Riscure offers a four day hands-on course covering the most relevant attacks for embedded systems. This is a foundation course recommended for anyone interested in security from a system level perspective. The main focus of the course is hardware attacks, providing a solid primer for both our course series; software security: Reverse Engineering, Vulnerability Identification and Software Exploitation, and hardware security: Fault Injection and Side Channel Analysis.
The concepts taught in this course are applicable to a wide range of COTS (Commercial off the Shelf) products such as gaming consoles, IP cameras, routers, diverse IoT devices, but also automotive ECU (Electronic Control Units).
Through a series of practical exercises you learn how to identify relevant assets and how to discover the most likely attack paths. Your primary target is a WiFi router. You refine your attack path, by discovering tooling available to an attacker and how these tools can be used to compromise assets on your primary target. You put your new knowledge and skills to use when we discuss available defense mechanisms such as secure boot, encryption, special hardware and their cost. Finally, you can put your new knowledge and skills to the test; you attack a different target - an IP camera - and afterwards discuss defense strategies.
During the training course, by means of hands-on exercises, you will:
Learn to identify relevant assets on your embedded systems (define assets and attack paths for different attacker profiles)
Build best practices for securing embedded systems (how to defend them)
Have the ability to prioritize your defence according to risk, time, cost, surface, etc. in a way that goes beyond checklists
Perform a guided attack on the first embedded system target and practise your new knowledge and skills on a second different embedded system. After the training you can take home this second
Day 1. Let’s get started
Typically everyone has its own answer to the question “what is an embedded system? “, therefore, first we level the field before diving into the details. Next, we introduce the concept of assets by example (e.g. keys, memory content and firmware,), present a methodology for discovering attack paths and learn about attacker’s profile.
During the second half of the day, we discuss the typical components present on an embedded system and in particular on your practice target (the WiFi router) and gather information to prepare for the attack phase.
Day 2. Interfaces and tooling
We go through the tooling available to an attacker and use these tools to identify the basic components present on your first target. To consolidate knowledge you practice using the tools on your target board, your tasked with using them initially for simple tasks such as identifying signals (e.g. VCC and GND),
In the second half of the day you learn about the interfaces available to an adversary (UART, I2C, SPI and JTAG). Sometimes these interfaces can be tricky to identify, as you can experience during a practical exercise on your target board.
Day 3. More tooling and defense mechanisms
We continue exploring interfaces such as 1-Wire, CAN-bus and briefly discuss typical network and logical interfaces (USB and Ethernet/WiFi). During the practical assignments you use the oscilloscope and learn how to extract information from signals. Finally we dump the firmware and use software tools (such as vbindiff and binwalk) to extract interesting information.
During the second half of the day we put on the developer hat and discuss options available for defense at three different system levels: hardware (e.g. glues, seals and locks), architecture/design (e.g. OTP memory) and software (e.g. encryption and obfuscation).
Day 4. Putting it all together
During the last day you apply all the knowledge and skills you learned in the last three days on a different embedded system target. This exercise is useful to consolidate your knowledge but also to expose you to a new environment. The exercise has two parts: after learning as much as possible about your new target, first, you plan an attack strategy and second, you put back the developer hat and discuss appropriate defense mechanisms. You can take the target home and continue learning.
We challenge your product security by using thorough and inventive testing to discover security weaknesses
Riscure challenges the security of chips and devices by using thorough and inventive testing to discover security weaknesses. Use Riscure and find out how strong your security really is. Our international team of experts combines the latest attack techniques on hardware and software to explore the strength of your product. We can evaluate it for you or you can purchase our test equipment to do it yourself.
Riscure was founded in 2001 by Marc Witteman, who has been working the field of chip security since 1993. Operating from Delft in the Netherlands, Riscure started serving customers from all around the world. During the first years, security evaluation services were the main focus, mostly for customers in the financial industry. Later on the evaluation services also evolved towards the pay-tv industry. When in 2005 the first product was sold to a customer, development of security test equipment also became integral to Riscure's business. In 2011 Riscure opened an office in San Francisco USA in order to get local presence for its customers in North America.
A strong focus with a global impact
Riscure evaluates the security of chip technology and embedded devices that are designed to operate securely in any environment. We are the leading security test lab for chips and settopboxes deployed in the pay-tv industry. Riscure is also international market leader in providing test equipment for side channel robustness of chip technology. Riscure's equipment is used by chip manufacturers, government agencies and security test laboratories all around the world.
How we work
We value each other's opinion, we realise we need one another to perform outstanding work in a complex technical environment and we understand the fine balance between creativity and structure. Our flat organisational structure and strong involvement of everyone in the company makes us highly innovative and a fun place to work. We believe that everyone should have a say in how he or she performs his or her work. Not because of the sake of it, but because it creates true job satisfaction and a strong commitment that result in high quality and creative work.