Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

Automotive Cyber Security

( Duration: 3 Days )

This Automotive Cyber Security training course covers the fundamentals of embedded systems and applications of cybersecurity in vehicles to illustrate unique vulnerabilities that are commonly exploited. This course covers all aspects of cybersecurity within the context of road vehicles. You will learn about protection of automotive electronic systems, embedded systems, communication networks, Controller Area Network (CAN bus), Ethernet, control algorithms, software, users, threat agents, vulnerabilities and underlying data from malicious attacks, damage, unauthorized access, or manipulation.

You will learn about methods and techniques regarding cybersecurity measures in the entire automotive system lifecycle and acquisition. Secure embedded systems in automotive applications include many procedures, methods and techniques to seamlessly integrate cybersecurity within automotive embedded system software.

Added security components to automotive embedded systems can impede a system’s functionality and impact the real-time performance of the mission critical systems. Automotive systems and software engineers, testers, hardware designers, developers and security analysts need a well-defined approach for simultaneously designing automotive embedded functionality and cybersecurity.

By attending Automotive Cyber Security workshop, delegates will learn:

  • Examining how to fit cybersecurity in automotive embedded systems
  • Fundamentals of automotive cybersecurity automotive cybersecurity such as CIA (Confidentiality, Integrity and Availability), Threat, Threat Agents/Vectors, Vulnerability, and Risk Assessment; Defense in Depth, etc.
  • Fundamentals of Embedded Systems
  • Fundamentals of automotive embedded system product design cycle, project management, design for production, V&V and O&M
  • Automotive Embedded Systems Security Requirements
  • Fundamentals of hardware and firmware analysis and design in automotive embedded design
  • Vulnerabilities in automotive embedded systems
  • Embedded hardware and firmware analysis to detect vulnerabilities
  • Foundation knowledge of automotive cyber security threats, risks, mitigation strategies applied to embedded systems
  • Exploitable vulnerabilities in automotive embedded systems and techniques and strategies for systems engineering embedded systems
  • Communication protocols, wired and wireless networks, information and network attacks and their impact on automotive embedded subsystems and devices
  • Automotive risk assessment techniques and methodologies and using defensive tools for mitigating risk and vulnerabilities

The Automotive Cyber Security class is ideal for:

  • Application developers
  • Automotive Engineering Manager
  • Automotive Product & Infrastructure
  • Automotive Verification and Validation Engineers and Managers
  • Autonomous Vehicle Development Software and Hardware Engineers
  • Chief Security Officers (CSO)
  • Chief Information Security Officers (CISO)
  • Chief Information Officers (CIO) and IT Security directors
  • Chief Product Security Officers (CPSO)
  • Control Platform
  • Developers working with embedded systems
  • Embedded software engineers and testers
  • Ethernet and CAN Bus Software Engineers and Testers
  • Functional Safety Electrical Engineering
  • Hardware Testers
  • Information security professionals
  • Machine Learning Platform Engineers and Managers
  • Mechatronics Engineer, Sensor Cleaning Engineers and PMs
  • Product & Infrastructure Engineers and PMs
  • Product/process designers and engineers
  • Reliability Engineers
  • Reliability, Safety, Quality Assurance and Security Engineers
  • Software Engineer – FPGA Design
  • Software Engineer Robotics – Controls
  • System, Software and Hardware Test, Evaluation and Debug Engineers
  • Security Operations Center (SOC) Managers and Team Leaders
  • Automotive embedded device & system engineers, designers, testers, manufacturers and suppliers
  • Smart vehicle and infrastructure security architects
  • Automotive and Infrastructure Penetration Testers

COURSE AGENDA

1

Cybersecurity Applied to Automotive

  • What is Cybersecurity?
  • Basic principles of CIA
  • Confidentiality
  • Embedded system’s critical information
  • Application code and surveillance data
  • Unauthorized entities
  • Integrity
  • Availability and mission objectives
  • Cyber Risks applied to Embedded Systems
  • Principles and practices designed to safeguard your embedded system
  • Hacking tools and entry points
  • Encryption and authentication
  • Data Integrity
  • Vulnerability analysis 101
  • Mitigation 101
  • Networking and network attacks
  • Role of wireless networks in the embedded systems
  • Embedded hardware and firmware analysis and reverse engineering
  • Embedded system security Threats
  • Intrusion
  • Virus, Worm, Trojan Horse (Malware)
  • Spyware
  • DoS
  • Secure software fundamentals
2

Introduction to Embedded Systems and their Applications in Automotive

  • Embedded Systems
  • Hardware Architecture
  • Software Development
  • Microprocessor Primer
  • Basic architecture
  • Programmer’s view
  • Embedded Operating Systems
  • Case Study: Embedded Vehicle System
  • Embedded Systems Engineering
  • Application Software
  • System Software
  • RTOS/Logic
  • Firmware/HAL
  • Hardware
3

Automotive Cybersecurity Strategies

  • Strategies to build in security by deign processes
  • ISO 21434 implementation
  • Embedded systems security developments,
  • Intrusion and threat detection strategies
  • Secured product engineering
  • Autonomous Vehicle Software
  • Automotive digital assets protection
  • Automotive Safety, Security, Privacy, and Reliability
  • Vectors of Automotive Cyber Protection
  • Internet of Things (IoT)
  • Robotics
  • Self-driving Cars
  • Next Gen Computing
  • Blockchain
  • Artificial Intelligence (AI) and Machine Learning (ML)
  • Quantum Technologies
  • Computer Vision
  • Embedded Systems
  • Embedded Linux
4

Automotive Embedded System Vulnerability Analysis

  • Networking and network attacks
  • Wireless networks and embedded systems
  • Embedded hardware and firmware analysis
  • Exploiting Embedded Devices
  • The stages of router exploitation
  • Initial Reconnaissance
  • Exploitation
  • Firmware Unpacking and Modification
  • Detecting
  • Extracting
  • Analysis
  • Cross Compiling
  • Modification and Creation of new firmware
  • Persistent Dynamic Backdoor
  • Firmware analysis and extraction
  • Finding and exploiting logic flaws
  • Firmware emulation and debugging
  • Finding and exploiting real-world overflows
  • Foundations of cyber security and emerging threats
  • Hacking/exploitation techniques, tools and entry points
  • Defensive technologies: Encryption and authentication
  • Hardware Reverse Engineering
  • Attacking Automotive Firmware and Hardware
  • Attacking CAN Bus and Ethernet
5

Automotive Cybersecurity and Layers of Protection

  • Fundamental Vehicle Cybersecurity Protections
  • Protective/preventive measures and techniques
  • Real-time intrusion (hacking) detection measures
  • Real-time response methods
  • Assessment of solutions
  • Layered Approach
  • Information Technology Security Controls
  • Automotive Industry Cybersecurity Guidance
  • Vehicle Development Process with Explicit Cybersecurity Considerations
  • Leadership Priority on Product Cybersecurity
  • Information Sharing
  • Vulnerability Reporting/Disclosure Policy
  • Vulnerability / Exploit / Incident Response Process
  • Self-Auditing
  • Risk Assessment
  • Penetration Testing and Documentation
  • Self-Review
  • Control Keys
  • Control Vehicle Maintenance Diagnostic Access
  • Control Access to Firmware
  • Firmware Encryption
  • Limit Ability to Modify Firmware
  • Control Proliferation of Network Ports, Protocols and Services
  • Autonomous Vehicle Platform
  • The Autonomous Vehicle
  • Drive software engineering best practices
  • ROS or other robotics frameworks
  • Software Systems Test
  • Embedded Linux
6

Cybersecurity Best Practices for Modern Vehicles

  • Use Segmentation and Isolation Techniques in Vehicle Architecture Design
  • Control Internal Vehicle Communications
  • Log Events
  • Control Communication to Back-End Servers
  • Control Wireless Interfaces
  • Serviceability
  • Secure Coding
  • Static and Dynamic Code Analysis
7

Standards Development and Best Practices

  • NHTSA – Cybersecurity Best Practices for Modern Vehicles
  • NHTSA and Vehicle Cybersecurity
  • Global Automakers – Framework for Automotive Cybersecurity Best Practices
  • Auto-ISAC – Best Practices Executive Summary
  • Auto Alliance initiatives
  • IEEE – Automotive Cybersecurity information
  • NHTSA – Cybersecurity overview
  • MISRA C & MISRA C++ Coding Standards Compliance
  • DO-178C
  • ISO-26262
  • IEC-62304
8

Securing Automotive Embedded Systems Interfaces and Protocols

  • Embedded Systems Communication Protocols
  • Universal Asynchronous Receiver/Transmitter (UART)
  • Serial Peripheral Interface (SPI)
  • Joint Test Action Group (JTAG)
  • Inter-integrated Circuit (I2C)
  • I2C bus
  • CAN bus
  • FireWire bus
  • USB
  • Parallel protocols
  • PCI bus
  • ARM bus
  • Wireless protocols
  • IrDA
  • Bluetooth
  • Bluetooth LE (BLE)
  • IEEE 802.11
  • NFC
9

Cybersecurity Attacks and Best Mitigation Practices for Automotive Embedded Systems

  • Non-Invasive Hardware Reverse Engineering
  • Component identification
  • Tracking PCB traces
  • Re-producing schematic and block diagrams
  • Bus Sniffing
  • Interface Analysis
  • Communications protocols sniffing
  • Decoding and deciphering captured bits
  • Critical data identification and detection
  • Component removal and replacement
  • Dealing with surface mount components
  • Electronics and circuit analysis
  • Understanding your tools and their effects on the circuit
  • Understanding the circuit and its effect on your tools
  • Security Measures
10

Evaluating Cybersecurity Practices for Modern Vehicles

  • Architecture for embedded systems
  • Patterns and real-time constraints
  • Automotive Embedded software testing and validation
  • Practical ways and techniques to test for safety requirements
  • How to develop and test safety requirements
  • Automotive On-board tamper-prevention and evidence
  • Automotive Embedded systems safeguarding and exploitation
  • Cyber-physical attacks and countermeasures
  • Big data and cloud data security in Automotive and V2X ecosystems
11

Case Study and Workshop (ISO/SAE 21434 Framework)

  • Cybersecurity Analysis of Embedded Systems used in a Modern Semi-Autonomous and Autolooms Vehicle
    • Design Process
    • Embedded system CONOPS
    • Mission objectives
    • Test and evaluation
    • Functional requirements
    • Threat analysis
    • System design
    • Security requirements
    • Performance evaluation
    • Security evaluation
    • System Implementation Security
    • Attack surface
    • Boot process, system data, and software
    • Physical attack surface
    • Root of trust establishment
    • Trust hardware and software components
    • Trusted platform module (TPM)
    • Operating system (OS)
    • Mission-specific application code (Apps)
    • Field-programmable gate array (FPGA)
    • BIOS
    • Boot process
    • Startup
    • Trusted computing base (TCB)
    • Secure Coding Guidelines Are Important
    • C and C++ programming languages for embedded development
    • CWE List & CERT Secure Coding Standards
    • CWE vs. CERT vs. MISRA
    • MISRA C Security Rules
    • Static code analyzers enforce coding rules and flag security violations
    • Helix QAC: CERT, MISRA, and CWE to ensure secure software
12

Automotive Threat Analysis and Risk Assessment (TARA) Method

  • The TARA method
  • Risk evaluation, assessment, treatment, and planning for identified risks
  • Applying ISO SAE 21434 standard
  • Applying Automotive TARA Method to ISO SAE 21434 standard
  • Organizational cyber security plan and cyber security assurance levels in depth.
  • NIST SP-800-30 and ISO IEC 31010,
  • Attack feasibility or likelihood and associated impacts
  • Apply the TARA method
  • Standard confidentiality, integrity, and availability (C, I, A) ratings
  • Safety, financial, operational, and privacy (S, F, O, P)
  • Threats or vulnerabilities
  • Evaluating window of opportunity with TARA Method
  • Calculate and communicate the risk
  • Calculating impact of risk TARA Method
  • Cyber security assurance levels in the automotive supply chain
  • Functional safety requirements of ISO 26262
  • Requirements of Automotive Safety Integrity Levels (ASIL)
  • Automotive cyber security standard ISO SAE 21434 requirements for cyber security risk management of road vehicle electrical and electronic systems
  • Applying cyber security assurance levels
  • Determining the number of levels needed
  • Tailoring cyber security assurance activities

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X