Who is this training for?
This training is ideal for engineers and managers with limited to no security knowledge working at manufacturers and suppliers in the automotive, trucks, rail and aviation industries, in the following roles: System Engineering, Cyber Security management, Software architecture.
The goal of the three day interactive training is to gain an overview of in vehicle security with focus on critical systems. In the training your team gains a solid technical grasp of the fundamentals of security engineering, and how they relate to typical sub-components presented on an embedded system, and the functionality of an embedded system.
Next, we look at the automotive target from the perspective of an attacker who aims to compromise the systems assets, gaining runtime control and or retrieving sensitive data, etc. You will new skill sets for identifying these assets, determine the most likely attack paths an attacker will use and refine this attack path in order to discover tooling available to an attacker used to compromise the system. During the training we discuss why implementation attacks are a threat to the security of protocols and cryptographic algorithms, MISRA-C coding guidelines, side channel analysis and fault injection attacks.
Finally, we discuss system defense strategies which is the most sophisticated and complex view of an embedded system. Creating a defense strategy requires not only to understand of how a system works or how an attacker would compromise an asset, but also to have the ability to prioritize defense according to risk, time, cost, attack surface, etc.
We believe learning by doing is the best way to develop your knowledge and skills. Starting with a good conceptual understanding we move quickly to apply your knowledge to real-world examples. For the hands-on exercises we use our custom made board, which emulates a vehicle electronic system.
The Riscurino is an Arduino-based board featuring two CAN controllers. Thanks to the onboard jumpers, the CAN controllers can be connected differently, allowing to simulate different car network configurations. In addition to the standard logical attacks on the CAN bus, the Riscurino is designed to facilitate side channel and fault injection attacks, thanks to the separated power plane for the processor. Applications for the Riscurino can be easily created using an open development environment (Eclipse+GCC) and a USB bootloader for flashing.
Essential Side Channel Analysis
To protect the data on the CAN bus you use the AES algorithm using an openly available crypto library. You made sure data is authenticated with a master key, such that attackers cannot inject their own data, and minimized the attack surface. Yet someone posted your master key on an internet forum, accompanied by a picture of an oscilloscope. How did they get the key if you are using military-grade crypto?
Essential Fault Injection
You spent years developing a state-of-the-art ADAS. You placed your code in a locked-down ASIL-D compliant microcontroller, such that no one can obtain your IP. Your product has been incorporated into high-end cars, a great success for your company. Within months, someone is selling perfectly functioning, illegal aftermarket clones at half price. You acquire the clone and discover that your code has been ported verbatim. How could this happen?
Hardening the Secure Boot Workshop
To protect the integrity and confidentiality of your code and data stored in external non-volatile memories, you implement a secure boot mechanism. Several public advisories list attacks on how to bypass the secure bootloader. Is your implementation protected against these attacks?