Embedded device security training

Objective and scope

The objective of the five-day training is to provide attendees with up-to-date knowledge and hands-on experience to perform a vulnerability analysis of an embedded device. The course uses different embedded devices (USB stick and development board) to demonstrate security analysis and hands-on testing techniques.

Theory and practice

This training includes both theoretical and practical sessions. Theory about commonly applied embedded security features is presented combined with explanation and demonstration about security analysis techniques and tools.

Theoretical sessions	Practical sessions	Tools used by attendees
Boot security	Sniffing protocols (serial, I2C)	Hot air gun, soldering station, desoldering station
Encryption engines	JTAG; locating and debugging	Multi-meter, oscilloscope, logic analyzer
Run-time integrity checking	Removing epoxy	JTAG adapter and finder tool
Memory access protections	Power and EM analysis	Inspector side channel test tool
Privilege levels	Data and address line manipulation	Power probe, EM probe station
JTAG function and protection	Voltage and clock glitching	IDA Pro disassembling tool
Epoxy protection	(De-)soldering BGA packages	Binary visualization tools
PCB design	Firmware analysis

Vulnerability analysis

This training covers vulnerability analysis of embedded secure microcontrollers, other hardware components and software. A commonly applied rating method is presented to assess the risk imposed by the different vulnerabilities discussed in the course.

Security functions	Hardware analysis	Software analysis
Secure key storage	Physical access to (memory) components	Logical protocol attacks
Boot signature checking	Physical replacement of components	Access to internal assets through software attacks
Cryptography (implemented in hardware engines)	Physical access to ports (serial, JTAG)	Algorithm extraction through software reverse engineering
JTAG protection	Sniffing of protocols and data lines	Firmware analysis
Software obfuscation techniques	Manipulation of address and data lines
Run-time integrity checking	Side channel analysis of password protection and cryptographic engines
Side channel countermeasures	Perturbation attack on boot phase

Who should attend?

Security analysts working for security testing and evaluation labs, security architects and engineers working for embedded device manufacturers, security managers that need to assess the risk of embedded technology used within their company or by their customers.

What will you learn and get from this course?

You receive up-to-date knowledge and hands-on experience on embedded security vulnerability analysis and testing techniques. Further, we supply you with an open-source software analysis tool including libraries developed by Riscure. You also receive handouts of all presentations on CD and a certificate of attendance.

Cost, terms and conditions

The training is a five day course covering intermediate and advanced level. Attendees are expected to have basic knowledge about electrical engineering, computer science, security and cryptography.

The price of this embedded security testing course is €4,750 per attendee. The course will be held starting from a minimum of 4 attendees. Four employees of the same company may attend for the price of three. The total amount must be paid ahead of the course. The course is held at Riscure’s office in Delft.