Length: 4 Days
Cyber Security and Embedded Systems Training Bootcamp, Embedded Systems Cybersecurity – Advanced
Cyber Security and Embedded Systems Training bootcamp is a 4-day hands–on training covering advanced applications of Cyber Security to embedded systems to explore vulnerabilities that are commonly exploited.
Secure Embedded Systems include many procedures, methods and techniques to seamlessly integrate cyber security within embedded system software and hardware.
Added security components to embedded systems can impede a system’s functionality and impact the real time performance of the mission critical systems. System engineers, developers and analysts need a well-defined approach for simultaneously designing embedded functionality and cyber security. Secure embedded system might use a security coprocessor to cryptographically ensure system confidentiality and integrity while maintaining functionality.
This course covers methods and procedure to analyze, reverse, debug, and exploit embedded RTOS firmware. Hands-on experience with a variety of real-world devices, RTOS’s, and architectures equip students with the practical knowledge and skills necessary to be proficient in RTOS vulnerability analysis and exploitation.
We will discuss risk assessment methodologies, failure analysis and using defensive tools to mitigate cyber risk and vulnerabilities. To assure successful mission control system performance, embedded systems such as weapon systems, missiles, smart weapons, Network Enabled Weapons (NEW), UAVs, communications systems, industrial control systems, smart grid, Intelligent Electronic Devices (IED), PLCs, must be secured to perform their intended functions, prevent cyber attacks, and operate with no cyber attack impact.
Participants will explore unique vulnerabilities in embedded systems that are commonly exploited and discover techniques, tools, methods, procedures and strategies for analysis and design of cyber security measures into real-time products lifecycle.
Who Should Attend:
- Product/process designers and engineers
- Developers working with embedded systems
- Information security professionals
- Application developers
- Hackers
Course Modules
Introduction to Cybersecurity
- Basics of Cybersecurity
- Cybersecurity Domains and Assets
- Security of Networks, Systems, Applications, Information and Data
- Principles of CIA (Confidentiality, Integrity, Availability)
- Common Vulnerabilities and Exposures
- Threats and Security Controls
- Cryptography Fundamentals
- Symmetric and Asymmetric key Encryption
- Elliptical Curve Cryptography
- Quantum Cryptography
- Digital Signature
- Public Key Infrastructure (PKI)
- Cryptocurrency Hijacking
- Malware
- Phishing
- Distributed Denial of Service (DDoS) attacks
- Social Engineering Attacks
- Cybersecurity Controls
- Discovery, Footprinting, and Scanning
- Security Architecture
- Security Policies
- Cybersecurity Roles: Governance, risk management, & compliance
- Principles of Risk Management and Risk Management Framework (RMF)
- Business Continuity and Disaster Recovery
- Incident Response and Computer Forensic
Introduction to Embedded Systems
- Concepts behind embedded and real time systems Embedded systems design characteristics and challenges
- Sensors and actuators
- Embedded interrupts vs. polling
- Introduction to Embedded HW, Firmware and Software
- Embedded processors and FPGAs
- Use-cases of micro-controller platforms in embedded systems
- Reconfigurable platforms and FPGAs
- Embedded processors vs. FPGAs
- Comparison of MCU vs FPGA
- Overview of embedded operating systems
The Concepts of Real-Time Systems
- The Concept of Real-TimeTasks
- The Principles of Scheduling and Context Switching
- Real-Time Pre-emption
Overview of Embedded Cybersecurity Domains and Assets
- Generic
- Data and Information Security
- Technology
- Operational
- Management
- Communications and Networking
- Controlling Physical Environments and User Actions
- Network Security and Network Threats
- Encryption and Cryptography
- Threats to Data
- Penetration Testing
Overview of Cybersecurity Processes
- Identity
- Protect
- Detect
- Respond
- Recover
- Process controls
- Vulnerability Management
- Vulnerability Scans and Assessment
- Penetration Testers
- Blue and Red Team Structure and Tasks
Embedded Systems Cybersecurity Principles
- Embedded systems cybersecurity
- Concepts behind CIA (Confidentiality, Integrity, and Availability)
- Cyber security threats and strategies
- Tools and techniques to mitigate risk
- Tools for exploitation and exploring
- Networking 101
- Embedded Systems 101
- Cybersecurity threats and strategies for mitigating risk
- Cybersecurity Impact Levels
- Cybersecurity Requirements Analysis and Definition
- Cybersecurity Requirements Decomposition and Allocation
Security Challenges with Embedded Systems and Real-Time Systems
- Embedded devices vs. standard PCs.
- Specialized operating system such as VxWorks, MQX or Integrity,
- Critical functionality
- Embedded devices control transportation infrastructure
- cyber-attack consequences.
- Replication
- Security assumptions:
- Proprietary/industry specific protocols
- Cyber warfare and the motivated hacker
- Security requirements for embedded devices
- Integrating security into the device
Role of Cybersecurity in Embedded Systems Design and Development
- Embedded Configuration Management
- Risk Assessment
- Embedded Threat Analysis
- Embedded Cybersecurity Validation, Test, and Evaluation
- Embedded Test Plans and Reports
- Risk and Risk Management Framework (RMF) Applied to Embedded Systems
- Embedded Systems Acquisition Lifecycle Cybersecurity Activities and Process Flow
- Foundations of embedded cyber security and emerging threats
- Hacking/exploitation techniques, tools, and entry points
- Encryption and authentication defensive technologies
- Wireless networks and embedded systems
- Embedded hardware and firmware analysis
- Secure software practices
- Integrating security into the design process
- Cybersecurity Responsibilities
- Cybersecurity Strategy Requirement
- Functional Activities
- Cybersecurity Requirements Analysis and Definition
- Categorization by Confidentiality, Integrity, and Availability Impact Levels
- Functional Decomposition and Allocation of Cybersecurity Requirements
Cybersecurity Requirements for Embedded Systems
- Embedded system security and vulnerability
- I Security and Privacy
- Security and privacy in Cyber Physical Systems (CPS)
- Attack Models for CPS
- Security issues Real-World CPS
- Embedded hardware, firmware and software analysis, design and architecture vulnerabilities
- Exploiting Real Time Operating Systems (RTOS)
- Embedded Systems and cybersecurity attacks and mitigation
- Case Study and Workshop
- Embedded systems hacking, exploitation techniques, tools and procedures
- Embedded systems defensive technologies
- Embedded systems vulnerability analysis methodology
- Wireless and wireline networking, vulnerability, exploitation, hacking and attacks
- Embedded hardware, firmware, and software analysis and reverse engineering
Embedded System Cybersecurity Design and Development
- Embedded Configuration Management
- Risk Assessment
- Embedded Threat Analysis
- Embedded Cybersecurity Validation, Test, and Evaluation
- Embedded Test Plans and Reports
- Risk and Risk Management Framework (RMF) Applied to Embedded Systems
- Embedded Systems Acquisition Lifecycle Cybersecurity Activities and Process Flow
- Embedded Hardware and Operating Systems
- Embedded Operating Systems in resource-constraint devices for Internet-of-Things (cyber physical system) applications.
Architecting Cybersecurity into Embedded Systems
- Embedded Systems Cybersecurity Responsibilities
- Cybersecurity Strategy Requirement
- Functional Activities
- Embedded operating systems
- Linux kernel functions and advantages
- The microkernel
- Introduction to Contiki, TinyOS, RIOT OS and QNX microkernel
- Embedded Operating Systems
- Embeddable Webservers
- Web Services8m
- How to Rest8m
- Cloud and Cyber Physical Systems6m
- Fog Computing5m
- Web Connectivity
- Cyber Physical Systems (CPS) Security and Privacy
NIST’s Cybersecurity Framework
- Configuration & vulnerability management
- Cryptography
- Embedded Systems identity & access management
- Embedded systems risk management
- Cyber Physical Systems (CPS) Web Connectivity
- Application Layer Protocols
- Transport Layer Protocols
- Internet & Link Layer Protocols
- Introduction to Web Connectivity & Security
- Connectivity Protocols
Workshops
Analyzing Embedded Systems Cybersecurity Threats
- A drive-by Download
- Password Cracking Application
- Distributed Denial-of-Service (DDoS)
- Domain Shadowing
- Drive-by-Download
- Intrusion
- Malicious Codes
- Malvertising
- Malware
- Virus, Worm, Trojan Horse and Bots
- Man-in-the-Middle (MitM) attack
- Phishing
- Rogue software
- Spyware
Embedded Systems Attack Types and Attack Vectors Analysis
- Threat vectors
- Attack attributes
- Nonadversarial threat events
- Malware & attack types
- Cybersecurity Roles
- Cybersecurity Structure and Governance
- Tampering systems and data stored within
- Exploitation of resources
- Unauthorized access to the targeted system and accessing sensitive information
- Disrupting normal functioning and operation of the business and its processes
- Using ransomware attacks to encrypt data and extort money from victims
Analyzing Cybersecurity Controls for Embedded Systems
- AC (Access Control)
- AT (Awareness and Training)
- AU (Audit and Accountability)
- CA (Security Assessment and Authorization)
- CM (Configuration Management)
- CP (Contingency Planning)
- IA (Identification and Authentication)
- IR (Incident Response)
- MA (Maintenance)
- MP (Media Protection)
- PE (Physical and Environmental Protection)
- PL (Planning)
- PM (Program Management)
- PS (Personnel Security)
- RA (Risk Assessment)
- SA (System and Services Acquisition)
- SC (System and Communications Protection)
- SI (System and Information Integrity
Hands-on labs (Course provides the embedded modules for the labs)
Course Materials
- Required: Any Laptop with CD-ROM drive
- Provided by the instructor: Lab manuals, Course Notes, Supplementary readings and presentation materials