Paper 2025/570

Partial Key Overwrite Attacks in Microcontrollers: a Survey

pcy Sluys, KU Leuven
Lennert Wouters, KU Leuven
Benedikt Gierlichs, KU Leuven
Ingrid Verbauwhede, KU Leuven
Abstract

Embedded devices can be exposed to a wide range of attacks. Some classes of attacks can be mitigated using security features or dedicated countermeasures. Examples include Trusted Execution Environments, and masking countermeasures against physical side-channel attacks. However, a system that incorporates such secure components is not automatically a secure system. Partial Key Overwrite attacks are one class of attacks that specifically target the interface between different components of the security system. These attacks may allow an adversary to extract otherwise protected cryptographic keys through careful manipulation of memory-mapped registers. So far this powerful class of attacks has received little attention in the academic literature. In this work, we provide an overview of known Partial Key Overwrite vulnerabilities and how they were used in real-world attacks. Additionally, we evaluated 31 common microcontrollers and embedded microprocessors from eleven distinct vendors and detail our findings. Based on a first high-level evaluation we selected 15 SoCs and performed an in-depth evaluation. This evaluation revealed that at least eight of these SoCs are vulnerable to partial key overwrite attacks.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. CASCADE 2025
Keywords
key overwrite attacksafe error analysismicrocontrollersembedded security
Contact author(s)
pcy sluys @ esat kuleuven be
lennert wouters @ esat kuleuven be
benedikt gierlichs @ esat kuleuven be
ingrid verbauwhede @ esat kuleuven be
History
2025-04-01: approved
2025-03-28: received
See all versions
Short URL
https://ia.cr/2025/570
License
Creative Commons Attribution-NonCommercial-ShareAlike
CC BY-NC-SA

BibTeX 

@misc{cryptoeprint:2025/570,
      author = {pcy Sluys and Lennert Wouters and Benedikt Gierlichs and Ingrid Verbauwhede},
      title = {Partial Key Overwrite Attacks in Microcontrollers: a Survey},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/570},
      year = {2025},
      url = {https://eprint.iacr.org/2025/570}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.