Here's the page we think you wanted. See search results instead:

Training at a Glance

Vector illustration of an audience watching an instructor on screen

Format

  • Self-paced eLearning
  • Interactive exercises and quizzes
  • Scheduled live mentoring
  • Scale to multiple groups

Vector illustration of 3 people serving as an audience

Audience

  • Anyone working with embedded systems
  • Decision-makers to engineers with technical and non-technical backgrounds

Vector illustration of a stopwatch timer

Duration

  • 3 courses
  • 6–8 weeks total
  • 20+ hours self-paced eLearning and practical exercise
  • 4.5 hours live mentoring

Vector illustration of certificate or diploma

Outcomes

  • Principles of security engineering and embedded systems
  • How to set up protections against attacks
  • How to evaluate security and secure assets

Fundamentals of Embedded System Security

This training provides a primer for implementing security for embedded systems. Participants will learn the typical components present in an embedded system and how it functions. We’ll look at an embedded system from the perspective of an attacker who aims to compromise the assets. Participants learn how to identify relevant assets, determine the most likely attack paths, and refine this attack path by discovering tooling available to an attacker. Finally, we discuss defense principles, the most sophisticated and complex view of an embedded system.

Creating a defense strategy requires not only understanding how a system works or how an attacker would compromise an asset, but also the ability to prioritize defenses according to risk, time, cost, and attack surface. After the training, participants will be able to use open source tooling to identify printed circuit board (PCB) interfaces, understand the relevance of a component to attackers and security, understand modern threats, and create and apply countermeasures.

Participants receive a custom designed PCB, the Advanced Training Target, with a full hacking toolkit to carry out a variety of exercises for a hands-on, practical, and highly effective training.

Training Outline

  • Introduction: Defining a common language
  • Technical terms and definitions
    • Security, asset, vulnerability, threat, risk, exploit, attack, and defense
  • Attack trees
  • Actors and assumptions in the embedded systems case
  • Introduction to threat analysis and risk assessment
  • Profiling attackers
    • Motive, opportunity, and method
  • Planning and prioritizing defenses
  • Introduction to black-box evaluations
  • Identifying components on a printed circuit board (PCB)
  • Evaluating trust boundaries of a TOE at physical level
  • Retrieving assets from the TOE
    • Dumping the firmware
  • Measurement tools
    • Multi-meter, oscilloscope, and other tools
  • Physical interfaces
    • UART, I2C, SPI, and JTAG
  • High-level and other interfaces
    • USB, network interfaces, and other interfaces
  • Defenses: What is security?
  • Countermeasures for physical attacks (seals, sensors obfuscation)
  • Countermeasures for implementation attacks (fault injection and side channel analysis)
  • Defenses: SDLC
  • Defenses: A case study
  • Modern threats: Software security
  • Modern threats: Implementation attacks (SCA)
  • Modern threats: Implementation attacks (FI)

Related Trainings

Side Channel Analysis Training

Side Channel Analysis Training

Keysight side channel analysis training offers a comprehensive understanding of hardware security evaluation through side channel analysis techniques.

Fault Injection Training

Fault Injection Training

Keysight fault injection training combines theoretical knowledge, case studies, and hands-on exercises to cover topics from an introductory level to advanced analysis.

Automotive Security Training

Automotive Security Training

Understand security and defense for automotive embedded systems in this automotive cybersecurity training. Get hands on experience with risk assessment methodologies.

Interested in this service? Reach out to learn more.