IoT Security Treningskurs

Last updated




21 timer (vanligvis 3 dag inkludert pauser)


  • Basic knowledge devices, electronics systems and data systems
  • Basic understanding of software and systems
  • Basic understanding of Statistics (in Excel levels)
  • Understanding of Telecommunication Verticals


  • An advanced training program covering the current state of the art security of Internet of Things
  • Covers all aspect of  security of Firmware , Middleware and IoT communication protocols 
  • The course provides a 360 degree view of all kinds of security initiatives in IoT domain for those who are not deeply familiar with IoT standards, evolution and future
  • Deeper probe into security vulnerabilities in Firmware, Wireless communication protocols,  device to cloud communication.
  • Cutting across multiple technology domains to develop awareness of security in  IoT systems and its components
  • Live demo of some of the security aspects of gateways, sensors and IoT application clouds
  • The course also explains 30 principle risk considerations of  current and proposed NIST standards for IoT security
  • OSWAP model for IoT security
  • Provides detailed guideline for drafting IoT security standards for an organization


Target Audience 

Engineers/managers/security experts who are assigned to develop IoT projects or audit/review security risks.


IoT sikkerhet 101:

Dette kurset skisserer den moderne teknikken som er gjeldende for IoT-sikkerhet og hvordan dette emnet er
utvikling. Det er beregnet på at IoT-utviklere, ledere skal ta strategiske beslutninger for sitt IoT-produkt
både som leverandør og som kunde.

Kursstruktur er 24 timer, 12 moduler, 12x2. Hver modul 2 timer.

Machine Translated


Session 1 & 2: Basic and Advanced concepts of IoT architecture from security perspective

  • A brief history of evolution of IoT technologies
  • Data models in  IoT system – definition and architecture of sensors, actuators, device, gateway, communication protocols
  • Third party devices and risk associated with vendors supply chain
  • Technology ecosystem – device providers, gateway providers, analytics providers, platform providers, system integrator -risk associated with all the providers
  • Edge driven distributed IoT vs Cloud driven central IoT : Advantage vs risk assessment
  • Management layers in IoT system – Fleet management, asset management, Onboarding/Deboarding of sensors , Digital Twins. Risk of Authorizations in management layers
  •  Demo of IoT management systems- AWS, Microsoft Azure and Other Fleet managers
  •  Introduction to popular IoT communication protocols – Zigbee/NB-IoT/5G/LORA/Witespec – review of vulnerability in communication protocol layers
  • Understanding the entire Technology stack of IoT with a review of Risk management

Session 3: A check-list of all risks and security issues in IoT

  • Firmware Patching- the soft belly of IoT
  • Detailed review of security of IoT communication protocols- Transport layers ( NB-IoT, 4G, 5G, LORA, Zigbee etc. ) and Application Layers – MQTT, Web Socket etc.
  • Vulnerability of API end points -list of all possible API in IoT architecture
  • Vulnerability of Gate way devices and Services
  • Vulnerability of connected sensors -Gateway communication
  • Vulnerability of Gateway- Server communication
  • Vulnerability of Cloud Database services in IoT
  • Vulnerability of Application Layers
  • Vulnerability of Gateway management service- Local and Cloud based
  • Risk of log management in edge and non-edge architecture

Session 4: OSASP Model of IoT security , Top 10  security risk

  • I1 Insecure Web Interface
  • I2 Insufficient Authentication/Authorization
  • I3 Insecure Network Services
  • I4 Lack of Transport Encryption
  • I5 Privacy Concerns
  • I6 Insecure Cloud Interface
  • I7 Insecure Mobile Interface
  • I8 Insufficient Security Configurability
  • I9 Insecure Software/Firmware
  • I10 Poor Physical Security

Session 5: Review and Demo of AWS-IoT and Azure IoT security principle

  • Microsoft Threat Model – STRIDE
  • Details of STRIDE Model
  • Security device and gateway and server communication – Asymmetric encryption
  • X.509 certification for Public key distribution
  • SAS Keys
  • Bulk OTA risks and techniques
  • API security for application portals
  • Deactivation and delinking of rogue device from the system
  • Vulnerability of AWS/Azure Security principles

Session 6: Review of evolving NIST standards/recommendation for IoT

  • Review of NISTIR 8228 standard for IoT security -30 point risk consideration Model
  • Third party device integration and identification
  • Service identification & tracking
  • Hardware identification & tracking
  • Communication session identification
  • Management transaction identification and logging
  • Log management and tracking

Session 7: Securing Firmware/ Device

  • Securing debugging mode in a Firmware
  • Physical Security of hardware
  • Hardware cryptography – PUF ( Physically Unclonable Function) -securing EPROM
  • Public PUF, PPUF
  • Nano PUF
  • Known classification of Malwares in Firmware ( 18 families according to YARA rule )
  • Study of some of the popular Firmware Malware -MIRAI, BrickerBot, GoScanSSH, Hydra etc.

Session 8: Case Studies of IoT Attacks

  • Oct. 21, 2016, a huge DDoS attack was deployed against Dyn DNS servers and shut down many web services including Twitter . Hackers exploited default passwords and user names of webcams and other IoT devices, and installed the Mirai botnet  on compromised IoT devices.  This attack will be studied in detail
  • IP cameras can be hacked through buffer overflow attacks
  • Philips Hue lightbulbs were hacked through its ZigBee link protocol
  • SQL injection attacks were effective against Belkin IoT devices
  • Cross-site scripting (XSS) attacks that exploited the Belkin WeMo app and access data and resources that the app can access

Session 9: Securing Distributed IoT via Distributer Ledger – BlockChain and DAG (IOTA) [3 hours]

  • Distributed ledger technology– DAG Ledger, Hyper Ledger, BlockChain
  • PoW, PoS, Tangle – a comparison of the methods of consensus
  • Difference between Blockchain, DAG and Hyperledger – a comparison of their working vs performance vs decentralization
  • Real Time, offline performance of the different DLT system
  • P2P network, Private and Public Key- basic concepts
  • How ledger system is implemented practically- review of some research architecture
  • IOTA and Tangle- DLT for IoT
  • Some practical application examples from smart city, smart machines, smart cars

Session 10: The best practice architecture for IoT security

  • Tracking and identifying all the services in Gateways
  • Never use MAC address- use package id instead
  • Use identification hierarchy for devices- board ID, Device ID and package ID
  • Structure the Firmware Patching to perimeter and conforming to service ID
  • PUF for EPROM
  • Secure the risks of IoT management portals/applications by two layers of authentication
  • Secure all API- Define API testing and API management
  • Identification and integration of same security principle in Logistic Supply Chain
  • Minimize Patch vulnerability of IoT communication Protocols

Session 11: Drafting IoT security Policy for your organization

  • Define the lexicon of IoT security / Tensions
  • Suggest the best practice for authentication, identification, authorization
  • Identification and ranking of Critical Assets
  • Identification of perimeters and isolation for application
  • Policy for securing critical assets, critical information and privacy data  




Related Categories

Relaterte kurs


Kursrabatter Nyhetsbrev

We respect the privacy of your email address. We will not pass on or sell your address to others.
You can always change your preferences or unsubscribe completely.

Some of our clients

is growing fast!

We are looking to expand our presence in Norway!

As a Business Development Manager you will:

  • expand business in Norway
  • recruit local talent (sales, agents, trainers, consultants)
  • recruit local trainers and consultants

We offer:

  • Artificial Intelligence and Big Data systems to support your local operation
  • high-tech automation
  • continuously upgraded course catalogue and content
  • good fun in international team

If you are interested in running a high-tech, high-quality training and consulting business.

Apply now!

This site in other countries/regions