Embedded System Security
Riscure Academy - Online Group TrainingA training for anyone with a technical or non-technical background that provides a comprehensive understanding on embedded systems, with a particular focus on security engineering and the development of a defense strategy for embedded systems.
Duration
3 courses
6-8 weeks
20+ hours self-paced eLearning and practical exercise
4.5 hours Live Mentoring
Certificate
70% or higher on final assessment
Team report (pre vs post assessment)
Interactive
Exercises
Assignments
Quizzes
Live mentoring
Scalable
Self-paced eLearning
Scheduled live mentoring
Spaced for efficiency & effectiveness
Scale to multiple groups
After this program participants will be able to
Evaluate Security:
- Recognize security assets in a TOE
- Understand how to apply the attack tree method
- Rate and select attack paths
- Describe main methods of defence
Apply Learnings:
- Use open source tooling to identify PCB interfaces
- Determine relevance of a component for security
- Understand relevance of a component to an attacker
- Create and apply countermeasures
Secure Assets:
- Evaluate required security properties of an asset
- Understand modern threats: implementation attacks, SCA, FI
- Understand the role of team work in implementation of security primitives
- Understand how modern countermeasures can protect against modern threats
Fundamentals of Embedded System Security
This training provides a primer for implementing security for embedded systems. First, participants learn the typical components present on an embedded system and how it functions. Next, we look at an embedded system from the perspective of an attacker who aims to compromise the assets. Participants learn how to identify relevant assets, determine the most likely attack paths and refine this attack path, by discovering tooling available to an attacker. Finally, we discuss defense principles, the most sophisticated and complex view of an embedded system.
Creating a defense strategy requires not only to understand how a system works or how an attacker would compromise an asset but also to have the ability to prioritize defenses according to risk, time, cost, and attack surface.
What makes this program unique?
Participants receive a custom designed PCB, the Riscuberry, with a full hacking toolkit to carry out a variety of exercises for a this a hands-on, practical, and highly effective training.
No specific background required
Engineering / Security background preferred
Relevant for anyone working with embedded systems, from decision-makers to engineers
Understand security engineering principles
Understand an embedded system holistically
Setup protections against attacks
Fundamentals of Security Engineering
- Introduction: defining a common language
- Technical terms and definitions: security, asset, vulnerability, threat, risk, exploit, attack, and defense
- Attack trees
- Actors and assumptions in the embedded systems case
- Introduction to threat analysis and risk assessment
- Profiling attackers: Motive, Opportunity, Method
- Planning and prioritizing defenses
Fundamentals of Embedded Systems
- Introduction to black-box evaluations
- Identifying components on a Printed Circuit Board (PCB)
- Evaluating trust boundaries of a TOE at physical level
- Retrieving assets from the TOE: dumping the firmware
- Measurement tools: multi-meter, oscilloscope, other tools
- Physical interfaces: UART, I2C, SPI, JTAG
- High-level and other interfaces: USB, network interfaces, other interfaces
Setting up a defense plan
- Defenses: What is security?
- Countermeasures for physical attacks (seals, sensors obfuscation)
- Countermeasures for implementation attacks (FI, SCA)
- Defenses: SDLC
- Defenses: Case study
- Modern threats: software security
- Modern threats: implementation attacks (SCA)
- Modern threats: implementation attacks (FI)
Lead developer
Name Here
Actionable and indispensable knowledge of security in Embedded Systems and IoT devices. Training on hardware and software security in a classroom setting, online or hosted in your own knowledge program.
What people say
“Very interesting learning approach and material across different aspects of state-of-the-art SoC development with Security in mind. I really want to thank Riscure for offering such good trainings, and the their trainers who make amazing use of their skills, experiences and kindness to easily communicate complex concepts to the audience.”
– Qualcomm
Get Started Today
Don’t let your organization’s embedded systems become an easy target. Invest in the security and success of your business by partnering with Riscure Academy. Contact us today to discuss your training needs and explore our approach. Together, we’ll empower your team to secure your organization’s future.
Frequently asked questions
Do you do individual training?
Individual training is available for self-enrollers within enterprises, but we do not training for individuals outside of organizations. For individuals we recommend Self-Paced or Open training. If you are unsure, please get in touch by filling in the form below.
What is the minimum group size for your expert-led training program?
Are your programs delivered online or as classroom ?
customer's location. Our online programs blend self-paced e-learning, exercises, assessments, and in certain cases expert-sessions (like Q&A webinars or Group Exercises) with Riscure experts.
When can we start with the training/ what do the training schedules look like?
We do not have pre-defined dates for our training sessions. Instead, we aim to accommodate your preferred start time and schedule the spacing of training and relevant sessions accordingly. To ensure a seamless scheduling process, please provide advance notice of 3-4 weeks for our online group programs and 6-8 weeks for classroom programs, as this allows us to secure our trainers' availability. For online training by individuals (self-paced) any enrollment will be facilitated within days or weeks, depending on the level of integration with the customer training platform or HR system. For Open Training schedules, please, contact us by filling in the form below.
Does customer have access to the training materials after the program?
For expert-led group training, including online/hybrid and classroom formats, access to relevant training materials remains available after the training period. The formal training schedule with deadlines is coordinated between Riscure and the customer.