ICA SPECIFICATION (Element 2)
| Module Title: IoT Security | Module Leader: XXXX XXXX |
| Module Code: CIS4019-N | |
| Assignment Title: A layer-wise component and security analysis of an IoT application | Deadline Date: 03-01-2022 (Wednesday) |
| Deadline Time: 4:00 pm | |
| Submission Method: Online via Blackboard x TU Online Middlesbrough Tower | |
| Online Submission Notes: Please follow carefully the instructions given on the Assignment SpecificationWhen Extenuating Circumstances (e.g. extension) has been granted, a fully completed and signed Extenuating Circumstances form must be submitted to the School Reception or emailed to SCEDT-Assessments@tees.ac.uk Central Assignments Office (Middlesbrough Tower M2.08) Notes: All work (including CDs, etc.) needs to be secured in a plastic envelope or a folder and clearly marked with the student name, number and module title. An Assignment Front Sheet should be fully completed before the work is submitted. When an extension has been granted, a fully completed and signed Extension form must be submitted to School Reception or emailed to SCEDT-Assessments@tees.ac.uk |
Introduction
You need to do a layer-wise component and security analysis of a selected IoT application and make a report of process (approx. 2000 words).
The Scenario
CyberHealth Ltd. is a Teesside based cybersecurity solution provider, where you are working as a cybersecurity expert. Your company provides Networking & Cybersecurity solutions for the business environment. They currently offer managed, professional, and hardware & software services. Recently, few companies have approached CyberHealth to offer them services for their IoT solution clients. CyberHealth is interested in extending its business by providing services to its customers who offer IoT solutions.
The use of telemedicine with the support IoT has increased globally due to COVID-19. Your company is more interested in healthcare related IoT solution providers or customers. In this context, you are assigned to analyse the security of an existing remote monitoring system (offered by an IoT solution provider) for elderly and chronic disease patients.
Your Tasks
Task 1 (T1): Compare the three- and five-layered architecture of the IoT-based remote patient monitoring system (e.g., fall detection and reporting or any app selected from Google’s play or Apple’ Apps store and uses mobile sensors) in terms of security (e.g., cybersecurity, physical security) (20%). For the task you need to include:
- A diagram of the architecture (5%)
- Brief description of the security features supported by each layer (e.g., sensing or perception) to protect their components (e.g., sensor or sensors, routers, apps) (15%).
Task 2 (T2): What is Risk in cybersecurity? Do a risk assessment of the selected IoT application using a risk assessment framework. You can select any framework you prefer (15% mark).
Task 3 (T3): Explain with examples how you would analyse the end-to-end (E2E) security vulnerabilities or concerns (using the 3-layer architecture in task 1 and its layer-wise components) of the selected solution (40% mark). For this task,
- be precise about tools and methods,
- justify all your decisions, and
- Discussion needs to be linked with the selected application.
Task 4 (T4): Discuss countermeasures or mitigation mechanisms for the identified security vulnerabilities or concerns of the sensing (in task 3) layer of the selected patient monitoring system (10%).
Task 5 (T5): Machine Learning (ML) is an essential technology in IoT to process and make decision based on the sensed data. However, adversaries can use a variety of attack (also known as adversarial attacks) methods to disrupt a ML model, either during the training phase or after the model has already been trained. Discuss a list of potential adversarial attacks with examples possible in autonomous or driverless car (10% mark) domain of IoT.
Task 6 (T6): Write the report clearly and professionally (i.e., using references and figures where appropriate) regarding technical issues in an IoT network and security (5% mark).
Deliverable and deadline
You should submit your report as a PDF document via online (Blackboard) by the 03 January 2022 (Wednesday) (16:00PM).
Advice and Assistance
For feedback and advice on your progress consult the module tutors during the scheduled sessions. In addition, you can email both tutors (m.razzaque@tees.ac.uk/u.adeel@tees.ac.uk).
Assessment criteria
The tasks T1-T4 cover the learning outcome 4 (total 80% mark), task T5 covers learning outcome 7, and task T6 covers learning outcome 1.
Marks will be assigned as in the following table.
| Task | 70%+ | 60-69% | 50-59% | 40-49% |
| 1 | An excellent discussion about the three- and five-layered view or architecture of the selected IoT application, including a diagram of each architecture. | A good discussion about the three- and five-layered view or architecture of the selected IoT application, including a diagram of each architecture. | A fair discussion about the three- and five-layered view or architecture of the selected IoT application, including a diagram of each architecture. | A limited discussion about the three- and five-layered view or architecture of the selected IoT application. Diagrams are missing. |
| 2 | A comprehensive risk assessment using a framework. | A good but not comprehensive risk assessment using a framework. | An incomplete risk assessment using a framework. | A limited or partial risk assessment without a framework. |
| 3 | An excellent analysis (with examples) of E2E security concerns of | A good analysis (with examples) of E2E security concerns of | A fair analysis (without examples) of E2E security | A limited analysis (without examples) of E2E security concerns |
| the selected architecture of the solution. Appropriate tools and methods are used with excellent justification. | the selected architecture of the solution. Appropriate tools and methods are used with justification. | concerns of the selected architecture of the solution. Tools and methods are used with limited justification. | of the selected architecture of the solution. Tools and methods are used without justification. | |
| 4 | An excellent discussion about countermeasures for the identified security concerns of the sensing layer. | A good discussion about countermeasures for the identified security concerns of the sensing layer. | A fair discussion about countermeasures for the identified security concerns of the sensing layer. | A limited discussion about countermeasures for the identified security concerns of the sensing layer. |
| 5 | An excellent discussion and informed comments on emerging applications of IoT in healthcare, demonstrating an understanding of the social and commercial context | A good discussion and informed comments on emerging applications of IoT in healthcare, demonstrating an understanding of the social and commercial context. | A fair discussion and some informed comments on emerging applications of IoT in healthcare, demonstrating an understanding of the social and commercial context. | A limited answer and few informed comments on emerging applications of IoT in healthcare, demonstrating an understanding of the social and commercial context |
| 6 | A very clear and readable report, with excellent structuring, good use of grammar and referencing. | A clear and readable report, with good structuring, good use of grammar and referencing. | The report is readable but with minor errors. Some use of relevant source material and referencing. | A readable report, with major errors in writing, structure or referencing. |
For more information, please contact tutor or module leader.
Learning outcomes to be assessed
This element (counts 50% of your overall marks) will assess the learning outcomes 1 and 4, which are as below:
- Communicate clearly and professionally regarding technical issues in an IoT network and security.
4. Demonstrate critical understanding of standard security and privacy preserving mechanisms in IoT.
