Cybersecurity Training

An introduction to the basic concepts of information security is required to understand, evaluate, and deal with the context of cybersecurity. In this training module, we introduce the main properties of security and present the cryptographic tools that allow the creation of schemes for information protection. We also present the main authentication guidelines that users and devices need to follow.

​

Duration: 4 hrs

Transport Layer Security (TLS) is the protocol employed on the Internet to protect communications. Wi-Fi and Bluetooth are the two most widespread technologies of wireless connectivity. These technologies provide some security schemes but have also been subjected to many attacks. In this module, we present the goals of these protocols and the points where they have shown weaknesses.

​

​

Duration: 4 hrs

This training module covers different IoT security vulnerabilities, starting with real-world attacks on several IoT devices. Leveraging the OWASP Internet of Things Project as a reference security framework, we present each class of IoT vulnerability and a real-world attack that exploited it. Finally, we suggest several security requirements to mitigate the explored security issue.

​

​

Duration: 2 hrs

In this module, we describe the main schemes to protect IoT devices against different types of attacks. We explain the technological solutions offered by the suppliers of SoCs to secure an IoT device. We provide an overview of the security primitives available in microcontrollers such as STM32 and ESP32, Bluetooth modules, and microprocessors such as NXP i.MX and Microchip’s SAMA5D, and Secure Elements from NXP and Microchip.

​

Duration: 4 hrs

This module gives an overview of the main initiatives in the field of IoT security. We explore multiple standards, such as ETSI EN 303 645 for consumer IoT and IEC 62443 for industrial systems, discussing their similarities and differences. We address the latest cybersecurity European regulations and explore how they align with applicable standards. Participants will gain a high-level understanding of how these frameworks are structured and how they support security in various IoT environments, including sectors such as medical and automotive.

​

Duration: 4 hrs

This module is based on the ISA/IEC 62443 standard, and in particular on tier 62443-4, parts 4-1 and 4-2, defined for the industrial context. It is the reference cybersecurity standard in industrial automation and control systems, also applied in transportation systems. We present the requirements proposed by the standard and the essential ingredients that must be considered to create a secure product.

​

Duration: 8 hrs

An essential step to define a protection strategy for a system is understanding what needs to be protected against, and threat modeling and risk assessment work together to support this. In threat modeling, potential threats are identified based on the system’s design and context. Then, in risk assessment, the threat's feasibility and severity are evaluated to prioritize mitigations. This process is the basis for complying with European laws like the Cyber Resilience Act and RED Delegated Act.

​

Duration: 4 hrs

Writing secure code in C language requires developers to set up quality control processes, which can be implemented through static analysis tools. These tools check that the implementation is in line with standard rules. In this module, the SEI CERT rules and their motivations are analyzed. We also propose an introduction to Rust, a memory-safe language that aims to improve code security analysis.

​

Duration: 4 hrs

Amazon and Google provide cloud platforms to create complex IoT systems. We analyze their security features and the main differences. Apple HomeKit is an Apple vertical example, which allows the control of home automation devices from iOS devices. Amazon Alexa is an application that manages the vocal assistant integrated into embedded systems. For its integration, Amazon sets specific security requirements.

​

Duration: 4 hrs

Penetration testing is a manual activity performed by a security expert to evaluate the target security. The goal is to find previously unknown vulnerabilities, both in software and hardware. We present the main tasks covered during a penetration testing activity. Specifically, leveraging a vulnerable IoT device, we discuss the methodology and present several practical tools for analyzing an IoT device.

​

Duration: 4 hrs

This module focuses on physical attacks mounted on devices processing secret information. We present side-channel attacks, which exploit information leaked by the devices during computations (e.g., power consumption and electromagnetic radiations), and fault attacks, which are techniques that stress the device and lead it to improper functioning. Both attacks aim to gain sensible data or bypass countermeasures.

​

Duration: 16 hrs

This module is based on ISO/SAE 21434 standard, and particularly on what’s requested by the R155 EU law to homologate new types of automotive vehicles in Europe. From July 2024 it is mandatory to demonstrate that a set of actions and considerations were made at design level to ensure the security of the road users from the cybersecurity point of view. 

​

Duration: 8 hrs

​The course aims to provide an understanding of the RED Delegated Act and the Cyber Resilience Act, and to explain how to approach compliance with these regulations through the use of relevant cybersecurity standards for consumer, industrial, and radio devices.

​

Duration: 4 hrs