Price: $1,999.00

Length: 2 Days
Print Friendly, PDF & Email

Cybersecurity Applied to Embedded Systems

Embedded systems scream for additional cybersecurity measures.

An embedded system is a microprocessor- or microcontroller-based system of hardware and software designed to perform dedicated functions within a larger mechanical or electrical system. Embedded systems can be anything from digital watches to domestic appliances and fitness trackers.

Embedded systems need greater cybersecurity protections because embedded devices are very different from standard PCs.  They are fixed function devices designed specifically to perform a specialized task.

Many of them are designed using a specialized operating system such as VxWorks, MQX or Integrity, or a stripped down version of Linux. Installing new software on the system in the field either requires a specialized upgrade process or is simply not supported.

In most cases, these devices are optimized to minimize processing cycles and memory usage and do not have a lot of extra processing resources available.

Consequently, standard PC security solutions won’t solve the challenges of embedded devices. In fact, given the specialized nature of embedded systems, PC security solutions won’t even run on most embedded devices.

Advances in digital technology and the advent of 5G and the Internet of Things, has created increased cyber risks for embedded systems.

The most secure embedded system is one that is turned off, and the next most secure system is completely isolated. When embedded systems were islands of technology that contained minimal information, embedded software security was less important.

Embedded systems are now often connected to a communications network that exposes the system to more threat actors.

Like computers, many embedded systems have security vulnerabilities that can provide a way for a threat actor to gain access to the system. Typically, there is a time lag between the discovery of a specific vulnerability — such as a CVE, misconfiguration, or weak or missing encryption — and the availability and application of a patch or other remediation.

The monetary value of data, the ability to cause serious harm, and the interoperability and connectivity of modern embedded systems, including mission-critical systems, make embedded systems popular targets.

Cyber-attacks on embedded systems range from disabling vehicle anti-theft devices and degrading the performance of control systems to directing printers to send copies of documents to the hacker and accessing a smartphone’s data.

Cyber-attacks on embedded systems create an urgent need for everyone from developers to end users to help prevent, manage and patch vulnerabilities.

Cybersecurity Applied to Embedded Systems Training Course by Tonex

Cybersecurity Applied to Embedded Systems Training is a 2-day training discusses fundamentals of embedded systems and applications of cybersecurity to illustrate unique vulnerabilities that are commonly exploited.

Learn about methods and techniques considering cybersecurity measures in the entire system life cycle and acquisition. Secure Embedded Systems include many procedures, methods and techniques to seamlessly integrate cybersecurity within embedded system software. Added security components to embedded systems can impede a system’s functionality and impact the real-time performance of the mission critical systems.

Systems engineers, developers and analysts need a well-defined approach for simultaneously designing embedded functionality and cybersecurity. Secure embedded systems might use a security co-processor to cryptographically ensure system confidentiality and integrity while maintaining functionality.

This course will also teach participants how to analyze, reverse, debug, and exploit embedded RTOS firmware. Hands-on experience with a variety of real-world devices, RTOS’s, and architectures equip students with the practical knowledge and skills necessary to be proficient in RTOS vulnerability analysis and exploitation.

We discuss risk assessment methodologies, failure analysis and using defensive tools to mitigate cyber risk and vulnerabilities. To assure successful mission control system performance, embedded systems such as weapon systems, missiles, smart weapons, Network Enabled Weapons (NEW), UAVs, communications systems, industrial control systems, medical devices, robotics, smart grid, SCADA, Intelligent Electronic Devices (IED), PLCs, and autonomous cars must be secured to perform their intended functions, prevent cyberattacks, and operate with no cyber attack impact. Cybersecurity Applied to Embedded Systems introduces cybersecurity concepts applied to embedded systems, firmware, hardware and embedded software.

This course is designed for anyone interested in cybersecurity, analysis, exploiting, and patching vulnerabilities with real-world embedded systems.

Who Should Attend:

  • Product/process designers and engineers
  • Developers working with embedded systems
  • Information security professionals
  • Application developers

Takeaways from this course include:

  • Examining how to fit cybersecurity in embedded systems
  • Fundamentals of cybersecurity
  • Fundamentals of Embedded Systems
  • Fundamentals of embedded system product design cycle, project management, design for production, V&V and O&M
  • Embedded Systems Security Requirements
  • Fundamentals of hardware and firmware analysis and design in embedded design
  • Vulnerabilities in embedded systems
  • Embedded hardware and firmware analysis to detect vulnerabilities
  • Foundation knowledge of cyber security threats, risks, mitigation strategies applied to embedded systems
  • Exploitable vulnerabilities in embedded systems and techniques and strategies for systems engineering embedded systems
  • Communication protocols, wired and wireless networks, information and network attacks and their impact on embedded devices
  • Risk assessment techniques and methodologies and using defensive tools for mitigating risk and vulnerabilities

Course Topics:

Cybersecurity 101

  • What is Cybersecurity?
  • Basic principles of CIA
  • Confidentiality
  • Embedded system’s critical information
  • Application code and surveillance data
  • Unauthorized entities
  • Integrity
  • Availability and mission objectives
  • Cyber Risks applied to Embedded Systems
  • Principles and practices designed to safeguard your embedded system
  • Hacking tools and entry points
  • Encryption and authentication
  • Data Integrity
  • Vulnerability analysis 101
  • Mitigation 101
  • Networking and network attacks
  • Role of wireless networks in the embedded systems
  • Embedded hardware and firmware analysis and reverse engineering
  • Embedded system security Threats
  • Intrusion
  • Virus, Worm, Trojan Horse (Malware)
  • Spyware
  • DoS
  • Secure software fundamentals

Introduction to Embedded Systems

  • Embedded Systems 101
  • Hardware Architecture
  • Software Development
  • Microprocessor Primer
  • Basic architecture
  • Programmer’s view
  • Embedded Operating Systems
  • Case Study: Embedded mmWave Radar System
  • Embedded Systems Engineering

Embedded System Vulnerability Analysis

  • Networking and network attacks
  • Wireless networks and embedded systems
  • Embedded hardware and firmware analysis
  • Exploiting Embedded Devices
  • The stages of router exploitation
  • Initial Reconnaissance
  • Exploitation
  • Firmware Unpacking and Modification
  • Detecting
  • Extracting
  • Analysis
  • Cross Compiling
  • Modification and Creation of new firmware
  • Persistent Dynamic Backdoor
  • Firmware analysis and extraction
  • Finding and exploiting logic flaws
  • Firmware emulation and debugging
  • Finding and exploiting real-world overflows
  • Foundations of cyber security and emerging threats
  • Hacking/exploitation techniques, tools and entry points
  • Defensive technologies: Encryption and authentication

Exploiting Real Time Operating Systems

  • Basic introduction to the concept of Real Time Operating Systems
  • Overview of MIPS architecture and design
  • Firmware analysis of our first target device
  • Debugging our first target device
  • Augmenting IDA’s auto analysis
  • Searching for backdoors
  • How not to crash your target
  • Hardware & firmware analysis
  • Identifying functions without a symbol table
  • Low-hanging crypto
  • Breaking custom crypto
  • Practical exploitation of crypto bugs
  • More firmware analysis
  • Augmenting IDA’s auto analysis
  • Chip backdoors
  • Hidden manufacturer menus
  • Hardware Hacking
  • Basic electronics and circuit analysis
  • Analog/digital communications
  • Common inter-component protocols

Securing Embedded Systems Interfaces and Protocols

  • Embedded Systems Communication Protocols
  • Universal Asynchronous Receiver/Transmitter (UART)
  • Serial Peripheral Interface (SPI)
  • Joint Test Action Group (JTAG)
  • Inter-integrated Circuit (I2C)
  • I2C bus
  • CAN bus
  • FireWire bus
  • USB
  • Parallel protocols
  • PCI bus
  • ARM bus
  • Wireless protocols
  • IrDA
  • Bluetooth
  • Bluetooth LE (BLE)
  • IEEE 802.11
  • NFC
  • RFID
  • 802.15.4
  • 6LowPAN
  • Thread
  • Zigbee
  • Z-Wave

Cybersecurity Attacks and Best Mitigation Practices for Embedded Systems

  • Non-Invasive Hardware Reverse Engineering
  • Component identification
  • Tracking PCB traces
  • Re-producing schematic and block diagrams
  • Bus Sniffing
  • Interface Analysis
  • Communications protocols sniffing
  • Decoding and deciphering captured bits
  • Critical data identification and detection
  • Component removal and replacement
  • Dealing with surface mount components
  • Electronics and circuit analysis
  • Understanding your tools and their effects on the circuit
  • Understanding the circuit and its effect on your tools
  • Security Measures

Case Study and Workshop

  • Cybersecurity Analysis of Embedded Systems used in unmanned aircraft system (UAS)
  • Design Process
  • Embedded system CONOPS
  • Mission objectives
  • CONOPS
  • Test and evaluation
  • Functional requirements
  • Threat analysis
  • System design
  • Security requirements
  • Performance evaluation
  • Security evaluation
  • System Implementation Security
  • Attack surface
  • Boot process, system data, and software
  • Physical attack surface
  • Root of trust establishment
  • Trust hardware and software components
  • Trusted platform module (TPM)
  • Operating system (OS)
  • Mission-specific application code (Apps)
  • Field-programmable gate array (FPGA)
  • BIOS
  • Boot process
  • Startup
  • Trusted computing base (TCB)

Cybersecurity Applied to Embedded Systems

Request More Information

Please enter contact information followed by your questions, comments and/or request(s):
  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.