Go to DBLP homepageFind the Clasp of the Chain: Efficiently Locating Cryptographic Procedures in SoC Secure Boot by Semi-automated Side-Channel Analysis
Abstract: Secure boot establishes a hardware-rooted chain of trust that ensures system integrity by authenticating each component before execution. Fault injection attacks threaten this process by inducing transient hardware f8aults, such as instruction skipping, to bypass cryptographic signature verification. The success of these attacks relies on accurate timing of fault injection, typically achieved by locating cryptographic operations in physical side-channel traces. However, existing methods either rely on manual analysis or are designed for microcontroller devices, limiting their effectiveness on complex System-on-Chip (SoC) platforms with multi-stage authentication and prolonged boot sequences. In this paper, we propose a semi-automated approach for locating cryptographic signature verification functions within side-channel traces of SoC secure boot processes. By identifying common patterns of the cryptographic function calls in SoC firmware, we design a binary instrumentation scheme to extract precise side-channel templates using a profiling device. We then implement two optimized template-matching algorithms to automatically locate cryptographic authentication in target side-channel traces. To address the computational complexity of long-duration SoC boot traces, we employ GPU-accelerated parallel computation for real-time analysis. Finally, we evaluate our approach on two widely-used secure boot implementations, Arm-Trusted-Firmware and U-Boot, across different Cortex-A SoCs. Experimental results demonstrate both the accuracy and computational efficiency of our implementation, highlighting its potential for improving security analysis in complex SoC environments. We release our implementation at https://github.com/itewqq/soc-sca-semi-loc.
External IDs:dblp:conf/icics/QuWYHZG25
Loading