Huafeng CHEN,Haibin SHEN,Xiaolang YAN

2008-01-01

Abstract:The design-for-testability structure based on scan-chain often compromises the security of crypto chips.A method to attack certain hardware implementation of elliptic curve cryptography was presented.And an easy but effective secure scan method against the attack was proposed,which would not compromise the security of the chip,while maintaining high fault coverage.By controlling operational mode of the chip,the disability mechanism of scan enable signal was applied.The scan function was disabled when there existed security information in the chip.It solved the problem of secure information disclosure caused by scan chain design.

Xi Chen,Omid Aramoon,Gang Qu,Aijiao Cui

DOI: https://doi.org/10.1109/itc-asia.2018.00035

2018-01-01

Abstract:Scan chain design facilitates chip testing by providing an interface for the test engineers to access and control the internal states of the circuit. This feature has also been exploited to break systems such as the cryptographic chips by the attack known as scan chain side channel analysis. From the perspective of information access, test engineers and scan chain attackers have the same goal - observe and control the scan chain side channel information. Consequently, all the existing countermeasures have to make the tradeoff between scan chain security and the testability it can provide. In this paper, we propose a novel public-private partial scan chain design which can deliver both full testability and security. The key idea is to partition the flip flops into a public partial chain and a set of parallel private partial chains. The private partial chains are protected by means of a hardware implemented finite state machine and an obfuscation mechanism based on configurable physical unclonable function. We demonstrate how full testability can be achieved by the proposed public-private partial chains. We conduct security and performance analysis to show that our approach is robust against all the known scan chain based attacks and can improve testing time and power consumption with negligible hardware overhead.

Wei Zhou,Aijiao Cui,Huawei Li,Gang Qu

DOI: https://doi.org/10.1109/ats.2017.33

2017-01-01

Abstract:Scan-based design-for-testability (DfT) structure has been widely adopted in integrated circuit (IC) design. It enables high testability for circuit under test (CUT). However, security concerns are also caused. For a cryptographic chip or module, an adversary can use scan chain as a side channel to collect sensitive information for the retrieval of cipher key. This poses a high threat for the fields where the cryptographic chips are applied. Effective countermeasures should be explored to solve this problem. In this paper, we survey the existing work on secure scan designs and highlight their merits and weaknesses. Our recent work is presented to illustrate how the weaknesses in existing countermeasures can be overcome. All these work are compared in terms of the area overhead, security and impact on testability. Our ongoing work is briefly introduced to indicate the promising future work in this area.

Yanhui Luo,Aijiao Cui,Gang Qu,Huawei Li

DOI: https://doi.org/10.1109/iscas.2016.7538900

2016-01-01

Abstract:Scan design has been widely used to facilitate the testing of integrated circuits (ICs). However, it also provides attackers a side-channel to access the internal states of crypto chips and thus becomes a great threat to the security of the cipher keys. We propose a secure scan design scheme to protect crypto chips against such scan-based side-channel attacks. In this scheme, we introduce a shift register to control the working mode of certain scan cells. Only when the user configures the shift register correctly, can the scan design work normally under testing mode. We show that the proposed secure scan design can effectively resist the existing scan-based attacks. We also demonstrate that this approach has low area overhead while maintaining the testability of original design.

Aijiao Cui,Yanhui Luo,Huawei Li,Gang Qu

DOI: https://doi.org/10.1016/j.vlsi.2016.10.011

IF: 1.345

2016-01-01

Integration

Abstract:Scan design has become another side channel of leaking confidential information inside cryptographic chips. Methods based on obfuscating scan chain order have been proposed as countermeasures for such scan-based attacks. In this paper, we first analyze the existing secure scan designs from the angle that whether they need a complete chain state or rely on any specific scan chain order. We show that all existing attacks do not rely on specific scan chain order and therefore any secure scan design with obfuscated scan chain order cannot provide sufficient security. We then propose a new approach which clears the states of all sensitive scan cells whenever the circuit under test is switched to test mode. It will also block the access to cipher key throughout the entire testing process. Our experimental results show that the proposed scan design can effectively insulate all the information related to cipher key from the scan chain with little design overhead, thus it can successfully defend all the existing scan-based attacks.

Mengqiang Lu,Aijiao Cui,Yan Shao,Gang Qu

DOI: https://doi.org/10.1145/3526241.3530345

2022-01-01

Abstract:Scan chain design can improve the testability of a circuit while it can be used as a side-channel to access the sensitive information inside a cryptographic chip for the crack of cipher key. To secure the scan design while maintaining its testability, this paper proposes a memristor-based secure scan design. A lock and key scheme is introduced. Physical unclonable function (PUF) is used to generate a unique test key for each chip. When an input test key matches the PUF-based key, the scan chain can be used normally for testing. Otherwise, the data in some scan cells are obfuscated by the random bits, which are generated by reading the status of a memristor. As the random bits do not relate to the original test data, an adversary cannot access useful information from scan chain to deduce the cipher key. The experimental results show that the proposed secure scan design can resist all existing attacks while incurring low overhead. Also, the testability of the original design is not affected.

Wei Zhou,Aijiao Cui,Cassi Chen,Gang Qu

DOI: https://doi.org/10.1109/isqed57927.2023.10129349

2023-01-01

Abstract:Scan-based side-channel attacks have become a severe threat to the security of cryptographic chips and locking mechanisms are one of the most effective methods against these attacks. However, securing the test key that locks the scan but must be shared among test engineers arises as a new challenge. In this paper, we solve this challenge by adopting the physical unclonable function (PUF) design to generate test keys that are unique for each chip. A one-time programming structure (OTPS) is used when the PUF response is first generated to improve its reliability. The security of the PUF response is achieved by obfuscation such that it can be retrieved only when a specific validation test vector presents. We implement the proposed secure scan design by reusing the original scan chain to reduce overhead. We demonstrate that the proposed secure scan design can protect the crypto chips against all existing scan-based side-channel attacks while incurring negligibly low overhead.

Huixian Huang,Xiaole Cui,Shuming Zhang,Ge Li,Xiaoxin Cui

DOI: https://doi.org/10.1109/ats56056.2022.00016

2022-01-01

Abstract:The scan chain, as the most popular structured design for testability (DfT) approach, significantly improves the controllability and observability of the circuit under test (CUT). However, the scan chain can be exploited by the hackers to retrieve the secret information in the cryptographic chip. This work proposes an obfuscation scheme of scan chain with test key. The scan chain is divided into segments by the multiplexers, and the linear feedback shift registers (LFSRs) are constructed by the scan cells in the chain. The selection signals of the multiplexers are controlled by the test key bits, and the two input signals of the multiplexers are the original scan chain data and the feedback data of the corresponding LFSR, respectively. The scan chain works normally if all the key bits are correct. Any wrong key bit leads to the flips on the selection signal of the inserted multiplexer periodically during the test mode, and the scan output is obfuscated. Analysis and simulation results demonstrate that the proposed scheme is resilient against the previous scan-based attacks, while maintaining the advantages of the scan testing.

Cui Aijiao,Luo Yanhui,Chang Chip-Hong

DOI: https://doi.org/10.1109/TIFS.2016.2613847

IF: 7.231

2017-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Due to the fallibility of advanced integrated circuit (IC) fabrication processes, scan test has been widely used by cryptographic ICs to provide high fault coverage. Full controllability and observability offered by the scan design also open out the trapdoor to side-channel attacks. To better resist signature attacks on scan testable cryptochip, we propose to fortify the key and lock method by the static obfuscation of scan data. Instead of spatially reshuffling the scan cells, the working mode of some scan cells is altered to jumble up the scan data when the scan test is performed with an incorrect test key. However, when the plaintext is fed directly through the primary inputs for test efficiency, the static obfuscation of scan data is inadequate as demonstrated by a new test-mode-only signature attack (TMOSA) proposed in this paper. To thwart TMOSA, a new countermeasure based on the dynamic obfuscation of scan data is proposed. By cyclically shifting the incorrect test key throughout the test phase, the blocking cells due to the mismatched bits of the test key are made to move temporally to dynamically obfuscate the scan data. This latter scheme is unconditionally resilient against TMOSA and all other known scan-based attacks while preserving the merits of high testability and low area overhead compared with other countermeasures. © 2005-2012 IEEE.

Weizheng Wang,Jincheng Wang,Wei Wang,Peng Liu,Shuo Cai

DOI: https://doi.org/10.1109/access.2019.2898447

IF: 3.9

2019-01-01

IEEE Access

Abstract:Scan design is a widely used design-for-test methodology since it enhances the controllability and observability of integrated circuits significantly. However, it may become a channel to leak secret information and, hence, threatens the hardware security seriously. In this paper, a secure scan test scheme is presented to thwart all the existing scan-based noninvasive attacks. On one hand, the proposed scheme keeps isolating the cipher key when the crypto chip runs in the test mode. In this period, the data shifted out from scan chains are not related to the cipher key. On the other hand, if the crypto chip first enters the functional mode after power-ON or reset, the switching from the functional mode to the test mode is prohibited. Consequently, the intermediate sensitive data stored in scan chains are protected. The presented scheme allows performing all sorts of tests, such as stuck-at test and delay test with a simple modification, and it maintains the advantages of scan design. Furthermore, it incurs minimal area overhead while protecting powerfully a crypto chip.

Aijiao Cui,Mengyang Li,Gang Qu,Huawei Li

DOI: https://doi.org/10.1109/TCAD.2020.2979458

IF: 2.9

2020-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Design-for-testability (DfT) techniques have been widely adopted into the integrated circuit (IC) design process to facilitate manufacture testing. The scan-based DfT architecture is a popular DfT feature that provides full testability for the circuit under test. However, this turns into a double-edged sword for some ICs such as cryptographic chips because scan design could be used as a side channel to access the intermediate encryption results, with which the cipher key can be deduced easily. To resist such scan-based side-channel attacks, many countermeasures are proposed to obfuscate the test data in scan chain. Unfortunately, most of the obfuscation logic, due to the performance and resource constraints, cannot be proven to be irreversible and hence suffers a high risk for the correct test data being derived from the obfuscated output. In this article, we propose to utilize the cryptographic hash module for some post-processing of the test responses in order to secure the scan design. Our approach has several clear advantages over existing ones. First, the security is guaranteed based on the preimage resistance of cryptographic hash function and the introduced salt information and data collection scheme. Second, it incurs low overhead because the hash module is normally available on the IC, in particular, those where security is important. Finally, full testability is retained as we are not modifying any test input. We present the implementation of the proposed secure design, report the experimental results, and demonstrate that our approach can resist all known scan-based side-channel attacks with negligible overhead while maintaining the testability and other testing performances.

D Xiang,JH Patel

DOI: https://doi.org/10.1109/tc.2004.1261835

2004-01-01

Abstract:--Partial scan design is divided into two stages: 1) critical cycle breaking and 2) partial scan flip-flop selection with respect to conflict resolution. A multiple phase partial scan design method is introduced by combining circuit state information and conflict analysis. Critical cycles are broken using a combination of valid circuit state information and conflict analysis. It is quite cost-effective to obtain circuit state information via logic simulation, therefore, circuit state information is iteratively updated after a given number of partial scan flip-flops have been selected. The valid-state-based testability measure may become ineffective to select scan flip-flops when cycles remaining in the circuit are not so influential to testability. The method turns to the conflict resolution process using an intensive conflict-analysis-based testability measure conflict. Sufficient experimental results are presented.

Omid Aramoon,Gang Qu,Aijiao Cui

DOI: https://doi.org/10.1109/mwscas54063.2022.9859460

2022-01-01

Abstract:Scan chain is typically used to provide test engineers with complete controllability and observability to the circuit under test to reduce the complexity of VLSI testing. However, it should not be dismissed as just a one-hit-wonder that merely facilitates the test of digital circuits. This study presents a comprehensive review of the recent proposals on how scan chain design can present its versatility as security primitives in different areas of hardware security. More specifically, we elaborate its usage in hardware intellectual property watermarking, fingerprinting, and metering, as well as in the design of physical unclonable functions and counterfeit detection. We analyze the challenges and opportunities in building hardware security primitives using modern scan-based design-for-testability (DfT).

Xiaoxiao Wang,Dongrong Zhang,Miao He,Donglin Su,Mark Tehranipoor

DOI: https://doi.org/10.1109/tcad.2017.2772817

IF: 2.9

2017-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Scan-based test is commonly used to increase testability and fault coverage, however, it is also known to be a liability for chip security. Research has shown that intellectual property (IP) or secret keys can be leaked through scan-based attacks, which can be performed by entities within the supply chain. In this paper, we propose a design and test methodology against scan-based attacks throughout the supply chain, which includes a dynamically obfuscated scan (DOS) for protecting IP/integrated circuits (ICs). By perturbing test patterns/responses and protecting the Obfuscation Key, the proposed architecture is proven to be robust against existing noninvasive scan-based attacks, and can protect all scan data from attackers in foundry, assembly, and system development without compromising the testability. Further, a novel test methodology cooperating with the DOS design is also proposed, which shows full pattern application flexibility. Finally, detailed security and experimental analyses have been performed on ITC and industrial benchmarks. Demonstrated by the simulation results, the proposed architecture can be easily plugged into EDA generated scan chains without generating a noticeable impact on conventional IC design, manufacturing, and test flow. The results demonstrate that the proposed methodology can protect chips from existing brute force, differential, and other scan-based attacks that target the Obfuscation Key. Furthermore, the proposed design is of low overhead on area, power consumption, and pattern generation time, and there is no impact on test time.

Huajun Chen,Zichu Qi,Lin Wang,Chao Xu

DOI: https://doi.org/10.1109/ICCD.2015.7357172

2015-01-01

Abstract:Scan chain structure consumes 10%~30% of die area, and most yield loss is caused by scan chain faults. This makes scan chain diagnosis be the key important method to ensure the high-quality products. The conventional scan chain diagnosis techniques usually conduct to a large range of suspect faulty flip flops. The failure analysis of those suspect faulty flip flops is time-consuming and costly. In this paper, we present a new scan chain construction method to reduce the range of suspect faulty flip flops. By constructing scan chains based on circuit logical structure, the proposed method can effectively improve the diagnosability of scan chains without any additional circuits. Moreover, by taking into consideration the physical location, the proposed method can decrease the negative effects of scan chains on the performance of designs. The proposed scan chain construction method can effectively handle a single scan chain fault as well as multiple scan chain faults. The experimental results show that the range of suspect faulty flip flops is reduced by 40%~90% on the most of ITC'99 benchmark circuits.

Yogendra Sao,Sk. Subidh Ali,Bodhisatwa Mazumdar

DOI: https://doi.org/10.1109/tcad.2024.3368289

IF: 2.9

2024-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Scan-based Design-for-testability (DfT) is the de facto standard in the semiconductor testing industry to guarantee the functional and structural correctness of chips. It provides improved observability and controllability, leading to enhanced fault coverage. However, owing to widespread usage, attackers devise techniques to misuse this method to steal secret keys embedded in a security-critical chip. A vast majority of off-the-shelf defense mechanisms are based on either randomizing the scan output or restricting access to the scan. However, none of these defense mechanisms leverage the fundamental properties of the scan attack; thus, they tend to be complex and incur high area and computation overhead. In this paper, we propose a defense mechanism by preventing the vulnerabilities of fundamental properties from being exploited in scan attacks. The paper first pinpoints the ultimate condition of the scan attack on Advanced Encryption Standard (AES). This attack condition is inherent to the cryptographic property of the cipher, which, when violated, thwarts the attack. To implement our defense, we interchange the AES round outputs by applying pre-computed masks. The designer chooses inputs with a fixed difference to swap the outputs. A modified incorrect key is recovered instead of an actual key if a scan-based attack is launched. To show the generality of the proposed defense, it is extended to another AES-like cipher, Light Encryption Device (LED). To the best of our knowledge, this is the first defense against a scan attack wherein the complete testing process, including structural and functional tests, can be outsourced to untrusted third parties without compromising the actual key. In comparison, logic locking techniques limaye2020thwarting can outsource only structural testing to untrusted third parties.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Yanping Gong,F. Qian,Lei Wang

DOI: https://doi.org/10.1109/ISCAS.2017.8050911

2017-05-01

Abstract:Insertion of scan chains, as the most common DFT technique, provides a powerful way for the structural testing of integrated circuits (IC). However, it can be easily misused by unauthorized parties to acquire critical design information. Scan-based attacks are one kind of side channel attacks that reveal the comprehensive information of IC design noninvasively. Reports have shown many successful scan based side channel attacks against the main stream cryptographic systems, such as RSA, AES, etc. On the other hand, current countermeasure schemes are limited to either the incomplete protection of scan information or the massive redesign complexity. In this paper, we proposed a new secure scan chain design technique using a memristor array. By utilizing the natural and highly unpredictable degradation in the memristor cells, the proposed technique can provide the truely random scan confusion with little design overheads.

Computer Science

D Xiang,Y Xu

DOI: https://doi.org/10.1109/ats.2001.990252

2001-01-01

Abstract:Partial scan design is divided into two stages: (1) critical cycle breaking, and (2) partial scan flip-flop selection with respect to conflict resolution. A multiple phase partial scan design method is introduced by combining circuit state information and conflict analysis. Critical cycles are broken using a combination of valid circuit state information and conflict analysis. It is quite cost-effective to obtain circuit state information via logic simulation, therefore, circuit state information is iteratively updated after a given number of partial scan flip-flops have been selected. Valid-state-based analysis may become ineffective to select scan flip-flops when cycles remaining in the circuit are not influential to testability. The method turns to the conflict resolution process using an intensive conflict-analysis-based testability measure of conflict. Sufficient experimental results are presented

Qidong Wang,Aijiao Cui,Gang Qu,Huawei Li

DOI: https://doi.org/10.1109/vts48691.2020.9107566

2020-01-01

Abstract:Scan-based side-channel attack has become a new threat to cryptographic chips. Many countermeasures are proposed to safeguard scan design against the scan-based attacks. Among which, the methods based on lock and key scheme present more effective and popular. In this paper, we propose a new lock and key scheme which adopts physical unclonable function (PUF) design to generate a unique key for each design. The uniqueness of PUF enables each chip taped out from one mask to possess a different golden key. Once the PUF is invoked for the first time, the PUF response will be hardcoded into the design so that even the environment changes, the PUF-based key maintains. The proposed secure scan design with PUF-based key can protect the cryptographic chips against all known scan-based side-channel attacks while incurring negligible overhead.

Zhen Chen,Boxue Yin,Dong Xiang

DOI: https://doi.org/10.1109/aspdac.2009.4796556

2009-01-01

Abstract:Two conflict-driven schemes and a new scan architecture based on them are presented to improve fault coverage of transition fault. They make full use of the advantages of broadside, skewed-load and enhanced scan testing, and eliminate the disadvantages of them, such as low coverage, fast global scan enable signal and hardware overhead. Test power is also a challenge for delay testing, so our method tries to reduce the test power at the same time. By the analysis of the functional dependency between test vectors in broadside testing and the shift dependency between vectors in the skewed-load testing, some scan cells are selected to operate in the enhanced scan and skewed-load scan mode, while others operate in traditional broadside mode. In the architecture, scan cells with common successors are divided into one chain. With the efficient conflict driven selection methods and partition of scan cells, fault coverage can be improved greatly and test power can be reduced, without sacrificing the test time and test data. Experimental results show that the fault coverage of the proposed method can reach the level of enhanced scan design.