# On Power-Off Temperature Attacks Potential Against Security Sensors

**Authors:** Maryam Esmaeilian, Vincent Beroulle, David Hély

PMC · DOI: 10.3390/s25061912 · 2025-03-19

## TL;DR

This paper explores how turning off a chip's power and changing its temperature can bypass security sensors in embedded systems, making them vulnerable to attacks.

## Contribution

The paper introduces and evaluates a new fault injection attack called power-off temperature attack (POTA) against delay-based security detectors.

## Key findings

- Heating cycles during power-off or inactive modes can alter FPGA component delays.
- POTA reduces the accuracy of security detectors when power is restored.
- This vulnerability highlights risks to the integrity of embedded system security mechanisms.

## Abstract

Embedded systems can be targeted by fault injection attacks (FIAs), which enable attackers to alter the system specified behavior, potentially gaining access to confidential information or causing unintended outcomes, among other effects. Although numerous security sensors and attack detectors have been proposed in the literature to detect different sources of FIAs, it is crucial to ensure that these mechanisms themselves have not been tampered. Hence, the integrity of these detectors is critical in maintaining the security of embedded systems. This study focuses on evaluating the robustness of delay-based digital detectors against a new type of FIA called power-off temperature attack (POTA). POTA occurs when the chip power is turned off, rendering the detectors inactive and allowing the attackers to bypass them. After a POTA, the circuit or its detectors may not function properly when the power is restored, potentially allowing other attacks to go undetected if the detectors are less sensitive. This study implements two attack detectors on Xilinx Artix-7 FPGAs and investigates the impact of heating cycles on theses detectors’ characteristics when the FPGA is in different states, including power-off, power-on, and inactive modes (such as clock-freezing mode). Our experiments reveal that heating cycles in power-off or inactive modes can alter the FPGA component delays and reduce the accuracy of its detectors, which highlights the vulnerability of these systems to POTA and potential risks to embedded system security.

## Full-text entities

- **Diseases:** injury to (MESH:D014947), RO (MESH:D012303), POTAs (MESH:D000377), DUT (MESH:D013736), SCA (MESH:D000069584), FIA (MESH:C000719195)
- **Chemicals:** DG4102 (-), oxide (MESH:D010087)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Figures

11 figures with captions in the complete paper: https://tomesphere.com/paper/PMC11945393/full.md

---
Source: https://tomesphere.com/paper/PMC11945393