Huafeng CHEN,Haibin SHEN,Xiaolang YAN

2008-01-01

Abstract:The design-for-testability structure based on scan-chain often compromises the security of crypto chips.A method to attack certain hardware implementation of elliptic curve cryptography was presented.And an easy but effective secure scan method against the attack was proposed,which would not compromise the security of the chip,while maintaining high fault coverage.By controlling operational mode of the chip,the disability mechanism of scan enable signal was applied.The scan function was disabled when there existed security information in the chip.It solved the problem of secure information disclosure caused by scan chain design.

Wei Zhou,Aijiao Cui,Huawei Li,Gang Qu

DOI: https://doi.org/10.1109/ats.2017.33

2017-01-01

Abstract:Scan-based design-for-testability (DfT) structure has been widely adopted in integrated circuit (IC) design. It enables high testability for circuit under test (CUT). However, security concerns are also caused. For a cryptographic chip or module, an adversary can use scan chain as a side channel to collect sensitive information for the retrieval of cipher key. This poses a high threat for the fields where the cryptographic chips are applied. Effective countermeasures should be explored to solve this problem. In this paper, we survey the existing work on secure scan designs and highlight their merits and weaknesses. Our recent work is presented to illustrate how the weaknesses in existing countermeasures can be overcome. All these work are compared in terms of the area overhead, security and impact on testability. Our ongoing work is briefly introduced to indicate the promising future work in this area.

Yanhui Luo,Aijiao Cui,Gang Qu,Huawei Li

DOI: https://doi.org/10.1109/iscas.2016.7538900

2016-01-01

Abstract:Scan design has been widely used to facilitate the testing of integrated circuits (ICs). However, it also provides attackers a side-channel to access the internal states of crypto chips and thus becomes a great threat to the security of the cipher keys. We propose a secure scan design scheme to protect crypto chips against such scan-based side-channel attacks. In this scheme, we introduce a shift register to control the working mode of certain scan cells. Only when the user configures the shift register correctly, can the scan design work normally under testing mode. We show that the proposed secure scan design can effectively resist the existing scan-based attacks. We also demonstrate that this approach has low area overhead while maintaining the testability of original design.

Xi Chen,Zhaojun Lu,Gang Qu,Aijiao Cui

DOI: https://doi.org/10.1109/trustcom/bigdatase.2018.00208

2018-01-01

Abstract:Testing is essential to isolate good chips from faulty ones. Scan chain, which provides test engineer access to all the flip flops in the chip, is the backbone of industrial testing methods. However, attackers can also leverage the controllability and observability of scan chain as a side channel to break systems such as cryptographic chips. In this paper, we develop a partial scan chain based approach to prevent side channel attacks. The basic idea is to remove the flip flops that store sensitive information from the full scan chain. However, the challenge is how to keep the full test coverage as we demonstrate that using industrial design tools such as traditional partial scan not only fails to provide full fault coverage, but also incurs huge overhead in test time and test vector generation time. We use a novel finite state machine (FSM) structure to deliver secure controllability of the un-chained flip flops to test engineers while using lightweight LFSR and XOR to enable the observability. We conduct experiments to demonstrate that the proposed partial scan, comparing to the full scan, gives full test coverage with reduced test time and does not need to re-generate test vectors.

Aijiao Cui,Mengyang Li,Gang Qu,Huawei Li

DOI: https://doi.org/10.1109/TCAD.2020.2979458

IF: 2.9

2020-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Design-for-testability (DfT) techniques have been widely adopted into the integrated circuit (IC) design process to facilitate manufacture testing. The scan-based DfT architecture is a popular DfT feature that provides full testability for the circuit under test. However, this turns into a double-edged sword for some ICs such as cryptographic chips because scan design could be used as a side channel to access the intermediate encryption results, with which the cipher key can be deduced easily. To resist such scan-based side-channel attacks, many countermeasures are proposed to obfuscate the test data in scan chain. Unfortunately, most of the obfuscation logic, due to the performance and resource constraints, cannot be proven to be irreversible and hence suffers a high risk for the correct test data being derived from the obfuscated output. In this article, we propose to utilize the cryptographic hash module for some post-processing of the test responses in order to secure the scan design. Our approach has several clear advantages over existing ones. First, the security is guaranteed based on the preimage resistance of cryptographic hash function and the introduced salt information and data collection scheme. Second, it incurs low overhead because the hash module is normally available on the IC, in particular, those where security is important. Finally, full testability is retained as we are not modifying any test input. We present the implementation of the proposed secure design, report the experimental results, and demonstrate that our approach can resist all known scan-based side-channel attacks with negligible overhead while maintaining the testability and other testing performances.

Huixian Huang,Xiaole Cui,Shuming Zhang,Ge Li,Xiaoxin Cui

DOI: https://doi.org/10.1109/ats56056.2022.00016

2022-01-01

Abstract:The scan chain, as the most popular structured design for testability (DfT) approach, significantly improves the controllability and observability of the circuit under test (CUT). However, the scan chain can be exploited by the hackers to retrieve the secret information in the cryptographic chip. This work proposes an obfuscation scheme of scan chain with test key. The scan chain is divided into segments by the multiplexers, and the linear feedback shift registers (LFSRs) are constructed by the scan cells in the chain. The selection signals of the multiplexers are controlled by the test key bits, and the two input signals of the multiplexers are the original scan chain data and the feedback data of the corresponding LFSR, respectively. The scan chain works normally if all the key bits are correct. Any wrong key bit leads to the flips on the selection signal of the inserted multiplexer periodically during the test mode, and the scan output is obfuscated. Analysis and simulation results demonstrate that the proposed scheme is resilient against the previous scan-based attacks, while maintaining the advantages of the scan testing.

Xi Chen,Omid Aramoon,Gang Qu,Aijiao Cui

DOI: https://doi.org/10.1109/itc-asia.2018.00035

2018-01-01

Abstract:Scan chain design facilitates chip testing by providing an interface for the test engineers to access and control the internal states of the circuit. This feature has also been exploited to break systems such as the cryptographic chips by the attack known as scan chain side channel analysis. From the perspective of information access, test engineers and scan chain attackers have the same goal - observe and control the scan chain side channel information. Consequently, all the existing countermeasures have to make the tradeoff between scan chain security and the testability it can provide. In this paper, we propose a novel public-private partial scan chain design which can deliver both full testability and security. The key idea is to partition the flip flops into a public partial chain and a set of parallel private partial chains. The private partial chains are protected by means of a hardware implemented finite state machine and an obfuscation mechanism based on configurable physical unclonable function. We demonstrate how full testability can be achieved by the proposed public-private partial chains. We conduct security and performance analysis to show that our approach is robust against all the known scan chain based attacks and can improve testing time and power consumption with negligible hardware overhead.

Mengqiang Lu,Aijiao Cui,Yan Shao,Gang Qu

DOI: https://doi.org/10.1145/3526241.3530345

2022-01-01

Abstract:Scan chain design can improve the testability of a circuit while it can be used as a side-channel to access the sensitive information inside a cryptographic chip for the crack of cipher key. To secure the scan design while maintaining its testability, this paper proposes a memristor-based secure scan design. A lock and key scheme is introduced. Physical unclonable function (PUF) is used to generate a unique test key for each chip. When an input test key matches the PUF-based key, the scan chain can be used normally for testing. Otherwise, the data in some scan cells are obfuscated by the random bits, which are generated by reading the status of a memristor. As the random bits do not relate to the original test data, an adversary cannot access useful information from scan chain to deduce the cipher key. The experimental results show that the proposed secure scan design can resist all existing attacks while incurring low overhead. Also, the testability of the original design is not affected.

Wei Zhou,Aijiao Cui,Cassi Chen,Gang Qu

DOI: https://doi.org/10.1109/isqed57927.2023.10129349

2023-01-01

Abstract:Scan-based side-channel attacks have become a severe threat to the security of cryptographic chips and locking mechanisms are one of the most effective methods against these attacks. However, securing the test key that locks the scan but must be shared among test engineers arises as a new challenge. In this paper, we solve this challenge by adopting the physical unclonable function (PUF) design to generate test keys that are unique for each chip. A one-time programming structure (OTPS) is used when the PUF response is first generated to improve its reliability. The security of the PUF response is achieved by obfuscation such that it can be retrieved only when a specific validation test vector presents. We implement the proposed secure scan design by reusing the original scan chain to reduce overhead. We demonstrate that the proposed secure scan design can protect the crypto chips against all existing scan-based side-channel attacks while incurring negligibly low overhead.

Cui Aijiao,Luo Yanhui,Chang Chip-Hong

DOI: https://doi.org/10.1109/TIFS.2016.2613847

IF: 7.231

2017-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Due to the fallibility of advanced integrated circuit (IC) fabrication processes, scan test has been widely used by cryptographic ICs to provide high fault coverage. Full controllability and observability offered by the scan design also open out the trapdoor to side-channel attacks. To better resist signature attacks on scan testable cryptochip, we propose to fortify the key and lock method by the static obfuscation of scan data. Instead of spatially reshuffling the scan cells, the working mode of some scan cells is altered to jumble up the scan data when the scan test is performed with an incorrect test key. However, when the plaintext is fed directly through the primary inputs for test efficiency, the static obfuscation of scan data is inadequate as demonstrated by a new test-mode-only signature attack (TMOSA) proposed in this paper. To thwart TMOSA, a new countermeasure based on the dynamic obfuscation of scan data is proposed. By cyclically shifting the incorrect test key throughout the test phase, the blocking cells due to the mismatched bits of the test key are made to move temporally to dynamically obfuscate the scan data. This latter scheme is unconditionally resilient against TMOSA and all other known scan-based attacks while preserving the merits of high testability and low area overhead compared with other countermeasures. © 2005-2012 IEEE.

Xiaoxiao Wang,Dongrong Zhang,Miao He,Donglin Su,Mark Tehranipoor

DOI: https://doi.org/10.1109/tcad.2017.2772817

IF: 2.9

2017-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Scan-based test is commonly used to increase testability and fault coverage, however, it is also known to be a liability for chip security. Research has shown that intellectual property (IP) or secret keys can be leaked through scan-based attacks, which can be performed by entities within the supply chain. In this paper, we propose a design and test methodology against scan-based attacks throughout the supply chain, which includes a dynamically obfuscated scan (DOS) for protecting IP/integrated circuits (ICs). By perturbing test patterns/responses and protecting the Obfuscation Key, the proposed architecture is proven to be robust against existing noninvasive scan-based attacks, and can protect all scan data from attackers in foundry, assembly, and system development without compromising the testability. Further, a novel test methodology cooperating with the DOS design is also proposed, which shows full pattern application flexibility. Finally, detailed security and experimental analyses have been performed on ITC and industrial benchmarks. Demonstrated by the simulation results, the proposed architecture can be easily plugged into EDA generated scan chains without generating a noticeable impact on conventional IC design, manufacturing, and test flow. The results demonstrate that the proposed methodology can protect chips from existing brute force, differential, and other scan-based attacks that target the Obfuscation Key. Furthermore, the proposed design is of low overhead on area, power consumption, and pattern generation time, and there is no impact on test time.

Qidong Wang,Aijiao Cui,Gang Qu,Huawei Li

DOI: https://doi.org/10.1109/vts48691.2020.9107566

2020-01-01

Abstract:Scan-based side-channel attack has become a new threat to cryptographic chips. Many countermeasures are proposed to safeguard scan design against the scan-based attacks. Among which, the methods based on lock and key scheme present more effective and popular. In this paper, we propose a new lock and key scheme which adopts physical unclonable function (PUF) design to generate a unique key for each design. The uniqueness of PUF enables each chip taped out from one mask to possess a different golden key. Once the PUF is invoked for the first time, the PUF response will be hardcoded into the design so that even the environment changes, the PUF-based key maintains. The proposed secure scan design with PUF-based key can protect the cryptographic chips against all known scan-based side-channel attacks while incurring negligible overhead.

Weizheng Wang,Jincheng Wang,Wei Wang,Peng Liu,Shuo Cai

DOI: https://doi.org/10.1109/access.2019.2898447

IF: 3.9

2019-01-01

IEEE Access

Abstract:Scan design is a widely used design-for-test methodology since it enhances the controllability and observability of integrated circuits significantly. However, it may become a channel to leak secret information and, hence, threatens the hardware security seriously. In this paper, a secure scan test scheme is presented to thwart all the existing scan-based noninvasive attacks. On one hand, the proposed scheme keeps isolating the cipher key when the crypto chip runs in the test mode. In this period, the data shifted out from scan chains are not related to the cipher key. On the other hand, if the crypto chip first enters the functional mode after power-ON or reset, the switching from the functional mode to the test mode is prohibited. Consequently, the intermediate sensitive data stored in scan chains are protected. The presented scheme allows performing all sorts of tests, such as stuck-at test and delay test with a simple modification, and it maintains the advantages of scan design. Furthermore, it incurs minimal area overhead while protecting powerfully a crypto chip.

Omid Aramoon,Gang Qu,Aijiao Cui

DOI: https://doi.org/10.1109/mwscas54063.2022.9859460

2022-01-01

Abstract:Scan chain is typically used to provide test engineers with complete controllability and observability to the circuit under test to reduce the complexity of VLSI testing. However, it should not be dismissed as just a one-hit-wonder that merely facilitates the test of digital circuits. This study presents a comprehensive review of the recent proposals on how scan chain design can present its versatility as security primitives in different areas of hardware security. More specifically, we elaborate its usage in hardware intellectual property watermarking, fingerprinting, and metering, as well as in the design of physical unclonable functions and counterfeit detection. We analyze the challenges and opportunities in building hardware security primitives using modern scan-based design-for-testability (DfT).

Yogendra Sao,Sk. Subidh Ali,Bodhisatwa Mazumdar

DOI: https://doi.org/10.1109/tcad.2024.3368289

IF: 2.9

2024-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Scan-based Design-for-testability (DfT) is the de facto standard in the semiconductor testing industry to guarantee the functional and structural correctness of chips. It provides improved observability and controllability, leading to enhanced fault coverage. However, owing to widespread usage, attackers devise techniques to misuse this method to steal secret keys embedded in a security-critical chip. A vast majority of off-the-shelf defense mechanisms are based on either randomizing the scan output or restricting access to the scan. However, none of these defense mechanisms leverage the fundamental properties of the scan attack; thus, they tend to be complex and incur high area and computation overhead. In this paper, we propose a defense mechanism by preventing the vulnerabilities of fundamental properties from being exploited in scan attacks. The paper first pinpoints the ultimate condition of the scan attack on Advanced Encryption Standard (AES). This attack condition is inherent to the cryptographic property of the cipher, which, when violated, thwarts the attack. To implement our defense, we interchange the AES round outputs by applying pre-computed masks. The designer chooses inputs with a fixed difference to swap the outputs. A modified incorrect key is recovered instead of an actual key if a scan-based attack is launched. To show the generality of the proposed defense, it is extended to another AES-like cipher, Light Encryption Device (LED). To the best of our knowledge, this is the first defense against a scan attack wherein the complete testing process, including structural and functional tests, can be outsourced to untrusted third parties without compromising the actual key. In comparison, logic locking techniques limaye2020thwarting can outsource only structural testing to untrusted third parties.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Huajun Chen,Zichu Qi,Lin Wang,Chao Xu

DOI: https://doi.org/10.1109/ICCD.2015.7357172

2015-01-01

Abstract:Scan chain structure consumes 10%~30% of die area, and most yield loss is caused by scan chain faults. This makes scan chain diagnosis be the key important method to ensure the high-quality products. The conventional scan chain diagnosis techniques usually conduct to a large range of suspect faulty flip flops. The failure analysis of those suspect faulty flip flops is time-consuming and costly. In this paper, we present a new scan chain construction method to reduce the range of suspect faulty flip flops. By constructing scan chains based on circuit logical structure, the proposed method can effectively improve the diagnosability of scan chains without any additional circuits. Moreover, by taking into consideration the physical location, the proposed method can decrease the negative effects of scan chains on the performance of designs. The proposed scan chain construction method can effectively handle a single scan chain fault as well as multiple scan chain faults. The experimental results show that the range of suspect faulty flip flops is reduced by 40%~90% on the most of ITC'99 benchmark circuits.

Liting Yu,Dongrong Zhang,Liang Wu,Shuguo Xie,Donglin Su,Xiaoxiao Wang

DOI: https://doi.org/10.1109/TrustCom/BigDataSE.2018.00056

2018-01-01

Abstract:With the rapid development and globalization of semiconductor industry, data security is becoming a more critical issue for highly confidential devices, especially for cryptography related applications. Advanced Encryption Standard (AES) is widely used for information security. For AES, the most important data are plaintext and keys, which are the targets of attacks. In this paper, AES security vulnerabilities are analyzed first. Information leakage would be a major concern for AES. Hence one of the most common types of attacks that could leak information at the AES implementation, inserted into AES and utilizing scan chains in or around AES to extract keys or plaintext, is discussed. To deal with the attacks and improve AES circuit's information security, one protection, namely Registered Data Obfuscation, is presented. Experiment results show that with the proposed protection, the scan-based attack is invalidated to leak the critical data. Meanwhile, the proposed protection can also disalbe key Trojan attack introduced in [1, 2]. The cost analysis shows that the additional area and power overhead incurred by the proposed protection are 1.09% and 0.46%, respectively.

Yanping Gong,F. Qian,Lei Wang

DOI: https://doi.org/10.1109/ISCAS.2017.8050911

2017-05-01

Abstract:Insertion of scan chains, as the most common DFT technique, provides a powerful way for the structural testing of integrated circuits (IC). However, it can be easily misused by unauthorized parties to acquire critical design information. Scan-based attacks are one kind of side channel attacks that reveal the comprehensive information of IC design noninvasively. Reports have shown many successful scan based side channel attacks against the main stream cryptographic systems, such as RSA, AES, etc. On the other hand, current countermeasure schemes are limited to either the incomplete protection of scan information or the massive redesign complexity. In this paper, we proposed a new secure scan chain design technique using a memristor array. By utilizing the natural and highly unpredictable degradation in the memristor cells, the proposed technique can provide the truely random scan confusion with little design overheads.

Computer Science

Anton Biasizzo,Franc Novak

DOI: https://doi.org/10.1515/jee-2016-0027

2016-05-01

Journal of Electrical Engineering

Abstract:Abstract The paper deals with the security problems of scan design and investigates currently proposed solutions. A solution based on data encryption to protect the data in scan chains is discussed and problems related to the block-based encoding are outlined. Next, security extension for IEEE Std. 1149.1 providing a locking mechanism is analysed. The mechanism prevents unauthorised users to interfere via test bus with the system normal operation. Possible attack scenario is considered and the probabilities of successful attack within a given time interval are calculated for different lengths of the Lock register. The paper concludes with the description of current work focused on improvements the security of the locking mechanism, in particular by using simplified public key infrastructure.

Min-Hui Zou,Kun Ma,Kai-Jie Wu,Edwin Hsing-Mean Sha

DOI: https://doi.org/10.1007/s11390-014-1456-3

2014-01-01

Abstract:Scan-based design for test (DFT) is a powerful and the most popular testing technique. However, while scan-based DFT improves test efficiency, it also leaves a side channel to the privacy information stored in the chip. This paper investigates the side channel and proposes a simple but powerful scan-based attack that can reveal the key and/or state stored in the chips that implement the state-of-the-art stream ciphers with less than 85 scan-out vectors.