Paper 2024/1123

Switching Off your Device Does Not Protect Against Fault Attacks

Paul Grandamme, Laboratoire Hubert Curien, Mines Saint-Étienne
Pierre-Antoine Tissot, Laboratoire Hubert Curien
Lilian Bossuet, Laboratoire Hubert Curien
Jean-Max Dutertre, Mines Saint-Étienne
Brice Colombier, Laboratoire Hubert Curien
Vincent Grosso, Laboratoire Hubert Curien

Physical attacks, and among them fault injection attacks, are a significant threat to the security of embedded systems. Among the means of fault injection, laser has the significant advantage of being extremely spatially accurate. Numerous state-of-the-art studies have investigated the use of lasers to inject faults into a target at run-time. However, the high precision of laser fault injection comes with requirements on the knowledge of the implementation and exact execution time of the victim code. The main contribution of this work is the demonstration on experimental basis that it is also possible to perform laser fault injection on an unpowered device. Specifically, we targeted the Flash non-volatile memory of a 32-bit microcontroller. The advantage of this new attack path is that it does not require any synchronisation between the victim and the attacker. We provide an experimental characterization of this phenomenon with a description of the fault model from the physical level up to the software level. Finally, we applied these results to carry out a persistent fault analysis on a 128-bit AES with a particularly realistic attacker model which reinforces the interest of the PFA.

Available format(s)
Attacks and cryptanalysis
Publication info
Published by the IACR in TCHES 2024
Fault attacksLaser injectionUnpowered devicesPersistent fault analysisFlash memory
Contact author(s)
paul grandamme @ univ-st-etienne fr
pierre antoine tissot @ univ-st-etienne fr
lilian bossuet @ univ-st-etienne fr
dutertre @ emse fr
b colombier @ univ-st-etienne fr
vincent grosso @ univ-st-etienne fr
2024-07-10: approved
2024-07-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Paul Grandamme and Pierre-Antoine Tissot and Lilian Bossuet and Jean-Max Dutertre and Brice Colombier and Vincent Grosso},
      title = {Switching Off your Device Does Not Protect Against Fault Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2024/1123},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.