Riscure offers a four day hands-on course covering the most relevant attacks for embedded systems. This is a foundation course recommended for anyone interested in security from a system level perspective. The main focus of the course is hardware attacks, providing a solid primer for both our course series; software security: Reverse Engineering, Vulnerability Identification and Software Exploitation, and hardware security: Fault Injection and Side Channel Analysis.
The concepts taught in this course are applicable to a wide range of COTS (Commercial off the Shelf) products such as gaming consoles, IP cameras, routers, diverse IoT devices, but also automotive ECU (Electronic Control Units).
Through a series of practical exercises you learn how to identify relevant assets and how to discover the most likely attack paths. Your primary target is a WiFi router. You refine your attack path, by discovering tooling available to an attacker and how these tools can be used to compromise assets on your primary target. You put your new knowledge and skills to use when we discuss available defense mechanisms such as secure boot, encryption, special hardware and their cost. Finally, you can put your new knowledge and skills to the test; you attack a different target - an IP camera - and afterwards discuss defense strategies.
During the training course, by means of hands-on exercises, you will:
Learn to identify relevant assets on your embedded systems (define assets and attack paths for different attacker profiles)
Build best practices for securing embedded systems (how to defend them)
Have the ability to prioritize your defence according to risk, time, cost, surface, etc. in a way that goes beyond checklists
Perform a guided attack on the first embedded system target and practise your new knowledge and skills on a second different embedded system. After the training you can take home this second
Day 1. Let’s get started
Typically everyone has its own answer to the question “what is an embedded system? “, therefore, first we level the field before diving into the details. Next, we introduce the concept of assets by example (e.g. keys, memory content and firmware,), present a methodology for discovering attack paths and learn about attacker’s profile.
During the second half of the day, we discuss the typical components present on an embedded system and in particular on your practice target (the WiFi router) and gather information to prepare for the attack phase.
Day 2. Interfaces and tooling
We go through the tooling available to an attacker and use these tools to identify the basic components present on your first target. To consolidate knowledge you practice using the tools on your target board, your tasked with using them initially for simple tasks such as identifying signals (e.g. VCC and GND),
In the second half of the day you learn about the interfaces available to an adversary (UART, I2C, SPI and JTAG). Sometimes these interfaces can be tricky to identify, as you can experience during a practical exercise on your target board.
Day 3. More tooling and defense mechanisms
We continue exploring interfaces such as 1-Wire, CAN-bus and briefly discuss typical network and logical interfaces (USB and Ethernet/WiFi). During the practical assignments you use the oscilloscope and learn how to extract information from signals. Finally we dump the firmware and use software tools (such as vbindiff and binwalk) to extract interesting information.
During the second half of the day we put on the developer hat and discuss options available for defense at three different system levels: hardware (e.g. glues, seals and locks), architecture/design (e.g. OTP memory) and software (e.g. encryption and obfuscation).
Day 4. Putting it all together
During the last day you apply all the knowledge and skills you learned in the last three days on a different embedded system target. This exercise is useful to consolidate your knowledge but also to expose you to a new environment. The exercise has two parts: after learning as much as possible about your new target, first, you plan an attack strategy and second, you put back the developer hat and discuss appropriate defense mechanisms. You can take the target home and continue learning.
We challenge your product security and help you achieve a more secure device or relevant certification
Riscure makes sure that good security becomes the new norm. We drive security forward because we believe that good security is reachable and nothing else should be acceptable.
We partner with our customers to ensure they achieve stronger levels of security and the relevant certifications, protecting owner and user rights. Our international team of experts combines the latest attack techniques on hardware and software to explore the strength of our customer’s products. Consider us a vaccination against a range of security vulnerabilities. With our foundation in hardware testing, we are uniquely positioned to evaluate security where hardware and software challenges meet, particularly the security of connected devices. We deliver security tools and services to a wide range of industries and markets with a strong focus on mobile and electronic payment, content protection and automotive industries as well as government sector.
We believe that our work should also serve to improve global device security. We offer a range of training courses as well as embed relevant security knowledge in our advanced test tools, so you can test your own work well in advance of any 3rd party certification requirement.
Riscure was founded in 2001 by Marc Witteman, who has been working the field of chip security since 1993. Operating from Delft in the Netherlands, Riscure serves customers from all around the world. During the first years, security evaluation services were the main focus, mostly for customers in the financial and content protection industry. Starting from 2005 development of security test equipment also became integral to Riscure’s business. In 2011 Riscure opened an office in San Francisco USA in order to get local presence for its customers in North America. In 2017 we also serve customers from the Asia-Pacific region from our new office in Shanghai, China as well as via a network of trusted partners.
A strong focus with a global impact
Riscure evaluates the security of chip technology and embedded/connected devices that are meant to operate securely in any environment. We are the leading security test lab for chips and integrated systems for the pay-tv industry. Riscure is also the market leader in providing test equipment for side channel robustness of chip technology. Riscure’s equipment is used by chip manufacturers, government agencies and security test laboratories around the world.