Fault Attack Resilience on Error-prone Devices: A study into the effects of error injection on micro-controllers and software security strategies to recognise and survive attacks

Martin Kelly

Research output: ThesisDoctoral Thesis

249 Downloads (Pure)


This thesis demonstrates a new practical approach to understanding a micro-controller's behaviour when subjected to error inducing attacks.
It also shows a novel mechanism for understanding the effects of errors and the efficacy of counter-measures.
The insights gained enabled the development and evaluation of a new C compiler capable of inserting effective counter-measures that could not otherwise be realised via off-the-shelf tools.

While conducting this research, we identified properties of the equipment used to induce errors that enabled us to construct a new, very flexible, low-cost error injection workstation.
The new tools provide a framework for accurately injecting perturbation errors and for retrieving the resulting device state.
This demonstrates the ease with which an adversary can attack a target and provides the ability to self-test one's defences.

The findings of this study have particular relevance in the field of general-purpose micro-controllers.
These devices are playing an ever-increasing role in everyday life, for example, home automation gadgets in the Internet-of-Things.
The consequence of this increased diversity of application is that products are often specified and commissioned without considering the vulnerabilities of stand-alone micro-controllers. Similarly, the development and programming tasks are often delegated to engineers who are unfamiliar with the coding disciplines required to resist attack.

This study shows that the tools and techniques required to protect such devices can be made readily available and are not the sole preserve of well-funded laboratories or big corporations.
Original languageEnglish
Awarding Institution
  • Royal Holloway, University of London
  • Mayes, Keith, Supervisor
Award date1 Jul 2022
Publication statusUnpublished - 2022


  • Fault injection
  • defensive programming
  • attack resistance
  • software defences
  • laser fault injection
  • fault models
  • execution errors
  • c compiler

Cite this