{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,21]],"date-time":"2025-10-21T00:34:30Z","timestamp":1761006870804,"version":"build-2065373602"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032014047","type":"print"},{"value":"9783032014054","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T00:00:00Z","timestamp":1760486400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T00:00:00Z","timestamp":1760486400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-01405-4_18","type":"book-chapter","created":{"date-parts":[[2025,10,20]],"date-time":"2025-10-20T10:24:30Z","timestamp":1760955870000},"page":"429-447","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Partial Key Overwrite Attacks in\u00a0Microcontrollers: A\u00a0Survey"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-7876-1190","authenticated-orcid":false,"given":"Pcy","family":"Sluys","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5740-5066","authenticated-orcid":false,"given":"Lennert","family":"Wouters","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5866-1990","authenticated-orcid":false,"given":"Benedikt","family":"Gierlichs","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0879-076X","authenticated-orcid":false,"given":"Ingrid","family":"Verbauwhede","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,10,15]]},"reference":[{"key":"18_CR1","unstructured":"3dbrew, 3DS System Flaws, Archived at https:\/\/web.archive.org\/web\/20240829223013\/https:\/\/www.3dbrew.org\/wiki\/3DS_System_Flaws#Hardware. https:\/\/www.3dbrew.org\/wiki\/3DS_System_Flaws%5C#Hardware. Accessed 08 Sept 2024"},{"key":"18_CR2","doi-asserted-by":"crossref","unstructured":"Albrecht, M.R., Haller, M., Marekov\u00e1, L., Paterson, K.G.: Caveat Implementor! Key Recovery Attacks on MEGA, Cryptology ePrint Archive, Paper 2023\/329 (2023). https:\/\/eprint.iacr.org\/2023\/329","DOI":"10.1007\/978-3-031-30589-4_7"},{"key":"18_CR3","unstructured":"Backendal, M., Haller, M., Paterson, K.G.: MEGA: Malleable Encryption Goes Awry, Cryptology ePrint Archive, Paper 2022\/959 (2022). https:\/\/eprint.iacr.org\/2022\/959"},{"key":"18_CR4","doi-asserted-by":"crossref","unstructured":"Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (ed.) Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology. CRYPTO 1997, pp. 513\u2013525. Springer, Heidelberg (1997). https:\/\/doc.lagout.org\/security\/Papers\/DFA%20of%20Secret%20Key%20Cryptosystems.pdf","DOI":"10.1007\/BFb0052259"},{"key":"18_CR5","unstructured":"Bogn\u00e1r, M., Magnus, C., Piessens, F., Van Bulck, J.: Intellectual property exposure: subverting and securing intellectual property encapsulation in Texas instruments microcontrollers. In: 33rd USENIX Security Symposium (USENIX Security 2024), Philadelphia, PA, pp. 2155\u20132172. USENIX Association (2024). https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/bognar"},{"key":"18_CR6","doi-asserted-by":"publisher","unstructured":"Bogn\u00e1r, M., Van Bulck, J., Piessens, F.: Mind the gap: studying the insecurity of provably secure embedded trusted execution architectures. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 1638\u20131655 (2022). https:\/\/doi.org\/10.1109\/SP46214.2022.9833735. https:\/\/mici.hu\/papers\/bognar2022gap.pdf","DOI":"10.1109\/SP46214.2022.9833735"},{"key":"18_CR7","doi-asserted-by":"publisher","unstructured":"Bruseghini, L., Huigens, D., Paterson, K.G.: Victory by KO: attacking OpenPGP using key overwriting. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. CCS 2022, Los Angeles, CA, USA, pp. 411\u2013423. Association for Computing Machinery (2022). https:\/\/doi.org\/10.1145\/3548606.3559363","DOI":"10.1145\/3548606.3559363"},{"key":"18_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-540-74735-2_13","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2007","author":"C Clavier","year":"2007","unstructured":"Clavier, C.: Secret external encodings do not prevent transient fault analysis. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 181\u2013194. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74735-2_13"},{"key":"18_CR9","unstructured":"Domke, F.T.: Almost Secure (2011). https:\/\/web.archive.org\/web\/20241119012300\/https:\/\/debugmo.de\/2011\/11\/almost-secure\/. https:\/\/debugmo.de\/2011\/11\/almost-secure\/. Accessed 21 Nov 2024"},{"key":"18_CR10","unstructured":"RA6M5 Group: User\u2019s Manual: Hardware (2023). https:\/\/www.renesas.com\/en\/document\/man\/ra6m5-group-users-manual-hardware?r=1493931. Accessed 17 Dec 2024"},{"key":"18_CR11","unstructured":"Renesas RA Family Application note: Renesas Security Engine Operational Modes (2024). https:\/\/www.renesas.com\/en\/document\/apn\/renesassecurity-engine-operational-modes?r=1493931. Accessed 17 Dec 2024"},{"key":"18_CR12","unstructured":"GaryoderNichts, Looking into the Nintendo Alarmo (2024). https:\/\/archive.ph\/4nhB8. https:\/\/garyodernichts.blogspot.com\/2024\/10\/lookinginto-nintendo-alarmo.html. Accessed 31 Oct 2024"},{"key":"18_CR13","unstructured":"Kerins, T., Kursawe, K.: A Cautionary Note onWeak Implementations of Block Ciphers, (2006). https:\/\/web.archive.org\/web\/20221206234645\/https:\/\/www.cosic.esat.kuleuven.be\/wissec2006\/papers\/10.pdf"},{"key":"18_CR14","doi-asserted-by":"crossref","unstructured":"Klima, V., Rosa, T.: Attack on Private Signature Keys of the OpenPGP Format, PGP(TM) Programs and Other Applications Compatible with OpenPGP, Cryptology ePrint Archive, Paper 2002\/076 (2002). https:\/\/eprint.iacr.org\/2002\/076","DOI":"10.1088\/1126-6708\/2002\/10\/076"},{"key":"18_CR15","unstructured":"Korth, M.: GBATEK DSi AES I\/O Ports (2021). https:\/\/web.archive.org\/eb\/20220829222918\/http:\/\/problemkaputt.de\/gbatek-dsi-aes-i-oports.htm. https:\/\/problemkaputt.de\/gbatek-dsi-aes-i-o-ports.htm. Accessed 04 Oct 2022"},{"key":"18_CR16","unstructured":"Lu, Y.: The 3DS Cryptosystem (2016). https:\/\/web.archive.org\/web\/20240625001543\/https:\/\/yifan.lu\/2016\/04\/06\/the-3ds-cryptosystem\/. https:\/\/yifan.lu\/2016\/04\/06\/the-3ds-cryptosystem\/. Accessed 08 Sept 2024"},{"key":"18_CR17","doi-asserted-by":"publisher","unstructured":"Minerva: The curse of ECDSA nonces: Systematic analysis of lattice attacks on noisy leakage of bit-length of ECDSA. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(4), 281\u2013308 (2020). https:\/\/doi.org\/10.13154\/tches.v2020.i4.281-308. https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/8684","DOI":"10.13154\/tches.v2020.i4.281-308"},{"key":"18_CR18","unstructured":"NXP, i.MX 8M Dual\/8M QuadLite\/8M Quad Applications Processors Reference Manual, Sign-in required for download (2021). https:\/\/www.nxp.com\/webapp\/Download?colCode=IMX8MDQLQRM"},{"key":"18_CR19","unstructured":"NXP, LPC55S6x\/LPC55S2x\/LPC552x User manual, Sign-in required for download (2021). https:\/\/www.nxp.com\/webapp\/Download?colCode=UM11126"},{"key":"18_CR20","unstructured":"Obermaier, J., Tatschner, S.: Shedding too much Light on a Microcontroller\u2019s Firmware Protection. In: 11th USENIXWorkshop on Offensive Technologies (WOOT 2017). USENIX Association, Vancouver, BC (2017). https:\/\/www.usenix.org\/conference\/woot17\/workshop-program\/presentation\/obermaier"},{"key":"18_CR21","doi-asserted-by":"publisher","unstructured":"Pohlig, S., Hellman, M.: An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) IEEE Trans. Inf. Theory 24(1), 106\u2013110 (1978). https:\/\/doi.org\/10.1109\/TIT.1978.1055817. https:\/\/www-ee.stanford.edu\/~hellman\/publications\/28.pdf","DOI":"10.1109\/TIT.1978.1055817"},{"key":"#cr-split#-18_CR22.1","doi-asserted-by":"crossref","unstructured":"Rodrigues, C., Oliveira, D., Pinto, S.: BUSted!!! Microarchitectural Side-Channel Attacks on the MCU Bus Interconnect. In: 2024 IEEE Symposium on Security and Privacy","DOI":"10.1109\/SP54263.2024.00062"},{"key":"#cr-split#-18_CR22.2","unstructured":"(SP) (2024). https:\/\/bustedattack.com\/resources\/BUSted.pdf"},{"key":"18_CR23","unstructured":"Schink, M., Obermaier, J.: Taking a look into execute-only memory. In: Proceedings of the 13th USENIX Conference on Offensive Technologies. WOOT 2019, p. 1. USENIX Association, Santa Clara, CA, USA (2019). https:\/\/www.usenix.org\/system\/files\/woot19-paper_schink.pdf"},{"key":"18_CR24","unstructured":"SciresM, hexkyz, Je Ne Sais Quoi - Falcons over the Horizon (2021). https:\/\/archive.is\/wNT42. https:\/\/hexkyz.blogspot.com\/2021\/11\/je-nesais-quoi-falcons-over-horizon.html. Accessed 06 Dec 2024"},{"key":"18_CR25","unstructured":"plutoo derrek smea, s.: Console Hacking: Breaking the 3DS (2015). https:\/\/media.ccc.de\/v\/32c3-7240-console_hacking. Accessed 16 Dec 2024"},{"key":"18_CR26","unstructured":"STMicroelectronics, RM0440 Reference manual: STM32G4 series advanced Armbased 32-bit MCUs (2024). https:\/\/www.st.com\/resource\/en\/reference_manual\/rm0440-stm32g4-series-advanced-armbased-32bit-mcus-stmicroelectronics.pdf. Accessed 08 Dec 2024"},{"key":"18_CR27","unstructured":"STMicroelectronics, RM0456 Reference manual: STM32U5 Series Arm-based 32- bit MCUs (2023). https:\/\/www.st.com\/resource\/en\/reference_manual\/rm0456-stm32u5-series-armbased-32bit-mcus-stmicroelectronics.pdf. Accessed 18 Nov 2024"},{"issue":"8","key":"18_CR28","doi-asserted-by":"publisher","first-page":"1236","DOI":"10.1109\/TCAD.2015.2399455","volume":"34","author":"P Swierczynski","year":"2015","unstructured":"Swierczynski, P., Fyrbiak, M., Koppe, P., Paar, C.: FPGA trojans through detecting and weakening of cryptographic primitives. IEEE Trans. Comput. Aided Des. Integr. Circ. Syst. 34(8), 1236\u20131249 (2015). https:\/\/doi.org\/10.1109\/TCAD.2015.2399455","journal-title":"IEEE Trans. Comput. Aided Des. Integr. Circ. Syst."},{"key":"18_CR29","unstructured":"SwitchBrew, Switch System Flaws. https:\/\/web.archive.org\/web\/20240826033554\/https:\/\/switchbrew.org\/wiki\/Switch_System_Flaws# Hardware. https:\/\/switchbrew.org\/wiki\/Switch_System_Flaws%5C#Hardware. Accessed 08 Sept 2024"},{"key":"18_CR30","doi-asserted-by":"publisher","unstructured":"Tan, S.J., Bratus, S., Goodspeed, T.: Interrupt-oriented bugdoor programming: a minimalist approach to bugdooring embedded systems firmware. In: Proceedings of the 30th Annual Computer Security Applications Conference. ACSAC 2014, pp. 116\u2013125. Association for Computing Machinery, New Orleans, Louisiana, USA (2014). https:\/\/doi.org\/10.1145\/2664243.2664268","DOI":"10.1145\/2664243.2664268"},{"key":"18_CR31","unstructured":"Texas Instruments, MSP432E4 SimpleLink Microcontrollers Technical Reference Manual (2018). https:\/\/www.ti.com\/lit\/ug\/slau723a\/slau723a.pdf. Accessed 08 Dec 2024"},{"key":"18_CR32","unstructured":"Texas Instruments, MSPM0 L-Series 32MHz Microcontrollers Technical Reference Manual (2024). https:\/\/www.ti.com\/lit\/pdf\/slau847. Accessed 18 Nov 2024"},{"key":"18_CR33","doi-asserted-by":"crossref","unstructured":"Yen, S.-M., Joye, M.: Checking before output may not be enough against faultbased cryptanalysis. IEEE Trans. Comput. 49(9), 967\u2013970 (2000). https:\/\/doi.org\/10.1109\/12.869328. https:\/\/marcjoye.github.io\/papers\/YJ00chkb.pdfYJ00chkb.pdf","DOI":"10.1109\/12.869328"},{"key":"18_CR34","doi-asserted-by":"publisher","unstructured":"Yuce, B., Schaumont, P., Witteman, M.: Fault attacks on secure embedded software: threats, design, and evaluation. J. Hardw. Syst. Secur. 2(2), 111\u2013130 (2018). https:\/\/doi.org\/10.1007\/s41635-018-0038-13","DOI":"10.1007\/s41635-018-0038-13"}],"container-title":["Lecture Notes in Computer Science","Constructive Approaches for Security Analysis and Design of Embedded Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-01405-4_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,20]],"date-time":"2025-10-20T10:24:37Z","timestamp":1760955877000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-01405-4_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,15]]},"ISBN":["9783032014047","9783032014054"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-01405-4_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,15]]},"assertion":[{"value":"15 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"CASCADE","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Constructive Approaches for Security Analysis and Design of Embedded Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Saint-Etienne","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 April 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 April 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cascade2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/cascade-conference.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}