Skip to main content
SpringerLink
Log in

Scan attacks on side-channel and fault attack resistant public-key implementations

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Cryptographic devices are the targets of side-channel attacks, which exploit physical characteristics (e.g. power consumption) to compromise the system’s security. Several side-channel attacks and countermeasures have been proposed in the literature in the past decade. However, countermeasures are usually designed to resist attacks for a single side-channel. Few papers study the effects of a particular countermeasure on a specific side-channel attack on another attack which was not the target of the countermeasure. In this paper, we present scan-based side-channel attacks on public-key cryptographic hardware implementations in the presence countermeasures for power analysis and fault attacks. These aspects were not considered in any of the previous work on scan attacks. We have also considered the effect of Design for Test structures such as test compression and X-masking in our work to illustrate the effectiveness of our proposed scan-attack on practical implementations. Experimental results showing the requirement of the number of messages/points and retrieval time are presented to evaluate the complexity of the attacks. Results show that algorithmic countermeasures for Simple Power Analysis and Fault attack are not immune against our differential scan-attacks, whereas the algorithmic countermeasures against Differential Power Analysis are secure against such scan-attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Biehl, I., Meyer, B., Muller, V.: Differential fault analysis on elliptic curve cryptosystems. In: Crypto 2000. LNCS, vol. 1880, pp. 131–146 (2000)

  2. Ciet, M., Joye, M.: Free randomization techniques for elliptic curve cryptography. In: ICICS 2003. LNCS, vol. 2836, pp. 348–359 (2003)

  3. Coron, J.: Resistance against differential power analysis for elliptic curve cryptosystems. In: CHES 1999. LNCS, vol 1717, pp. 292–302. Springer, Berlin (1999)

  4. Da Rolt, J., Di Natale, G., Flottes, M.-L., Rouzeyre, B.: New security threats against chips containing scan chain structures. In: Proceedings of International Symposium on Hardware-Oriented Security and Trust (HOST’11), pp. 110–115 (2011)

  5. Da Rolt, J., Das, A., Di Natale, G., Flottes, M.-L., Rouzeyre, B., Verbauwhede, I.: A new scan-attack on RSA in presence of industrial countermeasures. In: 3rd International Workshop on Constructive Side-Channel Analysis and Design (COSADE’12). LNCS, vol. 7275, pp. 89–104 (2011)

  6. Da Rolt, J., Di Natale, G., Flottes, M-L., Rouzeyre, B.: Are advanced DfT structures sufficient for preventing scan-attacks? In: Proceedings of the 30th IEEE VLSI Test Symposium (VTS’12) (2012, to appear)

  7. Da Rolt, J., Das, A., Di Natale, G., Flottes, M-L., Rouzeyre, B., Verbauwhede, I.: A new scan attack on elliptic curve cryptosystems in presence of industrial design-for-testability structures. In: Proceedings of the IEEE International Symposium of Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT’12) (2012, to appear)

  8. Das, A., Kocabas, U., Sadeghi, A., Verbauwhede, I.: PUF-based secure test wrapper design for cryptographic SoC testing. In: Proceedings of the IEEE Conference on Design, Automation& Test in Europe (DATE’12), pp. 866–869 (2012)

  9. Joye, M., Devigne, J.: Binary Huff curves. CT-RSA 2011. LNCS, vol. 6558, pp. 340–355 (2011)

  10. Rouzeyre, B., Flottes, M.-L., Doulcier, M., Di Natale, G.: Self-test techniques for crypto-devices. IEEE Trans. Very Large Scale Integration Syst. 18(2), 329–333 (2010)

    Article  Google Scholar 

  11. Fan, J., Verbauwhede, I.: An updated survey on secure ECC implementations: attacks, countermeasures and cost. Quisquater Festschrift, LNCS, vol. 6805, pp. 265–282 (2012)

  12. Fan, J., Gierlichs, B., Vercauteren, F.: To infinity and beyond: combined attack on ECC using points of low order. In: CHES 2011. LNCS, vol. 6917, pp. 143–159 (2011)

  13. Fujiwara, H., Obien, M.E.J.: Secure and testable scan design using extended de Bruijn graphs. In: Proceedings of the 15th IEEE Asia and South Pacific Design Automation Conference (ASP-DAC’10), pp. 413–418 (2010)

  14. Hely, D., Bancel, F., Flottes, M.-L., Rouzeyre, B.: Secure scan techniques: a comparison. In: Proceedings of the 12th IEEE International On-Line Testing, Symposium (IOLTS’06), pp. 119–124 (2006)

  15. Joye, M., Tymen, C.: Protections against differential analysis for elliptic curve cryptography. In: CHES 2001. LNCS, vol. 2162, pp. 377–390. Springer, Berlin (2001)

  16. Joye, M., Yen, S.-M.: The Montgomery powering ladder. In: CHES 2002. LNCS, vol. 2523, pp. 291–302 (2003)

  17. Kömmerling, O., Kuhn, M.G.: Design principles for tamper-resistant smartcard processors. USENIX Workshop on Smartcard Technology (1999)

  18. Lee, J. Tehranipoor, M., Patel, C., Plusquellic, J. : A low-cost solution for protecting IPs against scan-based side-channel attacks. In: Proceedings of the IEEE VLSI Test Symposium, pp. 94–99 (2005)

  19. Liu, C., Huang, Y.: Effects of embedded decompression and compaction architectures on side-channel attack resistance. In: Proceedings of the 25th IEEE VLSI Test Symposium (VTS’07), pp. 461–468 (2007)

  20. Liu, Y., Wu, K., Karri, R.: Scan-based attacks on linear feedback shift register based stream ciphers. ACM Trans. Design Autom. Electron. Syst. 16(2), 1–15 (2011)

    Article  MATH  Google Scholar 

  21. Mames, B.C., Ciet, M., Joye, M.: Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity. In: IACR Cryptology ePrint Archive 2003, 237 (2003)

  22. Mentor Graphics.: Silicon test and yield analysis whitepaper. High quality test solutions for secure applications (2010)

  23. Nara, R., Satoh, K., Yanagisawa, M., Ohtsuki, T., Togawa, N.: Scan-based side-channel attack against RSA cryptosystems using scan signatures. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E 93A(12), 2481–2489 (2010)

    Google Scholar 

  24. Nara, R., Togawa, N., Yanagisawa, M., Ohtsuki, T.: Scan-based attack against elliptic curve cryptosystems. In: Proceedings of the 15th IEEE Asia and South Pacific Design Automation Conference (ASP-DAC’10), pp. 407–412 (2010)

  25. Novak, F., Biasizzo, A.: Security extension for IEEE Std. 1149.1. J. Electron. Testing: Theory Appl. 22, 301–303 (2006)

    Article  Google Scholar 

  26. Rosenfeld, K., Karri, R.: Attacks and defenses for JTAG. IEEE Des. Test Comput. 27(1), 36–47 (2010)

    Article  Google Scholar 

  27. Sengar, G., Mukhopadhayay, D., Chowdhury, D.R.: An efficient approach to develop secure scan tree for crypto-hardware. In: Proceedings of the 15th International Conference on Advanced Computing and Communications (ADCOM’07), pp. 21–26 (2007)

  28. Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: CHES 2002. LNCS, vol. 2523, pp. 2–12 (2002)

  29. Wohl, P., Waicukauski, J.A., Patel, S.: Scalable selector architecture for X-tolerant deterministic BIST. In: Proceedings of Design Automation Conference, pp. 934–939 (2004)

  30. Yang, B., Wu, K., Karri, R.: Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard. In: Proceedings of IEEE International Test Conference (ITC’04), pp. 339–344 (2004)

  31. Yang, B., Wu, K., Karri, R.: Secure scan: a design-for-test architecture for crypto chips. IEEE Trans. Comput.-Aided Des. Integr. Circ. Syst. 25(10), 2287–2293 (2006)

    Article  Google Scholar 

  32. Yen, S.M., Joye, M.: Checking before output not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49(9), 967–970 (2000)

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported in part by the Research Council K.U.Leuven: GOA TENSE (GOA/11/007), by the IAP Programme P6/26 BCRYPT of the Belgian State (Belgian Science Policy) and by the European Commission through the ICT programme under contract ICT-2007-216676 ECRYPT II.

Author information

Authors and Affiliations

  1. LIRMM, Université Montpellier II/CNRS UMR 5506, Montpellier, France

    Jean Da Rolt, Giorgio Di Natale, Marie-Lise Flottes & Bruno Rouzeyre

  2. KU Leuven and IBBT, ESAT/COSIC, Louvain, Belgium

    Amitabh Das, Santosh Ghosh & Ingrid Verbauwhede

Authors
  1. Jean Da Rolt
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amitabh Das
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Santosh Ghosh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Giorgio Di Natale
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Marie-Lise Flottes
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Bruno Rouzeyre
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Ingrid Verbauwhede
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amitabh Das.

Appendix

Appendix

1.1 A1. Background on IC testing

Testing digital ICs can be divided into two main categories: functional testing and structural testing. The first one, the most obvious, consists of applying stimuli to the circuit interface in order to verify if the circuit behaves properly (e.g. applying two operands to an adder). However, using functional testing on average to large circuits can be possibly infeasible, since testing all the possible stimuli may take exponential time. Therefore, the standard methodology for digital testing is the structural test. It is based on applying vectors that test all faults in the circuit, with gate-level precision. These vectors are generated based on the netlist simulation and using Automatic Test Pattern Generators (ATPG), like TetraMAX and Cadence Encounter True-Time ATPG. Satisfying a structural test means that the circuit gates are working properly for the assumed fault models. If the circuit is properly designed, it also means that its functional behavior is as expected.

In order to achieve high fault coverage during structural testing, the usual practice is to insert scan chains in the design. This is automatically done by transforming the flip-flops into scan flip-flops and connecting them in large shift registers. Besides the circuit input/output pins, the scan chains provides to the tester an additional path to load input patterns (by shifting in vectors in the scan chain) and to unload response vectors (by shifting out). Inserting scan chains increases the controllability and the observability of internal circuit nodes, as well as the fault coverage. Structural test is usually performed at the fab after chip manufacture, using costly testers.

1.1.1 A1.1 Scan-based structural design-for-testability

Scan has been generally accepted as the standard method of testing chips due to the high fault coverage and low overhead. Inserting scan-chains while designing the chip requires three additional pins to the primary I/O (PIs and POs) to serve as the scan-enable, scan-in, and scan-out. Internally, there is little impact on the design since the standard flip-flops (FFs) are replaced by scan flip-flops (SFFs) (flip-flops with an input multiplexer) which are then linked to one another creating a shift register (scan chain). An example of a scan chain is shown in the Fig. 4. Scan-enable selects between functional and test mode operations. It controls each multiplexer, choosing between the normal mode input of the FF or the output of the previous SFF in the chain.

Fig. 4
figure 4

Scan-chain DFT structure

Full size image

The scan chain allows the tester to control and observe internal states of the circuit by loading/unloading input patterns/test responses. In order to load test patterns, the scan-enable signal is activated and each bit of the pattern is shifted in at each system clock. When the entire input pattern is serially loaded, the scan-enable signal is deactivated for one or more cycles. During these cycles (capture mode), the input patterns are used as input to the combinational logic and the response is stored in the sequential elements. Scan-enable is activated again (shift-mode) and the internal state can be scanned out and be analyzed by the tester. At the same time the next input pattern is loaded. In other words, using scan chains essentially transforms the circuit in a pure combinational logic, which is much easily tested than sequential logic.

1.1.2 A1.2 Test compression

With a scan approach, test time is proportional to the number of patterns and to the length of the scan chain. Thus, for large circuits with thousands of flip-flops, scanning in patterns and scanning out the responses may take too much tester time. This reflects on the final circuit cost. Therefore, it is a common practice to divide the flip-flops into multiple shorter scan chains, reducing the load/unload time. Additionally, to meet the constrained number of circuit pins, compaction structures are implemented, as shown in Fig. 5.

Fig. 5
figure 5

Circuit with spatial compaction and \(X\) handling

Full size image

These structures consist of two parts: the decompressor that receives a small number of input patterns through the test inputs and spreads them over many scan chains, and the response compactor (usually based on parity trees) that combines all the scan chain outputs into a reduced set unloaded through the test outputs.

1.1.3 A1.3 X-masking

Compaction structures are proven to reduce test time and cost (by reducing requirement on the number of tester pins and test patterns) without jeopardizing the fault coverage. However, some flip-flops in the scan chain may depend on unpredictable values (e.g. previous states, memories, unknown bus values). These values are referred as \(X\)’s. The presence of an \(X\) in one of the slices (see Fig. 5) corrupts the test of the other flip-flops in the same slice. In order to avoid that, special structures (Masking logic in Fig. 5) are inserted to filter unknown values. Most techniques are based on having a mask input and a mask decoder that disables some chains in the presence of \(X\)’s, masking their effects [29].

Rights and permissions

Reprints and permissions

About this article

Cite this article

Da Rolt, J., Das, A., Ghosh, S. et al. Scan attacks on side-channel and fault attack resistant public-key implementations. J Cryptogr Eng 2, 207–219 (2012). https://doi.org/10.1007/s13389-012-0045-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-012-0045-z

Keywords

Search

Navigation