Event Sponsors
Event Speakers
Event Agenda
In Vehicle CyberSecurity Workshop
Event details:
Start Date: April 11
End Date: April 14
Duration; 32 hours (8Hours a day)
Course Outline PDF Download: https://www.cyberxltr.com/downloads/Vehiqilla-In-Vehicle-Secure-Architecture-Training.pdf
Trainer Profile:
Raneez Ahmed - Automotive Cybersecurity Specialist
I am the Technical Lead VSOC of Vehiqilla Inc, concentrating on performing Automotive Cybersecurity activities like building Vehicle Security Operations Center (VSOC), Vehi-VSOC, and its application Infrastructure. Moreover, I am pursuing research on Electric Vehicle Cybersecurity, working on V2X cybersecurity data protection project, and holding CompTIA Security+ certification.
For more information, please email Raneez at raneez@vehiqilla.com
Course Content
The In-Vehicle Cybersecurity Workshop provides a broad range of in-depth knowledge about In-Vehicle Cybersecurity, explaining the threats, vulnerabilities, and the methods of performing the penetration testing for the vehicle components. The course also describes the V2X security, focusing on the security issues between the vehicle and cloud/manufacture backend communication. Moreover, the course explains various tools and software for performing threat, vulnerability, and penetration findings.
Course Benefits
This course will help you:
Know about the different Cyber Attack Vectors for vehicles
Gain a strong foundation in the Automotive Cybersecurity platform
Understand the basics of penetration testing, vulnerability analysis, and threat modeling
Who Should Attend (Pre-requisite)
This training provides participants in the automotive industry with the necessary basic knowledge to be able to consider the new cybersecurity requirements according to the ISO/SAE 21434 security standard.
This training is appropriate for people who work in the automotive cybersecurity, management, engineering, or audit environment.
It is also suitable for the project, process, and sales managers, as well as those interested in the topic
Automotive Engineering Manager
Automotive Product & Infrastructure
Automotive embedded device & system engineers, designers, testers, manufacturers and suppliers
Developers working with embedded systems
Ethernet and CAN Bus Software Engineers and Testers
Autonomous Vehicle Development Software and Hardware Engineers
Automotive Verification and Validation Engineers and Managers
Course Outline
Automotive Cybersecurity 101
• Introduction to Cybersecurity
• Transformation in Mobility
• Connected and Autonomous Vehicles (CAV)
• Vehicle Technologies
• Cyber Challenges in CAVs
• Recent Cyber Attacks on CAVs
• Difference between IT and Automotive Cybersecurity
ISO 21434 and Assessment overview
• Overview of ISO21434 Cybersecurity Framework
• Introduction to TARA
• Organizational Cybersecurity Management
• Project Dependant Cybersecurity Management
• Distributed Cybersecurity Activities
• Continual Cybersecurity Activities
• Concept Phase
• Product Development Phase
• Post Development Phases
UNECE WP 29
• UNECE WP.29
• UNECE R155 CSMS
• UNECE R156 SUMS
• Business and Security Objectives
• TARA Methods
• Technical Scope Definition
• Decompose the Application
• Identify Threat Agents
• Identify the Vulnerabilities
• Enumerate the exploits
• Perform Risk and Impact Analysis
• Cyber Monitoring
• Fleet Incident Management
• Cyber Monitoring Demo: Vehiqilla Vehi-SOC
Vehicle Attack Vectors
• Third Party Apps
• Key Fob Hacking
• OBD II Hacking
• Vehicle to vehicle
• Vehicle to Infrastructure
• Vehicle to Everything
• Personal Data
Vehicle Security Concepts
• CIA
• Authentication
• Encryption
• Cybersecurity elements of the Vehicle
• Vehicle Connectivity
• V2X Cybersecurity Challenges
• Electric Vehicle Cybersecurity
• Security By Design
• Privacy & Tracking
In-Vehicle Architecture
• Assets inside Vehicle
• In-Vehicle Communication
• CANBus
• SAE J1939
• Automotive Ethernet
• Wi-Fi
• Bluetooth
• GSM
Perform Automotive Threat modelling (TARA)
• Business and Security Objectives
• TARA Methods
• Technical Scope Definition
• Decompose the Application
• Identify Threat Agents
• Identify the Vulnerabilities
• Enumerate the exploits
• Perform Risk and Impact Analysis
Development area of Cybersecurity
• Development areas in end-to-end Encryption
• Security gap in vehicle Certificates
• Key Storage
• Managing Passwords
• Secure software Development
How to assess vulnerabilities of Vehicle/ECUs
• Active Vehicle Vulnerability Analysis
• Passive Vehicle Vulnerability Analysis
• Supply Chain Vulnerability Analysis
• Software Vulnerability Analysis
• Key Cyber Attack Vectors in Automotive
Cybersecurity algorithm in Automotive
• Software Development in Automotive World
• Cyber-Secure Implementation and Prevention
• Security By Design
• Life Cycle Management Security Post-Production
Software Artifacts update Over Air protection
• OTA (Over the Air Updates)
• Entities involved in OTA updates
• Technical Overview on remote software updates
• Cybersecurity in OTA updates
• Cybersecurity challenges in remote SW update
Hacking into an Vehicle/ECU
• Pre-Engagement (25 mins)
• Vehicle/ECU Intelligence Gathering
• Automotive Threat Modeling
• ECU Vulnerability Analysis
• ECU Exploitation
Different verification Mechanisms
• Passive Vehicle Reconnaissance
• Active Vehicle Reconnaissance
• Whitebox Automotive Pen-Testing
• Blackbox Automotive Pen-Testing
Tools/Infrastructure needs
• Scanning Tools
• Wi-Fi Tools
• Bluetooth Tools
• Tools for GSM network
• Purpose & Working of each Tools
Live Demos & Exercises
• Fleet Cyber Monitoring Live Demo
• Collection of Vehicle Cybersecurity Logs Demo