Price: $1,999.00

Length: 2 Days
Print Friendly, PDF & Email

Cybersecurity Applied to Embedded Systems

An embedded system is a programmable hardware component with a minimal operating system and software.

Embedded devices are very different from standard PCs. They are fixed function devices designed specifically to perform a specialized task.  Many of them are designed using a specialized operating system such as VxWorks, MQX or Integrity, or a stripped down version of Linux.

The concern over embedded systems and other complex digital architectures is security.

Embedded systems are designed to perform a dedicated function or functions. Found in consumer electronics, process control systems, aircraft, in-car systems and many other applications, embedded systems need to be extremely reliable. Because of their small size and limited compute resources, however, they can present security challenges for designers and developers.

When attacking an embedded system, it takes only one small vulnerability to lead to an exploit.

What this means is that when securing embedded systems, organizations must think it through and be prepared to protect against every possible vulnerability. Overlook just one opening and the attacker may find it, take control, steal your secrets, and create an exploit for others to use anytime, anywhere.

Worse yet, that same cybercriminal may use an initial compromised device to pivot from one exploited subsystem to another, causing further damage to your network, mission, and reputation.

The main cybersecurity issue with embedded systems is the design because security requirements are rarely accurately identified at the start of the design process. As a result, embedded systems’ engineers tend to focus on well-understood functional capabilities rather than on stringent security requirements.

Nowhere is this issue more crucial than with the Department of Defense (DoD). Many DoD systems require the use of embedded computing.

For military purposes, a secure embedded system development methodology is required that achieves three goals: confidentiality, integrity and availability (sometimes referred to as the CIA triad for information security).

While the DoD has some of the most demanding applications in terms of throughput and SWaP, it no longer drives the development of processor technology. Therefore, security technologies must be compatible with embedded systems that use commercial off-the-shelf (COTS) process  or hardware platforms that the DoD can easily adopt.

Cybersecurity experts in embedded systems believe security can be greatly improved by including security features in the early stages of design that will:

  • Ensure the device firmware has not been tampered with
  • The data stored by the device is secure
  • Secure communication
  • Protect the device from cyberattacks by going beyond password authentication and security protocols

Cybersecurity Applied to Embedded Systems Training Course by Tonex

Cybersecurity Applied to Embedded Systems Training is a 2-day training discusses fundamentals of embedded systems and applications of cybersecurity to illustrate unique vulnerabilities that are commonly exploited.

Learn about methods and techniques considering cybersecurity measures in the entire system life cycle and acquisition. Secure Embedded Systems include many procedures, methods and techniques to seamlessly integrate cybersecurity within embedded system software. Added security components to embedded systems can impede a system’s functionality and impact the real-time performance of the mission critical systems.

Systems engineers, developers and analysts need a well-defined approach for simultaneously designing embedded functionality and cybersecurity. Secure embedded systems might use a security co-processor to cryptographically ensure system confidentiality and integrity while maintaining functionality.

This course will also teach participants how to analyze, reverse, debug, and exploit embedded RTOS firmware. Hands-on experience with a variety of real-world devices, RTOS’s, and architectures equip students with the practical knowledge and skills necessary to be proficient in RTOS vulnerability analysis and exploitation.

We discuss risk assessment methodologies, failure analysis and using defensive tools to mitigate cyber risk and vulnerabilities. To assure successful mission control system performance, embedded systems such as weapon systems, missiles, smart weapons, Network Enabled Weapons (NEW), UAVs, communications systems, industrial control systems, medical devices, robotics, smart grid, SCADA, Intelligent Electronic Devices (IED), PLCs, and autonomous cars must be secured to perform their intended functions, prevent cyberattacks, and operate with no cyber attack impact. Cybersecurity Applied to Embedded Systems introduces cybersecurity concepts applied to embedded systems, firmware, hardware and embedded software.

This course is designed for anyone interested in cybersecurity, analysis, exploiting, and patching vulnerabilities with real-world embedded systems.

Who Should Attend:

  • Product/process designers and engineers
  • Developers working with embedded systems
  • Information security professionals
  • Application developers

Takeaways from this course include:

  • Examining how to fit cybersecurity in embedded systems
  • Fundamentals of cybersecurity
  • Fundamentals of Embedded Systems
  • Fundamentals of embedded system product design cycle, project management, design for production, V&V and O&M
  • Embedded Systems Security Requirements
  • Fundamentals of hardware and firmware analysis and design in embedded design
  • Vulnerabilities in embedded systems
  • Embedded hardware and firmware analysis to detect vulnerabilities
  • Foundation knowledge of cyber security threats, risks, mitigation strategies applied to embedded systems
  • Exploitable vulnerabilities in embedded systems and techniques and strategies for systems engineering embedded systems
  • Communication protocols, wired and wireless networks, information and network attacks and their impact on embedded devices
  • Risk assessment techniques and methodologies and using defensive tools for mitigating risk and vulnerabilities

Course Topics:

Cybersecurity 101

  • What is Cybersecurity?
  • Basic principles of CIA
  • Confidentiality
  • Embedded system’s critical information
  • Application code and surveillance data
  • Unauthorized entities
  • Integrity
  • Availability and mission objectives
  • Cyber Risks applied to Embedded Systems
  • Principles and practices designed to safeguard your embedded system
  • Hacking tools and entry points
  • Encryption and authentication
  • Data Integrity
  • Vulnerability analysis 101
  • Mitigation 101
  • Networking and network attacks
  • Role of wireless networks in the embedded systems
  • Embedded hardware and firmware analysis and reverse engineering
  • Embedded system security Threats
  • Intrusion
  • Virus, Worm, Trojan Horse (Malware)
  • Spyware
  • DoS
  • Secure software fundamentals

Introduction to Embedded Systems

  • Embedded Systems 101
  • Hardware Architecture
  • Software Development
  • Microprocessor Primer
  • Basic architecture
  • Programmer’s view
  • Embedded Operating Systems
  • Case Study: Embedded mmWave Radar System
  • Embedded Systems Engineering

Embedded System Vulnerability Analysis

  • Networking and network attacks
  • Wireless networks and embedded systems
  • Embedded hardware and firmware analysis
  • Exploiting Embedded Devices
  • The stages of router exploitation
  • Initial Reconnaissance
  • Exploitation
  • Firmware Unpacking and Modification
  • Detecting
  • Extracting
  • Analysis
  • Cross Compiling
  • Modification and Creation of new firmware
  • Persistent Dynamic Backdoor
  • Firmware analysis and extraction
  • Finding and exploiting logic flaws
  • Firmware emulation and debugging
  • Finding and exploiting real-world overflows
  • Foundations of cyber security and emerging threats
  • Hacking/exploitation techniques, tools and entry points
  • Defensive technologies: Encryption and authentication

Exploiting Real Time Operating Systems

  • Basic introduction to the concept of Real Time Operating Systems
  • Overview of MIPS architecture and design
  • Firmware analysis of our first target device
  • Debugging our first target device
  • Augmenting IDA’s auto analysis
  • Searching for backdoors
  • How not to crash your target
  • Hardware & firmware analysis
  • Identifying functions without a symbol table
  • Low-hanging crypto
  • Breaking custom crypto
  • Practical exploitation of crypto bugs
  • More firmware analysis
  • Augmenting IDA’s auto analysis
  • Chip backdoors
  • Hidden manufacturer menus
  • Hardware Hacking
  • Basic electronics and circuit analysis
  • Analog/digital communications
  • Common inter-component protocols

Securing Embedded Systems Interfaces and Protocols

  • Embedded Systems Communication Protocols
  • Universal Asynchronous Receiver/Transmitter (UART)
  • Serial Peripheral Interface (SPI)
  • Joint Test Action Group (JTAG)
  • Inter-integrated Circuit (I2C)
  • I2C bus
  • CAN bus
  • FireWire bus
  • USB
  • Parallel protocols
  • PCI bus
  • ARM bus
  • Wireless protocols
  • IrDA
  • Bluetooth
  • Bluetooth LE (BLE)
  • IEEE 802.11
  • NFC
  • RFID
  • 802.15.4
  • 6LowPAN
  • Thread
  • Zigbee
  • Z-Wave

Cybersecurity Attacks and Best Mitigation Practices for Embedded Systems

  • Non-Invasive Hardware Reverse Engineering
  • Component identification
  • Tracking PCB traces
  • Re-producing schematic and block diagrams
  • Bus Sniffing
  • Interface Analysis
  • Communications protocols sniffing
  • Decoding and deciphering captured bits
  • Critical data identification and detection
  • Component removal and replacement
  • Dealing with surface mount components
  • Electronics and circuit analysis
  • Understanding your tools and their effects on the circuit
  • Understanding the circuit and its effect on your tools
  • Security Measures

Case Study and Workshop

  • Cybersecurity Analysis of Embedded Systems used in unmanned aircraft system (UAS)
  • Design Process
  • Embedded system CONOPS
  • Mission objectives
  • Test and evaluation
  • Functional requirements
  • Threat analysis
  • System design
  • Security requirements
  • Performance evaluation
  • Security evaluation
  • System Implementation Security
  • Attack surface
  • Boot process, system data, and software
  • Physical attack surface
  • Root of trust establishment
  • Trust hardware and software components
  • Trusted platform module (TPM)
  • Operating system (OS)
  • Mission-specific application code (Apps)
  • Field-programmable gate array (FPGA)
  • BIOS
  • Boot process
  • Startup
  • Trusted computing base (TCB)

Cybersecurity Applied to Embedded Systems

Request More Information

Please enter contact information followed by your questions, comments and/or request(s):
  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.