Huafeng CHEN,Haibin SHEN,Xiaolang YAN

2008-01-01

Abstract:The design-for-testability structure based on scan-chain often compromises the security of crypto chips.A method to attack certain hardware implementation of elliptic curve cryptography was presented.And an easy but effective secure scan method against the attack was proposed,which would not compromise the security of the chip,while maintaining high fault coverage.By controlling operational mode of the chip,the disability mechanism of scan enable signal was applied.The scan function was disabled when there existed security information in the chip.It solved the problem of secure information disclosure caused by scan chain design.

Wei Zhou,Aijiao Cui,Huawei Li,Gang Qu

DOI: https://doi.org/10.1109/ats.2017.33

2017-01-01

Abstract:Scan-based design-for-testability (DfT) structure has been widely adopted in integrated circuit (IC) design. It enables high testability for circuit under test (CUT). However, security concerns are also caused. For a cryptographic chip or module, an adversary can use scan chain as a side channel to collect sensitive information for the retrieval of cipher key. This poses a high threat for the fields where the cryptographic chips are applied. Effective countermeasures should be explored to solve this problem. In this paper, we survey the existing work on secure scan designs and highlight their merits and weaknesses. Our recent work is presented to illustrate how the weaknesses in existing countermeasures can be overcome. All these work are compared in terms of the area overhead, security and impact on testability. Our ongoing work is briefly introduced to indicate the promising future work in this area.

Xi Chen,Omid Aramoon,Gang Qu,Aijiao Cui

DOI: https://doi.org/10.1109/itc-asia.2018.00035

2018-01-01

Abstract:Scan chain design facilitates chip testing by providing an interface for the test engineers to access and control the internal states of the circuit. This feature has also been exploited to break systems such as the cryptographic chips by the attack known as scan chain side channel analysis. From the perspective of information access, test engineers and scan chain attackers have the same goal - observe and control the scan chain side channel information. Consequently, all the existing countermeasures have to make the tradeoff between scan chain security and the testability it can provide. In this paper, we propose a novel public-private partial scan chain design which can deliver both full testability and security. The key idea is to partition the flip flops into a public partial chain and a set of parallel private partial chains. The private partial chains are protected by means of a hardware implemented finite state machine and an obfuscation mechanism based on configurable physical unclonable function. We demonstrate how full testability can be achieved by the proposed public-private partial chains. We conduct security and performance analysis to show that our approach is robust against all the known scan chain based attacks and can improve testing time and power consumption with negligible hardware overhead.

Xi Chen,Zhaojun Lu,Gang Qu,Aijiao Cui

DOI: https://doi.org/10.1109/trustcom/bigdatase.2018.00208

2018-01-01

Abstract:Testing is essential to isolate good chips from faulty ones. Scan chain, which provides test engineer access to all the flip flops in the chip, is the backbone of industrial testing methods. However, attackers can also leverage the controllability and observability of scan chain as a side channel to break systems such as cryptographic chips. In this paper, we develop a partial scan chain based approach to prevent side channel attacks. The basic idea is to remove the flip flops that store sensitive information from the full scan chain. However, the challenge is how to keep the full test coverage as we demonstrate that using industrial design tools such as traditional partial scan not only fails to provide full fault coverage, but also incurs huge overhead in test time and test vector generation time. We use a novel finite state machine (FSM) structure to deliver secure controllability of the un-chained flip flops to test engineers while using lightweight LFSR and XOR to enable the observability. We conduct experiments to demonstrate that the proposed partial scan, comparing to the full scan, gives full test coverage with reduced test time and does not need to re-generate test vectors.

Aijiao Cui,Mengyang Li,Gang Qu,Huawei Li

DOI: https://doi.org/10.1109/TCAD.2020.2979458

IF: 2.9

2020-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Design-for-testability (DfT) techniques have been widely adopted into the integrated circuit (IC) design process to facilitate manufacture testing. The scan-based DfT architecture is a popular DfT feature that provides full testability for the circuit under test. However, this turns into a double-edged sword for some ICs such as cryptographic chips because scan design could be used as a side channel to access the intermediate encryption results, with which the cipher key can be deduced easily. To resist such scan-based side-channel attacks, many countermeasures are proposed to obfuscate the test data in scan chain. Unfortunately, most of the obfuscation logic, due to the performance and resource constraints, cannot be proven to be irreversible and hence suffers a high risk for the correct test data being derived from the obfuscated output. In this article, we propose to utilize the cryptographic hash module for some post-processing of the test responses in order to secure the scan design. Our approach has several clear advantages over existing ones. First, the security is guaranteed based on the preimage resistance of cryptographic hash function and the introduced salt information and data collection scheme. Second, it incurs low overhead because the hash module is normally available on the IC, in particular, those where security is important. Finally, full testability is retained as we are not modifying any test input. We present the implementation of the proposed secure design, report the experimental results, and demonstrate that our approach can resist all known scan-based side-channel attacks with negligible overhead while maintaining the testability and other testing performances.

Weizheng Wang,Jincheng Wang,Wei Wang,Peng Liu,Shuo Cai

DOI: https://doi.org/10.1109/access.2019.2898447

IF: 3.9

2019-01-01

IEEE Access

Abstract:Scan design is a widely used design-for-test methodology since it enhances the controllability and observability of integrated circuits significantly. However, it may become a channel to leak secret information and, hence, threatens the hardware security seriously. In this paper, a secure scan test scheme is presented to thwart all the existing scan-based noninvasive attacks. On one hand, the proposed scheme keeps isolating the cipher key when the crypto chip runs in the test mode. In this period, the data shifted out from scan chains are not related to the cipher key. On the other hand, if the crypto chip first enters the functional mode after power-ON or reset, the switching from the functional mode to the test mode is prohibited. Consequently, the intermediate sensitive data stored in scan chains are protected. The presented scheme allows performing all sorts of tests, such as stuck-at test and delay test with a simple modification, and it maintains the advantages of scan design. Furthermore, it incurs minimal area overhead while protecting powerfully a crypto chip.

Tianming Ni,Xiaoqing Wen,Hussam Amrouch,Cheng Zhuo,Peilin Song

DOI: https://doi.org/10.1145/3631476

IF: 1.447

2023-01-01

ACM Transactions on Design Automation of Electronic Systems

Abstract:The research on design for testability and reliability of security-aware hardware has been important in both academia and industry. With ever-growing globalization, commercial hardware design, manufacturing, transportation, and supply now involve many different countries, resulting in aggravated vulnerability from hardware design to manufacturing. Hardware with malicious purposes implanted from the third-party manufacturing process may control the operation of a circuit and tamper its functions, causing serious security issues. However, hardware includes not only devices and circuits but also systems. An important fact is that testability, reliability, and security technologies come from different design layers, but the impact evaluation is conducted at the system level. In other words, the testability, reliability, and security design of different layers can be carried out in a holistic manner to achieve optimization for the whole system. In addition, the testability, reliability, and security design technologies of each design layer can be collaboratively conducted to achieve better performance. The testability, reliability, and security tradeoff has garnered attention from academia and industry, particularly in the Post-Moore Era, due to the complexities and opportunities arising from new architectures and technologies.

Aijiao Cui,Yanhui Luo,Huawei Li,Gang Qu

DOI: https://doi.org/10.1016/j.vlsi.2016.10.011

IF: 1.345

2016-01-01

Integration

Abstract:Scan design has become another side channel of leaking confidential information inside cryptographic chips. Methods based on obfuscating scan chain order have been proposed as countermeasures for such scan-based attacks. In this paper, we first analyze the existing secure scan designs from the angle that whether they need a complete chain state or rely on any specific scan chain order. We show that all existing attacks do not rely on specific scan chain order and therefore any secure scan design with obfuscated scan chain order cannot provide sufficient security. We then propose a new approach which clears the states of all sensitive scan cells whenever the circuit under test is switched to test mode. It will also block the access to cipher key throughout the entire testing process. Our experimental results show that the proposed scan design can effectively insulate all the information related to cipher key from the scan chain with little design overhead, thus it can successfully defend all the existing scan-based attacks.

Aijiao Cui,Chip-Hong Chang

DOI: https://doi.org/10.1109/ISCAS.2008.4542000

2008-01-01

Abstract:This paper proposes an intellectual property (IP) protection scheme at the design-for-testability (DfT) stage of VLSI design flow. Additional constraints generated by the owner's digital signature have been imposed on the NP-hard problem of ordering the scan cells to achieve a watermarked solution which minimizes the penalty on power and cost of testing. As only the order of the scan cells is varied, the number of test vectors for the desired fault coverage is not affected. The advantage of this scheme is the ownership legitimacy can be publicly authenticated on-site by IP buyers after the chip has been packaged by loading a specific verification code into the scan chain. We propose to integrate the scan chain watermarking with dynamic watermarking of the IP core to make the design hard-to-attack while the ownership is easy-to- trace. The proposed scheme is applied to an optimization instance of scan cell ordering targeting at test power reduction. The results on several MCNC benchmarks show that the watermarking scheme has a very low probability of solution coincidence and hence provides strong proof of authorship.

Huixian Huang,Xiaole Cui,Shuming Zhang,Ge Li,Xiaoxin Cui

DOI: https://doi.org/10.1109/ats56056.2022.00016

2022-01-01

Abstract:The scan chain, as the most popular structured design for testability (DfT) approach, significantly improves the controllability and observability of the circuit under test (CUT). However, the scan chain can be exploited by the hackers to retrieve the secret information in the cryptographic chip. This work proposes an obfuscation scheme of scan chain with test key. The scan chain is divided into segments by the multiplexers, and the linear feedback shift registers (LFSRs) are constructed by the scan cells in the chain. The selection signals of the multiplexers are controlled by the test key bits, and the two input signals of the multiplexers are the original scan chain data and the feedback data of the corresponding LFSR, respectively. The scan chain works normally if all the key bits are correct. Any wrong key bit leads to the flips on the selection signal of the inserted multiplexer periodically during the test mode, and the scan output is obfuscated. Analysis and simulation results demonstrate that the proposed scheme is resilient against the previous scan-based attacks, while maintaining the advantages of the scan testing.

Xiaoxiao Wang,Dongrong Zhang,Miao He,Donglin Su,Mark Tehranipoor

DOI: https://doi.org/10.1109/tcad.2017.2772817

IF: 2.9

2017-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Scan-based test is commonly used to increase testability and fault coverage, however, it is also known to be a liability for chip security. Research has shown that intellectual property (IP) or secret keys can be leaked through scan-based attacks, which can be performed by entities within the supply chain. In this paper, we propose a design and test methodology against scan-based attacks throughout the supply chain, which includes a dynamically obfuscated scan (DOS) for protecting IP/integrated circuits (ICs). By perturbing test patterns/responses and protecting the Obfuscation Key, the proposed architecture is proven to be robust against existing noninvasive scan-based attacks, and can protect all scan data from attackers in foundry, assembly, and system development without compromising the testability. Further, a novel test methodology cooperating with the DOS design is also proposed, which shows full pattern application flexibility. Finally, detailed security and experimental analyses have been performed on ITC and industrial benchmarks. Demonstrated by the simulation results, the proposed architecture can be easily plugged into EDA generated scan chains without generating a noticeable impact on conventional IC design, manufacturing, and test flow. The results demonstrate that the proposed methodology can protect chips from existing brute force, differential, and other scan-based attacks that target the Obfuscation Key. Furthermore, the proposed design is of low overhead on area, power consumption, and pattern generation time, and there is no impact on test time.

Yanhui Luo,Aijiao Cui,Gang Qu,Huawei Li

DOI: https://doi.org/10.1109/iscas.2016.7538900

2016-01-01

Abstract:Scan design has been widely used to facilitate the testing of integrated circuits (ICs). However, it also provides attackers a side-channel to access the internal states of crypto chips and thus becomes a great threat to the security of the cipher keys. We propose a secure scan design scheme to protect crypto chips against such scan-based side-channel attacks. In this scheme, we introduce a shift register to control the working mode of certain scan cells. Only when the user configures the shift register correctly, can the scan design work normally under testing mode. We show that the proposed secure scan design can effectively resist the existing scan-based attacks. We also demonstrate that this approach has low area overhead while maintaining the testability of original design.

Wei Zhou,Aijiao Cui,Cassi Chen,Gang Qu

DOI: https://doi.org/10.1109/isqed57927.2023.10129349

2023-01-01

Abstract:Scan-based side-channel attacks have become a severe threat to the security of cryptographic chips and locking mechanisms are one of the most effective methods against these attacks. However, securing the test key that locks the scan but must be shared among test engineers arises as a new challenge. In this paper, we solve this challenge by adopting the physical unclonable function (PUF) design to generate test keys that are unique for each chip. A one-time programming structure (OTPS) is used when the PUF response is first generated to improve its reliability. The security of the PUF response is achieved by obfuscation such that it can be retrieved only when a specific validation test vector presents. We implement the proposed secure scan design by reusing the original scan chain to reduce overhead. We demonstrate that the proposed secure scan design can protect the crypto chips against all existing scan-based side-channel attacks while incurring negligibly low overhead.

Anton Biasizzo,Franc Novak

DOI: https://doi.org/10.1515/jee-2016-0027

2016-05-01

Journal of Electrical Engineering

Abstract:Abstract The paper deals with the security problems of scan design and investigates currently proposed solutions. A solution based on data encryption to protect the data in scan chains is discussed and problems related to the block-based encoding are outlined. Next, security extension for IEEE Std. 1149.1 providing a locking mechanism is analysed. The mechanism prevents unauthorised users to interfere via test bus with the system normal operation. Possible attack scenario is considered and the probabilities of successful attack within a given time interval are calculated for different lengths of the Lock register. The paper concludes with the description of current work focused on improvements the security of the locking mechanism, in particular by using simplified public key infrastructure.

Xi Chen,Gang Qu,Aijiao Cui,Carson Dunbar

DOI: https://doi.org/10.1109/isqed.2017.7918326

2017-01-01

Abstract:Digital fingerprinting refers to as method that can assign each copy of an intellectual property (IP) a distinct fingerprint. It was introduced for the purpose of protecting legal and honest IP users. The unique fingerprint can be used to identify the IP or a chip that contains the IP. However, existing fingerprinting techniques are not practical due to expensive cost of creating fingerprints and the lack of effective methods to verify the fingerprints. In the paper, we study a practical scan chain based fingerprinting method, where the digital fingerprint is generated by selecting the Q-SD or Q'-SD connection during the design of scan chains. This method has two major advantages. First, fingerprints are created as a post-silicon procedure and therefore there will be little fabrication overhead. Second, altering the Q-SD or Q'-SD connection style requires the modification of test vectors for each fingerprinted IP in order to maintain the fault coverage. This enables us to verify the fingerprint by inspecting the test vectors without opening up the chip to check the Q-SD or Q'-SD connection styles. We perform experiment on standard benchmarks to demonstrate that our approach has low design overhead. We also conduct security analysis to show that such fingerprints are robust against various attacks.

Mengqiang Lu,Aijiao Cui,Yan Shao,Gang Qu

DOI: https://doi.org/10.1145/3526241.3530345

2022-01-01

Abstract:Scan chain design can improve the testability of a circuit while it can be used as a side-channel to access the sensitive information inside a cryptographic chip for the crack of cipher key. To secure the scan design while maintaining its testability, this paper proposes a memristor-based secure scan design. A lock and key scheme is introduced. Physical unclonable function (PUF) is used to generate a unique test key for each chip. When an input test key matches the PUF-based key, the scan chain can be used normally for testing. Otherwise, the data in some scan cells are obfuscated by the random bits, which are generated by reading the status of a memristor. As the random bits do not relate to the original test data, an adversary cannot access useful information from scan chain to deduce the cipher key. The experimental results show that the proposed secure scan design can resist all existing attacks while incurring low overhead. Also, the testability of the original design is not affected.

Yogendra Sao,Sk. Subidh Ali,Bodhisatwa Mazumdar

DOI: https://doi.org/10.1109/tcad.2024.3368289

IF: 2.9

2024-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Scan-based Design-for-testability (DfT) is the de facto standard in the semiconductor testing industry to guarantee the functional and structural correctness of chips. It provides improved observability and controllability, leading to enhanced fault coverage. However, owing to widespread usage, attackers devise techniques to misuse this method to steal secret keys embedded in a security-critical chip. A vast majority of off-the-shelf defense mechanisms are based on either randomizing the scan output or restricting access to the scan. However, none of these defense mechanisms leverage the fundamental properties of the scan attack; thus, they tend to be complex and incur high area and computation overhead. In this paper, we propose a defense mechanism by preventing the vulnerabilities of fundamental properties from being exploited in scan attacks. The paper first pinpoints the ultimate condition of the scan attack on Advanced Encryption Standard (AES). This attack condition is inherent to the cryptographic property of the cipher, which, when violated, thwarts the attack. To implement our defense, we interchange the AES round outputs by applying pre-computed masks. The designer chooses inputs with a fixed difference to swap the outputs. A modified incorrect key is recovered instead of an actual key if a scan-based attack is launched. To show the generality of the proposed defense, it is extended to another AES-like cipher, Light Encryption Device (LED). To the best of our knowledge, this is the first defense against a scan attack wherein the complete testing process, including structural and functional tests, can be outsourced to untrusted third parties without compromising the actual key. In comparison, logic locking techniques limaye2020thwarting can outsource only structural testing to untrusted third parties.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Aijiao Cui,Wei Liang,Gang Qu

DOI: https://doi.org/10.1109/iscas.2014.6865251

2014-01-01

Circuits and Systems

Abstract:This paper proposes a new dynamic watermarking scheme during the Design-for-Testability (DfT) stage. The extra design constraints due to watermark are imposed on the connection styles between some scan cells. As the scan chain order is maintained, no routing overhead is caused. It thus overcomes the weakness of the watermarking schemes based on scan chain reordering, which usually incur unpredicted long routing or even congestion during physical design. Most of the performances are not compromised. Experimental results show that only negligible overhead on test power is caused while a strong authorship proof is achieved.

Qidong Wang,Aijiao Cui,Gang Qu,Huawei Li

DOI: https://doi.org/10.1109/vts48691.2020.9107566

2020-01-01

Abstract:Scan-based side-channel attack has become a new threat to cryptographic chips. Many countermeasures are proposed to safeguard scan design against the scan-based attacks. Among which, the methods based on lock and key scheme present more effective and popular. In this paper, we propose a new lock and key scheme which adopts physical unclonable function (PUF) design to generate a unique key for each design. The uniqueness of PUF enables each chip taped out from one mask to possess a different golden key. Once the PUF is invoked for the first time, the PUF response will be hardcoded into the design so that even the environment changes, the PUF-based key maintains. The proposed secure scan design with PUF-based key can protect the cryptographic chips against all known scan-based side-channel attacks while incurring negligible overhead.

Aijiao Cui,Chip-Hong Chang

DOI: https://doi.org/10.1109/ISCAS.2009.5117677

2009-01-01

Abstract:This paper proposes an improved version of watermarking scheme at the Design-for-testability (DfT) stage for VLSI Intellectual Property (IP) protection. The improved scheme overcomes the weaknesses of previous scan chain watermarking scheme by imposing the extra ordering constraints generated by the IP owner's signature on all scan flip-flops impartially. IP authorship can be publicly authenticated in the field by injecting a given test vector and matching a permuted output response vector against a transformed reference pattern. Both the output response and the reference sequence are related to a pseudorandom sequence generated by a public-key cryptographic algorithm. Experimental results show that the improved method has a low probability of coincidence and low test power overhead.