in markdown in their respective folders. Submission will be done via adding, committing, and pushing the files to your private CECS GitLab repository. See lab0 for details.
Please add me (dmcgrath) as a collaborator to your private repo. You can do this by going to the settings page for your repo, clicking on the “Manage access” tab, and then clicking on the “Invite a collaborator” button.
Always turn in what you have done on-time. Late work throughout the quarter may be compiled into a single submission that will be graded at the end of the last week of class in a file named notebooks/LateLabs.pdf.
The notebook for each lab will be graded based upon the following factors:
- Neatness and organization
- Completeness
- Inclusion of OdinID or project identifier in screenshots
Labs
Useful links for learning
- tmux cheatsheet
- Linux Handbook on tmux
- Markdown
- The C Book
- The GNU
makemanual - Managing projects with
make - The
chmodcalculator - The Python tutor
- The Linux Command Line (Direct PDF link)
- Adventures with the Linux Command Line
- The Linux Development Platform
- gdb tutorial
- gef manual
Academic or Student Support Services
Accommodations
Accommodations for students with disabilities are determined and approved by Disability Resource Center (DRC). If you, as a student, believe you are eligible for accommodations but have not obtained approval please contact DRC immediately at 503-725-4150, drc@pdx.edu, or https://www.pdx.edu/disability-resource-center. DRC notifies students and faculty members of approved academic accommodations and coordinates implementation of those accommodations. If you have accommodations through DRC and wish to take the Midterm or Final Exam in the testing center, I strongly recommend that you schedule it before the end of week 1. If you are not registered with the DRC, you cannot register to take an exam in the testing center.
I want to make this class an open and welcoming environment for all. Your success is my goal.
Religious Observance
Portland State University strives to respect all religious practices. If you have religious holidays that conflict with any of the requirements of this class, please see me immediately so that we can make alternative arrangements.
Reach Out for Success
The PSU Center for Student Health and Counseling (SHAC) is staffed with folks who care and can help with a wide range of personal challenges. Here at PSU, there is never a need to tough things out alone.
As a student you may experience a range of issues that can cause barriers to learning, such as strained relationships, increased anxiety, alcohol/drug problems, feeling down, difficulty concentrating and/or lack of motivation. These mental health concerns or stressful events may lead to diminished academic performance or reduce a student’s ability to participate in daily activities. PSU is committed to advancing the mental health and well-being of its students. If you or someone you know is feeling overwhelmed, depressed, and/or in need of support, services are available. You can learn more about the broad range of confidential mental health services available on campus via SHAC https://www.pdx.edu/health-counseling/.
SHAC also has resources for physical health, including flu shots. You can check out their COVID-19 resources page here: https://www.pdx.edu/health-counseling/covid-19-resources (including testing).
Get Food Now Here at PSU, there is never a need to tough things out alone. Those who can, give, so those who need, have.
Housing / financial crisis help. Here at PSU, there is never a need to tough things out alone. Emergency Housing, etc.
Title IX
As an instructor, students frequently come to me for assistance in matters that are not related to the course material. Please be aware that PSU’s policies require instructors to report any instance of sexual harassment, sexual and relationship violence and/or other forms of prohibited discrimination to University Officials, who keep the information private. If you would rather share information about these experiences with a PSU staff member who does not have these reporting responsibilities and can keep the information confidential, please contact one of the following campus resources.
- Confidential Advocates: 503.894.7982, or by scheduling on-line (for matters regarding sexual harassment and sexual and relationship violence)
- Center for Student Health and Counseling (SHAC): 1880 SW 6th Ave, 503.725.2800
- Student Legal Services: 1825 SW Broadway, (SMSU) M343, 503.725.4556 For more information, please complete the required student module Understanding Sexual Misconduct and Resources in Canvas.
PSU Sexual Misconduct Response website gives you comprehensive information about how to support and/or report an incident.
Please complete the required student module Understanding Sexual Misconduct and Resources in Canvas, which provides information about PSU policy and resources.
You may also report sexual and relationship violence to law enforcement on campus with Campus Public Safety Office (CPSO).
Or you may file an anonymous report with Campus Public Safety Office or a Bias Incident report with the Bias Review Team (BRT). PSU does not typically investigate the reports that are made through these two avenues. These reports help PSU understand what students and employees are experiencing on and around campus and provide support where needed.