close search bar

Sorry, not available in this language yet

close language selection

Introduction to Embedded Security

Course Description

Learners will gain an understanding of the security concerns associated with embedded devices. We discuss the necessary security concepts for securing embedded devices, as well as look into the vulnerabilities and attack techniques that frequently occur in this space.

Learning Objectives

  • Understand common flaws in embedded systems
  • Know the security tenets of embedded systems
  • Understand the constraints of embedded device performance
  • Enumerate common attacks on embedded hardware
  • Recognize common vulnerabilities and attacks on embedded communication protocols

Details

Delivery Format: eLearning

Duration: 1 hour

Level: Beginner

Intended Audience:

  • Architects
  • QA Engineers

Prerequisites: 

  • None

Course Outline

Lesson 1: Introduction to Embedded Devices

  • What Are Embedded Systems?
  • Embedded System Processors
  • Embedded System Peripherals
  • Embedded System User Interfaces

Lesson 2: Embedded Device Security Concerns

  • Performance vs. Security
  • Secure Communications
  • Secure Storage
  • Tamper Detection
  • Secure Boot
  • Updates

Lesson 3: Embedded Device Design Flaws

  • Design Flaws
  • Weak Authentication
  • Improper Access Controls
  • Improper Trust Relationships
  • Data Classification Failure
  • Improper Selection of Crypto System
  • Security Through Obscurity

Lesson 4: Embedded Hardware Vulnerabilities

  • Insecure Storage Devices
  • Debugging Interfaces
  • Firmware Extraction
  • Insecure Data Transmission
  • Use of Components with Known Flaws

Lesson 5: Embedded Device Firmware Vulnerabilities

  • Firmware
  • Manufacturer Backdoors
  • Insufficient Sanitization of Input
  • Unnecessary Software or Services Available
  • Secure Boot/Firmware Protections
  • Filesystem Protections

Lesson 6: Hardware Reconnaissance Attacks

  • Federal Communications Commission (FCC)-ID Reconnaissance
  • Printed Circuit Board (PCB) Reconnaissance and Analysis
  • Pin Tracing
  • Identifying Communication Interfaces
  • Joint Action Test Group (JTAG) Pinout Identification

Lesson 7: Chip Communication Protocol Attacks

  • Universal Asynchronous Receiver/Transmitter (UART) Attacks
  • JTAG Attacks
  • Serial Peripheral Interface (SPI) Attacks
  • Bus Sniffing

Lesson 8: Communication Attacks on Embedded Systems

  • Embedded Communications
  • Bluetooth Low-Energy Attacks
  • Zigbee Attacks

 

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster