Embedded Security Essentials
Learn how security practices and protocols apply to the embedded industry, and how they impact requirements and design.
Course Description
The Embedded Security Essentials course covers a wide range of software security topics in the specific context of embedded systems. Attendees will learn how security practices and protocols apply to the embedded industry, and how they impact requirements and design.
Course Objectives
After this course, participants will be able to perform the following:
- Identify the key challenges in creating a secure device
- Describe the basics of encryption and keys
- Contrast secure boot on different architectures
- Describe significant elements of network security, including SSH, SSL, IPsec, and IKE
Products Supported
- VxWorks® 7.0
- The following targets are available:
— Wind River® Simics® simulated targets
Who Should Attend
- Application developers
- Platform developers
- System architects
- Testers
Course Format
- This two-day expert-led course consists of lectures and lab sessions.
- Attendees use VxWorks 7.0 and Wind River Workbench 4.0 to gain experience with the topics presented.
- Participants receive individual guidance from an expert engineer who has extensive experience with Wind River technologies.
Syllabus
Day 1
Introduction to Embedded Security
- Definitions
- What is security?
- Regulation, standards, and references
- Lifecycle management
- Designing for security
- LAB: Exploring Network Security Threats
Privacy Implementations
- Confidentiality and privacy
- Categories of ciphers
- Symmetric ciphers
- Asymmetric ciphers
- Cryptanalysis
- Sources of information
- LAB: Working with Ciphers
Integrity Implementations
- Integrity decompositions
- Hash functions
- Keyed-hash message authentication code
- Digital signatures
- Sources of information
Availability Implementations
- Availability decompositions
- Whitelisting
- Intrusion protection
- Management
- Countermeasures
Security Building Blocks—Keys and Hardware
- What is a key?
- Public vs. private keys
- Diffie-Hellman and RSA
- Managing keys and certificates
- How random is your hardware?
- Is the hardware up to the challenge?
- LAB: Creating an X.509 Certificate
Firewall Overview
- Introduction
- Stateful firewall example
- Firewall concepts
- Firewall implementations
- Linux iptables
Day 2
SSL
- Overview
- SSL architecture
- SSL and security
- Handshake process
- SSL session
- VPN using SSL
- LAB: Building a Secure Connection with SSL
SSH
- Overview
- SSH architecture
- Security in SSH
- SSH features
- OpenSSH
- Competing protocols
- LAB: Securing Network Applications with SSH
IPsec/IKE
- Overview
- IPsec architecture
- Security association and SPD
- AH and ESP
- Key management in IPsec
- IKEv1
- IKEv2
- LAB: Building Secure Sessions with IPsec and IKE
VxWorks Secure Boot, User Security, and Encrypted File Systems
- Trusted Platform Module
- User management
- Encryption
- Secure networking
- Secure boot
- Encrypting the file system
- LAB: Managing User Authentication
VxWorks Security Hardened Profile
- NIST SP 800-53 Security Privacy Controls
- GPOS SRG
- Hardening Guides
- Hardened System Creation
- Necessary vs Discretionary Security Features
- LAB: Using a VxWorks Secure Boot with UEFI
Related Courses
- None
COURSE DETAILS SUMMARY
- Duration: 2 Days
- Course Information: View
- Format: Lectures and Labs
- Type: Instructor-led