Dangerous Pathways
"The Safe - Release the Treasure!" is a demonstrator that was first presented in September 2023. In just a few minutes, it enables elementary school children as much as adults to learn about and experiment with the principles of a side-channel attack.
TYPE
Live Demo
TOPIC
Side-channel attacks
YEAR
2023
SOFTWARE
Figma, Adobe Photoshop, Adobe Illustration, Adobe InDesign, Affinity Designer, Autodesk Fusion360, PlatformIO, VS Code, Scrivener
HARDWARE
Wooden Enclosure: Team SciEng Custom-Built, Miter Saw, Disc Sander, Painting
ELECTRONICS
Arduino Leonardo, Sparkfun / Seeed Studio I²C Components, 3D-printed mounts (Thingiverse, Team SciEng Custom Design), passive components
SKILLS
Visual Design, Communication Design, Rapid Prototyping, CAD, Hardware Architecture, Software Engineering, Woodworking, 3D Printing, Storytelling
"The NSA knew nothing about the vulnerability, did not exploit it," Rob Joyce, the Cybersecurity Coordinator of the United States and the NSA, commented on the security flaws known as "Meltdown" and "Spectre" in 2018 to the "Washington Post". His words resonated globally. "Meltdown" and "Spectre" are side-channel attacks. The "Frankfurter Allgemeine" newspaper labeled the vulnerability caused by "Meltdown" and "Spectre" as the "greatest security gap of all time."
Side-channel attacks are cyberattacks in which data is stolen via a detour, the so-called side-channel. Side-channel attacks exploit information that the Central Processing Unit (CPU) reveals involuntarily during processing, such as runtime behavior or power consumption.
Simply put: Attackers gain access to secret information by creative means.
©Felix Koltermann
Wolfgang Herget from Product Labs (then Scientific Engineering), explaining the side-channel attack on the safe at the "CISPA♥️IGB" event in St. Ingbert on September 16, 2023.
©Felix Koltermann
A visitor attempts to crack the code of the safe during the "CISPA♥️IGB" event.
The safe is filled with candy and its door is locked. It will only open when the correct four-digit code is entered on the numeric keypad.
Combinations can be tried out at will. Ideally, children and adults make the observation that some digits are processed more slowly than others because they also move across the screen more slowly. As they observe this behavior, they should realize that the digit they are observing is part of the combination being sought.
Once children and adults have recognized the behavior which reveals the right digit, they have to devise a strategy to efficiently determine the remaining digits of the code.
As soon as they think that they have rightly guessed all four digits, they can enter the entire combination. If the code is correct, the display will read "OPEN", the door can be opened and the candy removed.
To lock the door again, you need to press the '#' key. It will only open when the correct code is entered once more.
To give participants a sense of achievement even if they cannot guess the numerical code, there is a hidden button at the back of the safe. If this button is pressed, the safe can be opened with any combination of digits.
Holding the button while plugging in the power supply will open the door without requiring a code.
For children and adults from beyond St. Ingbert who would also like to experience the fun and learning success of this demonstrator, the safe was recreated digitally and is now available on an interactive website. Hosted by the CISPA Cysec Lab, our student laboratory for cybersecurity, the digital safe can now be cracked online using the same strategy and the same side-channel attack.
In a playful fashion, this demonstrator teaches people of all ages the basics of a research topic that is currently pursued at CISPA. It also helps to overcome fears of technology and mathematics by guaranteeing a sense of (sweet) achievement after just a few minutes.
Side-channel attacks play a major role for the security of information processing systems. Research in this area is very important because this type of attack rarely reaches the public. Not only are researchers proving the existence as well as the penetrating power of side-channel attacks, they are also developing preventive measures.
CISPA has made a name for itself in side-channel attack research. CISPA Founding Director, Professor Michael Backes, began researching such attacks back in 2008.
Recently, the name of CISPA-Faculty Michael Schwarz has become associated with spectacular side-channel attacks: In 2018, it was the "Meltdown" attack, in 2020, the "Platypus" attack, and in 2023, "Collide + Power".
With "Collide + Power", he documented a vulnerability where power measurements can be used to extract data directly from the computer's processor. This form of attack is difficult to prevent and vendors can only provide guidance on how to protect against it.