Teaching a Hands-On Mobile and Wireless Cybersecurity Course

Abstract

The combination of theory-based and practical hands-on learning represents a powerful approach for cybersecurity education. Placing the student in the adversarial mindset strengthens this approach and is commonly exercised in network penetration testing, reverse engineering, and binary exploitation coursework. In this paper, we present an undergraduate mobile and wireless security course design that balances theoretical learning with a hands-on and adversarial thinking approach. Our course consists of inter-woven lectures and lab sessions. Labs consist of contemporary attacks against radio-frequency (RF) enabled hardware, Internet of Things (IoT) firmware, and wireless protocols. In the culmination exercise, the students attack a flawed RF protocol implemented on GnuRadio to allow students to demonstrate their knowledge synthesis. We believe that sharing this experience will prove valuable for instructors who wish to introduce adversarial thinking into mobile and wireless security courses while overcoming the challenge of remote students.