{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,20]],"date-time":"2025-10-20T22:41:25Z","timestamp":1761000085201,"version":"build-2065373602"},"publisher-location":"Singapore","reference-count":40,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819535361"},{"type":"electronic","value":"9789819535378"}],"license":[{"start":{"date-parts":[[2025,10,20]],"date-time":"2025-10-20T00:00:00Z","timestamp":1760918400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,20]],"date-time":"2025-10-20T00:00:00Z","timestamp":1760918400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-981-95-3537-8_2","type":"book-chapter","created":{"date-parts":[[2025,10,19]],"date-time":"2025-10-19T10:43:15Z","timestamp":1760870595000},"page":"22-40","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Find the\u00a0Clasp of\u00a0the\u00a0Chain: Efficiently Locating Cryptographic Procedures in\u00a0SoC Secure Boot by\u00a0Semi-automated Side-Channel Analysis"],"prefix":"10.1007","author":[{"given":"Shipei","family":"Qu","sequence":"first","affiliation":[]},{"given":"Yuxuan","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Jintong","family":"Yu","sequence":"additional","affiliation":[]},{"given":"Cheng","family":"Hong","sequence":"additional","affiliation":[]},{"given":"Chi","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Dawu","family":"Gu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,10,20]]},"reference":[{"key":"2_CR1","unstructured":"ARM: ARM Trusted Firmware A (2019). https:\/\/github.com\/ARM-software\/arm-trusted-firmware"},{"key":"2_CR2","unstructured":"ARM: Instruction availability and branch ranges, arm a-profile a64 instruction set architecture (2022). https:\/\/developer.arm.com\/documentation\/ddi0602\/2022-06\/Base-Instructions\/BL--Branch-with-Link-"},{"key":"2_CR3","unstructured":"ARM: ARM Application Binary Interface (2024). https:\/\/developer.arm.com\/Architectures\/Application%20Binary%20Interface"},{"issue":"11","key":"2_CR4","doi-asserted-by":"publisher","first-page":"3056","DOI":"10.1109\/JPROC.2012.2188769","volume":"100","author":"A Barenghi","year":"2012","unstructured":"Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056\u20133076 (2012). https:\/\/doi.org\/10.1109\/JPROC.2012.2188769","journal-title":"Proc. IEEE"},{"key":"2_CR5","unstructured":"Bartolomeo, L.D., Moghaddas, H., Payer, M.: ARMore: pushing love back into binaries. In: USENIX Security Symposium, pp. 6311\u20136328. USENIX Association (2023). https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/di-bartolomeo"},{"issue":"4","key":"2_CR6","doi-asserted-by":"publisher","first-page":"757","DOI":"10.1109\/TASL.2008.919072","volume":"16","author":"J Benesty","year":"2008","unstructured":"Benesty, J., Chen, J., Huang, Y.: On the importance of the Pearson correlation coefficient in noise reduction. IEEE Trans. Audio Speech Lang. Process. 16(4), 757\u2013765 (2008). https:\/\/doi.org\/10.1109\/TASL.2008.919072","journal-title":"IEEE Trans. Audio Speech Lang. Process."},{"key":"2_CR7","doi-asserted-by":"publisher","unstructured":"Bittner, O., Krachenfels, T., Galauner, A., Seifert, J.P.: The forgotten threat of voltage glitching: a case study on Nvidia Tegra X2 SoCs. In: FDTC 2021, pp. 86\u201397. IEEE Computer Society (2021). https:\/\/doi.org\/10.1109\/FDTC53659.2021.00021","DOI":"10.1109\/FDTC53659.2021.00021"},{"key":"2_CR8","doi-asserted-by":"publisher","unstructured":"Buhren, R., Jacob, H.N., Krachenfels, T., Seifert, J.P.: One glitch to rule them all: fault injection attacks against AMD\u2019s secure encrypted virtualization. In: CCS 2021, pp. 2875\u20132889. ACM (2021). https:\/\/doi.org\/10.1145\/3460120.3484779","DOI":"10.1145\/3460120.3484779"},{"key":"2_CR9","doi-asserted-by":"publisher","unstructured":"Cao, P., Zhang, C., Lu, X., Gu, D.: Cross-device profiled side-channel attack with unsupervised domain adaptation. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(4), 27\u201356 (2021). https:\/\/doi.org\/10.46586\/tches.v2021.i4.27-56","DOI":"10.46586\/tches.v2021.i4.27-56"},{"key":"2_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1007\/978-3-642-17499-5_4","volume-title":"Transactions on Computational Science X","author":"T Eisenbarth","year":"2010","unstructured":"Eisenbarth, T., Paar, C., Weghenkel, B.: Building a side channel based disassembler. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science X. LNCS, vol. 6340, pp. 78\u201399. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17499-5_4"},{"key":"2_CR11","doi-asserted-by":"publisher","unstructured":"Fanjas, C., Aboulkassimi, D., Pontie, S., Clediere, J.: Exploration of system-on-chip secure-boot vulnerability to fault-injection by side-channel analysis . In: 2023 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), pp.\u00a01\u20136. IEEE Computer Society (2023). https:\/\/doi.org\/10.1109\/DFT59622.2023.10313346","DOI":"10.1109\/DFT59622.2023.10313346"},{"issue":"13","key":"2_CR12","doi-asserted-by":"publisher","first-page":"2023","DOI":"10.3390\/electronics11132023","volume":"11","author":"A Gangolli","year":"2022","unstructured":"Gangolli, A., Mahmoud, Q.H., Azim, A.: A systematic review of fault injection attacks on IoT systems. Electronics 11(13), 2023 (2022). https:\/\/doi.org\/10.3390\/electronics11132023","journal-title":"Electronics"},{"key":"2_CR13","doi-asserted-by":"publisher","unstructured":"H\u00e9riveaux, O.: Triple exploit chain with laser fault injection on a secure element. In: FDTC 2022, pp. 9\u201317. IEEE (2022). https:\/\/doi.org\/10.1109\/FDTC57191.2022.00011","DOI":"10.1109\/FDTC57191.2022.00011"},{"key":"2_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"425","DOI":"10.1007\/978-3-319-66787-4_21","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2017","author":"N Jacob","year":"2017","unstructured":"Jacob, N., Heyszl, J., Zankl, A., Rolfes, C., Sigl, G.: How to break secure boot on FPGA SoCs through malicious hardware. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 425\u2013442. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66787-4_21"},{"key":"2_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/3-540-68697-5_9","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"PC Kocher","year":"1996","unstructured":"Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104\u2013113. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_9"},{"key":"2_CR16","unstructured":"Langer: RF-U 5-2, H-Field Probe 30 MHz up to 3 GHz (2020). https:\/\/www.langer-emv.de\/en\/product\/rf-passive-30-mhz-up-to-3-ghz\/35\/rf-u-5-2-h-field-probe-30-mhz-up-to-3-ghz\/16"},{"key":"2_CR17","doi-asserted-by":"publisher","unstructured":"Liu, Y., Wei, L., Zhou, Z., Zhang, K., Xu, W., Xu, Q.: On code execution tracking via power side-channel. In: CCS 2016, pp. 1019\u20131031. ACM (2016). https:\/\/doi.org\/10.1145\/2976749.2978299","DOI":"10.1145\/2976749.2978299"},{"key":"2_CR18","doi-asserted-by":"publisher","unstructured":"L\u00f6hr, H., Sadeghi, A.R., Winandy, M.: Patterns for secure boot and secure storage in computer systems. In: 2010 International Conference on Availability, Reliability and Security, pp. 569\u2013573. IEEE (2010). https:\/\/doi.org\/10.1109\/ARES.2010.110","DOI":"10.1109\/ARES.2010.110"},{"issue":"6","key":"2_CR19","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1145\/1064978.1065034","volume":"40","author":"CK Luk","year":"2005","unstructured":"Luk, C.K., et al.: Pin: building customized program analysis tools with dynamic instrumentation. ACM SIGPLAN Not. 40(6), 190\u2013200 (2005). https:\/\/doi.org\/10.1145\/1064978.1065034","journal-title":"ACM SIGPLAN Not."},{"key":"2_CR20","doi-asserted-by":"publisher","unstructured":"Nashimoto, S., Suzuki, D., Ueno, R., Homma, N.: Bypassing isolated execution on RISC-V using side-channel-assisted fault-injection and its countermeasure. IACR Trans. Cryptogr. Hardw. Embed. Syst., 28\u201368 (2022). https:\/\/doi.org\/10.46586\/tches.v2022.i1.28-68","DOI":"10.46586\/tches.v2022.i1.28-68"},{"issue":"6","key":"2_CR21","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1145\/1273442.1250746","volume":"42","author":"N Nethercote","year":"2007","unstructured":"Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. ACM Sigplan Not. 42(6), 89\u2013100 (2007)","journal-title":"ACM Sigplan Not."},{"key":"2_CR22","unstructured":"NVIDIA: CUDA 12.4 (2024). https:\/\/developer.nvidia.com\/about-cuda"},{"issue":"1","key":"2_CR23","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1007\/S13389-014-0087-5","volume":"5","author":"C O\u2019Flynn","year":"2015","unstructured":"O\u2019Flynn, C., Chen, Z.: Synchronous sampling and clock recovery of internal oscillators for side channel analysis and fault injection. J. Cryptogr. Eng. 5(1), 53\u201369 (2015). https:\/\/doi.org\/10.1007\/S13389-014-0087-5","journal-title":"J. Cryptogr. Eng."},{"key":"2_CR24","unstructured":"Trusted Firmware Organization: OP-TEE (2025). https:\/\/www.trustedfirmware.org\/projects\/op-tee\/"},{"key":"2_CR25","unstructured":"Raspberry Pi: Raspberry Pi 3 Model B+ (2014). https:\/\/www.raspberrypi.com\/products\/raspberry-pi-3-model-b-plus\/"},{"key":"2_CR26","unstructured":"Picotech: PicoScope 3000 Series (2021). https:\/\/www.picotech.com\/oscilloscope\/3000\/picoscope-3000-oscilloscope-specifications"},{"key":"2_CR27","doi-asserted-by":"publisher","unstructured":"Qu, S., Wang, Y., Yu, J., Zhang, C., Gu, D.: Trace copilot: automatically locating cryptographic operations in side-channel traces by firmware binary instrumenting. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2025(1), 128\u2013159 (2024). https:\/\/doi.org\/10.46586\/tches.v2025.i1.128-159","DOI":"10.46586\/tches.v2025.i1.128-159"},{"key":"2_CR28","doi-asserted-by":"publisher","unstructured":"Qu, S., Zhang, X., Zhang, C., Gu, D.: Trapped by your words: (ab)using processor exception for generic binary instrumentation on bare-metal embedded devices. In: Proceedings of the 61st ACM\/IEEE Design Automation Conference. ACM (2024). https:\/\/doi.org\/10.1145\/3649329.3655687","DOI":"10.1145\/3649329.3655687"},{"key":"2_CR29","unstructured":"SINOVOIP: Banana PI BPI-M7 (2024). https:\/\/wiki.banana-pi.org\/Banana_Pi_BPI-M7"},{"key":"2_CR30","doi-asserted-by":"publisher","unstructured":"Song, Y., Mi, Z., Xie, H., Chen, H.: Powerinfer: fast large language model serving with a consumer-grade GPU. In: SOSP 2024, pp. 590\u2013606. ACM (2024). https:\/\/doi.org\/10.1145\/3694715.3695964","DOI":"10.1145\/3694715.3695964"},{"key":"2_CR31","unstructured":"Team, N.: Numpy Library (2025). https:\/\/numpy.org\/"},{"key":"2_CR32","unstructured":"Team, S.: Scipy Library (2025). https:\/\/scipy.org\/"},{"key":"2_CR33","doi-asserted-by":"publisher","unstructured":"Timon, B.: Non-profiled deep learning-based side-channel attacks with sensitivity analysis. IACR Trans. Cryptogr. Hardw. Embed. Syst., 107\u2013131 (2019). https:\/\/doi.org\/10.13154\/tches.v2019.i2.107-131","DOI":"10.13154\/tches.v2019.i2.107-131"},{"key":"2_CR34","doi-asserted-by":"publisher","unstructured":"Trautmann, J., Beckers, A., Wouters, L., Wildermann, S., Verbauwhede, I., Teich, J.: Semi-automatic locating of cryptographic operations in side-channel traces. IACR Trans. Cryptogr. Hardw. Embed. Syst., 345\u2013366 (2022). https:\/\/doi.org\/10.46586\/tches.v2022.i1.345-366","DOI":"10.46586\/tches.v2022.i1.345-366"},{"key":"2_CR35","unstructured":"U-boot.org: Universal bootloader (2017). https:\/\/github.com\/u-boot\/u-boot"},{"key":"2_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/978-3-030-15462-2_12","volume-title":"Smart Card Research and Advanced Applications","author":"S Vasile","year":"2019","unstructured":"Vasile, S., Oswald, D., Chothia, T.: Breaking all the things\u2014a systematic survey of firmware extraction techniques for IoT devices. In: Bilgin, B., Fischer, J.-B. (eds.) CARDIS 2018. LNCS, vol. 11389, pp. 171\u2013185. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-15462-2_12"},{"key":"2_CR37","doi-asserted-by":"publisher","unstructured":"Vasselle, A., Thiebeauld, H., Maouhoub, Q., Morisset, A., Ermeneux, S.: Laser-induced fault injection on smartphone bypassing the secure boot. In: FDTC 2017, pp. 41\u201348. IEEE (2017). https:\/\/doi.org\/10.1109\/FDTC.2017.18","DOI":"10.1109\/FDTC.2017.18"},{"key":"2_CR38","doi-asserted-by":"publisher","unstructured":"Veshchikov, N., Guilley, S.: Use of simulators for side-channel analysis. In: 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 104\u2013112. IEEE (2017). https:\/\/doi.org\/10.1109\/EuroSPW.2017.59","DOI":"10.1109\/EuroSPW.2017.59"},{"key":"2_CR39","doi-asserted-by":"publisher","unstructured":"Wang, Z., et al.: SPA-GPT: general pulse tailor for simple power analysis based on reinforcement learning. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2024(4), 40\u201383 (2024). https:\/\/doi.org\/10.46586\/tches.v2024.i4.40-83","DOI":"10.46586\/tches.v2024.i4.40-83"},{"key":"2_CR40","unstructured":"Wouters, L.: Starlink User Terminal Modchip (2022). https:\/\/github.com\/KULeuven-COSIC\/Starlink-FI"}],"container-title":["Lecture Notes in Computer Science","Information and Communications Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-95-3537-8_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,20]],"date-time":"2025-10-20T22:03:08Z","timestamp":1760997788000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-95-3537-8_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,20]]},"ISBN":["9789819535361","9789819535378"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-981-95-3537-8_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025,10,20]]},"assertion":[{"value":"20 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information and Communications Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nanjing","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 October 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 October 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icics2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.icics2025.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}