{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T03:24:50Z","timestamp":1769916290904,"version":"3.49.0"},"reference-count":52,"publisher":"IEEE","license":[{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,5,1]]},"DOI":"10.1109\/host55118.2023.10133438","type":"proceedings-article","created":{"date-parts":[[2023,5,25]],"date-time":"2023-05-25T17:29:36Z","timestamp":1685035776000},"page":"179-190","source":"Crossref","is-referenced-by-count":5,"title":["Uprooting Trust: Learnings from an Unpatchable Hardware Root-of-Trust Vulnerability in Siemens S7-1500 PLCs"],"prefix":"10.1109","author":[{"given":"Yuanzhe","family":"Wu","sequence":"first","affiliation":[{"name":"Red Balloon Security,New York,NY,USA"}]},{"given":"Grant","family":"Skipper","sequence":"additional","affiliation":[{"name":"Red Balloon Security,New York,NY,USA"}]},{"given":"Ang","family":"Cui","sequence":"additional","affiliation":[{"name":"Red Balloon Security,New York,NY,USA"}]}],"member":"263","reference":[{"key":"ref13","article-title":"An open-source cryptographic coprocessor","author":"gutmann","year":"2000","journal-title":"9th USENIX Security Symposium (USENIX Security 00)"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.23919\/ICACT53585.2022.9728840"},{"key":"ref15","doi-asserted-by":"crossref","first-page":"831","DOI":"10.1016\/S1389-1286(98)00019-X","article-title":"Building a high-performance, pro- grammable secure coprocessor","volume":"31","author":"smith","year":"1999","journal-title":"Computer Networks"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1117\/12.359537"},{"key":"ref52","year":"2022","journal-title":"Using encryption and authentication to secure an UltraScale\/UltraScale + FPGA bitstream (XAPP1267 v1 5)"},{"key":"ref11","author":"innovation","year":"2022","journal-title":"National Vulnerability Database"},{"key":"ref10","author":"newsham","year":"2000","journal-title":"Format String Attacks"},{"key":"ref17","article-title":"Defeating cisco trust anchor: A case-study of recent advancements in direct FPGA bitstream manipulation","author":"kataria","year":"2019","journal-title":"13th USENIX Workshop on Offensive Technologies (WOOT 19)"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SMCSIA.2003.1232427"},{"key":"ref19","article-title":"On the portability of side- channel attacks-an analysis of the Xilinx Virtex 4, Virtex 5, and Spartan 6 bitstream encryption mechanism","author":"moradi","year":"2011","journal-title":"Cryptology ePrint Archive"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/MWSCAS.2017.8053108"},{"key":"ref51","year":"2022","journal-title":"Jetson Linux Developer Guide Fuses and Security"},{"key":"ref50","article-title":"Caliptra: A datacenter system on a chip (soc)root of trust (rot)","year":"2022"},{"key":"ref46","first-page":"1803","article-title":"The unpatchable silicon: A full break of the bitstream encryption of Xilinx 7-series FPGAs","author":"ender","year":"2020","journal-title":"29th USENIX Security Symposium (USENIX Security 20)"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_19"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3407028"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/FCCM53951.2022.9786118"},{"key":"ref42","year":"2022","journal-title":"Totally integrated automation portal-always ready for tomorrow"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.31399\/asm.cp.istfa2017p0285"},{"key":"ref44","year":"2006","journal-title":"An Introduction to NAND Flash and How to Design It In to Your Next Product"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/1176887.1176911"},{"key":"ref49","year":"2022","journal-title":"Hardware secure boot"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336769"},{"key":"ref7","first-page":"51","article-title":"Run-time detection of heap-based overflows","volume":"3","author":"robertson","year":"2003","journal-title":"LISA"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1219077"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.epsr.2016.08.046"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2018.i3.573-595"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1086297.1086306"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1997.601317"},{"key":"ref40","article-title":"Appli- cation of FIB\/SEM and TEM to bit failure analyses in SRAM arrays","volume":"782","author":"qin","year":"2003","journal-title":"MRS Online Proceedings Library (OPL)"},{"key":"ref35","year":"2018","journal-title":"W29N01HVXINF 1G-BIT 3 3v NAND flash memory datasheet"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/ICACCS.2016.7586376"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/18.61115"},{"key":"ref36","year":"2022","journal-title":"Xgpro software user guide T56\/TL866"},{"key":"ref31","article-title":"SIMATIC S7-1500","year":"2022","journal-title":"Siemens"},{"key":"ref30","year":"2022","journal-title":"6ES7511-1AK02-0AB0 Product details"},{"key":"ref33","article-title":"IEEE std. 1149.1-standard test access port and boundary-scan architecture","volume":"9","author":"group","year":"2017","journal-title":"Retrieved March"},{"key":"ref32","year":"2013","journal-title":"ATECC108A Atmel CryptoAuthentication Device Summary Datasheet"},{"key":"ref2","article-title":"Black-box laser fault injection on a secure memory","author":"h\u00e9riveaux","year":"2020","journal-title":"Symposium sur la sécuritédes technologies de l'information et des communications-SSTIC 2020"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2015.7232966"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/1506409.1506429"},{"key":"ref38","author":"kane","year":"1992","journal-title":"MIPS R2000 RISC Architecture"},{"key":"ref24","year":"2015","journal-title":"Trusted Platform Module (TPM) 2 0 a brief introduction"},{"key":"ref23","year":"2021","journal-title":"Enable TPM 2 0 on your PC"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2010.110"},{"key":"ref25","author":"turiceanu","year":"2021","journal-title":"TPM 2 0 chips Where to buy & price comparison"},{"key":"ref20","year":"2011","journal-title":"Tpm 1 2 Main Specification"},{"key":"ref22","author":"kinney","year":"2006","journal-title":"Trusted Platform Module Basics Using TPM in Embedded Systems Newnes"},{"key":"ref21","author":"ryan","year":"2009","journal-title":"Introduction to the TPM 1 2"},{"key":"ref28","first-page":"29","article-title":"W32. stuxnet dossier","volume":"5","author":"falliere","year":"2011","journal-title":"White Paper Symantec Corp Security Response"},{"key":"ref27","year":"2017","journal-title":"ATECC508A CryptoAuthentication de- vice complete datasheet"},{"key":"ref29","year":"2021","journal-title":"SSA-434534 Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families"}],"event":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","location":"San Jose, CA, USA","start":{"date-parts":[[2023,5,1]]},"end":{"date-parts":[[2023,5,4]]}},"container-title":["2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10132842\/10132914\/10133438.pdf?arnumber=10133438","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,12]],"date-time":"2023-06-12T17:56:11Z","timestamp":1686592571000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10133438\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5,1]]},"references-count":52,"URL":"https:\/\/doi.org\/10.1109\/host55118.2023.10133438","relation":{},"subject":[],"published":{"date-parts":[[2023,5,1]]}}}