Secure Scan and Test Using Obfuscation Throughout Supply Chain

Scan-based test is commonly used to increase testability and fault coverage, however, it is also known to be a liability for chip security. Research has shown that intellectual property (IP) or secret keys can be leaked through scan-based attacks, which can be performed by entities within the supply chain. In this paper, we propose a design and test methodology against scan-based attacks throughout the supply chain, which includes a dynamically obfuscated scan (DOS) for protecting IP/integrated circuits (ICs). By perturbing test patterns/responses and protecting the Obfuscation Key, the proposed architecture is proven to be robust against existing noninvasive scan-based attacks, and can protect all scan data from attackers in foundry, assembly, and system development without compromising the testability. Further, a novel test methodology cooperating with the DOS design is also proposed, which shows full pattern application flexibility. Finally, detailed security and experimental analyses have been performed on ITC and industrial benchmarks. Demonstrated by the simulation results, the proposed architecture can be easily plugged into EDA generated scan chains without generating a noticeable impact on conventional IC design, manufacturing, and test flow. The results demonstrate that the proposed methodology can protect chips from existing brute force, differential, and other scan-based attacks that target the Obfuscation Key. Furthermore, the proposed design is of low overhead on area, power consumption, and pattern generation time, and there is no impact on test time.

[1]  Dan Zhao,et al.  SS-KTC: A High-Testability Low-Overhead Scan Architecture with Multi-level Security Integration , 2009, 2009 27th IEEE VLSI Test Symposium.

[2]  Jeyavijayan Rajendran,et al.  Hardware security: Threat models and metrics , 2013, 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[3]  Giorgio Di Natale,et al.  A novel differential scan attack on advanced DFT structures , 2013, ACM Trans. Design Autom. Electr. Syst..

[4]  Bruno Rouzeyre,et al.  Secure scan techniques: a comparison , 2006, 12th IEEE International On-Line Testing Symposium (IOLTS'06).

[5]  Ramesh Karri,et al.  Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard , 2004 .

[6]  Chien-Mo James Li,et al.  IEEE 1500 Compatible Secure Test Wrapper For Embedded IP Cores , 2008, 2008 IEEE International Test Conference.

[7]  Adit D. Singh,et al.  SSTKR: Secure and Testable Scan Design through Test Key Randomization , 2011, 2011 Asian Test Symposium.

[8]  Mark Mohammad Tehranipoor,et al.  Security vulnerability analysis of design-for-test exploits for asset protection in SoCs , 2017, 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC).

[9]  Ramesh Karri,et al.  Test-mode-only scan attack using the boundary scan chain , 2014, 2014 19th IEEE European Test Symposium (ETS).

[10]  Gang Chen,et al.  A test pattern ordering algorithm for diagnosis with truncated fail data , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[11]  Yu Huang,et al.  Effects of Embedded Decompression and Compaction Architectures on Side-Channel Attack Resistance , 2007, 25th IEEE VLSI Test Symposium (VTS'07).

[12]  Ramesh Karri,et al.  New scan-based attack using only the test mode , 2013, 2013 IFIP/IEEE 21st International Conference on Very Large Scale Integration (VLSI-SoC).

[13]  Hideo Tamamoto,et al.  Secure scan design using shift register equivalents against differential behavior attack , 2011, 16th Asia and South Pacific Design Automation Conference (ASP-DAC 2011).

[14]  Alfred L. Crouch,et al.  A call to action: Securing IEEE 1687 and the need for an IEEE test Security Standard , 2015, 2015 IEEE 33rd VLSI Test Symposium (VTS).

[15]  Chip-Hong Chang,et al.  Static and Dynamic Obfuscations of Scan Data Against Scan-Based Side-Channel Attacks , 2017, IEEE Transactions on Information Forensics and Security.

[16]  Nozomu Togawa,et al.  Scan-Based Side-Channel Attack against RSA Cryptosystems Using Scan Signatures , 2010, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[17]  Takeshi Fujino,et al.  Diffusion Programmable Device : The device to prevent reverse engineering , 2014, IACR Cryptol. ePrint Arch..

[18]  Giorgio Di Natale,et al.  Scan Attacks and Countermeasures in Presence of Scan Response Compactors , 2011, 2011 Sixteenth IEEE European Test Symposium.

[19]  Mark Mohammad Tehranipoor,et al.  Securing Scan Design Using Lock and Key Technique , 2005, 20th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT'05).

[20]  Mark Mohammad Tehranipoor,et al.  Securing Designs against Scan-Based Side-Channel Attacks , 2007, IEEE Transactions on Dependable and Secure Computing.

[21]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[22]  Avi Mendelson,et al.  Exploiting the Scan Side Channel for Reverse Engineering of a VLSI Device , 2016 .

[23]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[24]  Youhua Shi,et al.  Dynamically changeable secure scan architecture against scan-based side channel attack , 2012, 2012 International SoC Design Conference (ISOCC).

[25]  Mark Mohammad Tehranipoor,et al.  A low-cost solution for protecting IPs against scan-based side-channel attacks , 2006, 24th IEEE VLSI Test Symposium.

[26]  Ramesh Karri,et al.  Test-mode-only scan attack and countermeasure for contemporary scan architectures , 2014, 2014 International Test Conference.

[27]  Spyros Tragoudas,et al.  Enhanced Secure Architecture for Joint Action Test Group Systems , 2013, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[28]  Michael Chen,et al.  A Platform Solution for Secure Supply-Chain and Chip Life-Cycle Management , 2016, Computer.

[29]  Debdeep Mukhopadhyay,et al.  CryptoScan: A Secured Scan Chain Architecture , 2005, 14th Asian Test Symposium (ATS'05).

[30]  Nozomu Togawa,et al.  Scan-based attack against elliptic curve cryptosystems , 2010, 2010 15th Asia and South Pacific Design Automation Conference (ASP-DAC).

[31]  Giorgio Di Natale,et al.  Are advanced DfT structures sufficient for preventing scan-attacks? , 2012, 2012 IEEE 30th VLSI Test Symposium (VTS).

[32]  Gang Qu,et al.  A new countermeasure against scan-based side-channel attacks , 2016, 2016 IEEE International Symposium on Circuits and Systems (ISCAS).

[33]  Ramesh Karri,et al.  Attacks and Defenses for JTAG , 2010, IEEE Design & Test of Computers.

[34]  Swarup Bhunia,et al.  VIm-Scan: A Low Overhead Scan Design Approach for Protection of Secret Key in Scan-Based Secure Chips , 2007, 25th IEEE VLSI Test Symposium (VTS'07).

[35]  Debdeep Mukhopadhyay,et al.  Secured Flipped Scan-Chain Model for Crypto-Architecture , 2007, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[36]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[37]  G. Sengar,et al.  An Efficient Approach to Develop Secure Scan Tree for Crypto-Hardware , 2007, 15th International Conference on Advanced Computing and Communications (ADCOM 2007).

[38]  Giorgio Di Natale,et al.  A smart test controller for scan chains in secure circuits , 2013, 2013 IEEE 19th International On-Line Testing Symposium (IOLTS).

[39]  Hideo Fujiwara,et al.  Partial Scan Approach for Secret Information Protection , 2009, 2009 14th IEEE European Test Symposium.

[40]  Cliff Wang,et al.  Introduction to Hardware Security and Trust , 2011 .

[41]  Giorgio Di Natale,et al.  Scan chain encryption for the test, diagnosis and debug of secure circuits , 2017, 2017 22nd IEEE European Test Symposium (ETS).

[42]  Mark Mohammad Tehranipoor,et al.  Dynamically obfuscated scan for protecting IPs against scan-based attacks throughout supply chain , 2017, 2017 IEEE 35th VLSI Test Symposium (VTS).

[43]  Ramesh Karri,et al.  Secure scan: a design-for-test architecture for crypto chips , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[44]  Ingrid Verbauwhede,et al.  Security Analysis of Industrial Test Compression Schemes , 2013, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[45]  Ahmad-Reza Sadeghi,et al.  Reconfigurable Physical Unclonable Functions - Enabling technology for tamper-resistant storage , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[46]  M. Renovell,et al.  Scan design and secure chip [secure IC testing] , 2004, Proceedings. 10th IEEE International On-Line Testing Symposium.

[47]  Krishnendu Chakrabarty,et al.  Test-Pattern Ordering for Wafer-Level Test-During-Burn-In , 2008, 26th IEEE VLSI Test Symposium (vts 2008).