CYBV/NETV 479 Wireless Networking & Security

Syllabus
The University of Arizona, South
Spring, 2019

Instructor: Ture Peken

Email: [email protected]
Cell Phone: 520-891-8360

COURSE DESCRIPTION:
CYBV/NETV 479 provides students an introduction to wireless networking, mobile device
hardware and software architectures as well as the application of security fundamentals for
mobile computing systems. Students will be able to describe user associations and routing
in a cellular/mobile network, interaction of elements within the cellular/mobile core, and
end-to-end delivery of a packet and/or signal and what happens with the hand-off at each
step along the communications path. They will be able to explain differences in core
architecture between different generations of cellular and mobile network technologies.
CYBV/NETV 479 conforms to the National Security Agency (NSA) Center of Academic
Excellence in Cyber Operations (CAE-CO) academic requirements for cellular and mobile
technologies and wireless security.
Prerequisites: BASV 326, INFV320, and CSCV352 or Consent of Instructor

REQUIRED TEXTS & LAB MATERIALS:

o Smith, C., & Collins, D. (2014). Wireless Networks – Design and Integration for LTE,
EVDO, HSPA and WIMAX, Third Edition. McGraw-Hill Education. ISBN: 978-0-07-
181983-1
o Christian Hartmann, Christian Bettstetter, Hans-Jörg Vögel, Jörg Eberspächer. GSM -
Architecture, Protocols and Services, Third Edition. John Wiley & Sons. ISBN:
9780470030707.
o Hak5 WiFi Pineapple Nano or Nano Tactical Elite
o Supplemental readings and other resources will be assigned on D2L throughout the
semester.

STUDENT LEARNING OUTCOMES:

The student will:
o Recognize and explain the differences between each of the generations of cellular
and mobile network architectures.
o Define and explain the user association and routing within a cellular network.
 o Identify and evaluate the interaction between the different elements within a
cellular/mobile network.
o Define and explain the end-to-end delivery of a packet and/or signal and what
happens with the hand-off at each step along the communications path.
o Identify and describe the different types of mobile identifiers, what they represent
and how they are used to support mobile networking.
o Identify and describe the migration path from 2G to UMTS and the Third
Generation Partnership Project (3GPP), UMTS services, and the UMTS air
interface.
o Define and explain the Signaling System-7 (SS-7)/Common Channel Signaling
(CC7) protocol, the three basic types of network nodes, and the SS-7/CC7 and IP-
based SS-7 (SIGTRAN) protocol stacks.
o Describe the elements of 3G WCDMA, 3G CDMA2000 network architecture and
the five (5) main elements of the 4G Long-Term Evolution (LTE) network
architecture
o Identify and describe the Location Based Services (LBS) architectures
o Define and explain the various mobile encryption standards
o Identify and discuss the 802.11 network architecture
o Describe & discuss the hardware architectures and embedded security protections
of modern 3G/4G smartphones
o Identify & discuss security vulnerabilities in smartphone hardware architectures
and the iOS and Android mobile OS architectures
o Exercise critical thinking strategies including reasoning, problem solving, analysis
and evaluation by identifying and recognizing potential security vulnerabilities
within cellular and mobile network, hardware and software architectures.
• Describe and demonstrate the vulnerabilities with ineffective mechanisms
for securing or hiding 802.11 traffic.
• Describe, and implement a secure wireless network that uses modern
encryption and enforces the proper authentication of users

REQUIREMENTS:
Requirements for the course are: 5 Quizzes; 8 Labs; a Midterm Examination; and a Final
Examination. Students will be expected to draw on assigned readings to complete all
course writing assignments and Labs.

GRADING:
The final grade in the course will be based upon:
5 Quizzes: 24% See Course Schedule/D2L
(48 points each)
8 Labs: 24% See Course Schedule/D2L
(30 points each)
Midterm Examination: 25% See Course Schedule/D2L
(250 points)
Final Examination: 27% See Course Schedule/D2L
(270 points)
 GRADING SCALE DISTRIBUTION
A 90 to 100 % 900 – 1000 Points A
B 80 to 89% 800 – 899 Points B
C 70 to 79% 700 – 799 Points C
D 60 to 69% 600 - 699 Points D
E Below 60% 0 – 599 Points E

Grading Policy: University policy regarding grades and grading systems is available at:
http://catalog.arizona.edu/policy/grades-and-grading-system
Requests for incompletes (I) and withdrawal (W) must be made in accordance
with university policies that are available at
http://registrar.arizona.edu/grades/grading-policy-manual-university-academic-
grading-policies-withdrawal-grades

COURSE SCHEDULE:

Class 1 – Introduction to Mobile Networks

• Class 1 Learning Objectives – Upon completion students will be able to:
o Explain evolution of cellular networks from 1G to 4G
o Identify mobile communications fundamentals: network architecture,
roaming, handoff/handover
o Understand wireless migration and harmonization processes
o Define mobile identifiers: IMSI, IMEI, MSISDN, ESN, GT, E164
o Define mobile logical channels: BCCH, SDCCH, RACH, AGCH, etc.
• Class 1 Assignments
o Class 1 Lecture & Presentation
o Read Chapter 1 - Wireless Networks

Class 2 – 2G and 3G Overview

• Class 2 Learning Objectives – Upon completion students will be able to identify
and describe:
o Second and Third Generation cellular networks
o GSM
o 3GPP
o UMTS Overview
o CDMA2000 Overview
o TD-CDMA
o TD-SCDMA
o Signaling System-7 (SS-7)/Common Channel Signaling (CC-7) and IP-
based SS-7 (SIGTRAN)
• Class 2 Assignments
o Class 2 Lecture & Presentation
o Read Chapter 2 & pages 436-441 - Wireless Networks
 o Read Chapter 3 - GSM - Architecture, Protocols and Services
o CellSim Lab 1
o Quiz 1

Class 3 – UMTS
Class 3 Learning Objectives – Upon completion students will be able to identify
and describe:
o UMTS Architecture and Paths
o UMTS Signaling and Messages
o UMTS Protocols
o Establishment of a UMTS speech call
o UMTS packet data
o HSPA
• Class 3 Assignments
o Class 3 Lecture & Presentation
o Read Chapter 3 - Wireless Networks
o CellSim Lab 2

Class 4 – CDMA2000
• Class 4 Learning Objectives – Upon completion students will be able to identify
and describe:
o CDMA2000 Architecture and Paths
o CDMA2000 Signaling and Messages
o CDMA2000 Protocols
o EVDO
o EVDV
• Class 4 Assignments
o Class 4 Lecture & Presentation
o Read Chapter 4 – Wireless Networks
o CellSim Lab 3

Class 5 – LTE
• Class 5 Learning Objectives – Upon completion students will be able to identify
and describe:
o LTE Architecture and Paths
o LTE Signaling and Messages
o LTE Protocols
o Multiple Input Multiple Output (MIMO)
o Carrier aggregation
o LTE-Advanced
• Class 5 Assignments
o Class 5 Lecture & Presentation
o Read Chapter 7 – Wireless Networks
o Quiz 2
o CellSim Lab 4
Class 6 - Mobile Location Based Services, Mobile Registration and Mobile Security
• Class 6 Learning Objectives – Upon completion students will be able to identify
and describe:
o Location Based Services (LBS)
o LBS architecture
o Locating techniques
o LBS applications
o Mobile registration procedures
o Mobile security
• Class 6 Assignments
o Class 6 Lecture & Presentation

Class 7 – Section Review & Mid Term Exam

Class 8 – Mobile Encryption Standards

• Class 8 Learning Objectives – Upon completion students will be able to identify
and describe:
o CMEA, A5/1, A5/2, A5/3, KASME
o GSM Encryption
o UMTS Encryption
o CDMA2000 Encryption
o LTE Encryption
o Common ciphers, their implementations, advantages and disadvantages
for use in securing wireless networks
§ Stream ciphers (e.g. E0, RC4, A5, SNOW, ZUC)
§ Block ciphers (e.g. Kasumi, SAFER, AES)
• Class 8 Assignments
o Class 8 Lecture & Presentation

Class 9 – Smart Phone Architecture

• Class 9 Learning Objectives – Upon completion students will be able to identify
and discuss:
o Hardware architectures and embedded security protections of modern
3G/4G smartphones
§ Processors
§ Memory
§ SIM Cards
§ Cellular Radio
§ WiFi Radio
§ Bluetooth Radio
§ NFC Radio
§ JTAG, UART, Serial Ports
o Security vulnerabilities in smartphone hardware architectures
• Class 9 Assignments
 o Class 9 Lecture & Presentation
o Watch the Anatomy of smartphone hardware video:
https://www.youtube.com/watch?v=xOp_wtsHAe8
o Read the Smartphone Hardware Architecture presentation by Andrew
Fallows and Patrick Ganson.
o Quiz 3

Class 10 – iOS Operating System

• Class 10 Learning Objectives – Upon completion students will be able to identify
and describe the following:
o iOS Architecture Overview
§ Cocoa Touch Layer
§ Media Layer
§ Core Services Layer
§ Core OS Layer
o iOS Security Architecture
§ System Security
§ Encryption and Data Protection
§ App Security
§ Network Security
§ Apple Pay
§ Internet Services
§ Device Controls
§ Privacy Controls
o iOS Security Vulnerability Trends
§ Vulnerability Trends Over Time
§ Vulnerability by Year and Type
§ Available Exploits
Class 10 Assignments
o Class 10 Lecture & Presentation
o Review the Apple iOS Technologies site at
https://developer.apple.com/library/ios/documentation/Miscellaneous/Con
ceptual/iPhoneOSTechOverview/Introduction/Introduction.html#//apple_r
ef/doc/uid/TP40007898-CH1-SW1

Class 11 – Android Operating System

• Class 11 Learning Objectives – Upon completion students will be able to identify
and describe the following:
o Android Architecture Overview
§ Applications
§ Application Framework
§ Native Libraries
§ Android Runtime
§ Hardware Abstraction Layer (HAL)
§ Linux Kernel
o Android Security Architecture
 § System Security
§ Google Security Services
§ Platform Security Architecture
§ Kernel Security
§ Device Administration
§ Application Security
o Android Security Vulnerabilities
§ Vulnerability Trends Over Time
§ Vulnerability by Year and Type
§ Available Exploits
• Class 11 Assignments
o Class 11 Lecture & Presentation
o Review the Android Interface and Architecture site at
https://source.android.com/devices/
o Quiz 4

Class 12 – 802.11 WiFi Open, WEP, WPA2 PSK & WPA2 Enterprise Networks
• Class 12 Learning Objectives – Upon completion students will be able to identify
and describe:
o Network architecture, Frequencies, Channel distribution
o Handshake/Beacons, Probes, Authentication, and Association procedures
o 802.11 Open and WEP Network attacks
§ Network Sniffing/Monitoring
§ Network Impersonation
§ Session Hijacking
§ Man-in-the-Middle
§ Denial of Service
o 802.11 WPA2 PSK & WPA2-Enterprise Network attacks
§ Network Sniffing/Monitoring
§ Dictionary Attacks
§ Radius Server Attacks
§ Denial of Service
o WEP Encryption
§ Encryption & Decryption Process
§ Weaknesses
§ Attacks
§ Mitigation Techniques
o WPA2 PSK & WPA2-Enterprise Encryption

• Class 12 Assignments
o Class 12 Lecture & Presentation
o Read Chapter 10 - Wireless Networks

Class 13 – Bluetooth Classic & Low Energy

• Class 13 Learning Objectives – Upon completion students will be able to identify
and describe:
 o Bluetooth Classic
§ Master/Slave Architectures
§ Protocol Stacks
§ Link Management Protocol (LMP)
§ Security Options
§ Link Authentication & Encryption
§ Bluetooth Classic Pairing
§ Security Vulnerabilities
• Default Pins
• Security Configurations
• Weak Authentication
§ Attacks
• Pairing Authentication Attack
• PIN Cracking
• Discovery
o Bluetooth Low Energy (BLE)
§ Master/Slave/Mesh Architectures
§ Simplified Channel Hopping
§ Protocol Stack Changes from Classic
§ Security Options
§ BLE Profiles
§ Link Encryption
§ Pairing
§ Security Vulnerabilities
• Sniffing
• Just Works
• Default Pins
• Open Security Configurations
• Weak Authentication
• Simplified Channel Hopping
• Advertising channels
§ Attacks
• Sniffing
• Pairing/Bonding Attack
• PIN/Passcode Cracking
• Discovery
• BLE Replay Attacks
• Class 13 Assignments
o Class 13 Lecture & Presentation

Class 14 – RFID
• Class 14 Learning Objectives – Upon completion students will be able to
identify and describe:
o Active RFID Capabilities & Characteristics
§ Architectures
 § Frequencies
§ Data Formats
§ Attacks
• Long-Range Tag Reading
• RFID Analysis
o Frequency
o Modulation
o Data Decoding
• Cloning
o Passive RFID Capabilities & Characteristics
§ Architectures
§ Frequencies
§ Data Formats
§ Attacks
• Long-Range Tag Reading
• RFID Analysis
o Frequency
o Modulation
o Data Decoding
• Cloning
• ProxBrute Attacks
• Class 14 Assignments
o Class 14 Lecture & Presentation
o Quiz 5

Class 15 – Wireless Security

• Class 15 Learning Objectives – Upon completion students will be able to identify
and describe:
o Security threats and vulnerabilities of wireless systems
§ Cellular networks (2G/3G/4G)
§ WiFi
§ Bluetooth
§ RFID
o Security protocols used in wireless communications and how each
addresses issues of authentication, integrity, and confidentiality:
§ COMP128
§ UIA
§ TKIP
§ CCMP
§ SSP
§ E1
o Availability issues in wireless and nuances in different denial-of-service
attacks:
§ Energy jamming
 § Carrier sense exploitation
§ RACH flooding
§ Access management protocol exploitation
• Class 15 Assignments
o Class 15 Lecture & Presentation
o Watch Hak5 WiFi Pineapple tutorial video
o Complete WiFi Reconnaissance lab (Lab 5)
o Complete WiFi DoS lab (Lab 6)
o Complete WiFi MitM lab (Lab 7)
o Complete Secure WiFi lab (Lab 8)

Final Examination
University of Arizona Final Examination Policy:
https://www.registrar.arizona.edu/courses/final-examination-regulations-and-
information?audience=students&cat1=10&cat2=31

ACCESSIBILITY AND ACCOMMODATIONS:

It is the University’s goal that learning experiences be as accessible as possible. If you
anticipate or experience physical or academic barriers based on disability, please let me
know immediately so that we can discuss options. You are also welcome and encouraged
to contact Disability Resources at (520-621-3268) to establish reasonable
accommodations. http://drc.arizona.edu/students

TECHNOLOGY REQUIREMENTS AND SUPPORT:

This course uses Desire2Learn (D2L), a web-based system for managing class activities
and communications. You are automatically enrolled in the D2L course site, which will
be utilized for the following purposes:
1) distribute course materials,
2) communicate and collaborate online,
3) post-grades,
4) submit assignments, and
5) take online quizzes and surveys.

You are responsible for checking the D2L site regularly for classwork and
announcements. The course site may be accessed through http://d2l.arizona.edu/

If access to D2L is not available for an extended period of time (greater than one entire
evening - 6pm till 11pm) you can reasonably expect that the due date for assignments
will be changed to the next day (assignment still due by 11 pm). Technical assistance is
available 24/7 through the UA Help Desk at (520) 626-TECH (8324) or
http://uits.arizona.edu/departments/the247

Online Class Etiquette

What is Netiquette? Simply stated, it is network etiquette -- that is, the etiquette of
cyberspace. And "etiquette" means "the forms required by good breeding or prescribed
by authority to be required in social or official life." In other words, Netiquette is a set of
rules for behaving properly online. Please refer to this website to further your
understanding of online class etiquette:
http://www.albion.com/netiquette/introduction.html

ACADEMIC INTEGRITY:
Student Responsibilities: Students are responsible for understanding and following the
UA Code of Academic Integrity. Students engaging in academic dishonesty diminish
their education and bring discredit to the academic community and the campus. Students
should avoid situations likely to compromise academic integrity.
http://deanofstudents.arizona.edu/policies-and-codes/code-academic-integrity

THREATENING BEHAVIOR IS PROHIBITED:

“Threatening behavior” means any statement, communication, conduct or gesture,
including those in written form, directed toward any member of the University
community that causes a reasonable apprehension of physical harm to a person or
property. A student can be guilty of threatening behavior even if the person who is the
object of the threat does not observe or receive it, so long as a reasonable person would
interpret the maker’s statement, communication, conduct or gesture as a serious
expression of intent to physically harm. http://policy.web.arizona.edu/threatening-
behavior-students

CODE OF CONDUCT:
Please review the University’s Code of Conduct information, which can be found at:
https://deanofstudents.arizona.edu/policies-codes

ABSENCE POLICY:
Continuous student participation in all online class activities is a vital component of this
course. Students are encouraged to notify the instructor—in advance whenever
possible—if a student will not be able to access D2L or participate in online discussion
forums for more than a Class due to travel, illness, emergency, or similar situation. In
addition to illness, emergency, or other unavoidable situation, the following kinds of
student absence from regular class attendance or online participation will be excused by
the instructor:
All holidays or special events observed by organized religions will be honored for
those students who show affiliation with that particular religion.
Absences pre-approved the UA Dean of Students (or Dean’s designee) will be
honored.

SYLLABUS, SCHEDULE, AND ASSIGNMENT CHANGES:

Information contained in the course syllabus, other than the grade and absence
policies, may be subject to change.