Cybersecurity Trainings
Security Pattern has extensive experience in the security domain and has a broad technical proposal in the context of training on cybersecurity for embedded systems. Therefore, we are the right partner to support our customers with training and courses in cybersecurity.
We propose various formative modules that aim to increase knowledge in the cybersecurity context. According to specific needs, they can be assembled and adapted. Following the customer's needs, we can also develop further modules with ad-hoc content.
We will provide all participants with a copy of the slides used during the training.
Our Trainings Catalogue
Introduction to security and cryptography
An introduction to the basic concepts of information security is required to understand, evaluate, and deal with the context of cybersecurity. In this training module, we introduce the main properties of security and present the cryptographic tools that allow the creation of schemes for information protection. We also present the main authentication guidelines that users and devices need to follow.
Duration: 4 hrs
Security protocols and security layers - TLS, Wi-Fi and Bluetooth
Transport Layer Security (TLS) is the protocol employed on the Internet to protect communications. Wi-Fi and Bluetooth are the two most widespread technologies of wireless connectivity. These technologies provide some security schemes but have also been subjected to many attacks. In this module, we present the goals of these protocols and the points where they have shown weaknesses.
Duration: 4 hrs
Known vulnerabilities in IoT and motivations
This training module covers different IoT security vulnerabilities, starting with real-world attacks on several IoT devices. Leveraging the OWASP Internet of Things Project as a reference security framework, we present each class of IoT vulnerability and a real-world attack that exploited it. Finally, we suggest several security requirements to mitigate the explored security issue.
Duration: 2 hrs
Security of embedded systems
In this module, we describe the main schemes to protect IoT devices against different types of attacks. We explain the technological solutions offered by the suppliers of SoCs to secure an IoT device. We provide an overview of the security primitives available in microcontrollers such as STM32 and ESP32, Bluetooth modules, and microprocessors such as NXP i.MX and Microchip’s SAMA5D, and Secure Elements from NXP and Microchip.
Duration: 4 hrs
Overview on cybersecurity standards
This module gives an overview of the main initiatives in the field of IoT security. We focus on two categories: Government-driven initiatives, such as ETSI 303 645 for the UK, and market-driven initiatives in medical devices, industrial, and automotive fields. We discuss similarities and differences among these standards, taking ISA/IEC 62443 as a starting point for setting up a cybersecurity framework.
Duration: 4 hrs
Security standard ISA/IEC 62443
This module is based on the ISA/IEC 62443 standard, and in particular on tier 62443-4, parts 4-1 and 4-2, defined for the industrial context. It is the reference cybersecurity standard in industrial automation and control systems, also applied in transportation systems. We present the requirements proposed by the standard and the essential ingredients that must be considered to create a secure product.
Duration: 8 hrs
Threat modeling
An essential step in defining a system's protection strategy is modeling the system and its threats. The protection strategy must be efficient and proportional to the potential damages that the system may face. We show the concepts needed to create a risk management strategy and discuss why this strategy has to be considered a fundamental element of a security standard.
Duration: 4 hrs
Development of secure code for embedded applications
Writing secure code in C language requires developers to set up quality control processes, which can be implemented through static analysis tools. These tools check that the implementation is in line with standard rules. In this module, the SEI CERT rules and their motivations are analyzed. We also propose an introduction to Rust, a memory-safe language that aims to improve code security analysis.
Duration: 4 hrs
Security of IoT platforms and vertical applications
Amazon and Google provide cloud platforms to create complex IoT systems. We analyze their security features and the main differences. Apple HomeKit is an Apple vertical example, which allows the control of home automation devices from iOS devices. Amazon Alexa is an application that manages the vocal assistant integrated into embedded systems. For its integration, Amazon sets specific security requirements.
Duration: 4 hrs
Penetration testing
Penetration testing is a manual activity performed by a security expert to evaluate the target security. The goal is to find previously unknown vulnerabilities, both in software and hardware. We present the main tasks covered during a penetration testing activity. Specifically, leveraging a vulnerable IoT device, we discuss the methodology and present several practical tools for analyzing an IoT device.
Duration: 4 hrs
Side-channel and fault attacks
This module focuses on physical attacks mounted on devices processing secret information. We present side-channel attacks, which exploit information leaked by the devices during computations (e.g., power consumption and electromagnetic radiations), and fault attacks, which are techniques that stress the device and lead it to improper functioning. Both attacks aim to gain sensible data or bypass countermeasures.
Duration: 16 hrs
