High Precision Laser Fault Injection using Low-cost Components

Martin Kelly, Keith Mayes

Research output: Contribution to conferencePaperpeer-review

488 Downloads (Pure)


This paper demonstrates that it is possible to execute
sophisticated and powerful fault injection attacks on microcontrollers
using low-cost equipment and readily available components.
Earlier work had implied that powerful lasers and high
grade optics frequently used to execute such attacks were being
underutilized and that attacks were equally effective when using
low-power settings and imprecise focus.
This work has exploited these earlier findings to develop a lowcost
laser workstation capable of generating multiple discrete
faults with timing accuracy capable of targeting consecutive
instruction cycles. We have shown that the capabilities of this
new device exceed those of the expensive laboratory equipment
typically used in related work.
We describe a simplified fault model to categorize the effects
of induced errors on running code and use it, along with the
new device, to reevaluate the efficacy of different defensive coding
techniques. This has enabled us to demonstrate an efficient hybrid
defense that outperforms the individual defenses on our chosen
This approach enables device programmers to select an appropriate
compromise between the extremes of undefended code
and unusable overdefended code, to do so specifically for their
chosen device and without the need for prohibitively expensive
equipment. This work has particular relevance in the burgeoning
IoT world where many small companies with limited budgets
are deploying low-cost microprocessors in ever more security
sensitive roles.
Original languageEnglish
Number of pages10
Publication statusE-pub ahead of print - 25 Dec 2020
EventIEEE International Symposium on Hardware Oriented Security and Trust - Double Tree by Hilton, San Jose, United States
Duration: 6 Dec 20209 Dec 2020


ConferenceIEEE International Symposium on Hardware Oriented Security and Trust
Abbreviated titleHOST
Country/TerritoryUnited States
CitySan Jose
Internet address


  • ault model, fault attack, smart card, test rig, micro controller, fault injection, laser pulse, software defence, defensive code, low power, flag corruption, chip surface, hardware defence

Cite this