Embedded Cybersecurity: Cryptography Masterclass

Trace the birth of cryptography from Arab scholars, through Al-Farahidi and Al-Kennedy, to polyalphabetic ciphers, and connect frequency analysis to modern automotive security and authenticated encryption.

Apply Kirchhoff's principle, security must endure even when system details are public, and embrace open standardized cryptography, key management, and automotive threat modeling for resilient systems.

Explore practical cryptographic applications across automotive, IT, finance, and IoT, including network security with AES, IPsec, TLS, and secure OTA updates, diagnostics, and data protection.

Position cryptography within the cybersecurity landscape and lifecycle, guided by ISO 21434 and UN R155. See cryptography as a tool, not a standalone solution, reinforcing automotive ECUs and firmware integrity.

Understand why automotive cybersecurity is mandatory, not optional, by examining real-world incidents, attack surfaces across vehicle networks, and how cryptography secures identities, data, commands, and updates.

Apply ISO 21434 to distribute cybersecurity responsibility across suppliers and OEMs throughout the vehicle lifecycle. Define cybersecurity interface agreements for project-by-project roles, assets, threats, and evidence.

Explore confidentiality, integrity, and availability challenges in automotive and IoT, including resource constraints, real-time demands, legacy systems, and diverse networks, with mitigation via lightweight cryptography and security by design.

Analyze challenges and mitigation for authentication, authorization, and accountability in resource-constrained automotive and IoT systems. Highlight scalability, distributed architectures, and lightweight protocols like OSCOR and ACE for edge computing efficiency.

Understand symmetric key cryptography: the same secret key encrypts plaintext into ciphertext and decrypts it back, with secure key storage in HSMs for automotive CAN and firmware protection.

Master the key principles of modern symmetric ciphers: confusion and diffusion, driven by nonlinear S-boxes and diffusion steps that propagate changes across rounds, including AES.

Master message padding for block ciphers by extending plaintext to a full block, preventing length leaks, and applying PKCS7 padding alongside constant-time validation in automotive AES-GCM contexts.

Explore common padding schemes and their security guarantees, including PKCS7, ISO 7816-4, MCX 9.23, and zero padding, with notes on automotive CBC risks and ASGCM alternatives.

Explore the paradigm shift to modern block ciphers, balancing diffusion and confusion through SP networks and S-boxes, with proven security against known attacks and standardized by NIST and ISO.

Explore how modern block ciphers evolve through attacks, failures, and redesigns from the 1970s DAS to AES in 2000, highlighting diffusion, cryptanalysis, and lightweight cryptography for automotive ECUs.

Explore the data encryption standard, the first modern block cipher with 64-bit blocks and 56-bit keys, and its Feistel rounds that shaped modern cryptography and AES.

Explore how the DES key scheduling derives 16 48-bit subkeys from a 56-bit key, uses BC1 and BC2 with a rotating schedule, and reverses for decryption.

Explore why double encryption with DES does not significantly improve security due to a meet-in-the-middle attack, and how 3DES EDE addresses this, with implications for automotive standards.

Explore how addRoundKey integrates the secret key into AES, using a 128-bit state and 128-bit round keys through xor, enabling cryptography and key binding in hardware-friendly implementations.

Explore how the aes key schedule expands the master key into round keys using rotate word, sub-words, rcon, and recursive exor to ensure non-linearity and key avalanche.

Explain AES decryption using inverse transformations—inverse shift rows, inverse subbytes, and inverse mixed columns—in reverse order with add round key, plus the equivalent inverse cipher for automotive security.

Analyze how lightweight block ciphers enable secure operation in constrained automotive devices, balancing small footprint, low power, and secure margins, with examples like present, gift, ascon, and nest.

Learn why ECB (ACB) mode is deterministic, with no randomness or integrity, leaking patterns and enabling replay. Automotive security forbids its use for secure boot, firmware, and updates.

Explain cbc mode and how the iv and prior ciphertext remove ecb determinism. Highlight padding considerations, error handling, and the shift toward aead like gcm for automotive security.

Explore cipher feedback mode (cfb) as a self-synchronizing block cipher turned stream cipher, handling partial blocks and no padding, enabling real-time encryption while noting limited error propagation and no parallelization.

Explore the output feedback mode (ofp), a key-stream independent, xor-based stream cipher that uses an initialization vector for real-time encryption with no padding but requires strict synchronization and sequential processing.

Explore stream ciphers as a fast, software-friendly alternative to block ciphers, detailing keystream generation, XOR encryption, and the need for authentication with MACs or AEAD in automotive and IoT contexts.

Explain how synchronous stream ciphers generate keystreams independent of plaintext and ciphertext, enabling parallel encryption and simple security proofs with ChaCha20 and AES-CTR in automotive contexts.

Explain RC4, a simple stream cipher, and how keystream biases and weak key scheduling reveal why legacy designs fail at scale and must be phased out for automotive security.

Explore message ciphers that ensure authentication and integrity of automotive messages, introducing MACs and AEAD schemes such as CMAC, GMAC, HMAC, and CHACHA20-POLY1305.

Explore how message authentication codes deliver integrity and authenticity in automotive systems, not providing confidentiality, by constructing MACs such as cmac, hmac, and GMAC and applying them in CAN networks.

Explore why encryption alone fails in automotive and embedded systems and how authenticated encryption with associated data (AEAD) provides confidentiality, integrity, and authenticity in a single construction.