{"id":"https://openalex.org/W4392753624","doi":"https://doi.org/10.46586/tches.v2024.i2.426-450","title":"JustSTART: How to Find an RSA Authentication Bypass on Xilinx UltraScale(+) with Fuzzing","display_name":"JustSTART: How to Find an RSA Authentication Bypass on Xilinx UltraScale(+) with Fuzzing","publication_year":2024,"publication_date":"2024-03-12","ids":{"openalex":"https://openalex.org/W4392753624","doi":"https://doi.org/10.46586/tches.v2024.i2.426-450"},"language":"en","primary_location":{"id":"doi:10.46586/tches.v2024.i2.426-450","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2024.i2.426-450","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/11435/10940","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://tches.iacr.org/index.php/TCHES/article/download/11435/10940","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5033295803","display_name":"Maik Ender","orcid":"https://orcid.org/0000-0002-0685-2541"},"institutions":[{"id":"https://openalex.org/I4210096592","display_name":"Max Planck Institute for Security and Privacy","ror":"https://ror.org/00bj0r217","country_code":"DE","type":"facility","lineage":["https://openalex.org/I149899117","https://openalex.org/I4210096592"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Maik Ender","raw_affiliation_strings":["Max Planck Institute for Security and Privacy, Bochum, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Max Planck Institute for Security and Privacy, Bochum, Germany","institution_ids":["https://openalex.org/I4210096592"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053206465","display_name":"Felix Hahn","orcid":null},"institutions":[{"id":"https://openalex.org/I4210096592","display_name":"Max Planck Institute for Security and Privacy","ror":"https://ror.org/00bj0r217","country_code":"DE","type":"facility","lineage":["https://openalex.org/I149899117","https://openalex.org/I4210096592"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Felix Hahn","raw_affiliation_strings":["Max Planck Institute for Security and Privacy, Bochum, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Max Planck Institute for Security and Privacy, Bochum, Germany","institution_ids":["https://openalex.org/I4210096592"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044241451","display_name":"Marc Fyrbiak","orcid":"https://orcid.org/0000-0002-4266-7108"},"institutions":[{"id":"https://openalex.org/I4210096592","display_name":"Max Planck Institute for Security and Privacy","ror":"https://ror.org/00bj0r217","country_code":"DE","type":"facility","lineage":["https://openalex.org/I149899117","https://openalex.org/I4210096592"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Marc Fyrbiak","raw_affiliation_strings":["Max Planck Institute for Security and Privacy, Bochum, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Max Planck Institute for Security and Privacy, Bochum, Germany","institution_ids":["https://openalex.org/I4210096592"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012815811","display_name":"Amir Moradi","orcid":"https://orcid.org/0000-0002-4032-7433"},"institutions":[{"id":"https://openalex.org/I31512782","display_name":"Technical University of Darmstadt","ror":"https://ror.org/05n911h24","country_code":"DE","type":"education","lineage":["https://openalex.org/I31512782"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Amir Moradi","raw_affiliation_strings":["Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Darmstadt, Darmstadt, Germany","institution_ids":["https://openalex.org/I31512782"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5041748332","display_name":"Christof Paar","orcid":"https://orcid.org/0000-0001-8681-2277"},"institutions":[{"id":"https://openalex.org/I4210096592","display_name":"Max Planck Institute for Security and Privacy","ror":"https://ror.org/00bj0r217","country_code":"DE","type":"facility","lineage":["https://openalex.org/I149899117","https://openalex.org/I4210096592"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christof Paar","raw_affiliation_strings":["Max Planck Institute for Security and Privacy, Bochum, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Max Planck Institute for Security and Privacy, Bochum, Germany","institution_ids":["https://openalex.org/I4210096592"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5033295803"],"corresponding_institution_ids":["https://openalex.org/I4210096592"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.02176888,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"2024","issue":"2","first_page":"426","last_page":"450"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.7053999900817871,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.7053999900817871,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.7610343098640442},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5789594650268555},{"id":"https://openalex.org/keywords/field-programmable-gate-array","display_name":"Field-programmable gate array","score":0.4978139400482178},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4486536681652069},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.44400155544281006},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.40770483016967773},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.25724393129348755},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.10562196373939514}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.7610343098640442},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5789594650268555},{"id":"https://openalex.org/C42935608","wikidata":"https://www.wikidata.org/wiki/Q190411","display_name":"Field-programmable gate array","level":2,"score":0.4978139400482178},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4486536681652069},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.44400155544281006},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.40770483016967773},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.25724393129348755},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.10562196373939514}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.46586/tches.v2024.i2.426-450","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2024.i2.426-450","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/11435/10940","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:9fabfc27a255474f9c78d0e0fc1a5cce","is_oa":true,"landing_page_url":"https://doaj.org/article/9fabfc27a255474f9c78d0e0fc1a5cce","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Transactions on Cryptographic Hardware and Embedded Systems, Vol 2024, Iss 2 (2024)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.46586/tches.v2024.i2.426-450","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2024.i2.426-450","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/11435/10940","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.6700000166893005,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G18682879","display_name":null,"funder_award_id":"390781972","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G3702002941","display_name":null,"funder_award_id":"EXC 2092 CASA 390781972","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"}],"funders":[{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4392753624.pdf"},"referenced_works_count":32,"referenced_works":["https://openalex.org/W27954293","https://openalex.org/W1995447946","https://openalex.org/W1997144957","https://openalex.org/W2008332894","https://openalex.org/W2037145115","https://openalex.org/W2044791156","https://openalex.org/W2116520617","https://openalex.org/W2166778460","https://openalex.org/W2478604032","https://openalex.org/W2762831631","https://openalex.org/W2782780792","https://openalex.org/W2910822168","https://openalex.org/W2946718325","https://openalex.org/W2951822201","https://openalex.org/W2979885257","https://openalex.org/W3018905343","https://openalex.org/W3031215023","https://openalex.org/W3104256215","https://openalex.org/W3107372570","https://openalex.org/W3127584440","https://openalex.org/W3128203310","https://openalex.org/W3170159994","https://openalex.org/W3210918599","https://openalex.org/W4210328082","https://openalex.org/W4225009177","https://openalex.org/W4234223091","https://openalex.org/W4281666926","https://openalex.org/W4285268429","https://openalex.org/W4286876739","https://openalex.org/W4294151777","https://openalex.org/W4378192144","https://openalex.org/W4391429153"],"related_works":["https://openalex.org/W2511770387","https://openalex.org/W3120811337","https://openalex.org/W3203597304","https://openalex.org/W4385301282","https://openalex.org/W2990186179","https://openalex.org/W2096844293","https://openalex.org/W2363944576","https://openalex.org/W2351041855","https://openalex.org/W2570254841","https://openalex.org/W2912135041"],"abstract_inverted_index":{"Fuzzing":[0],"is":[1,47,56,67,109],"a":[2,129,249],"well-established":[3],"technique":[4],"in":[5,21],"the":[6,96,100,105,112,120,138,168,213,228,239,242],"software":[7],"domain":[8],"to":[9,71,110,116,202,224,238,276],"uncover":[10,248],"bugs":[11],"and":[12,77,91,118,143,149,158,195],"vulnerabilities.":[13,135],"Yet,":[14],"applications":[15],"of":[16,41,80,114,124,167,227,241,258],"fuzzing":[17,87,115,157,179],"for":[18,31,88,181,262],"security":[19,134],"vulnerabilities":[20],"hardware":[22,43,141],"systems":[23],"are":[24,29,189],"scarce,":[25],"as":[26,53,220,254],"principal":[27],"reasons":[28],"requirements":[30],"design":[32,148],"information":[33,51],"access,":[34],"i.e.,":[35,75],"HDL":[36],"source":[37],"code.":[38],"Moreover,":[39,186],"observation":[40,64],"internal":[42],"state":[44],"during":[45,65],"runtime":[46,66],"typically":[48],"an":[49,152],"ineffective":[50],"source,":[52],"its":[54],"documentation":[55],"often":[57],"not":[58,235],"publicly":[59,139],"available.":[60],"In":[61,231],"addition,":[62,232],"such":[63,219],"also":[68,247,268],"inefficient":[69],"due":[70],"bandwidth-limited":[72],"analysis":[73],"interfaces,":[74],"JTAG,":[76],"minimal":[78],"introspection":[79],"hardware-internal":[81],"modules.In":[82],"this":[83],"work,":[84],"we":[85,146,172,267],"investigate":[86],"Xilinx":[89,182,263],"7-Series":[90],"UltraScale(+)":[92],"FPGA":[93,125,154,183,274],"configuration":[94,103,126,155,184,214],"engines,":[95,127],"control":[97],"plane":[98],"governing":[99],"(secure)":[101],"bitstream":[102,169],"within":[104,212],"FPGA.":[106,230],"Our":[107,206],"goal":[108],"examine":[111],"effectiveness":[113],"analyze":[117],"document":[119],"opaque":[121],"inner":[122],"workings":[123],"with":[128],"primary":[130],"emphasis":[131],"on":[132,163],"identifying":[133],"Using":[136],"only":[137,236],"available":[140],"chip":[142],"dispersed":[144],"documentation,":[145],"first":[147],"implement":[150],"ConFuzz,":[151],"advanced":[153],"engine":[156],"rapid":[159],"prototyping":[160],"framework.":[161],"Based":[162],"our":[164,187,233],"detailed":[165],"understanding":[166],"file":[170],"format,":[171],"then":[173],"systematically":[174],"define":[175],"3":[176],"novel":[177,198,250],"key":[178],"strategies":[180,188],"engines.":[185],"executed":[190],"through":[191],"mutational":[192],"structure-aware":[193],"fuzzers":[194],"incorporate":[196],"various":[197],"custom-tailored,":[199],"FPGA-specific":[200],"optimizations":[201],"reduce":[203],"search":[204],"space.":[205],"evaluation":[207],"reveals":[208],"previously":[209],"undocumented":[210],"behavior":[211],"engine,":[215],"including":[216],"critical":[217],"findings":[218],"system":[221],"crashes":[222],"leading":[223],"unresponsive":[225],"states":[226],"whole":[229],"investigations":[234],"lead":[237],"rediscovery":[240],"recent":[243],"starbleed":[244],"attack":[245],"but":[246],"unpatchable":[251],"vulnerability,":[252],"denoted":[253],"JustSTART":[255],"(CVE-2023-20570),":[256],"capable":[257],"circumventing":[259],"RSA":[260],"authentication":[261],"UltraScale(+).":[264],"Note":[265],"that":[266],"discuss":[269],"effective":[270],"countermeasures":[271],"by":[272],"secure":[273],"settings":[275],"prevent":[277],"aforementioned":[278],"attacks.":[279]},"counts_by_year":[],"updated_date":"2026-05-06T08:25:59.206177","created_date":"2025-10-10T00:00:00"}