{"id":"https://openalex.org/W4378191940","doi":"https://doi.org/10.1109/host55118.2023.10133438","title":"Uprooting Trust: Learnings from an Unpatchable Hardware Root-of-Trust Vulnerability in Siemens S7-1500 PLCs","display_name":"Uprooting Trust: Learnings from an Unpatchable Hardware Root-of-Trust Vulnerability in Siemens S7-1500 PLCs","publication_year":2023,"publication_date":"2023-05-01","ids":{"openalex":"https://openalex.org/W4378191940","doi":"https://doi.org/10.1109/host55118.2023.10133438"},"language":"en","primary_location":{"id":"doi:10.1109/host55118.2023.10133438","is_oa":false,"landing_page_url":"https://doi.org/10.1109/host55118.2023.10133438","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5109874200","display_name":"Yuanzhe Wu","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Yuanzhe Wu","raw_affiliation_strings":["Red Balloon Security,New York,NY,USA","Red Balloon Security, New York, NY, USA"],"affiliations":[{"raw_affiliation_string":"Red Balloon Security,New York,NY,USA","institution_ids":[]},{"raw_affiliation_string":"Red Balloon Security, New York, NY, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001823581","display_name":"Grant Skipper","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Grant Skipper","raw_affiliation_strings":["Red Balloon Security,New York,NY,USA","Red Balloon Security, New York, NY, USA"],"affiliations":[{"raw_affiliation_string":"Red Balloon Security,New York,NY,USA","institution_ids":[]},{"raw_affiliation_string":"Red Balloon Security, New York, NY, USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5049299865","display_name":"Ang Cui","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ang Cui","raw_affiliation_strings":["Red Balloon Security,New York,NY,USA","Red Balloon Security, New York, NY, USA"],"affiliations":[{"raw_affiliation_string":"Red Balloon Security,New York,NY,USA","institution_ids":[]},{"raw_affiliation_string":"Red Balloon Security, New York, NY, USA","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5109874200"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.8728,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.77991343,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"179","last_page":"190"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.6769724488258362},{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.6679019927978516},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6029840707778931},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5335037708282471},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5112977027893066},{"id":"https://openalex.org/keywords/hardware-security-module","display_name":"Hardware security module","score":0.5103432536125183},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.5041788816452026},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.4771251678466797},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4681827127933502},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.3997654318809509},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.32354289293289185},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.21470201015472412}],"concepts":[{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.6769724488258362},{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.6679019927978516},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6029840707778931},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5335037708282471},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5112977027893066},{"id":"https://openalex.org/C39217717","wikidata":"https://www.wikidata.org/wiki/Q1432354","display_name":"Hardware security module","level":3,"score":0.5103432536125183},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.5041788816452026},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.4771251678466797},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4681827127933502},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.3997654318809509},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.32354289293289185},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.21470201015472412}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/host55118.2023.10133438","is_oa":false,"landing_page_url":"https://doi.org/10.1109/host55118.2023.10133438","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.75}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W102661697","https://openalex.org/W1526092740","https://openalex.org/W1529728259","https://openalex.org/W1581621229","https://openalex.org/W1878766038","https://openalex.org/W1965898979","https://openalex.org/W1988847661","https://openalex.org/W2039097543","https://openalex.org/W2059278087","https://openalex.org/W2065207200","https://openalex.org/W2077688407","https://openalex.org/W2106117073","https://openalex.org/W2111015674","https://openalex.org/W2136651729","https://openalex.org/W2146950091","https://openalex.org/W2152674387","https://openalex.org/W2175377689","https://openalex.org/W2527958550","https://openalex.org/W2544593203","https://openalex.org/W2750334494","https://openalex.org/W2756732161","https://openalex.org/W2909889155","https://openalex.org/W2949797438","https://openalex.org/W2968769073","https://openalex.org/W3080132966","https://openalex.org/W3170159994","https://openalex.org/W3205443158","https://openalex.org/W4220729352","https://openalex.org/W4281666926","https://openalex.org/W6604257466","https://openalex.org/W6680472633","https://openalex.org/W6682326504","https://openalex.org/W6766478643","https://openalex.org/W6776294083","https://openalex.org/W6802935665"],"related_works":["https://openalex.org/W2354251310","https://openalex.org/W2366100887","https://openalex.org/W2392593410","https://openalex.org/W3203474640","https://openalex.org/W2392099550","https://openalex.org/W1989709299","https://openalex.org/W2352152035","https://openalex.org/W2359734510","https://openalex.org/W2388428165","https://openalex.org/W2370321928"],"abstract_inverted_index":{"Over":[0],"the":[1,52,145,150],"past":[2],"decade,":[3],"low-cost":[4],"hardware":[5,91],"crypto-coprocessors":[6],"have":[7,107],"become":[8],"an":[9],"attractive":[10],"solution":[11],"for":[12,83,93,124,129],"improving":[13],"device":[14],"security":[15,25,86],"on":[16,20,131,149],"embedded":[17,94,114,132],"systems.":[18,115],"Relying":[19],"dedicated":[21],"components":[22,39],"to":[23,31,45,65,71,89,144,168,175],"offload":[24],"operations,":[26],"however,":[27],"presents":[28,79],"unique":[29],"challenges":[30],"overall":[32],"system":[33],"security.":[34],"When":[35],"implemented":[36],"incorrectly,":[37],"these":[38,188],"may":[40,171],"be":[41],"abused":[42],"by":[43,139],"adversaries":[44],"infiltrate":[46],"Root-of-Trust":[47],"(RoT)":[48],"protections":[49],"and":[50,181],"compromise":[51],"greater":[53],"system.":[54],"Unlike":[55],"software-based":[56],"RoT,":[57],"when":[58],"a":[59,80],"hardware-based":[60],"RoT":[61,92,127,147,169],"is":[62,137],"found":[63],"vulnerable":[64],"tampers":[66],"there":[67],"are":[68,160],"few":[69],"remedies":[70],"\u2018patch\u2019":[72],"or":[73,192],"defend":[74],"against":[75],"attacks.":[76],"This":[77],"work":[78],"case":[81],"study":[82],"addressing":[84],"realworld":[85],"practices":[87],"related":[88,143,167],"implementing":[90],"systems":[95],"via":[96],"discrete":[97,146],"co-processing":[98],"components.":[99],"Furthermore,":[100],"we":[101,106,119],"identify":[102],"design":[103],"fallacies,":[104],"which":[105],"encountered":[108],"with":[109],"increasing":[110],"frequency":[111],"in":[112],"commercial":[113],"Through":[116],"this":[117,135],"investigation,":[118],"provide":[120],"practical":[121],"mitigating":[122],"solutions":[123],"integrating":[125],"secure":[126],"peripherals":[128],"use":[130],"hardware.":[133],"Specifically,":[134],"assessment":[136],"conducted":[138],"uncovering":[140],"novel":[141],"vulnerabilities":[142],"implementation":[148,170],"Siemens":[151],"S7-1500":[152],"series":[153],"Programmable":[154],"Logic":[155],"Controllers":[156],"(PLCs).":[157],"Our":[158],"findings":[159],"cautionary":[161],"evidence":[162],"of":[163],"how":[164],"tlawed":[165],"assumptions":[166],"allow":[172],"malicious":[173],"actors":[174],"spoof":[176],"authentication":[177],"credentials,":[178],"re-encrypt":[179],"firmware,":[180],"ultimately":[182],"gain":[183],"covert,":[184],"privileged":[185],"control":[186],"over":[187],"devices":[189],"without":[190],"invasive":[191],"destructive":[193],"practices.":[194]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}