課程名稱 |
物聯網資安檢測實務 Practical Security Analysis of IoT |
開課學期 |
110-2 |
授課對象 |
電機資訊學院 電機工程學研究所 |
授課教師 |
田謹維 |
課號 |
CommE5058 |
課程識別碼 |
942 U0720 |
班次 |
|
學分 |
3.0 |
全/半年 |
半年 |
必/選修 |
選修 |
上課時間 |
星期二A,B,C(18:25~21:05) |
上課地點 |
電二144 |
備註 |
總人數上限:60人 |
|
|
課程簡介影片 |
|
核心能力關聯 |
核心能力與課程規劃關聯圖 |
課程大綱
|
為確保您我的權利,請尊重智慧財產權及不得非法影印
|
課程概述 |
This course aims to conduct security testing and standard assessment for the entire IoT (Internet of Things) system. The course topics are designed at the four major aspects of the IoT ecosystem, including endpoint software and hardware, communication protocol and cloud virtualization environment. Conducting and discussion to IoT cyber security threats, the security testing standards and industry best practice requirements, this course would let students understand the industry technical requirements for IoT security assessment and have real experience of IoT vulnerability exploitation in real-world IoT devices. |
課程目標 |
- Cultivate technical capabilities that can perform industry IoT testing cases into practices.
- Identify vulnerabilities in IoT device architectures, firmware, apps, networking and the cloud using software and hardware penertration test techniques.
- Combining IoT security standards, security testing methodologies and technical capabilities to quickly integrate with the industry demands. |
課程要求 |
- Requires web programming experience (including frontend and backend is better) and basic network architecture.
- To facilitate course implementation and discussion, please prepare a laptop computer. |
預期每週課後學習時數 |
|
Office Hours |
另約時間 備註: Appointment by e-mail. : cwtien@ntu.edu.tw |
指定閱讀 |
- Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things, Fotios Chantzis (Author), Ioannis Stai, 2021 |
參考書目 |
- IoT Penetration Testing Cookbook: Identify vulnerabilities and secure your smart devices, Aaron Guzman, Aditya Gupta, 2017
- Practical Internet of Things Security: Design a security framework for an Internet connected ecosystem, 2nd Edition, Brian Russell, Drew Van Duren, 2018
- Attacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation 1st Edition, James Forshaw, 2017 |
評量方式 (僅供參考) |
No. |
項目 |
百分比 |
說明 |
1. |
Lab |
30% |
Three Lab assignments (planned) |
2. |
Homework |
30% |
Three Homework assignments (planned) |
3. |
Final Project |
40% |
|
|
週次 |
日期 |
單元主題 |
第1週 |
2/15 |
Course Preliminary |
第2週 |
2/22 |
Intro. to IoT security standards |
第3週 |
3/01 |
IoT Network Analysis |
第4週 |
3/08 |
IoT Network and Website pentesting (HW1) |
第5週 |
3/15 |
IoT Cloud security testing |
第6週 |
3/22 |
Android App security testing (LAB1) |
第7週 |
3/29 |
iOS App security testing |
第9週 |
4/12 |
midterm - final project proposal |
第10週 |
4/19 |
Intro to IoT hardware security (HW2) |
第11週 |
4/26 |
IoT Firmware analysis and pentesting (1) |
第12週 |
5/03 |
IoT Firmware analysis and pentesting (2) (LAB2) |
第13週 |
5/10 |
IoT Wireless network security |
第14週 |
5/17 |
IoT network protocol fuzzing (1) (HW3) |
第15週 |
5/24 |
IoT network protocol fuzzing (2) |
第16週 |
5/31 |
Penetration Testing over the Air (LAB3) |
第17週 |
6/07 |
Final Project |
|