TEK5530/Group work

From its-wiki.no
Jump to: navigation, search

back to TEK5530

Report requirements

The student will assess an IoT system, applying a security or privacy analysis. The assessment can be done alone or in a group. The advantage of group work is that you can challenge each other, and have discussions about your analysis. The presentation of the report forms the first 8 min of the exam, and is the basis for questions of the content of the exam.

The students are free to come with ideas on the report's topic.

Formal requirements:

  • at least 6 pages of content (without Table of contents, cover page etc.). The report is "for your eyes only, and serves as the basis of your presentation. Reason is that we want you to learn to structure a report, and present the report.
  • student is free to choose to write in english or norwegian
  • should contain (but not limited to): introduction, background, description of tasks to be done, presentation of results and conclusion. (see suggestions)

Possible field of work

  • Multi-metrics approach in practice, this is the normal group work which was given previously, example: A good (A) delivery from 2016: Media:good_example_group_work.pdf, you are allowed to choose a simpler example.
  • Microsoft Threat analysis
  • Security possibilities in Raspberry Pi wireless sensor networks


  • Zigbee or Connected Home over IP[1] : analysis of security capabilities, use case home automation
  • A security evaluation of wifi-mains smart plugs
  • Smart Home system
  • Over-the-air (OTA) update of software
  1. Standard (2021) for connected homes over IP https://www.connectedhomeip.com

Goals of Group Work

The main goal of your project work is to analyse an application scenario with respect to security or privacy. Thus,

1. establish the application goals with respect to security or privacy
2. have a system in mind that delivers the expected applications
3. Select your evaluation criteria, e.g. security goals for the system evaluation
4. Divide the system into components, and perform an analysis of the components.
5. Present the results, using your evaluation criteria defined in step 3
6. Compare the outcome of the system analysis with your application goals
7. evaluate your results, e.g. by identifying components/functionalities which influence your system
8. suggest further work, and provide reasons for those suggestions

Evaluation criteria for Group Work

The results of your work are presented as the first part of the exam. Ask yourself if you address the following criteria:

Application scenario/Use case

  • To what extent does the application scenario address the topics envisaged in TEK5530

Identification of functionalities of the system components

  • Which are the security/privacy/trust/threat functionalities that have to be modelled?
  • Why have I chosen the model, and is it suitable for the analysis?

Perform the analysis

  • What are the results of my assessment?
  • To what extends does my assessment reflect the expectation?
  • What is the sensitivity of my results? Which components/settings/functionalities influences the analysis most?

Critical review and future work

  • Is my analysis well reasoned?
  • What are the open issues, do they address relevant shortcomings?