This course will consist of tutorial style lectures covering two topics: mobile platform security and usable security for mobile devices.  Each lecture takes about 3 hours including time for questions, discussion and a break.  Each lecture has two parts.  The first part will last about 1.5 hours.  The second part will take about an hour. More details about the topics below. 

Prerequisites: To get the most from the tutorials, you need to have taken one undergraduate level course in security or cryptography (or have gained similar level of knowledge by other means) so that you are familiar with basic concepts in security and cryptography.

1. Mobile platform security architectures

Abstract:
In the past few years, there has been a dramatic increase in the popularity of the category of mobile phones commonly known as "smartphones". Consequently there is increased interest in the security and privacy research community in "smarpthone security". All dominant smartphone platforms, or more generally, mobile phone application platforms, incorporate platform security architectures that are widely deployed.

In the first part of this tutorial we will briefly explain the reasons why mobile platform security schemes have seen such widespread deployment and go on to discuss and compare some of them in more detail. Based on this analysis we will point out some open problems and possible future directions. In the second part of the tutorial we will present On-board Credentials (http://obc.nokiaresearch.com), a system that we developed over the last few years that makes it possible for developers to make use of existing hardware mobile security features to secure their applications and services.

2. Security for the end users: from personal devices to Internet of Things

Abstract:
As computing devices like mobile phones are now reaching billions of end users, it is becoming increasingly important that the security and configuration mechanisms used in these devices are easy to use while still providing sufficient security and without driving up cost.  In the first part of this lecture, we will do an in-depth case study of one such example: how researchers and practitioners came together to address the problem of initalizing and configuring secure communication between personal devices (sometimes known as "first connect"). In the second part, we will list a number of current problems that need solutions that are simultaneously usable and secure.  In particular, we will briefly explain how the scale of the "first connect" problem will increase when the promise of the "Internet of Things" becomes a reality where tens of billions of "things" are connected to the Internet and each user will need to configure and manage their own personal Internet of Things.

Lecturer: N. Asokan recently joined the department as a Professor in the NODES group.  Until recently, he was a Distinguished Researcher at Nokia Research Center where he led the Security and Networking Protocols research group. Asokan received his doctorate in Computer Science from the University of Waterloo.  More information at http://cs.helsinki.fi/~asokan

Guest lecturer: Kari Kostiainen is an expert in mobile devices, security and privacy. He has been working with Nokia Research Center in Helsinki and Silicon Valley almost a decade. Kari holds a doctorate in computer science from Aalto University.