Price: $1,999.00

Length: 2 Days
Print Friendly, PDF & Email

Cybersecurity Applied to Embedded Systems

Cybersecurity Applied to Embedded Systems

Cybersecurity applied to embedded systems is a field that focuses on preventing malicious access to and use of embedded systems.

Cybersecurity for embedded systems provides mechanisms to protect a system from all types of malicious behavior. Normally, cybersecurity specialists work with systems design teams to ensure the embedded system has the necessary security mechanisms in place to mitigate the damage from these attacks.

In the last few years there has been an increase of concern regarding cybersecurity and embedded systems, especially with the Internet of Things expansion of massive interconnectivity.

This is because many embedded systems perform mission-critical or safety-critical functions vital to a system’s intended function and surrounding environment. Embedded systems security is relevant to all industries, from aerospace and defense to household appliances. Modern embedded systems are starting to become interconnected by the Internet of Things (IoT), which creates additional attack vectors.

Obviously, the most secure embedded system is one that is turned off, and the next most secure system is completely isolated. When embedded systems were islands of technology that contained minimal information, embedded software security was less important. Embedded systems are now often connected to a communications network that exposes the system to more threat actors.

Due to the monetary value of data often associated with embedded systems, embedded systems popular targets. Cyberattacks on embedded systems range from disabling vehicle anti-theft devices and degrading the performance of control systems to directing printers to send copies of documents to the hacker and accessing a smartphone’s data.

Common network-based attacks on embedded systems include things like man in the middle, session hijacking, domain name system, signal jamming and distributed denial of service. This type of attack exploits network infrastructure vulnerabilities and can also be performed remotely. Using these vulnerabilities, hackers can listen for, intercept, and modify traffic transmitted by an embedded system.

Developers and organizations also need to be aware of side-channel attacks, the hardest and most expensive type of attack, as it requires precise knowledge of the hardware design and physical availability of the target system.

Side-channel attacks intend to use hardware security flaws in embedded systems to hack them. To carry out a side-channel attack, hackers gather information on system power consumption, electromagnetic leakage, operation timing, etc.

As a result, they may work out the internal operation of a system and connected devices, steal cryptographic keys, or even gain control over the system.

Cybersecurity Applied to Embedded Systems Training Course by Tonex

Cybersecurity Applied to Embedded Systems Training is a 2-day training discusses fundamentals of embedded systems and applications of cybersecurity to illustrate unique vulnerabilities that are commonly exploited.

Learn about methods and techniques considering cybersecurity measures in the entire system life cycle and acquisition. Secure Embedded Systems include many procedures, methods and techniques to seamlessly integrate cybersecurity within embedded system software. Added security components to embedded systems can impede a system’s functionality and impact the real-time performance of the mission critical systems.

Systems engineers, developers and analysts need a well-defined approach for simultaneously designing embedded functionality and cybersecurity. Secure embedded systems might use a security co-processor to cryptographically ensure system confidentiality and integrity while maintaining functionality.

This course will also teach participants how to analyze, reverse, debug, and exploit embedded RTOS firmware. Hands-on experience with a variety of real-world devices, RTOS’s, and architectures equip students with the practical knowledge and skills necessary to be proficient in RTOS vulnerability analysis and exploitation.

We discuss risk assessment methodologies, failure analysis and using defensive tools to mitigate cyber risk and vulnerabilities. To assure successful mission control system performance, embedded systems such as weapon systems, missiles, smart weapons, Network Enabled Weapons (NEW), UAVs, communications systems, industrial control systems, medical devices, robotics, smart grid, SCADA, Intelligent Electronic Devices (IED), PLCs, and autonomous cars must be secured to perform their intended functions, prevent cyberattacks, and operate with no cyber attack impact. Cybersecurity Applied to Embedded Systems introduces cybersecurity concepts applied to embedded systems, firmware, hardware and embedded software.

This course is designed for anyone interested in cybersecurity, analysis, exploiting, and patching vulnerabilities with real-world embedded systems.

Who Should Attend:

  • Product/process designers and engineers
  • Developers working with embedded systems
  • Information security professionals
  • Application developers

Takeaways from this course include:

  • Examining how to fit cybersecurity in embedded systems
  • Fundamentals of cybersecurity
  • Fundamentals of Embedded Systems
  • Fundamentals of embedded system product design cycle, project management, design for production, V&V and O&M
  • Embedded Systems Security Requirements
  • Fundamentals of hardware and firmware analysis and design in embedded design
  • Vulnerabilities in embedded systems
  • Embedded hardware and firmware analysis to detect vulnerabilities
  • Foundation knowledge of cyber security threats, risks, mitigation strategies applied to embedded systems
  • Exploitable vulnerabilities in embedded systems and techniques and strategies for systems engineering embedded systems
  • Communication protocols, wired and wireless networks, information and network attacks and their impact on embedded devices
  • Risk assessment techniques and methodologies and using defensive tools for mitigating risk and vulnerabilities

Course Outline:

Cybersecurity 101

  • What is Cybersecurity?
  • Basic principles of CIA
  • Confidentiality
  • Embedded system’s critical information
  • Application code and surveillance data
  • Unauthorized entities
  • Integrity
  • Availability and mission objectives
  • Cyber Risks applied to Embedded Systems
  • Principles and practices designed to safeguard your embedded system
  • Hacking tools and entry points
  • Encryption and authentication
  • Data Integrity
  • Vulnerability analysis 101
  • Mitigation 101
  • Networking and network attacks
  • Role of wireless networks in the embedded systems
  • Embedded hardware and firmware analysis and reverse engineering
  • Embedded system security Threats
  • Intrusion
  • Virus, Worm, Trojan Horse (Malware)
  • Spyware
  • DoS
  • Secure software fundamentals

Introduction to Embedded Systems

  • Embedded Systems 101
  • Hardware Architecture
  • Software Development
  • Microprocessor Primer
  • Basic architecture
  • Programmer’s view
  • Embedded Operating Systems
  • Case Study: Embedded mmWave Radar System
  • Embedded Systems Engineering

Embedded System Vulnerability Analysis

  • Networking and network attacks
  • Wireless networks and embedded systems
  • Embedded hardware and firmware analysis
  • Exploiting Embedded Devices
  • The stages of router exploitation
  • Initial Reconnaissance
  • Exploitation
  • Firmware Unpacking and Modification
  • Detecting
  • Extracting
  • Analysis
  • Cross Compiling
  • Modification and Creation of new firmware
  • Persistent Dynamic Backdoor
  • Firmware analysis and extraction
  • Finding and exploiting logic flaws
  • Firmware emulation and debugging
  • Finding and exploiting real-world overflows
  • Foundations of cyber security and emerging threats
  • Hacking/exploitation techniques, tools and entry points
  • Defensive technologies: Encryption and authentication

Exploiting Real Time Operating Systems

  • Basic introduction to the concept of Real Time Operating Systems
  • Overview of MIPS architecture and design
  • Firmware analysis of our first target device
  • Debugging our first target device
  • Augmenting IDA’s auto analysis
  • Searching for backdoors
  • How not to crash your target
  • Hardware & firmware analysis
  • Identifying functions without a symbol table
  • Low-hanging crypto
  • Breaking custom crypto
  • Practical exploitation of crypto bugs
  • More firmware analysis
  • Augmenting IDA’s auto analysis
  • Chip backdoors
  • Hidden manufacturer menus
  • Hardware Hacking
  • Basic electronics and circuit analysis
  • Analog/digital communications
  • Common inter-component protocols

Securing Embedded Systems Interfaces and Protocols

  • Embedded Systems Communication Protocols
  • Universal Asynchronous Receiver/Transmitter (UART)
  • Serial Peripheral Interface (SPI)
  • Joint Test Action Group (JTAG)
  • Inter-integrated Circuit (I2C)
  • I2C bus
  • CAN bus
  • FireWire bus
  • USB
  • Parallel protocols
  • PCI bus
  • ARM bus
  • Wireless protocols
  • IrDA
  • Bluetooth
  • Bluetooth LE (BLE)
  • IEEE 802.11
  • NFC
  • RFID
  • 802.15.4
  • 6LowPAN
  • Thread
  • Zigbee
  • Z-Wave

Cybersecurity Attacks and Best Mitigation Practices for Embedded Systems

  • Non-Invasive Hardware Reverse Engineering
  • Component identification
  • Tracking PCB traces
  • Re-producing schematic and block diagrams
  • Bus Sniffing
  • Interface Analysis
  • Communications protocols sniffing
  • Decoding and deciphering captured bits
  • Critical data identification and detection
  • Component removal and replacement
  • Dealing with surface mount components
  • Electronics and circuit analysis
  • Understanding your tools and their effects on the circuit
  • Understanding the circuit and its effect on your tools
  • Security Measures

Case Study and Workshop

  • Cybersecurity Analysis of Embedded Systems used in unmanned aircraft system (UAS)
  • Design Process
  • Embedded system CONOPS
  • Mission objectives
  • Test and evaluation
  • Functional requirements
  • Threat analysis
  • System design
  • Security requirements
  • Performance evaluation
  • Security evaluation
  • System Implementation Security
  • Attack surface
  • Boot process, system data, and software
  • Physical attack surface
  • Root of trust establishment
  • Trust hardware and software components
  • Trusted platform module (TPM)
  • Operating system (OS)
  • Mission-specific application code (Apps)
  • Field-programmable gate array (FPGA)
  • BIOS
  • Boot process
  • Startup
  • Trusted computing base (TCB)

Cybersecurity Applied to Embedded Systems

Request More Information

Please enter contact information followed by your questions, comments and/or request(s):
  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.