Opacity preserving Countermeasure using Finite State Machines against Differential Scan Attacks

Scan based DfT is the de facto standard for testing the functional and structural correctness of chips. It provides high observability and controllability of internal latches leading to enhanced fault coverage, but can also induce vulnerability in crypto-chips containing an embedded secret key. Protecting crypto-chips against scan attack is of paramount concern to a designer. In this paper, we propose a countermeasure using a controller to circumvent differential scan attacks on crypto-chips running an AES implementation. The controller we design is minimally restrictive and ensures security by performing deterministic bit flips yet maintaining full testability. The controller logic directly depends on input-based pre-computed mask values and the controlled system behaviour is formally verified to be secure using the notion of Opacity. We evaluate our defense by launching recent attacks on the AES cryptosystem. Our security analysis shows that the proposed technique is secure against the state of the art scan based differential scan attacks with a nominal hardware overhead of 0.94%.