image image

Embedded Security for Automotive – Red Team Edition

11th - 12th June 2019 | 2 Days


Jasper van Woudenberg & Edgar Mateos Santillan


Modern cars are digital devices, controlled with multiple ECUs and millions of lines of software code. They are the frontline of modern embedded device development. With respect to unique safety requirements and rapid development of V2x communications, automotive security benefits from the expertise of other embedded applications.

This special 2-day edition of our Embedded Security for Automotive is brought to you by embedded device security veterans, with years of expertise in securing payment and content protection application. In this training you will look at an automotive solution from an attacker’s perspective. You will learn how ECUs can be hacked, and identify ways to apply this knowledge to your product and make it more robust. As a result, you will obtain the expertise to make effective security-related decisions throughout the entire development lifecycle of a vehicle electronic system.


The following topics are covered during the training:

Day 1: Fundamentals of security

  • Part 1: Fundamentals of security engineering
    • Recognize security assets in a given Target Of Evaluation (TOE)
    • Systematically find attack paths: attack trees
    • Profile the attackers
    • Rate attacks and prioritize attack paths
    • Common defense methods (built-in vs built-on security)
  • Part 2: An introduction to Embedded Systems
    • Identify the relevance of a component for security
    • Develop a basic understanding of PCB layout
    • Tools used to interact with the target device
    • Memories an interlude
    • Attacker perspective: assumptions and specifications

Day 2: Attacks on automotive embedded systems (ECUs)

  • Model the attack surface of the Riscurino board
  • Retrieve assets from the TOE: dumping the MCU non-volatile memory (firmware)
  • Implementation attacks and Misra-C guidelines
  • Side channel attacks- retrieve keys from crypto algorithm implementations
  • Use the JIL system to rate attacks
  • Use FI to bypass the UDS security access

Who should attend?

This training is ideal for engineers and managers with limited to no security knowledge working at manufacturers and suppliers in the automotive, trucks, rail and aviation industries, in the following roles: System Engineering, Cyber Security management, Software architecture, Software and hardware development, Electrics/Electronics, Safety and functional engineering.

What should attendees bring?

  • Bring your computer or laptop & power brick, with one USB-A port available
  • VirtualBox or VMware player (latest version) installed in your machine, as well as install the VirtualBox extensions for virtualbox.
  • Make sure you have ~10GB free disk space (otherwise the VM we will be using may not fit)

What will be provided?

  • Riscurino ECU for each student
  • Virtual Machines with all the software used during the course
  • Handouts for hands-on exercise
  • Tooling for doing the hands-on exercises will be available in the classroom


Jasper van Woudenberg (@jzvw)
currently is CTO for Riscure North America, working with the SF based team to improve embedded device security. As CTO of Riscure North America, Jasper is principal security analyst and ultimately responsible for Riscure North America's technical activities. Jasper's interest in security matters was first sparked in his mid-teens by reverse engineering software. During his studies for a master's degree in both CS and AI, he worked for a penetration testing firm, where he performed source code review, binary reverse engineering and tested application and network security. At Riscure, Jasper's expertise has grown to include various aspects of hardware security; from design review and logical testing, to side channel analysis and perturbation attacks. He leads Riscure North America's pentesting teams and has a special interest in combining AI with security research. Jasper's eagerness to share knowledge is reflected by regular speaking appearances, specialized client training sessions, student supervision and academic publications. Jasper has spoken at many security conferences including BlackHat briefings and trainings, Intel Security Conference, RWC, RSA, EDSC, BSides SF, Shakacon, ICMC, Infiltrate, has presented scientific research at SAC, WISSEC, CT-RSA, FDTC, ESC Design {West,East}, ARM TechCon, has reviewed papers for CHES and JC(rypto)EN, and has given invited talks at Stanford, NPS, GMU and the University of Amsterdam.
Specialties: embedded security, side channel analysis, fault injection, binary code analysis, network penetration testing, code reviews.

Edgar Mateos Santillan, Senior Security Analyst at Riscure
PhD in Electrical and Computer Engineering from University of Waterloo, Ontario, Canada. Working in Side Channel Attacks since 2006 and Fault Injection since 2012. Experience in Electronic design since 1994.