Lesson 1Logical architecture mapping: methods to document network zones, trust boundaries, data flows between ECUs, gateway, telematics, and cloudDis section present methods to document logical architectures, including network zones, trust boundaries, and data flows between ECUs, gateways, telematics units, and cloud services, supporting systematic threat modeling and controls for better understanding.
Identifying assets and communication endpointsDefining network zones and security levelsDocumenting trust boundaries and assumptionsModeling ECU, gateway, and cloud data flowsUsing diagrams to support threat modelingLesson 2Automotive Ethernet fundamentals: PHY, switched topology, VLANs, TSN basics relevant to vehiclesDis section cover Automotive Ethernet basics, including PHY options, cabling, and switched topologies. It explain VLAN segmentation, QoS, and TSN features dat support deterministic, safety-relevant traffic in modern vehicle networks, adapted for local use.
Automotive Ethernet PHYs and cabling optionsSwitched topologies and redundancy patternsVLAN segmentation and traffic separationQuality of Service and priority mechanismsTSN concepts for deterministic in-vehicle trafficLesson 3CAN bus fundamentals: signal framing, message IDs, arbitration, ECU rolesDis section introduce CAN bus concepts, including frame structure, identifiers, and arbitration. It explain ECU roles on di bus, typical signaling patterns, and timing behavior, preparing learners to analyze and secure CAN traffic in practical terms.
CAN frame structure and bit-level signalingStandard vs extended identifiers and ID designArbitration, bus load, and priority handlingECU transmit, receive, and diagnostic rolesError handling, fault confinement, and bus-offLesson 4ECU types and responsibilities: powertrain, gateway, infotainment, telematics, domain controllersDis section classify ECU types and their responsibilities, including powertrain, body, infotainment, telematics, and domain or zone controllers, and explain how their roles influence security priorities and network placement for Sierra Leone vehicles.
Powertrain and chassis control ECUsBody, comfort, and ADAS control modulesInfotainment head units and media modulesTelematics control units and connectivity ECUsDomain and zone controllers in new E/E designsLesson 5External interfaces mapping: cellular modem, Wi‑Fi, Bluetooth, OBD‑II — protocols, typical vulnerabilities, typical access modelsDis section map key external interfaces such as cellular, Wi‑Fi, Bluetooth, and OBD‑II. It review protocols, common vulnerabilities, and access models, highlighting how attackers pivot from external surfaces into in-vehicle networks in local settings.
Cellular modem stacks and remote access pathsWi‑Fi client, hotspot, and provisioning modelsBluetooth profiles and pairing weaknessesOBD‑II physical access and diagnostic protocolsCommon misconfigurations and abuse scenariosLesson 6Data classification and sensitive assets: safety-critical messages, cryptographic keys, firmware images, personal data on infotainment/telematicsDis section introduce data classification for automotive systems, focusing on safety-critical signals, cryptographic keys, firmware images, and personal data, and explain how classification guide protection and retention controls for privacy.
Identifying safety-critical control messagesManaging cryptographic keys and key materialProtecting firmware images and update filesHandling personal and telemetry data in vehiclesRetention, deletion, and forensic requirementsLesson 7Cloud backend components and interfaces: backend update server, device registry, authentication, telemetry ingestion, API gatewaysDis section explain cloud backend components dat interact with vehicles, including update servers, device registries, authentication services, telemetry ingestion, and API gateways, emphasizing trust, identity, and secure data exchange for fleets.
Backend update servers and campaign controlDevice identity, registry, and lifecycle statesAuthentication, tokens, and certificate handlingTelemetry ingestion, storage, and analytics flowsAPI gateways, rate limiting, and zero trustLesson 8Gateway ECU function and secure gateway design patterns: routing, protocol translation, firewalling, isolationDis section detail gateway ECU functions, including routing, protocol translation, and traffic filtering. It introduce secure gateway design patterns for isolation, intrusion detection support, and controlled diagnostic access in vehicles.
Routing between CAN, LIN, and Ethernet segmentsProtocol translation and message normalizationFirewall rules and policy enforcement pointsNetwork segmentation and isolation strategiesSecure diagnostics and authenticated access
