research-article

A novel differential scan attack on advanced DFT structures

Authors:

Giorgio Di Natale,

Marie-Lise Flottes,

Bruno RouzeyreAuthors Info & Claims

ACM Transactions on Design Automation of Electronic Systems (TODAES), Volume 18, Issue 4

Article No.: 58, Pages 1 - 22

https://doi.org/10.1145/2505014

Published: 25 October 2013 Publication History

Abstract

Scan chains insertion is the most common technique to ensure the testability of digital cores, providing high fault coverage. However, for ICs dealing with secret information, scan chains can be used as back doors for accessing secret data thus becoming a threat to system security. So far, advanced test structures used to reduce test costs (e.g., response compaction) and achieve high fault coverage (e.g., X's masking decoder) have been considered as intrinsic countermeasures against these threats. This work proposes a new generic scan-based attack demonstrating that these test structures are not sufficiently effective to prevent leakage through the test infrastructure. This generic attack can be easily adapted to several cryptographic implementations for both symmetric and public key algorithms. The proposed attack is demonstrated on several ciphers.

References

[1]

Barreto, P. and Rijmen, V. 2000. The Khazad legacy-level block cipher. In Proceedings of the 1st Open NESSIE Workshop. http://www.larc.usp.br/&sim;pbarreto/KhazadPage.html.

[2]

Da Rolt, J., Das, A., Ghosh, S., Di Natale, G., Flottes, M-L., Rouzeyre, B., and Verbauwhede, I. 2012. Scan attacks on side-channel and fault attack resistant public-key implementations. J. Cryptographic Engin. 2, 4, 207--219.

[3]

Da Rolt, J., Di Natale, G., Flottes, M-L., and Rouzeyre, B. 2011. New security threats against chips containing scan chain structures. In Proceedings of International Symposium on Hardware-Oriented Security and Trust (HOST'11). 110--115.

[4]

Das, A., Kocabas, U., Sadeghi, A., and Verbauwhede, I. 2012. PUF-based secure test wrapper design for cryptographic SoC testing. In Proceedings of the IEEE Conference on Design, Automation & Test in Europe (DATE'12). 866--869.

Digital Library

[5]

Di Natale, G., Doulcier, M., Flottes, M.-L., and Rouzeyre, B. 2010. Self-Test Techniques for Crypto-Devices. IEEE Trans. VLSI Syst. 18, 2, 329--333.

Digital Library

[6]

Fujiwara, H., and Obien, M. E. J. 2010. Secure and testable scan design using extended de Bruijn graphs. In Proceedings of the 15th IEEE Asia and South Pacific Design Automation Conference (ASP-DAC'10). 413--418.

Digital Library

[7]

Hankerson, D., Menezes, A., and Vanstone, S. 2004. Guide to Elliptic Curve Cryptography. Springer.

Digital Library

[8]

Hely, D., Bancel, F., Flottes, M.-L., and Rouzeyre, B. 2006. Secure scan techniques: a comparison. In Proceedings of the 12th IEEE International On-Line Testing Symposium (IOLTS'06). 119--124.

Digital Library

[9]

Koblitz, N. 1987. Elliptic curve cryptosystems. Math. Comput. 48, 203--209.

[10]

Kocher, P., Jaffe, J., and Jun, B. 1999. Differential Power Analysis. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO'99). 388--397.

Digital Library

[11]

Lee, J., Tehranipoor, M., Patel, C., and Plusquellic, J. 2005. A low-cost solution for protecting IPs against scan-based side-channel attacks. In Proceedings of the IEEE VLSI Test Symposium. 94--99.

Digital Library

[12]

Liu, C., and Huang, Y. 2007. Effects of embedded decompression and compaction architectures on side-channel attack resistance. In Proceedings of the 25th IEEE VLSI Test Symposium (VTS'07). 461--468.

Digital Library

[13]

Liu, Y., Wu, K., and Karri, R. 2011. Scan-based attacks on linear feedback shift register based stream ciphers. ACM Trans. Des. Autom. Electron. Syst. 16, 2, 1--15.

Digital Library

[14]

Menezes, A., Van Oorchot, P., and Vanstone, J. 1996. Handbook of Applied Cryptography. CRC Press.

Digital Library

[15]

Mentor Graphics. 2010. Silicon test and yield analysis. White paper, high quality test solutions for secure applications.

[16]

Mitra, S. and Kim, K. 2002. X-compact: an efficient response compaction technique for test cost reduction. In Proceedings of the IEEE International Test Conference (ITC'02). 311--320.

Digital Library

[17]

Montgomery, P. 1987. Speeding the Pollard and elliptic curve methods for factorizations. Math. Comput. 48, 243--264.

[18]

Nara, R., Satoh, K., Yanagisawa, M., Ohtsuki, T., and Togawa, N. 2010. Scan-based side-channel attack against RSA cryptosystems using scan signatures. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E93-A, 12, 2481--2489.

[19]

Nara, R., Togawa, N., Yanagisawa, M., and Ohtsuki, T. 2010. Scan-based attack against elliptic curve cryptosystems. In Proceedings of the 15th IEEE Asia and South Pacific Design Automation Conference (ASP-DAC'10). 407--412.

Digital Library

[20]

National Bureau of Standards. 1977. Data Encryption Standard. Federal Information Processing Standards Publication 46.

[21]

National Bureau of Standards. 2001. Advanced Encryption Standard. Federal Information Processing Standards Publication 197.

[22]

Novak, F. and Biasizzo, A. 2006. Security Extension for IEEE Std. 1149.1. J. Electron. Test. Theory Appl. 22, 301--303.

Digital Library

[23]

Rivest, R., Shamir, L., and Adleman, L. 1978. A method for obtaining digital signatures and public-key cryptosystems. Comm. ACM. 120--126.

Digital Library

[24]

Rosenfeld, K. and Karri, R. 2010. Attacks and defenses for JTAG. IEEE Des Test Comput. 27, 1, 36--47.

Digital Library

[25]

Sengar, G., Mukhopadhayay, D., and Chowdhury, D. R. 2007. An efficient approach to develop secure scan tree for crypto-hardware. In Proceedings of the 15th International Conference on Advanced Computing and Communications (ADCOM'07). 21--26.

Digital Library

[26]

Yang, B., Wu, K., and Karri, R. 2004. Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard. In Proceedings of the IEEE International Test Conference (ITC'04). 339--344.

Digital Library

[27]

Yang, B., Wu, K., and Karri, R. 2006. Secure Scan: A Design-for-Test Architecture for Crypto Chips. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 25, 10, 2287--2293.

Digital Library

Cited By

Sao YAli SMazumdar B(2024)DefScan: Provably Defeating Scan Attack on AES-Like CiphersIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.336828943:8(2326-2339)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1109/TCAD.2024.3368289
Suzano JChastand AValea EDi Natale GPhilippe AAbouzeid FRoche P(2024)IEEE 1838 compliant scan encryption and integrity for 2.5/3D ICs2024 IEEE European Test Symposium (ETS)10.1109/ETS61313.2024.10567195(1-6)Online publication date: 20-May-2024
https://doi.org/10.1109/ETS61313.2024.10567195
Wang WGong XCai SLiu JWang X(2024)A Low-Overhead and High-Security Scan Design Based on Scan ObfuscationIEEE Access10.1109/ACCESS.2024.350589812(182561-182570)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3505898
Show More Cited By

Index Terms

A novel differential scan attack on advanced DFT structures
1. Hardware
  1. Robustness
    1. Fault tolerance
      1. Error detection and error correction

Recommendations

Secure scan: a design-for-test architecture for crypto chips
DAC '05: Proceedings of the 42nd annual Design Automation Conference

Scan-based Design-for-Test (DFT) is a powerful testing scheme, but it can be used to retrieve the secrets stored in a crypto chip thus compromising its security. On one hand, sacrificing security for testability by using traditional scan-based DFT ...
VIm-Scan: A Low Overhead Scan Design Approach for Protection of Secret Key in Scan-Based Secure Chips
VTS '07: Proceedings of the 25th IEEE VLSI Test Symmposium

Scan-based DFT enhances the testability of a system by making its internal nodes more observable and controllable. However, in case of a secure chip, scan chain increases its vulnerability to attack, where the attacker can extract secret information by ...
Novel Test-Mode-Only Scan Attack and Countermeasure for Compression-Based Scan Architectures
Scan design is a de facto design-for-testability (DfT) technique that enhances access during manufacturing test process. However, it can also be used as a back door to leak secret information from a secure chip. In existing scan attacks, the secret key of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Design Automation of Electronic Systems

ACM Transactions on Design Automation of Electronic Systems Volume 18, Issue 4

Special Section on Networks on Chip: Architecture, Tools, and Methodologies

October 2013

380 pages

ISSN:1084-4309

EISSN:1557-7309

DOI:10.1145/2541012

Issue’s Table of Contents

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 25 October 2013

Accepted: 01 March 2013

Revised: 01 November 2012

Received: 01 July 2012

Published in TODAES Volume 18, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

48
Total Citations
View Citations
410
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)8

Reflects downloads up to 31 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sao YAli SMazumdar B(2024)DefScan: Provably Defeating Scan Attack on AES-Like CiphersIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.336828943:8(2326-2339)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1109/TCAD.2024.3368289
Suzano JChastand AValea EDi Natale GPhilippe AAbouzeid FRoche P(2024)IEEE 1838 compliant scan encryption and integrity for 2.5/3D ICs2024 IEEE European Test Symposium (ETS)10.1109/ETS61313.2024.10567195(1-6)Online publication date: 20-May-2024
https://doi.org/10.1109/ETS61313.2024.10567195
Wang WGong XCai SLiu JWang X(2024)A Low-Overhead and High-Security Scan Design Based on Scan ObfuscationIEEE Access10.1109/ACCESS.2024.350589812(182561-182570)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3505898
Wang WChen JPan X(2024)A secure scan architecture using dynamic key to thwart scan-based side-channel attacksMicroelectronics Journal10.1016/j.mejo.2023.106050143:COnline publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1016/j.mejo.2023.106050
Pan ZLiu ZXu TLegut DZhang R(2024)VASPMATE: An integrated user-interface program for high-throughput first principles computations through VASP codeComputational Materials Science10.1016/j.commatsci.2023.112707233(112707)Online publication date: Jan-2024
https://doi.org/10.1016/j.commatsci.2023.112707
Wang WGong XWang XKim GAlqahtani FTolba A(2023)A Novel Secure Scan Design Based on Delayed Physical Unclonable FunctionComputers, Materials & Continua10.32604/cmc.2023.03161774:3(6605-6622)Online publication date: 2023
https://doi.org/10.32604/cmc.2023.031617
Sao YAli S(2023)Security Analysis of Scan Obfuscation TechniquesIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.326581518(2842-2855)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1109/TIFS.2023.3265815
Zou JCai ZXu XYang HGuo Y(2023)A Survey of Chips Security Technology Based on Scan Chain2023 International Symposium of Electronics Design Automation (ISEDA)10.1109/ISEDA59274.2023.10218659(292-302)Online publication date: 8-May-2023
https://doi.org/10.1109/ISEDA59274.2023.10218659
Zamiri Azar KMardani Kamali HFarahmandi FTehranipoor MZamiri Azar KMardani Kamali HFarahmandi FTehranipoor M(2023)Design-for-Testability and Its Impact on Logic LockingUnderstanding Logic Locking10.1007/978-3-031-37989-5_9(213-249)Online publication date: 23-Sep-2023
https://doi.org/10.1007/978-3-031-37989-5_9
Wang WWang XWang JXiong NCai SLiu P(2022)Ensuring Cryptography Chips Security by Preventing Scan-Based Side-Channel Attacks With Improved DFT ArchitectureIEEE Transactions on Systems, Man, and Cybernetics: Systems10.1109/TSMC.2020.303687952:3(2009-2023)Online publication date: Mar-2022
https://doi.org/10.1109/TSMC.2020.3036879
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents