Microcontrollers as (In)Security Devices for Pervasive Computing Applications

Daehyun Strobel, David Oswald, Bastian Richter, Falk Schellenberg, Christof Paar

Research output: Contribution to journalArticlepeer-review

17 Citations (Scopus)


Often overlooked, microcontrollers are the central component in embedded systems which drive the evolution toward the Internet of Things (IoT). They are small, easy to handle, low cost, and with myriads of pervasive applications. An increasing number of microcontroller-equipped systems are security and safety critical. In this tutorial, we take a critical look at the security aspects of today's microcontrollers. We demonstrate why the implementation of sensitive applications on a standard microcontroller can lead to severe security problems. To this end, we summarize various threats to microcontroller-based systems, including side-channel analysis and different methods for extracting embedded code. In two case studies, we demonstrate the relevance of these techniques in real-world applications: Both analyzed systems, a widely used digital locking system and the YubiKey 2 onetime password generator, turned out to be susceptible to attacks against the actual implementations, allowing an adversary to extract the cryptographic keys which, in turn, leads to a total collapse of the system security.

Original languageEnglish
Pages (from-to)1157-1173
Number of pages17
JournalProceedings of the IEEE
Issue number8
Publication statusPublished - 1 Aug 2014


  • Code extraction
  • microcontroller
  • real-world attacks
  • reverse engineering
  • side-channel analysis

ASJC Scopus subject areas

  • Electrical and Electronic Engineering


Dive into the research topics of 'Microcontrollers as (In)Security Devices for Pervasive Computing Applications'. Together they form a unique fingerprint.

Cite this