{"id":"https://openalex.org/W7127127526","doi":"https://doi.org/10.1109/trustcom66490.2025.00252","title":"FaultSpy: On the Insecurity of SPDM Protocols under Fault Injection","display_name":"FaultSpy: On the Insecurity of SPDM Protocols under Fault Injection","publication_year":2025,"publication_date":"2025-11-14","ids":{"openalex":"https://openalex.org/W7127127526","doi":"https://doi.org/10.1109/trustcom66490.2025.00252"},"language":"en","primary_location":{"id":"doi:10.1109/trustcom66490.2025.00252","is_oa":false,"landing_page_url":"https://doi.org/10.1109/trustcom66490.2025.00252","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 24th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.1109/Trustcom66490.2025.00252","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5019418668","display_name":"Peiyao Sun","orcid":"https://orcid.org/0009-0009-3641-7039"},"institutions":[{"id":"https://openalex.org/I43439940","display_name":"University of Southampton","ror":"https://ror.org/01ryk1543","country_code":"GB","type":"education","lineage":["https://openalex.org/I43439940"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Peiyao Sun","raw_affiliation_strings":["University of Southampton,Southampton,United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Southampton,Southampton,United Kingdom","institution_ids":["https://openalex.org/I43439940"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Qifan Wang","orcid":null},"institutions":[{"id":"https://openalex.org/I79619799","display_name":"University of Birmingham","ror":"https://ror.org/03angcq70","country_code":"GB","type":"education","lineage":["https://openalex.org/I79619799"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Qifan Wang","raw_affiliation_strings":["University of Birmingham,Birmingham,United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Birmingham,Birmingham,United Kingdom","institution_ids":["https://openalex.org/I79619799"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080836958","display_name":"David Oswald","orcid":"https://orcid.org/0000-0001-8524-5282"},"institutions":[{"id":"https://openalex.org/I79619799","display_name":"University of Birmingham","ror":"https://ror.org/03angcq70","country_code":"GB","type":"education","lineage":["https://openalex.org/I79619799"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"David Oswald","raw_affiliation_strings":["University of Birmingham,Birmingham,United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Birmingham,Birmingham,United Kingdom","institution_ids":["https://openalex.org/I79619799"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055690957","display_name":"Mark Ryan","orcid":"https://orcid.org/0000-0002-1632-497X"},"institutions":[{"id":"https://openalex.org/I79619799","display_name":"University of Birmingham","ror":"https://ror.org/03angcq70","country_code":"GB","type":"education","lineage":["https://openalex.org/I79619799"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Mark Dermot Ryan","raw_affiliation_strings":["University of Birmingham,Birmingham,United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Birmingham,Birmingham,United Kingdom","institution_ids":["https://openalex.org/I79619799"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Vladimiro Sassone","orcid":null},"institutions":[{"id":"https://openalex.org/I43439940","display_name":"University of Southampton","ror":"https://ror.org/01ryk1543","country_code":"GB","type":"education","lineage":["https://openalex.org/I43439940"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Vladimiro Sassone","raw_affiliation_strings":["University of Southampton,Southampton,United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Southampton,Southampton,United Kingdom","institution_ids":["https://openalex.org/I43439940"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5124776505","display_name":"Ahmad Atamli","orcid":null},"institutions":[{"id":"https://openalex.org/I43439940","display_name":"University of Southampton","ror":"https://ror.org/01ryk1543","country_code":"GB","type":"education","lineage":["https://openalex.org/I43439940"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Ahmad Atamli","raw_affiliation_strings":["University of Southampton,Southampton,United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Southampton,Southampton,United Kingdom","institution_ids":["https://openalex.org/I43439940"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.77810295,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"2163","last_page":"2172"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8715999722480774,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.8715999722480774,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.03610000014305115,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.021700000390410423,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6567000150680542},{"id":"https://openalex.org/keywords/session","display_name":"Session (web analytics)","score":0.6478000283241272},{"id":"https://openalex.org/keywords/fault-injection","display_name":"Fault injection","score":0.6376000046730042},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.5490999817848206},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5217999815940857},{"id":"https://openalex.org/keywords/session-key","display_name":"Session key","score":0.435699999332428},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.41780000925064087},{"id":"https://openalex.org/keywords/isolation","display_name":"Isolation (microbiology)","score":0.39989998936653137}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7170000076293945},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6567000150680542},{"id":"https://openalex.org/C2779182362","wikidata":"https://www.wikidata.org/wiki/Q17126187","display_name":"Session (web analytics)","level":2,"score":0.6478000283241272},{"id":"https://openalex.org/C2775928411","wikidata":"https://www.wikidata.org/wiki/Q2041312","display_name":"Fault injection","level":3,"score":0.6376000046730042},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6047000288963318},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.5490999817848206},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5217999815940857},{"id":"https://openalex.org/C191197275","wikidata":"https://www.wikidata.org/wiki/Q1755775","display_name":"Session key","level":3,"score":0.435699999332428},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.41780000925064087},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.39989998936653137},{"id":"https://openalex.org/C175551986","wikidata":"https://www.wikidata.org/wiki/Q47089","display_name":"Fault (geology)","level":2,"score":0.38359999656677246},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.3395000100135803},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.33390000462532043},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.32829999923706055},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.3052999973297119},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3027999997138977},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2858999967575073},{"id":"https://openalex.org/C41878487","wikidata":"https://www.wikidata.org/wiki/Q191018","display_name":"Session Initiation Protocol","level":3,"score":0.27300000190734863},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.2687000036239624},{"id":"https://openalex.org/C12269588","wikidata":"https://www.wikidata.org/wiki/Q132364","display_name":"Communications protocol","level":2,"score":0.2632000148296356},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.26179999113082886},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.2526000142097473}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/trustcom66490.2025.00252","is_oa":false,"landing_page_url":"https://doi.org/10.1109/trustcom66490.2025.00252","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 24th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","raw_type":"proceedings-article"},{"id":"pmh:oai:durham-repository.worktribe.com:4830928","is_oa":true,"landing_page_url":"https://doi.org/10.1109/Trustcom66490.2025.00252","pdf_url":null,"source":{"id":"https://openalex.org/S4306400188","display_name":"Durham Research Online (Durham University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I190082696","host_organization_name":"Durham University","host_organization_lineage":["https://openalex.org/I190082696"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":null,"raw_type":"Presentation / Conference Contribution"}],"best_oa_location":{"id":"pmh:oai:durham-repository.worktribe.com:4830928","is_oa":true,"landing_page_url":"https://doi.org/10.1109/Trustcom66490.2025.00252","pdf_url":null,"source":{"id":"https://openalex.org/S4306400188","display_name":"Durham Research Online (Durham University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I190082696","host_organization_name":"Durham University","host_organization_lineage":["https://openalex.org/I190082696"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":null,"raw_type":"Presentation / Conference Contribution"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.7842428088188171,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W1965936844","https://openalex.org/W2027716782","https://openalex.org/W2071722828","https://openalex.org/W2085992264","https://openalex.org/W2110941647","https://openalex.org/W2111725598","https://openalex.org/W2320204756","https://openalex.org/W2555422269","https://openalex.org/W2939057911","https://openalex.org/W2981860227","https://openalex.org/W3015806656","https://openalex.org/W3095964145","https://openalex.org/W3213793813","https://openalex.org/W4296992116","https://openalex.org/W4312646271","https://openalex.org/W4383503805","https://openalex.org/W4384158182","https://openalex.org/W4396657275","https://openalex.org/W4403271912","https://openalex.org/W4404515051","https://openalex.org/W4405262993","https://openalex.org/W4408310766","https://openalex.org/W4410186691","https://openalex.org/W4416549588"],"related_works":[],"abstract_inverted_index":{"The":[0],"Security":[1],"Protocol":[2],"and":[3,16,28,60,102,123],"Data":[4],"Model":[5],"(SPDM)":[6],"establishes":[7],"device-level":[8],"trust":[9],"in":[10,121,149],"hardware":[11],"platforms":[12],"through":[13,135],"authentication,":[14,98],"attestation,":[15],"secure":[17],"session":[18,125],"establishment.":[19],"While":[20],"prior":[21],"research":[22],"has":[23],"focused":[24],"on":[25,140],"formal":[26],"analyses":[27],"deployment":[29],"considerations,":[30],"the":[31,48,74,130,157,162],"impact":[32],"of":[33,132],"implementation-level":[34,166],"vulnerabilities,":[35],"particularly":[36],"under":[37],"active":[38],"physical":[39],"adversaries,":[40],"remains":[41],"largely":[42],"underexplored.":[43],"This":[44],"work":[45],"presents":[46],"FaultSpy,":[47],"first":[49],"systematic":[50],"framework":[51],"for":[52,164],"evaluating":[53],"SPDM":[54,158],"against":[55],"Fault":[56],"Injection":[57],"Attacks":[58],"(FIAs)":[59],"their":[61],"combination":[62],"with":[63,80,153],"other":[64,154],"prominent":[65],"attack":[66,159],"vectors,":[67],"such":[68],"as":[69],"Man-In-The-Middle":[70],"(MITM)":[71],"attacks.":[72],"Leveraging":[73],"fault":[75],"injection":[76],"simulation":[77],"tool,":[78],"FaultFinder,":[79],"our":[81],"custom":[82],"SPDM-specific":[83],"hooks,":[84],"we":[85],"uncover":[86],"nine":[87],"concrete":[88],"vulnerabilities":[89],"spanning":[90],"both":[91],"threat":[92],"models.":[93],"These":[94],"include":[95],"bypassing":[96],"mutual":[97],"suppressing":[99],"signature":[100],"generation":[101],"verification,":[103],"downgrading":[104],"negotiated":[105],"capabilities,":[106],"skipping":[107],"mandatory":[108],"protocol":[109],"steps,":[110],"manipulating":[111],"key":[112],"update":[113],"behavior,":[114],"transmitting":[115],"messages":[116],"intended":[117],"to":[118],"be":[119],"encrypted":[120],"plaintext,":[122],"extracting":[124],"keys.":[126],"We":[127],"further":[128],"validate":[129],"feasibility":[131],"these":[133],"attacks":[134],"practical":[136],"voltage":[137],"glitching":[138],"experiments":[139],"an":[141],"RP2350":[142],"microcontroller.":[143],"Our":[144],"findings":[145],"demonstrate":[146],"that":[147],"FIAs-whether":[148],"isolation":[150],"or":[151],"combined":[152],"attacks-significantly":[155],"expand":[156],"surface,":[160],"highlighting":[161],"need":[163],"robust":[165],"countermeasures.":[167]},"counts_by_year":[],"updated_date":"2026-07-02T09:51:11.867554","created_date":"2026-02-03T00:00:00"}
