Price: $1,999.00

Length: 2 Days
Print Friendly, PDF & Email

Cybersecurity Applied to Embedded Systems

An embedded system is a combination of computer hardware and software, either fixed in capability or programmable, designed for a specific function or functions within a larger system.

Embedded systems are computing systems, but they can range from having no user to complex graphical user interfaces (GUIs) such as in mobile devices. User interfaces can include buttons, LEDs, touch-screen sensing and more. Remote user interfaces are also prominent in some systems.

Besides mobile devices, other places you will find embedded systems include the likes of industrial machines, cameras, airplanes, toys, vending machines, household appliances, automobiles and medical equipment.

The embedded market is surging along with other advances in technology such as machine learning, AI and 5G networking. With embedded systems chip manufacturers such as mainstays like Apple, IBM, Intel and Texas Instruments leading the charge, analysts are forecasting an embedded market exceeding $20 billion this year.

Unfortunately, cybersecurity concerns are also surging.

Security is an important issue because of the roles of embedded systems in many mission and safety-critical systems. Attacks on cyber systems are proved to cause physical damages. Although many approaches have been proposed in the past to secure embedded systems, various facts such as deployment scale, resource limitations, the difficulty of physical protection, and cost consideration all make it very challenging to secure them, particularly for devices with remote control, maintenance and operation functions.

Cybersecurity professionals have strong feelings regarding the best approach for improving security for embedded systems. They believe a good place to start is by conducting an end-to-end threat assessment. Improving the security of an embedded device starts with identifying the potential threats. These threats must be evaluated in the context of the device manufacturer, operators (if the device is provisioned in such a way), and end users, including their usage environment.

Many believe security can be greatly improved by including security features in the early stages of design that will:

  • Ensure the device firmware has not been tampered with
  • The data stored by the device is secure
  • Secure communication
  • Protect the device from cyberattacks by going beyond password authentication and security protocols.

Beyond the embedded system themselves, software and firmware distribution should be organized so as to provide updates with trusted signatures that only the software editor can produce. This often calls for trusted third parties capable of emitting certificates, hosting private keys, and administrating them as a service from their highly secure data centers for customers.

Cybersecurity Applied to Embedded Systems Training Course by Tonex

Cybersecurity Applied to Embedded Systems Training is a 2-day training discusses fundamentals of embedded systems and applications of cybersecurity to illustrate unique vulnerabilities that are commonly exploited.

Learn about methods and techniques considering cybersecurity measures in the entire system life cycle and acquisition. Secure Embedded Systems include many procedures, methods and techniques to seamlessly integrate cybersecurity within embedded system software. Added security components to embedded systems can impede a system’s functionality and impact the real-time performance of the mission critical systems.

Systems engineers, developers and analysts need a well-defined approach for simultaneously designing embedded functionality and cybersecurity. Secure embedded systems might use a security co-processor to cryptographically ensure system confidentiality and integrity while maintaining functionality.

This course will also teach participants how to analyze, reverse, debug, and exploit embedded RTOS firmware. Hands-on experience with a variety of real-world devices, RTOS’s, and architectures equip students with the practical knowledge and skills necessary to be proficient in RTOS vulnerability analysis and exploitation.

We discuss risk assessment methodologies, failure analysis and using defensive tools to mitigate cyber risk and vulnerabilities. To assure successful mission control system performance, embedded systems such as weapon systems, missiles, smart weapons, Network Enabled Weapons (NEW), UAVs, communications systems, industrial control systems, medical devices, robotics, smart grid, SCADA, Intelligent Electronic Devices (IED), PLCs, and autonomous cars must be secured to perform their intended functions, prevent cyberattacks, and operate with no cyber attack impact. Cybersecurity Applied to Embedded Systems introduces cybersecurity concepts applied to embedded systems, firmware, hardware and embedded software.

This course is designed for anyone interested in cybersecurity, analysis, exploiting, and patching vulnerabilities with real-world embedded systems.

Who Should Attend:

  • Product/process designers and engineers
  • Developers working with embedded systems
  • Information security professionals
  • Application developers

Takeaways from this course include:

  • Examining how to fit cybersecurity in embedded systems
  • Fundamentals of cybersecurity
  • Fundamentals of Embedded Systems
  • Fundamentals of embedded system product design cycle, project management, design for production, V&V and O&M
  • Embedded Systems Security Requirements
  • Fundamentals of hardware and firmware analysis and design in embedded design
  • Vulnerabilities in embedded systems
  • Embedded hardware and firmware analysis to detect vulnerabilities
  • Foundation knowledge of cyber security threats, risks, mitigation strategies applied to embedded systems
  • Exploitable vulnerabilities in embedded systems and techniques and strategies for systems engineering embedded systems
  • Communication protocols, wired and wireless networks, information and network attacks and their impact on embedded devices
  • Risk assessment techniques and methodologies and using defensive tools for mitigating risk and vulnerabilities

Course Topics:

Cybersecurity 101

  • What is Cybersecurity?
  • Basic principles of CIA
  • Confidentiality
  • Embedded system’s critical information
  • Application code and surveillance data
  • Unauthorized entities
  • Integrity
  • Availability and mission objectives
  • Cyber Risks applied to Embedded Systems
  • Principles and practices designed to safeguard your embedded system
  • Hacking tools and entry points
  • Encryption and authentication
  • Data Integrity
  • Vulnerability analysis 101
  • Mitigation 101
  • Networking and network attacks
  • Role of wireless networks in the embedded systems
  • Embedded hardware and firmware analysis and reverse engineering
  • Embedded system security Threats
  • Intrusion
  • Virus, Worm, Trojan Horse (Malware)
  • Spyware
  • DoS
  • Secure software fundamentals

Introduction to Embedded Systems

  • Embedded Systems 101
  • Hardware Architecture
  • Software Development
  • Microprocessor Primer
  • Basic architecture
  • Programmer’s view
  • Embedded Operating Systems
  • Case Study: Embedded mmWave Radar System
  • Embedded Systems Engineering

Embedded System Vulnerability Analysis

  • Networking and network attacks
  • Wireless networks and embedded systems
  • Embedded hardware and firmware analysis
  • Exploiting Embedded Devices
  • The stages of router exploitation
  • Initial Reconnaissance
  • Exploitation
  • Firmware Unpacking and Modification
  • Detecting
  • Extracting
  • Analysis
  • Cross Compiling
  • Modification and Creation of new firmware
  • Persistent Dynamic Backdoor
  • Firmware analysis and extraction
  • Finding and exploiting logic flaws
  • Firmware emulation and debugging
  • Finding and exploiting real-world overflows
  • Foundations of cyber security and emerging threats
  • Hacking/exploitation techniques, tools and entry points
  • Defensive technologies: Encryption and authentication

Exploiting Real Time Operating Systems

  • Basic introduction to the concept of Real Time Operating Systems
  • Overview of MIPS architecture and design
  • Firmware analysis of our first target device
  • Debugging our first target device
  • Augmenting IDA’s auto analysis
  • Searching for backdoors
  • How not to crash your target
  • Hardware & firmware analysis
  • Identifying functions without a symbol table
  • Low-hanging crypto
  • Breaking custom crypto
  • Practical exploitation of crypto bugs
  • More firmware analysis
  • Augmenting IDA’s auto analysis
  • Chip backdoors
  • Hidden manufacturer menus
  • Hardware Hacking
  • Basic electronics and circuit analysis
  • Analog/digital communications
  • Common inter-component protocols

Securing Embedded Systems Interfaces and Protocols

  • Embedded Systems Communication Protocols
  • Universal Asynchronous Receiver/Transmitter (UART)
  • Serial Peripheral Interface (SPI)
  • Joint Test Action Group (JTAG)
  • Inter-integrated Circuit (I2C)
  • I2C bus
  • CAN bus
  • FireWire bus
  • USB
  • Parallel protocols
  • PCI bus
  • ARM bus
  • Wireless protocols
  • IrDA
  • Bluetooth
  • Bluetooth LE (BLE)
  • IEEE 802.11
  • NFC
  • RFID
  • 802.15.4
  • 6LowPAN
  • Thread
  • Zigbee
  • Z-Wave

Cybersecurity Attacks and Best Mitigation Practices for Embedded Systems

  • Non-Invasive Hardware Reverse Engineering
  • Component identification
  • Tracking PCB traces
  • Re-producing schematic and block diagrams
  • Bus Sniffing
  • Interface Analysis
  • Communications protocols sniffing
  • Decoding and deciphering captured bits
  • Critical data identification and detection
  • Component removal and replacement
  • Dealing with surface mount components
  • Electronics and circuit analysis
  • Understanding your tools and their effects on the circuit
  • Understanding the circuit and its effect on your tools
  • Security Measures

Case Study and Workshop

  • Cybersecurity Analysis of Embedded Systems used in unmanned aircraft system (UAS)
  • Design Process
  • Embedded system CONOPS
  • Mission objectives
  • Test and evaluation
  • Functional requirements
  • Threat analysis
  • System design
  • Security requirements
  • Performance evaluation
  • Security evaluation
  • System Implementation Security
  • Attack surface
  • Boot process, system data, and software
  • Physical attack surface
  • Root of trust establishment
  • Trust hardware and software components
  • Trusted platform module (TPM)
  • Operating system (OS)
  • Mission-specific application code (Apps)
  • Field-programmable gate array (FPGA)
  • BIOS
  • Boot process
  • Startup
  • Trusted computing base (TCB)

Cybersecurity Applied to Embedded Systems

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.