Differential Scan Attack on AES with X-tolerant and X-masked Test Response Compactor

Scan-chains are test infrastructures included in a circuit for providing high fault coverage. However, they can be exploited by an attacker as a side-channel in the case of a cryptographic application like AES. Test Compression and thereafter X-tolerance and X-masking over it, which reduce test effort without compromising on testability, can help in counteracting scan-based attacks. This work focuses on the security issues of an AES-circuit containing test compression with X-masking and X-tolerance logic. With experimental results, we show the weakness of such an AES circuit against our modified differential scan-attack. Finally, the paper outlines two suitable countermeasures to prevent such attacks.

[1]  Ramesh Karri,et al.  Secure scan: a design-for-test architecture for crypto chips , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[2]  Yu Huang,et al.  Effects of Embedded Decompression and Compaction Architectures on Side-Channel Attack Resistance , 2007, 25th IEEE VLSI Test Symposium (VTS'07).

[3]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[4]  Roy Paily,et al.  RFID Circuit Design with Optimized CMOS Inductor for Monitoring Biomedical Signals , 2007, 15th International Conference on Advanced Computing and Communications (ADCOM 2007).

[5]  G. Sengar,et al.  An Efficient Approach to Develop Secure Scan Tree for Crypto-Hardware , 2007, 15th International Conference on Advanced Computing and Communications (ADCOM 2007).

[6]  Ingrid Verbauwhede,et al.  Challenge-response based secure test wrapper for testing cryptographic circuits , 2010, ETS 2010.

[7]  M. Renovell,et al.  Scan design and secure chip [secure IC testing] , 2004, Proceedings. 10th IEEE International On-Line Testing Symposium.

[8]  Giorgio Di Natale,et al.  New security threats against chips containing scan chain structures , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[9]  Giorgio Di Natale,et al.  Scan Attacks and Countermeasures in Presence of Scan Response Compactors , 2011, 2011 Sixteenth IEEE European Test Symposium.

[10]  Xiaoqing Wen,et al.  VLSI Test Principles and Architectures: Design for Testability (Systems on Silicon) , 2006 .

[11]  Ahmad-Reza Sadeghi,et al.  PUF-based secure test wrapper design for cryptographic SoC testing , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[12]  Mark Mohammad Tehranipoor,et al.  Securing Designs against Scan-Based Side-Channel Attacks , 2007, IEEE Transactions on Dependable and Secure Computing.

[13]  Rohit Kapur,et al.  Minimizing the Impact of Scan Compression , 2007, 25th IEEE VLSI Test Symposium (VTS'07).