お探しのページはこちらでしょうか. その他の検索結果:

Training at a Glance

  • Format

    • Classroom training
    • Interactive exercises and quizzes

  • Audience

    • Anyone working with automotive embedded systems
    • Decision-makers to engineers with technical and non-technical backgrounds

  • Duration

    • 3 courses
    • 3 days

  • Outcomes

    • Identify and understand threats
    • Learn relevant automotive attack and defense mechanisms
    • Be able to evaluate and secure automotive systems

    • Ensure Security of Automotive Embedded Systems

    Modern cars increasingly depend on complex digital systems to manage various operations, expanding their potential attack surface and making them prime targets for cyber threats. Ensuring the security of these systems is now essential for all automotive teams.

    This training addresses the challenges of evolving cybersecurity in the automotive sector by equipping teams with a solid security mindset. It significantly mitigates the risk of cyber-attacks and enhances overall vehicle reliability and security. Participants will gain valuable insights and practical knowledge to improve the security and resilience of automotive embedded technologies.

    A proactive approach to cybersecurity protects a company’s reputation and results in substantial cost savings by preventing costly recalls, reducing liability from potential security breaches, and avoiding the financial impact of cyber-attacks. Investing in security training and defense strategies ultimately translates into competitive advantages, such as increased consumer trust and market share, contributing to long-term profitability and sustainability in the industry.

    Training Outline

    • Introduction to security engineering
    • Technical terms, definitions, and key concepts in automotive security
    • Threat analysis and risk assessment (TARA) and standards
    • Overview of industry standards and frameworks
    • Introduction to the TARA methodology
      • Actors in embedded systems: Understanding the various assets, components, and threat modeling in embedded and automotive systems
      • Introduction to risk assessment: Basics of assessing security risks in automotive contexts

    Introduction to automotive systems

    • Approach to evaluations: Methodologies for assessing system vulnerabilities
    • Printed Circuit Boards (PCBs): Understanding PCB and component analysis of ECUs in automotive systems
    • Virtual machines (VMs)
      • Procedure: Setting up VMs for automotive security testing
      • Screenshots: Demonstrating VM setup

    Digital interfaces and OSI layers

    • UART interface
      • Understanding UART in the OSI model
      • Practical tips for locating UART in automotive systems
    • JTAG interface
      • Introduction to JTAG and its role in automotive security
      • Methods for identifying JTAG interfaces

    Automotive interfaces and protocols

    • Controller Area Network (CAN)
      • Connecting to a CAN bus
      • Identifying and analyzing CAN signals (differential signals)
      • Using CAN utilities to read and write messages
      • Tools: SavvyCAN, Python-can-remote
    • Automotive ethernet
      • Understanding Automotive Ethernet across OSI layers (Physical, Link, Network)
    • Techniques for identifying automotive ethernet in a system
    • Getting Hands-on:
      • Using open source tools and wireshark to demonstrate attacks on Automotive Ethernet with interactive exercise covering attacks on CAM overflow, VLAN configuration and trunking, and Dynamic Trunking Protocol (DTP) attacks
      • Security threat and mitigations
    • FlexRay
      • Introduction to FlexRay protocol
      • Exploring FlexRay and its OSI layers (Physical, Link, Network)
      • Identifying and connecting to FlexRay using both available and custom tools
      • Approaches for sniffing and man-in-the-middle (MiTM) attacks, security threats in FlexRay environments
    • Power Line Communication (PLC)
      • Introduction to PLC communication and protocol
      • The role of PLC in automotive sytems, with an OSI layer breaskdown (Physical, Link, Network)
    • Quiz
    Diagnostics in automotive systems
    • Unified Diagnostic Services (UDS): Theory and practical application in vehicle diagnostics
    • Diagnostics over IP (DoIP): Understanding DoIP in modern automotive systems
    Practical hands-on session
    • Participants engage in practical exercises using diagnostic tools to analyze and secure automotive systems
    Advanced Hands-On Session
    • Deep dive into UDS:
      • Core concepts and structure of UDS in automotive diagnostics.
      • Exploration of critical UDS services related to security.
      • Key response codes and their significance.
      • Overview of tools and scripts used for identifying and fuzzing UDS servers over CAN.
      • Building custom scripts to identify UDS servers and fuzz them to detect supported
      • services.
      • Understanding security access services (e.g., 0x27).
      • Assessing potential security threats and mitigation strategies.
    Real world Case Studies:
    • Analysis of real-world automotive security incidents
    • Lessons learned, and applying theoretical concepts to real-world cases.
    Defense Strategy and Attack Rating Techniques:
    • Practical aspects of defense strategies, along with methodologies and techniques for attack rating.
    Modern Attack Techniques:
    • Brief overview of Fault Injection (FI), Side-Channel Attacks (SCA), and software exploitations.
    Security from a Defender’s Perspective:
    • Comprehensive overview of defense tactic
    • Security measures from a defensive stance.
    Course End Quizzes and Final Assessment
    Wrap-Up and Q&A
    Summary of key takeaways.
    Open floor for questions and discussion.

    Related Trainings

    Interested in this service? Reach out to learn more.