{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T12:10:30Z","timestamp":1771330230657,"version":"3.50.1"},"publisher-location":"Cham","reference-count":23,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031294969","type":"print"},{"value":"9783031294976","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-29497-6_2","type":"book-chapter","created":{"date-parts":[[2023,3,22]],"date-time":"2023-03-22T14:09:00Z","timestamp":1679494140000},"page":"23-41","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Efficient Attack-Surface Exploration for\u00a0Electromagnetic Fault Injection"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7053-3695","authenticated-orcid":false,"given":"Daniele Antonio Emanuele","family":"Carta","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5685-9795","authenticated-orcid":false,"given":"Vittorio","family":"Zaccaria","sequence":"additional","affiliation":[]},{"given":"Gabriele","family":"Quagliarella","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2901-2972","authenticated-orcid":false,"given":"Maria Chiara","family":"Molteni","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,3,23]]},"reference":[{"key":"2_CR1","doi-asserted-by":"publisher","unstructured":"Bachrathy, D., St\u00e9p\u00e1n, G.: Bisection method in higher dimensions and the efficiency number. Periodica polytechnica. Mech. Eng. 56, 81\u201386 (2012). https:\/\/doi.org\/10.3311\/pp.me.2012-2.01","DOI":"10.3311\/pp.me.2012-2.01"},{"key":"2_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"236","DOI":"10.1007\/978-3-319-08302-5_16","volume-title":"Smart Card Research and Advanced Applications","author":"RB Carpi","year":"2014","unstructured":"Carpi, R.B., Picek, S., Batina, L., Menarini, F., Jakobovic, D., Golub, M.: Glitch it if you can: parameter search strategies for successful fault injection. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 236\u2013252. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-08302-5_16"},{"key":"2_CR3","unstructured":"Cui, A., Housley, R.: BADFET: defeating modern secure boot using Second-Order pulsed electromagnetic fault injection. In: 11th USENIX Workshop on Offensive Technologies (WOOT 17). USENIX Association, Vancouver, BC (2017). https:\/\/www.usenix.org\/conference\/woot17\/workshop-program\/presentation\/cui"},{"issue":"4","key":"2_CR4","doi-asserted-by":"publisher","first-page":"680","DOI":"10.1109\/TCAD.2020.3003287","volume":"40","author":"M Dumont","year":"2021","unstructured":"Dumont, M., Lisart, M., Maurine, P.: Modeling and simulating electromagnetic fault injection. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 40(4), 680\u2013693 (2021). https:\/\/doi.org\/10.1109\/TCAD.2020.3003287","journal-title":"IEEE Trans. Comput. Aided Des. Integr. Circuits Syst."},{"key":"2_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/978-3-319-31271-2_7","volume-title":"Smart Card Research and Advanced Applications","author":"L Dureuil","year":"2016","unstructured":"Dureuil, L., Potet, M.-L., de Choudens, P., Dumas, C., Cl\u00e9di\u00e8re, J.: From code review to fault injection attacks: filling the gap using fault model inference. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 107\u2013124. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-31271-2_7"},{"key":"2_CR6","doi-asserted-by":"publisher","unstructured":"Dutertre, J.M., Menu, A., Potin, O., Rigaud, J.B., Danger, J.L.: Experimental analysis of the electromagnetic instruction skip fault model and consequences for software countermeasures. Microelectron. Reliability 121, 114133 (2021). https:\/\/doi.org\/10.1016\/j.microrel.2021.114133. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0026271421000998","DOI":"10.1016\/j.microrel.2021.114133"},{"key":"2_CR7","unstructured":"Wypych, G., Laurie, A.: Raiden github repository. https:\/\/github.com\/IBM\/raiden (2020)"},{"key":"2_CR8","doi-asserted-by":"publisher","unstructured":"Gaine, C., Aboulkassimi, D., Ponti\u00e9, S., Nikolovski, J.P., Dutertre, J.M.: Electromagnetic fault injection as a new forensic approach for SoCs. In: 2020 IEEE International Workshop on Information Forensics and Security (WIFS), pp. 1\u20136 (2020). https:\/\/doi.org\/10.1109\/WIFS49906.2020.9360902","DOI":"10.1109\/WIFS49906.2020.9360902"},{"key":"2_CR9","doi-asserted-by":"publisher","unstructured":"Gaine, C., Nikolovski, J.P., Aboulkassimi, D., Dutertre, J.M.: New probe design for hardware characterization by electromagnetic fault injection. In: 2022 International Symposium on Electromagnetic Compatibility - EMC Europe, pp. 299\u2013304 (2022). https:\/\/doi.org\/10.1109\/EMCEurope51680.2022.9901104","DOI":"10.1109\/EMCEurope51680.2022.9901104"},{"key":"2_CR10","unstructured":"Hummel, T.: Exploring effects of electromagnetic fault injection on a 32-bit high speed embedded device microprocessor, Master\u2019s thesis, University of Twente (2014)"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"K\u00fchnapfel, N., Buhren, R., Jacob, H.N., Krachenfels, T., Werling, C., Seifert, J.P.: EM-fault it yourself: Building a replicable EMFI setup for desktop and server hardware. arXiv preprint arXiv:2209.09835 (2022)","DOI":"10.1109\/PAINE56030.2022.10014927"},{"key":"2_CR12","doi-asserted-by":"crossref","unstructured":"Machiry, A., et al.: BOOMERANG: exploiting the semantic gap in trusted execution environments. In: NDSS (2017)","DOI":"10.14722\/ndss.2017.23227"},{"key":"2_CR13","unstructured":"Madau, M.: A methodology to localise EMFI areas on Microcontrollers, Theses, Universit\u00e9 Montpellier (2019). https:\/\/tel.archives-ouvertes.fr\/tel-02478873"},{"key":"2_CR14","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1007\/978-3-030-11333-9_13","volume-title":"Automated Methods in Cryptographic Fault Analysis","author":"A Maldini","year":"2019","unstructured":"Maldini, A., Samwel, N., Picek, S., Batina, L.: Optimizing electromagnetic fault injection with genetic algorithms. In: Breier, J., Hou, X., Bhasin, S. (eds.) Automated Methods in Cryptographic Fault Analysis, pp. 281\u2013300. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-11333-9_13"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Menu, A., Bhasin, S., Dutertre, J.M., Rigaud, J.B., Danger, J.L.: Precise spatio-temporal electromagnetic fault injections on data transfers. In: 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 1\u20138. IEEE (2019)","DOI":"10.1109\/FDTC.2019.00009"},{"key":"2_CR16","doi-asserted-by":"publisher","unstructured":"Moro, N., Dehbaoui, A., Heydemann, K., Robisson, B., Encrenaz, E.: Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller. In: 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 77\u201388 (2013). https:\/\/doi.org\/10.1109\/FDTC.2013.9","DOI":"10.1109\/FDTC.2013.9"},{"key":"2_CR17","unstructured":"NewAE: Chipshouter github repository. https:\/\/github.com\/newaetech\/ChipSHOUTER (2019)"},{"key":"2_CR18","unstructured":"Omarouayache, R., Raoult, J., Jarrix, S., Chusseau, L., Maurine, P.: Magnetic Microprobe design for EM fault attack. In: EMC EUROPE: Electromagnetic Compatibility. EMC EUROPE, Bruges, Belgium (2013). https:\/\/hal.archives-ouvertes.fr\/hal-01893856"},{"issue":"3","key":"2_CR19","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1007\/s13389-016-0128-3","volume":"7","author":"S Ordas","year":"2016","unstructured":"Ordas, S., Guillaume-Sage, L., Maurine, P.: Electromagnetic fault injection: the curse of flip-flops. J. Cryptogr. Eng. 7(3), 183\u2013197 (2016). https:\/\/doi.org\/10.1007\/s13389-016-0128-3","journal-title":"J. Cryptogr. Eng."},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"Proy, J., Heydemann, K., Berzati, A., Maj\u00e9ric, F., Cohen, A.: A first ISA-level characterization of em pulse effects on superscalar microarchitectures: a secure software perspective. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1\u201310 (2019)","DOI":"10.1145\/3339252.3339253"},{"key":"2_CR21","unstructured":"Raelize: Qualcomm IPQ40xx: Breaking into QSEE using fault injection. https:\/\/raelize.com\/blog\/qualcomm-ipq40xx-breaking-into-qsee-using-fault-injection (2021)"},{"key":"2_CR22","unstructured":"Tang, A., Sethumadhavan, S., Stolfo, S.: $$\\{$$CLKSCREW$$\\}$$: exposing the perils of $$\\{$$Security-Oblivious$$\\}$$ energy management. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 1057\u20131074 (2017)"},{"key":"2_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/978-3-030-41702-4_8","volume-title":"Information Security Theory and Practice","author":"T Trouchkine","year":"2020","unstructured":"Trouchkine, T., Bouffard, G., Cl\u00e9di\u00e8re, J.: Fault injection characterization on modern CPUs. In: Laurent, M., Giannetsos, T. (eds.) WISTP 2019. LNCS, vol. 12024, pp. 123\u2013138. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-41702-4_8"}],"container-title":["Lecture Notes in Computer Science","Constructive Side-Channel Analysis and Secure Design"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-29497-6_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,3,22]],"date-time":"2023-03-22T14:09:13Z","timestamp":1679494153000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-29497-6_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031294969","9783031294976"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-29497-6_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"23 March 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"COSADE","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Constructive Side-Channel Analysis and Secure Design","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Munich","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 April 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 April 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cosade2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.cosade.org\/cosade23\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easy Chair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"43% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}