Preventing Scan Attacks on Secure Circuits Through Scan Chain Encryption

Scan attacks exploit facilities offered by scan chains to retrieve embedded secret data, in particular, secret keys used by the device for data encryption/decryption in mission mode. This paper presents a scan attack countermeasure based on the encryption of the data written to or read from the scan chains. The secret-key management system already embedded in the device is used to provide appropriate keys for encryption of data flowing on the scan chains. The goal of the proposed solution is to counteract the scan-related security threats while preserving test and diagnosis efficiency provided by conventional design-for-testability techniques, as well as to allow debugging capabilities in mission mode. The proposed solution can deal with both stuck-at and transition-faults test schemes as well as single and multiple scan chain configurations using test data compression schemes. We will show that the proposed scheme provides expected test/diagnostic and debug facilities as classical scan design with marginal impacts on area, test time and design flows, while successfully preventing control and observation of data flowing in the scan chains by unauthorized users.

[1]  Nilanjan Mukherjee,et al.  Embedded deterministic test , 2004, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[2]  Nilanjan Mukherjee,et al.  Embedded deterministic test for low-cost manufacturing , 2003, IEEE Design & Test of Computers.

[3]  Michel Renovell,et al.  Scan Design and Secure Chip , 2004, IOLTS.

[4]  Ramesh Karri,et al.  New scan-based attack using only the test mode , 2013, 2013 IFIP/IEEE 21st International Conference on Very Large Scale Integration (VLSI-SoC).

[5]  Giorgio Di Natale,et al.  Self-Test Techniques for Crypto-Devices , 2010, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[6]  Janusz Rajski,et al.  High-frequency, at-speed scan testing , 2003, IEEE Design & Test of Computers.

[7]  Walter Anheier,et al.  On Random Pattern Testability of Cryptographic VLSI Cores , 1999, European Test Workshop 1999 (Cat. No.PR00390).

[8]  Chien-Mo James Li,et al.  A Secure Test Wrapper Design Against Internal and Boundary Scan Attacks for Embedded Cores , 2012, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[9]  Ramesh Karri,et al.  Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard , 2004 .

[10]  Hideo Fujiwara,et al.  Strongly Secure Scan Design Using Generalized Feed Forward Shift Registers , 2015, IEICE Trans. Inf. Syst..

[11]  Ramesh Karri,et al.  Secure scan: a design-for-test architecture for crypto chips , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[12]  Jacob Savir Skewed-Load Transition Test: Part I, Calculus , 1992, Proceedings International Test Conference 1992.

[13]  Giorgio Di Natale,et al.  Scan Attacks and Countermeasures in Presence of Scan Response Compactors , 2011, 2011 Sixteenth IEEE European Test Symposium.

[14]  Giorgio Di Natale,et al.  Thwarting Scan-Based Attacks on Secure-ICs With On-Chip Comparison , 2014, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[15]  Janak H. Patel,et al.  Enhancement of the Illinois scan architecture for use with multiple scan inputs , 2004, IEEE Computer Society Annual Symposium on VLSI.

[16]  Avi Mendelson,et al.  Using Scan Side Channel to Detect IP Theft , 2017, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[17]  Mark Mohammad Tehranipoor,et al.  Dynamically obfuscated scan for protecting IPs against scan-based attacks throughout supply chain , 2017, 2017 IEEE 35th VLSI Test Symposium (VTS).

[18]  Bruno Rouzeyre,et al.  AES-Based BIST: Self-Test, Test Pattern Generation and Signature Analysis , 2008, 4th IEEE International Symposium on Electronic Design, Test and Applications (delta 2008).

[19]  Brion L. Keller,et al.  OPMISR: the foundation for compressed ATPG vectors , 2001, Proceedings International Test Conference 2001 (Cat. No.01CH37260).

[20]  Ahmad-Reza Sadeghi,et al.  PUF-based secure test wrapper design for cryptographic SoC testing , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[21]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[22]  Ramesh Karri,et al.  Attacks and Defenses for JTAG , 2010, IEEE Design & Test of Computers.

[23]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[24]  Giorgio Di Natale,et al.  Are advanced DfT structures sufficient for preventing scan-attacks? , 2012, 2012 IEEE 30th VLSI Test Symposium (VTS).

[25]  Thomas Peyrin,et al.  The SKINNY Family of Block Ciphers , 2016 .

[26]  Pankaj Prajapati,et al.  LOC, LOS AND LOES AT-SPEED TESTING METHODOLOGIES FOR AUTOMATIC TEST PATTERN GENERATION USING TRANSITION DELAY FAULT MODEL , 2014 .