Abstract
High-test coverage is essential during integrated circuit (IC) testing in order to avoid production flaws. In order to test ICs, scan-based testing has been commonly used due to high coverage and simple infrastructures. However, IC testing has opened a gateway to new kinds of vulnerabilities that could potentially be used to breach the assets of a system. There have been several attacks reported in literature. In addition, the increasing number of cryptodevices in modern applications and trust issues associated with the fabless semiconductor model has also given rise to major security concerns in ICs. Thus, the importance of scan chain security to protect assets of an IP/design has been increasing with the ubiquitous use of cryptochips. In this chapter, you will learn:
-
The importance of powerful scan-based IC testing structure and how scan chain can be used as backdoor for accessing and attacking assets.
-
Assets that need to protected against potential scan-based attacks.
-
The use of logic obfuscation to prevent potential scan-based attacks.
-
The use of logic obfuscation to prevent IC piracy, overproduction , out-of-spec ICs in modern horizontal semiconductor business model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ray S, Jin Y, Raychowdhury A (2016) The changing computing paradigm with internet of things: a tutorial introduction. IEEE Des Test Comput 33(2):76–96
McGill K (2013) Trusted mobile devices: requirements for a mobile trusted platform module. http://www.jhuapl.edu/techdigest/TD/td3202/32_02-McGill.pdf
National Institute of Standards and Technology, FIPS-46-3: Data Encryption Standard (DES). October 1977, reaffirmed in October 1999
National Institute of Standards and Technology, FIPS197: Specification for the Advanced Encryption Standard (AES), 2001
Vernam GS (1926) Cipher printing telegraph systems for secret wire and radio telegraphic communications. J Am Inst Electr Eng 55:109–115
Wolf M, Weimerskirch A, Wollinger T (2007) State of the art: embedding security in vehicles. EURASIP J Embed Syst 2007:074706
Nara R, Togawa N, Yanagisawa M, Ohtsuki T (2010) Scan-based attack against elliptic curve cryptosystems. In: 15th IEEE Asia and South Pacific design automation conference, pp 407–412
Tehranipoor M, Wang C (2011) Introduction to hardware security and trust. Springer, New York
Ali SS, Sinanoglu O (2015) Scan attack on elliptic curve cryptosystem. In: IEEE international symposium on defect and fault tolerance in VLSI and nanotechnology systems (DFTS), IEEE
Paul S, Chakraborty R, Bhunia S (2007) VIm-scan: a low overhead scan design approach for protection of secret key in scan-based secure chips. In: 25th IEEE VLSI test symposium, pp 455–460
Guin U, Tehranipoor M, DiMase D, Megrdichian M (2013) Counterfeit IC detection and challenges ahead. ACM SIGDA Newsl 43(3):1–5
Contreras GK, Rahman MT, Tehranipoor M (2013) Secure split-test for preventing IC piracy by untrusted foundry and assembly. In: 2013 IEEE international symposium on defect and fault tolerance in VLSI and nanotechnology systems (DFT), IEEE
Rahman MT, Forte D, Shi Q, Contreras GK, Tehranipoor M (2014) CSST: an efficient secure split-test for preventing IC piracy. In: 2014 IEEE 23rd North Atlantic test workshop (NATW), IEEE
Maes R et al (2009) Analysis and design of active IC metering schemes. In: IEEE international workshop on hardware-oriented security and trust, 2009. HOST’09, IEEE
Rahman MT, Forte D, Shi Q, Contreras GK, Tehranipoor M (2014) CSST: preventing distribution of unlicensed and rejected ICs by untrusted foundry and assembly. In: IEEE international symposium on defect and fault tolerance in VLSI and nanotechnology systems
Lee J, Tehranipoor M, Patel C, Plusquellic J (2007) Securing designs against scan-based side-channel attacks. IEEE Trans. Dependable Secure Comput 4(4):325–336
Rolt D et al (2014) Test versus security: past and present. IEEE Trans Emerg Top Comput 2(1):50–62
Rolt J et al (2013) A novel differential scan attack on advanced DFT structures. ACM Trans Des Autom Electron Syst 18(4):58
Choosing the Right Scan Compression Architecture for Your Design. http://www.cadence.com/rl/Resources/white_papers/Test_Compression_wp.pdf
ARM inc. Building a Secure System using TrustZone Technology. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf
Peeters E (2015) SoC Security Architecture: Current Practices and Emerging Needs, DAC
Rahman MT, Xiao K, Forte D, Zhang X, Shi J, Tehranipoor M (2014) Ti-TRNG: technology independent true random number generator. In: Proceedings of the 51st annual design automation conference, ACM
Banik S, Chowdhury A (2013) Improved scan-chain based attacks and related countermeasures. In: Paul G, Vaudenay S (eds) Proceedings of the 14th international conference on progress in cryptology, INDOCRYPT 2013 -, vol 8250., Vol 8250Springer, New York, pp 78–97
Tehranipoor M, Lee J (2012) Protecting IPs against scan-based side-channel attacks. Introduction to hardware security and trust. Springer, New York, pp 411–427
Hly D, Kurt R, Karri R (2011) Security challenges during VLSI test. In: Proceedings of the 9th IEEE NEWCAS conference
Goering R (2004) Scan Design Called Portal for Hackers. http://www.eetimes.com/news/design/-showArticle.jhtml/articleID=51200154
Scheiber S (2005) The Best-Laid Boards. http://www.reedelectronics.com/tmworld/article-/CA513261.html
Yang B, Wu K, Karri R (2004) Scan based side channel attack on dedicated hardware implementations of data encryption standard. In: Proceedings of the IEEE international test conference, pp 339–344
Yang B, Wu K, Karri R (2005) Secure scan: a design-for-test architecture for crypto chips. In: Proceedings of the 42nd annual conference on design automation, pp 135–140
Nara R, Satoh K, Yanagisawa M, Ohtsuki T, Togawa N (2010) Scan-based side-channel attack against RSA cryptosystems using scan signatures. IEICE Trans Fundam Electron Commun Comput Sci E93–A(12):2481–2489
Liu Y, Wu K, Karri R (2011) Scan-based attacks on linear feedback shift register based stream ciphers. ACM Trans Des Autom Electron Syst (TODAES) 16(2):1–15
Da Rolt J, Das A, Di Natale G, Flottes M-L, Rouzeyre B, Verbauwhede I (2012) A new scan attack on RSA in presence of industrial countermeasures. In: Schindler W, Huss SA (eds) Proceedings of the third international conference on constructive side-channel analysis and secure design (COSADE’12). Springer, Heidelberg, pp 89–104
Rolt J et al (2012) Are advanced DfT structures sufficient for preventing scan-attacks. IEEE 30th VLSI test symposium (VTS). Hyatt Maui, HI, pp 246–251
Rolt J et al (2011) New security threats against chips containing scan chain structures. 2011 IEEE international symposium on hardware-oriented security and trust (HOST). San Diego, CA, pp 110–110
Liu C, Huang Y (2007) Effects of embedded decompression and compaction architectures on side-channel attack resistance. In: 25th IEEE VLSI test symposium (VTS’07). Berkeley, CA, pp 461–468
Rosenfeld K, Karri R (2010) Attacks and defenses for JTAG. IEEE Des Test Comput 27(1):36–47
Park K, Yoo SG, Kim T, Kim J (2010) JTAG security system based on credentials. J Electron Test 26(5):549–557
Dworak J, Crouch AL (2015) A call to action: securing IEEE 1687 and the need for an IEEE test security standard. In: IEEE 33rd VLSI test symposium (VTS). pp 1–4
Dworak J, Conroy Z, Crouch A, Potter J (2014) Board security enhancement using new locking SIB-based architectures. In: International test conference
Chakraborty R, Bhunia S (2009) HARPOON: an obfuscation-based SoC design methodology for hardware protection. IEEE Trans Comput-Aided Des Integr Circuits Syst 28(10):1493–1502
Chakraborty R, Bhunia S (2010) RTL hardware IP protection using key-based control and data flow obfuscation. In: 23rd international conference on VLSI design, 2010. VLSID’10, IEEE
Jeyavijayan R et al (2013) Security analysis of integrated circuit camouflaging. In: Proceedings of the 2013 ACM SIGSAC conference on computer and communications security, ACM
Roy A, Koushanfar F, Markov IL (2008) EPIC: ending piracy of integrated circuits. In: Proceedings of the conference on design, automation and test in Europe, ACM
Clark A (2009) Preventing integrated circuit piracy using reconfigurable logic barriers
Rahman MT, Forte D, Fahrny J, Tehranipoor M (2014) ARO-PUF: an aging-resistant ring oscillator PUF design. In: Proceedings of the conference on design, automation and test in Europe, European Design and Automation Association
Xiao K, Rahman MT, Forte D, Huang Y, Su M, Tehranipoor M (2014) Bit selection algorithm suitable for high-volume production of SRAM-PUF. In: IEEE international symposium on hardware-oriented security and trust (HOST), 2014, IEEE
Hosey A, Rahman MT, Xiao K, Forte D, Tehranipoor M (2014) Advanced analysis of cell stability for reliable SRAM PUFs. In: IEEE 23rd Asian test symposium (ATS). IEEE
Mazady A, Rahman MT, Forte D, Anwar M (2015) Memristor PUF: a security primitive: theory and experiment. IEEE J Emerg Sel Top Circuits Syst 5(2):222–229
Rahman MT, Rahman F, Forte D, Tehranipoor M, An aging-resistant RO-PUF for reliable key generation. IEEE Trans Emerging Topics Comput, PP(99):1-1. doi:10.1109/TETC.2015.2474741
Rahman MT, Forte D, Rahman F, Tehranipoor M (2015) A pair selection algorithm for robust RO-PUF against environmental variations and aging. In: 33rd IEEE international conference on computer design (ICCD), IEEE
Maes R, Schellekens D, Tuyls P, Verbauwhede I (2009) Analysis and design of active IC metering schemes. In: IEEE international workshop on hardware-oriented security and trust, (2009) HOST ’09. Francisco, CA, pp 74–81
Ratanpal GB, Williams RD, Blalock TN (2004) An on-chip signal suppression countermeasure to power analysis attacks. IEEE Trans Dependable Secure Comput 1(3):179–188
Kocher, PC (1996) Timing attacks on implementations of diffieHellman, RSA, DSS and other systems. In: Proceedings on 16th annual international cryptology conference on advances in cryptology, pp 104–113
Karri R, Wu K, Mishra P (2001) Fault-based side-channel cryptanalysis tolerant architecture for Rijndael symmetric block cipher. In: Proceedings of the IEEE international symposium on defect and fault tolerance in VLSI systems, pp 427–435
Karri R, Wu K, Mishra P, Kim Y (2002) Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers. IEEE Trans Comput-Aided Des Integr Circuits Syst 21(12):1509–1517
Skorobogatov SP (2005) Semi-invasive attacks: a new approach to hardware security analysis. Ph.D. Dissertation, University of Cambridge
Kommerling O, Kuhn MG (1999) Design principles for tamper resistant smartcard processors. In: Proceedings of the USENIX workshop on smartcard technology. pp 9–20
Kmmerling O, Kuhn MG (1999) Design principles for tamper resistant smartcard processors. In: Proceedings of the USENIX workshop on smartcard technology
Ahmed N, Tehranipour MH, Nourani M (2004) Low power pattern generation for BIST architecture. In: Proceedings of the 2004 international symposium on circuits and systems, 2004. ISCAS ’04, vol 2. pp II-689-92
Hafner K, Ritter HC, Schwair TM, Wallstab S, Deppermann M, Gessner J, Koesters S, Moeller W-D, Sandweg G (1991) Design and test of an integrated cryptochip. IEEE Des Test Comput 8(4):6–17
Zimmermann R, Curiger A, Bonnenberg H, Kaeslin H, Felber N, Fichtner W (1994) A 177 Mbit/s VLSI implementation of the international data encryption algorithm. IEEE J. Solid-State Circuits 29(3):303–307
Hely D, Flottes M-L, Bancel F, Rouzeyre B, Berard N, Renovell M (2004) Scan design and secure chip. In: Proceedings of the 10th IEEE international on-line testing symposium, pp 219–224
Sengar G, Mukhopadhyay D, Chowdhury DR (2007) Secured flipped scan-chain model for crypto-architecture. IEEE Trans CAD 26(11):2080–2084
Standard IEEE, 1149.1-2001, (2001) Standard Test Access Port and Boundary-Scan Architecture. Technical report, IEEE Standards Board
Inoue M, Yoneda T, Hasegawa M, Fujiwara H (2009) Partial scan approach for secret information protection. In: 14th IEEE European test symposium. Seville, pp 143–148
Ege B, Das A, Batina L, Verbauwhede I (2013) Security of countermeasures against state-of-the-art differential scan attacks. In: TRUDEVICE. Radboud University Nijmegen, Nijmegen
Mentor Graphics ST, Whitepaper YA (2010) High quality test solutions for secure applications. Wilsonville, OR, USA. Mentor Graph. Corp., Apr. 2010
Rolt J et al (2012) A new scan attack on RSA in presence of industrial countermeasures, COSADE 2012. Lect Notes Comput Sci 7275:89–104
Pierce L, Tragoudas S (2013) Enhanced secure architecture for joint action test group systems. IEEE Trans Very Large Scale Integr (VLSI) Syst 21(7):1342–1345
Chiu GM, Li JCM (2012) A secure test wrapper design against internal and boundary scan attacks for embedded cores. IEEE Trans Very Large Scale Integr (VLSI) Syst 20(1):126–134
Das A, Knezevic M, Seys S, Verbauwhede I (2011) Challenge-response based secure test wrapper for testing cryptographic circuits. In: IEEE European test symposium, ETS
Canniere C, Dunkelman O, Kneevi M (2009) KATAN & KTANTAN - A family of small and efficient hardware-oriented block ciphers, CHES
Hely D et al (2007) Securing scan control in crypto chips. J Electron Test 23(5):457–464
Novak F, Biasizzo A (2006) Security extension for IEEE std 1149.1. J Electron Test Theory Appl 22(3):301–303
Buskey RF, Frosik BB (2006) Protected JTAG. 2006 international conference on parallel processing workshops (ICPPW’06). Columbus, OH, pp 406–414
Tamir Y, Chi HC (1993) Symmetric crossbar arbiters for VLSI communication switches. IEEE Trans Parallel Distrib Syst 4(1):13–27
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Tauhidur Rahman, M., Forte, D., Tehranipoor, M.M. (2017). Protection of Assets from Scan Chain Vulnerabilities Through Obfuscation. In: Forte, D., Bhunia, S., Tehranipoor, M. (eds) Hardware Protection through Obfuscation. Springer, Cham. https://doi.org/10.1007/978-3-319-49019-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-49019-9_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49018-2
Online ISBN: 978-3-319-49019-9
eBook Packages: EngineeringEngineering (R0)