Paper 2018/1042

Laser-induced Single-bit Faults in Flash Memory: Instructions Corruption on a 32-bit Microcontroller

Brice Colombier, Alexandre Menu, Jean-Max Dutertre, Pierre-Alain Moëllic, Jean-Baptiste Rigaud, and Jean-Luc Danger


Physical attacks are a known threat posed against secure embedded systems. Notable among these is laser fault injection, which is often considered as the most effective fault injection technique. Indeed, laser fault injection provides a high spatial accuracy, which enables an attacker to induce bit-level faults. However, experience gained from attacking 8-bit targets might not be relevant on more advanced micro-architectures, and these attacks become increasingly challenging on 32-bit microcontrollers. In this article, we show that the flash memory area of a 32-bit microcontroller is sensitive to laser fault injection. These faults occur during the instruction fetch process, hence the stored value remains unaltered. After a thorough characterisation of the induced faults and the associated fault model, we provide detailed examples of bit-level corruption of instructions and demonstrate practical applications in compromising the security of real-life codes. Based on these experimental results, we formulate a hypothesis about the underlying micro-architectural features that explain the observed fault model.

Available format(s)
Publication info
Published elsewhere. IEEE International Symposium on Hardware Oriented Security and Trust
Fault attacklaser injectionflash memory
Contact author(s)
b colombier @ univ-st-etienne fr
2019-02-26: last of 2 revisions
2018-11-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Brice Colombier and Alexandre Menu and Jean-Max Dutertre and Pierre-Alain Moëllic and Jean-Baptiste Rigaud and Jean-Luc Danger},
      title = {Laser-induced Single-bit Faults in Flash Memory: Instructions Corruption on a 32-bit Microcontroller},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1042},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.