Design for testability (DFT) is the most common testing technique used in the modern VLSI industries. However, when this technique is incorporated in a cryptographic circuit, it may open a back door to an attacker. The attacker can get access to the internal scan chains by switching the device from the normal mode to the test mode and then observe the chip content. The scan cells which were originally used to enhance the testability, can thus be misused to access the intermediate results of the cryptographic algorithm running inside the chip. One countermeasure against such attacks is to reset the device whenever there is a switch from the normal mode to the test mode. In this work we are going to analyse this countermeasure and show that it is not completely secure against scan attack. We show that an attack is possible using only the test mode which will bypass the countermeasure.
[1]
Nozomu Togawa,et al.
Scan-Based Side-Channel Attack against RSA Cryptosystems Using Scan Signatures
,
2010,
IEICE Trans. Fundam. Electron. Commun. Comput. Sci..
[2]
Ramesh Karri,et al.
Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard
,
2004
.
[3]
Ramesh Karri,et al.
Secure Scan: A Design-for-Test Architecture for Crypto Chips
,
2005,
IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.
[4]
Bruno Rouzeyre,et al.
Test control for secure scan designs
,
2005,
European Test Symposium (ETS'05).
[5]
Nozomu Togawa,et al.
Scan-based attack against elliptic curve cryptosystems
,
2010,
2010 15th Asia and South Pacific Design Automation Conference (ASP-DAC).