Characterising a CPU fault attack model via run-time data analysis

Martin Kelly, Keith Mayes, John F. Walker

Research output: Contribution to conferencePaperpeer-review

214 Downloads (Pure)


Effective software defences against errors created by fault attacks need to anticipate the probable error response of the target micro-controller. The range of errors and their probability of occurrence is referred to as the Fault Model. Software defences are necessarily a compromise between the impact of an error, its likelihood of occurrence, and the cost of the defence in terms of code size and execution time. In this work we first create a fault insertion system and then use it to demonstrate a technique for precisely triggering and capturing individual error responses within a running micro-controller. This enables a more realistic calibration of a micro-controller's fault model. We apply the system to a representative micro-controller and the results show that error insertion is far more predictable than anticipated, and is consistent over a wide range of experimental tolerances. This observation undermines some widely deployed software defences recommended for fault attack protection.
Original languageEnglish
Number of pages6
Publication statusPublished - 2017
EventIEEE International Symposium on Hardware Oriented Security and Trust (HOST) - The Ritz-Carlto, McLean, VA, United States
Duration: 1 May 20174 May 2017


ConferenceIEEE International Symposium on Hardware Oriented Security and Trust (HOST)
Abbreviated titleHOST
Country/TerritoryUnited States
CityMcLean, VA
Internet address


  • fault model, fault attack, smart card, test rig, micro controller, fault injection, laser pulse, software defence, defensive code, low power, flag corruption, chip surface, hardware defence

Cite this