Skip to main content
SpringerLink
Log in

Scan Design: Basics, Advancements, and Vulnerabilities

  • Chapter
  • First Online:
Hardware Security and Trust

Abstract

The increasing design complexity of modern Integrated Chips (IC) has reflected into exacerbated challenges in manufacturing testing. In this respect, scan is the most widely used design for testability (DfT) technique that overcomes the manufacturing test challenges by enhancing the access and thus, testability. However, scan can also open a back door to an attacker when implemented in security critical chips. Although some applications disable access to the scan chains upon manufacturing test, other applications require this access to enable in-field testing and debugging capabilities. This chapter aims at providing testable yet secure scan-based DfT techniques. We first describe various cost-effective DfT techniques to overcome the test challenges, such as low controllability and observability, which in turn leads to high test cost and low test quality. In particular, we review the challenges and opportunities in widely utilized compression-based scan design. We then highlight the security vulnerabilities of basic scan as well as these advanced DfT techniques. We describe multiple scan attacks that misuse representative test infrastructures. A detailed analysis is also performed to figure out the fundamental limitations of these attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 139.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bushnell M, Agrawal V. Essentials of electronic testing for digital. Memory and mixed-signal VLSI circuits. Springer; 2005.

    Google Scholar 

  2. Rajski J, Tyszer J, Kassab M, Mukherjee N, Thompson R, Tsai KH, et al. Embedded deterministic test for low cost manufacturing test. In: Proceedings of IEEE international test conference, 2002. p. 301–10.

    Google Scholar 

  3. Barnhart C, Brunkhorst V, Distler F, Farnsworth O, Keller B, Koenemann B. OPMISR: the foundation for compressed ATPG vectors. In: Proceedings of IEEE international test conference, 2001. p. 748–57.

    Google Scholar 

  4. Samaranayake S, Gizdarski E, Sitchinava N, Neuveux F, Kapur R, Williams TW. A reconfigurable shared scan-in architecture. In: Proceedings of IEEE VLSI test symposium, 2003. p. 9–14.

    Google Scholar 

  5. Touba NA. Survey of test vector compression techniques. IEEE Des Test Comput. 2006;23(4):294–303.

    Article  Google Scholar 

  6. Pandey AR, Patel JH. An incremental algorithm for test generation in illinois scan architecture based designs. In: Proceedings of design, automation and test in Europe conference and exhibition, 2002. p. 368–75.

    Google Scholar 

  7. Breuer MA. A note on three-valued logic simulation. IEEE Trans Comput. 1972;21(4):399–402.

    Article  MATH  Google Scholar 

  8. IEEE standard hardware description language based on the verilog(r) hardware description language. IEEE Std 1364–1995, 1996. p. 1–688.

    Google Scholar 

  9. Savir J. Reducing the misr size. IEEE Trans Comput. 1996;45(8):930–8.

    Google Scholar 

  10. Rajski W, Rajski J. Modular compactor of test responses. In: Proceedings of IEEE VLSI test symposium, 2006. p. 10.

    Google Scholar 

  11. Pouya B, Touba NA. Synthesis of zero-aliasing elementary-tree space compactors. In: Proceedings of IEEE VLSI test symposium, 1998. p. 70–7.

    Google Scholar 

  12. Mitra S, Kim KS. X-compact: an efficient response compaction technique for test cost reduction. In: Proceedings of IEEE international test conference, 2002. p. 311–20.

    Google Scholar 

  13. Wohl P, Waicukauski JA, Ramnath S. Fully x-tolerant combinational scan compression. In: Proceedings IEEE international test conference, Oct 2007. p. 1–10.

    Google Scholar 

  14. Chickermane V, Foutz B, Keller B. Channel masking synthesis for efficient on-chip test compression. In: Proceedings of IEEE international test conference, 2004. p. 452–61.

    Google Scholar 

  15. Saeed SM, Sinanoglu O. Multi-modal response compaction adaptive to x-density variation. IET Comput Dig Techniq. 2012;6(2):69–77.

    Article  Google Scholar 

  16. Saeed SM, Sinanoglu O. Xor-based response compactor adaptive to x-density variation. In: Proceedings of IEEE Asian test symposium, 2010. p. 212–17.

    Google Scholar 

  17. IEEE standard test access port and boundary scan architecture. IEEE Std 1149.1-2001, July 2001. p. 1–212.

    Google Scholar 

  18. Yang B, Wu K, Karri R. Scan based side channel attack on dedicated hardware implementations of data encryption standard. In: Proceedings of IEEE international test conference, 2004. p. 339–44.

    Google Scholar 

  19. Yang B, Wu K, Karri R. Secure scan: a design-for-test architecture for crypto chips. In: Joyner Jr. WH, Martin G, Kahng AB, editors. ACM/IEEE design automation conference; 2005. p. 135–40.

    Google Scholar 

  20. Daemen J, Rijmen V. The design of Rijndael. New York: Springer Inc.; 2002.

    Google Scholar 

  21. Ali SS, Sinanoglu O, Saeed SM, Karri R. New scan-based attack using only the test mode. In: Proceeding of IEEE VLSI-SoC, 2013. p. 234–39.

    Google Scholar 

  22. Nyberg K. Generalized feistel networks. In: Kim K, Mat-Sumoto T, editors. ASIACRYPT, volume 1163 of lecture notes in computer science. Springer; 1996. p. 91–104.

    Google Scholar 

  23. Kapur R. Security vs. test quality: are they mutually exclusive? In: Proceeding IEEE test conference, 2004. p. 1414.

    Google Scholar 

  24. DaRolt J, Di Natale G, Flottes ML, Rouzeyre B. Are advanced DfT structures sufficient for preventing scan-attacks? In: Proceedings of IEEE VLSI test symposium, 2012. p. 246–51.

    Google Scholar 

  25. Ege B, Das A, Ghosh S, Verbauwhede I. Differential scan attack on AES with X-tolerant and X-masked test response compactor. In: IEEE DSD, 2012. p. 545–52

    Google Scholar 

  26. DaRolt J, Di Natale G, Flottes ML, Rouzeyre B. Scan attacks and countermeasures in presence of scan response compactors. In: Proceeding of European test symposium, 2011. p. 19–24.

    Google Scholar 

  27. Hely D, Bancel F, Flottes ML, Rouzeyre B. Test control for secure scan designs. In: Proceedings of IEEE European symposium on test, 2005. p. 190–5.

    Google Scholar 

  28. Ali SS, Saeed SM, Sinanoglu O, Karri R. Scan attack in presence of mode- reset countermeasure. In: Proceeding of IEEE international on-line testing symposium, 2013. p. 230–1.

    Google Scholar 

  29. Saeed SM, Ali SS, Sinanoglu O, Karri R. Test-mode-only scan attack and countermeasure for contemporary scan architectures. In: Proceedings of IEEE international test conference, 2014. p. 1–8.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Washington, Tacoma, WA, 98402, USA

    Samah Mohamed Saeed

  2. New York University, 129188, Abu Dhabi, UAE

    Sk Subidh Ali & Ozgur Sinanoglu

Authors
  1. Samah Mohamed Saeed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sk Subidh Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ozgur Sinanoglu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Samah Mohamed Saeed .

Editor information

Editors and Affiliations

  1. Computer & Informatics Engineering Department, Technological Educational Institute of Western Greece, Antirrio, Greece

    Nicolas Sklavos

  2. INESC-ID, IST, University of Lisbon, Lisbon, Portugal

    Ricardo Chaves

  3. UMR 5506 - CC 477, LIRMM - CNRS / University of Montpellier, Montpellier, France

    Giorgio Di Natale

  4. ALaRI Institute, University of Lugano, Lugano, Switzerland

    Francesco Regazzoni

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Saeed, S.M., Ali, S.S., Sinanoglu, O. (2017). Scan Design: Basics, Advancements, and Vulnerabilities. In: Sklavos, N., Chaves, R., Di Natale, G., Regazzoni, F. (eds) Hardware Security and Trust. Springer, Cham. https://doi.org/10.1007/978-3-319-44318-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-44318-8_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-44316-4

  • Online ISBN: 978-3-319-44318-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation