Lesson 1Logical architecture mapping: ways to record network areas, trust lines, data movements between ECUs, gateway, telematics, and cloudThis part shows methods to record logical setups, covering network areas, trust lines, and data movements between ECUs, gateways, telematics units, and cloud services, to help with planned threat checking and controls.
Spotting assets and communication pointsSetting network areas and security levelsRecording trust lines and assumptionsModelling ECU, gateway, and cloud data movementsUsing drawings to aid threat modellingLesson 2Automotive Ethernet basics: PHY, switched setup, VLANs, TSN basics for vehiclesThis part covers basics of Automotive Ethernet, including PHY choices, wiring, and switched setups. It explains VLAN splitting, QoS, and TSN features that help with steady, safety-important traffic in today's vehicle networks.
Automotive Ethernet PHYs and wiring choicesSwitched setups and backup patternsVLAN splitting and traffic dividingQuality of Service and priority waysTSN ideas for steady in-vehicle trafficLesson 3CAN bus basics: signal framing, message IDs, arbitration, ECU rolesThis part brings in CAN bus ideas, including frame build, identifiers, and arbitration. It explains ECU roles on the bus, usual signalling patterns, and timing, readying learners to check and secure CAN traffic.
CAN frame build and bit-level signallingStandard vs extended identifiers and ID planningArbitration, bus load, and priority handlingECU send, receive, and diagnostic rolesError handling, fault keeping, and bus-offLesson 4ECU types and duties: powertrain, gateway, infotainment, telematics, domain controllersThis part sorts ECU types and their duties, including powertrain, body, infotainment, telematics, and domain or area controllers, and explains how their roles affect security needs and network placing.
Powertrain and chassis control ECUsBody, comfort, and ADAS control modulesInfotainment head units and media modulesTelematics control units and connectivity ECUsDomain and area controllers in new E/E designsLesson 5External interfaces mapping: cellular modem, Wi-Fi, Bluetooth, OBD-II — protocols, usual weaknesses, usual access modelsThis part maps key outside interfaces like cellular, Wi-Fi, Bluetooth, and OBD-II. It checks protocols, common weaknesses, and access models, pointing out how attackers move from outside surfaces into in-vehicle networks.
Cellular modem stacks and remote access pathsWi-Fi client, hotspot, and setup modelsBluetooth profiles and pairing weaknessesOBD-II physical access and diagnostic protocolsCommon wrong setups and abuse casesLesson 6Data sorting and sensitive assets: safety-critical messages, cryptographic keys, firmware images, personal data on infotainment/telematicsThis part brings in data sorting for automotive systems, focusing on safety-critical signals, cryptographic keys, firmware images, and personal data, and explains how sorting guides protection and keeping controls.
Spotting safety-critical control messagesManaging cryptographic keys and key materialProtecting firmware images and update filesHandling personal and telemetry data in vehiclesKeeping, deleting, and forensic needsLesson 7Cloud backend parts and interfaces: backend update server, device registry, authentication, telemetry taking in, API gatewaysThis part explains cloud backend parts that work with vehicles, including update servers, device registries, authentication services, telemetry taking in, and API gateways, stressing trust, identity, and secure data exchange.
Backend update servers and campaign controlDevice identity, registry, and lifecycle statesAuthentication, tokens, and certificate handlingTelemetry taking in, storage, and analytics flowsAPI gateways, rate limiting, and zero trustLesson 8Gateway ECU function and secure gateway design patterns: routing, protocol translation, firewalling, isolationThis part details gateway ECU functions, including routing, protocol translation, and traffic filtering. It brings in secure gateway design patterns for isolation, intrusion spotting support, and controlled diagnostic access.
Routing between CAN, LIN, and Ethernet partsProtocol translation and message normalisingFirewall rules and policy enforcing pointsNetwork splitting and isolation strategiesSecure diagnostics and authenticated access
