My Internship at Riscure: Maggie Mackenzie
Meet Maggie Mackenzie, Security Analyst at Riscure who completed her internship with us and has since become a full-time member of the Riscure team. Maggie’s internship focused on the challenging topic of key recovery using Side Channel Analysis. Throughout her career journey at Riscure, Maggie has had the opportunity to try something different, switching her focus to mobile security and software review. Read her story and learn more about what it’s like working at Riscure.
Which study did you follow?
After completing my undergraduate degree in Computer Science at Bath University, I moved to Amsterdam to pursue a master’s degree in Computer Security jointly at the Vrije Universiteit Amsterdam and Universiteit van Amsterdam.
What is/was the topic of your research?
For my master’s thesis, I conducted an internship with Riscure on the topic of leaking an AES key from an embedded device using Side Channel Analysis. This was done by utilizing the board’s own Analog to Digital Converter (ADC) to measure its own power consumption instead of expensive equipment. While this had already been successfully done, my research also attempted to improve upon this method and find a way to compensate for the lower frequency of the captured traces. An oscilloscope can take many power measurements at a rapid rate faster than the operating frequency of the board, so fewer traces are required for the statistical calculations to succeed and extract the key. The ADC, on the other hand, is limited by the frequency of the board it belongs to, so it is not possible to capture the same level of detail. I therefore experimented with beginning measurements with varying intervals after the start of the cryptographic operations, trying to ‘stitch’ these traces back together to see if I could obtain a more detailed power measurement. After some experimentation, I was able to do so and extract the key from the Cortex M33 board using entirely on-board resources and with significantly fewer traces on a device running at a higher frequency than a previous paper. The success of my research shows that attackers may not require expensive and specialized equipment to succeed with Side Channel Analysis attacks.
What made you choose Riscure for your internship assignment, and how did Riscure support you in carrying out the research?
Before starting my internship with Riscure, I was not sure what I wanted the topic of my thesis to be. I had come across Side Channel Analysis in one of my modules at university and found it interesting, but without access to a lab or equipment I did not think I would be able to explore it further.
I came across Riscure through one of their internship open days and was drawn to the flexibility and support they offered. After applying, I was contacted with a possible topic, and after interviewing to discuss my experience and interest, I was selected. My internship supervisor was incredibly helpful during the entire process, from pointing me in the right direction to begin my learning, to helping me with the technical set up of the target board, to brainstorming with me and helping me make sure I was taking the research in the right direction. I have learned so much and would not have been able to complete this thesis without the incredible support of my supervisor, colleagues and Riscure’s equipment.
What is your impression of the Riscure team and culture?
I had a great impression of the team and culture as an intern, and it was one of the reasons that made me decide to ultimately begin my professional career here after graduating. Although I completed my internship during COVID and it was therefore remote for most of the time, whenever I did come into the office, I felt very welcomed and included in lunch breaks, coffee breaks and ping pong tournaments.
What do you like the most about working at Riscure?
I like that your opinion and personal development matters here. You get the choice of which direction you want to take your learning and you have the chance to voice if you would rather not do a particular project or if you want to try new kinds of projects. It feels as if you are a valued member of a team rather than a cog within a larger machine where you just do what you are told to do. For example, when starting to work here full-time, I opted not to continue with working on hardware and SCA, but to transition to Software Security and code review. And then last year when I felt I wanted to try something different I was able to work with the Mobile Security team for a while and learn about penetration testing on mobile devices.
What is the most memorable thing about working at Riscure?
The most memorable part was the first time I managed to extract the key from the target board. This is when I finally knew that I was on the right track and would be able to complete my thesis on this topic, knowing that all the weeks of reading and debugging had paid off.
Who should consider doing an internship at Riscure?
Although Riscure is most well-known for Fault Injection and Side Channel Analysis, these are not the only options for a potential internship. You could also pursue research in Software Security topics, cryptography, or Mobile Security. There is a diverse group of specialists at Riscure who may either have research ideas in mind that would help them in their work, or who may be able to support you in conducting the research you are interested in. Anyone pursuing a technical or security related bachelor’s or master’s who wants to have the chance to work alongside experts in the field should consider doing their internship here!
What inspires you in your work?
Due to Riscure’s excellent reputation as a lab combined with the ever-growing prevalence of embedded devices in our daily lives, working at Riscure means you get to see and test cutting-edge technology. The work done here is highly important in safeguarding against attackers, from IoT devices to automotive vehicles, giving a strong sense of purpose in your daily work. What inspires me is my colleagues and their knowledge. I am constantly inspired with how much more there is to learn, which means you are unlikely to remain stagnant in your personal and professional progression.
Looking for an internship in the device security domain? At Riscure, we’re always on the lookout for new interns! Read more and apply here.