Skip to main content
SpringerLink
Log in

Protection of Assets from Scan Chain Vulnerabilities Through Obfuscation

  • Chapter
  • First Online:
Hardware Protection through Obfuscation

Abstract

High-test coverage is essential during integrated circuit (IC) testing in order to avoid production flaws. In order to test ICs, scan-based testing has been commonly used due to high coverage and simple infrastructures. However, IC testing has opened a gateway to new kinds of vulnerabilities that could potentially be used to breach the assets of a system. There have been several attacks reported in literature. In addition, the increasing number of cryptodevices in modern applications and trust issues associated with the fabless semiconductor model has also given rise to major security concerns in ICs. Thus, the importance of scan chain security to protect assets of an IP/design has been increasing with the ubiquitous use of cryptochips. In this chapter, you will learn:

  • The importance of powerful scan-based IC testing structure and how scan chain can be used as backdoor for accessing and attacking assets.

  • Assets that need to protected against potential scan-based attacks.

  • The use of logic obfuscation to prevent potential scan-based attacks.

  • The use of logic obfuscation to prevent IC piracy, overproduction , out-of-spec ICs in modern horizontal semiconductor business model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ray S, Jin Y, Raychowdhury A (2016) The changing computing paradigm with internet of things: a tutorial introduction. IEEE Des Test Comput 33(2):76–96

    Article  Google Scholar 

  2. McGill K (2013) Trusted mobile devices: requirements for a mobile trusted platform module. http://www.jhuapl.edu/techdigest/TD/td3202/32_02-McGill.pdf

  3. National Institute of Standards and Technology, FIPS-46-3: Data Encryption Standard (DES). October 1977, reaffirmed in October 1999

    Google Scholar 

  4. National Institute of Standards and Technology, FIPS197: Specification for the Advanced Encryption Standard (AES), 2001

    Google Scholar 

  5. Vernam GS (1926) Cipher printing telegraph systems for secret wire and radio telegraphic communications. J Am Inst Electr Eng 55:109–115

    Google Scholar 

  6. Wolf M, Weimerskirch A, Wollinger T (2007) State of the art: embedding security in vehicles. EURASIP J Embed Syst 2007:074706

    Article  Google Scholar 

  7. Nara R, Togawa N, Yanagisawa M, Ohtsuki T (2010) Scan-based attack against elliptic curve cryptosystems. In: 15th IEEE Asia and South Pacific design automation conference, pp 407–412

    Google Scholar 

  8. Tehranipoor M, Wang C (2011) Introduction to hardware security and trust. Springer, New York

    Google Scholar 

  9. Ali SS, Sinanoglu O (2015) Scan attack on elliptic curve cryptosystem. In: IEEE international symposium on defect and fault tolerance in VLSI and nanotechnology systems (DFTS), IEEE

    Google Scholar 

  10. Paul S, Chakraborty R, Bhunia S (2007) VIm-scan: a low overhead scan design approach for protection of secret key in scan-based secure chips. In: 25th IEEE VLSI test symposium, pp 455–460

    Google Scholar 

  11. Guin U, Tehranipoor M, DiMase D, Megrdichian M (2013) Counterfeit IC detection and challenges ahead. ACM SIGDA Newsl 43(3):1–5

    Google Scholar 

  12. Contreras GK, Rahman MT, Tehranipoor M (2013) Secure split-test for preventing IC piracy by untrusted foundry and assembly. In: 2013 IEEE international symposium on defect and fault tolerance in VLSI and nanotechnology systems (DFT), IEEE

    Google Scholar 

  13. Rahman MT, Forte D, Shi Q, Contreras GK, Tehranipoor M (2014) CSST: an efficient secure split-test for preventing IC piracy. In: 2014 IEEE 23rd North Atlantic test workshop (NATW), IEEE

    Google Scholar 

  14. Maes R et al (2009) Analysis and design of active IC metering schemes. In: IEEE international workshop on hardware-oriented security and trust, 2009. HOST’09, IEEE

    Google Scholar 

  15. Rahman MT, Forte D, Shi Q, Contreras GK, Tehranipoor M (2014) CSST: preventing distribution of unlicensed and rejected ICs by untrusted foundry and assembly. In: IEEE international symposium on defect and fault tolerance in VLSI and nanotechnology systems

    Google Scholar 

  16. Lee J, Tehranipoor M, Patel C, Plusquellic J (2007) Securing designs against scan-based side-channel attacks. IEEE Trans. Dependable Secure Comput 4(4):325–336

    Article  Google Scholar 

  17. Rolt D et al (2014) Test versus security: past and present. IEEE Trans Emerg Top Comput 2(1):50–62

    Article  Google Scholar 

  18. Rolt J et al (2013) A novel differential scan attack on advanced DFT structures. ACM Trans Des Autom Electron Syst 18(4):58

    Article  Google Scholar 

  19. Choosing the Right Scan Compression Architecture for Your Design. http://www.cadence.com/rl/Resources/white_papers/Test_Compression_wp.pdf

  20. ARM inc. Building a Secure System using TrustZone Technology. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf

  21. Peeters E (2015) SoC Security Architecture: Current Practices and Emerging Needs, DAC

    Google Scholar 

  22. Rahman MT, Xiao K, Forte D, Zhang X, Shi J, Tehranipoor M (2014) Ti-TRNG: technology independent true random number generator. In: Proceedings of the 51st annual design automation conference, ACM

    Google Scholar 

  23. Banik S, Chowdhury A (2013) Improved scan-chain based attacks and related countermeasures. In: Paul G, Vaudenay S (eds) Proceedings of the 14th international conference on progress in cryptology, INDOCRYPT 2013 -, vol 8250., Vol 8250Springer, New York, pp 78–97

    Chapter  Google Scholar 

  24. Tehranipoor M, Lee J (2012) Protecting IPs against scan-based side-channel attacks. Introduction to hardware security and trust. Springer, New York, pp 411–427

    Google Scholar 

  25. Hly D, Kurt R, Karri R (2011) Security challenges during VLSI test. In: Proceedings of the 9th IEEE NEWCAS conference

    Google Scholar 

  26. Goering R (2004) Scan Design Called Portal for Hackers. http://www.eetimes.com/news/design/-showArticle.jhtml/articleID=51200154

  27. Scheiber S (2005) The Best-Laid Boards. http://www.reedelectronics.com/tmworld/article-/CA513261.html

  28. Yang B, Wu K, Karri R (2004) Scan based side channel attack on dedicated hardware implementations of data encryption standard. In: Proceedings of the IEEE international test conference, pp 339–344

    Google Scholar 

  29. Yang B, Wu K, Karri R (2005) Secure scan: a design-for-test architecture for crypto chips. In: Proceedings of the 42nd annual conference on design automation, pp 135–140

    Google Scholar 

  30. Nara R, Satoh K, Yanagisawa M, Ohtsuki T, Togawa N (2010) Scan-based side-channel attack against RSA cryptosystems using scan signatures. IEICE Trans Fundam Electron Commun Comput Sci E93–A(12):2481–2489

    Google Scholar 

  31. Liu Y, Wu K, Karri R (2011) Scan-based attacks on linear feedback shift register based stream ciphers. ACM Trans Des Autom Electron Syst (TODAES) 16(2):1–15

    Article  Google Scholar 

  32. Da Rolt J, Das A, Di Natale G, Flottes M-L, Rouzeyre B, Verbauwhede I (2012) A new scan attack on RSA in presence of industrial countermeasures. In: Schindler W, Huss SA (eds) Proceedings of the third international conference on constructive side-channel analysis and secure design (COSADE’12). Springer, Heidelberg, pp 89–104

    Chapter  Google Scholar 

  33. Rolt J et al (2012) Are advanced DfT structures sufficient for preventing scan-attacks. IEEE 30th VLSI test symposium (VTS). Hyatt Maui, HI, pp 246–251

    Google Scholar 

  34. Rolt J et al (2011) New security threats against chips containing scan chain structures. 2011 IEEE international symposium on hardware-oriented security and trust (HOST). San Diego, CA, pp 110–110

    Chapter  Google Scholar 

  35. Liu C, Huang Y (2007) Effects of embedded decompression and compaction architectures on side-channel attack resistance. In: 25th IEEE VLSI test symposium (VTS’07). Berkeley, CA, pp 461–468

    Google Scholar 

  36. Rosenfeld K, Karri R (2010) Attacks and defenses for JTAG. IEEE Des Test Comput 27(1):36–47

    Article  Google Scholar 

  37. Park K, Yoo SG, Kim T, Kim J (2010) JTAG security system based on credentials. J Electron Test 26(5):549–557

    Article  Google Scholar 

  38. Dworak J, Crouch AL (2015) A call to action: securing IEEE 1687 and the need for an IEEE test security standard. In: IEEE 33rd VLSI test symposium (VTS). pp 1–4

    Google Scholar 

  39. Dworak J, Conroy Z, Crouch A, Potter J (2014) Board security enhancement using new locking SIB-based architectures. In: International test conference

    Google Scholar 

  40. Chakraborty R, Bhunia S (2009) HARPOON: an obfuscation-based SoC design methodology for hardware protection. IEEE Trans Comput-Aided Des Integr Circuits Syst 28(10):1493–1502

    Article  Google Scholar 

  41. Chakraborty R, Bhunia S (2010) RTL hardware IP protection using key-based control and data flow obfuscation. In: 23rd international conference on VLSI design, 2010. VLSID’10, IEEE

    Google Scholar 

  42. Jeyavijayan R et al (2013) Security analysis of integrated circuit camouflaging. In: Proceedings of the 2013 ACM SIGSAC conference on computer and communications security, ACM

    Google Scholar 

  43. Roy A, Koushanfar F, Markov IL (2008) EPIC: ending piracy of integrated circuits. In: Proceedings of the conference on design, automation and test in Europe, ACM

    Google Scholar 

  44. Clark A (2009) Preventing integrated circuit piracy using reconfigurable logic barriers

    Google Scholar 

  45. Rahman MT, Forte D, Fahrny J, Tehranipoor M (2014) ARO-PUF: an aging-resistant ring oscillator PUF design. In: Proceedings of the conference on design, automation and test in Europe, European Design and Automation Association

    Google Scholar 

  46. Xiao K, Rahman MT, Forte D, Huang Y, Su M, Tehranipoor M (2014) Bit selection algorithm suitable for high-volume production of SRAM-PUF. In: IEEE international symposium on hardware-oriented security and trust (HOST), 2014, IEEE

    Google Scholar 

  47. Hosey A, Rahman MT, Xiao K, Forte D, Tehranipoor M (2014) Advanced analysis of cell stability for reliable SRAM PUFs. In: IEEE 23rd Asian test symposium (ATS). IEEE

    Google Scholar 

  48. Mazady A, Rahman MT, Forte D, Anwar M (2015) Memristor PUF: a security primitive: theory and experiment. IEEE J Emerg Sel Top Circuits Syst 5(2):222–229

    Article  Google Scholar 

  49. Rahman MT, Rahman F, Forte D, Tehranipoor M, An aging-resistant RO-PUF for reliable key generation. IEEE Trans Emerging Topics Comput, PP(99):1-1. doi:10.1109/TETC.2015.2474741

  50. Rahman MT, Forte D, Rahman F, Tehranipoor M (2015) A pair selection algorithm for robust RO-PUF against environmental variations and aging. In: 33rd IEEE international conference on computer design (ICCD), IEEE

    Google Scholar 

  51. Maes R, Schellekens D, Tuyls P, Verbauwhede I (2009) Analysis and design of active IC metering schemes. In: IEEE international workshop on hardware-oriented security and trust, (2009) HOST ’09. Francisco, CA, pp 74–81

    Google Scholar 

  52. Ratanpal GB, Williams RD, Blalock TN (2004) An on-chip signal suppression countermeasure to power analysis attacks. IEEE Trans Dependable Secure Comput 1(3):179–188

    Article  Google Scholar 

  53. Kocher, PC (1996) Timing attacks on implementations of diffieHellman, RSA, DSS and other systems. In: Proceedings on 16th annual international cryptology conference on advances in cryptology, pp 104–113

    Google Scholar 

  54. Karri R, Wu K, Mishra P (2001) Fault-based side-channel cryptanalysis tolerant architecture for Rijndael symmetric block cipher. In: Proceedings of the IEEE international symposium on defect and fault tolerance in VLSI systems, pp 427–435

    Google Scholar 

  55. Karri R, Wu K, Mishra P, Kim Y (2002) Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers. IEEE Trans Comput-Aided Des Integr Circuits Syst 21(12):1509–1517

    Article  Google Scholar 

  56. Skorobogatov SP (2005) Semi-invasive attacks: a new approach to hardware security analysis. Ph.D. Dissertation, University of Cambridge

    Google Scholar 

  57. Kommerling O, Kuhn MG (1999) Design principles for tamper resistant smartcard processors. In: Proceedings of the USENIX workshop on smartcard technology. pp 9–20

    Google Scholar 

  58. Kmmerling O, Kuhn MG (1999) Design principles for tamper resistant smartcard processors. In: Proceedings of the USENIX workshop on smartcard technology

    Google Scholar 

  59. Ahmed N, Tehranipour MH, Nourani M (2004) Low power pattern generation for BIST architecture. In: Proceedings of the 2004 international symposium on circuits and systems, 2004. ISCAS ’04, vol 2. pp II-689-92

    Google Scholar 

  60. Hafner K, Ritter HC, Schwair TM, Wallstab S, Deppermann M, Gessner J, Koesters S, Moeller W-D, Sandweg G (1991) Design and test of an integrated cryptochip. IEEE Des Test Comput 8(4):6–17

    Article  Google Scholar 

  61. Zimmermann R, Curiger A, Bonnenberg H, Kaeslin H, Felber N, Fichtner W (1994) A 177 Mbit/s VLSI implementation of the international data encryption algorithm. IEEE J. Solid-State Circuits 29(3):303–307

    Article  Google Scholar 

  62. Hely D, Flottes M-L, Bancel F, Rouzeyre B, Berard N, Renovell M (2004) Scan design and secure chip. In: Proceedings of the 10th IEEE international on-line testing symposium, pp 219–224

    Google Scholar 

  63. Sengar G, Mukhopadhyay D, Chowdhury DR (2007) Secured flipped scan-chain model for crypto-architecture. IEEE Trans CAD 26(11):2080–2084

    Article  Google Scholar 

  64. Standard IEEE, 1149.1-2001, (2001) Standard Test Access Port and Boundary-Scan Architecture. Technical report, IEEE Standards Board

    Google Scholar 

  65. Inoue M, Yoneda T, Hasegawa M, Fujiwara H (2009) Partial scan approach for secret information protection. In: 14th IEEE European test symposium. Seville, pp 143–148

    Google Scholar 

  66. Ege B, Das A, Batina L, Verbauwhede I (2013) Security of countermeasures against state-of-the-art differential scan attacks. In: TRUDEVICE. Radboud University Nijmegen, Nijmegen

    Google Scholar 

  67. Mentor Graphics ST, Whitepaper YA (2010) High quality test solutions for secure applications. Wilsonville, OR, USA. Mentor Graph. Corp., Apr. 2010

    Google Scholar 

  68. Rolt J et al (2012) A new scan attack on RSA in presence of industrial countermeasures, COSADE 2012. Lect Notes Comput Sci 7275:89–104

    Article  Google Scholar 

  69. Pierce L, Tragoudas S (2013) Enhanced secure architecture for joint action test group systems. IEEE Trans Very Large Scale Integr (VLSI) Syst 21(7):1342–1345

    Google Scholar 

  70. Chiu GM, Li JCM (2012) A secure test wrapper design against internal and boundary scan attacks for embedded cores. IEEE Trans Very Large Scale Integr (VLSI) Syst 20(1):126–134

    Google Scholar 

  71. Das A, Knezevic M, Seys S, Verbauwhede I (2011) Challenge-response based secure test wrapper for testing cryptographic circuits. In: IEEE European test symposium, ETS

    Google Scholar 

  72. Canniere C, Dunkelman O, Kneevi M (2009) KATAN & KTANTAN - A family of small and efficient hardware-oriented block ciphers, CHES

    Google Scholar 

  73. Hely D et al (2007) Securing scan control in crypto chips. J Electron Test 23(5):457–464

    Article  Google Scholar 

  74. Novak F, Biasizzo A (2006) Security extension for IEEE std 1149.1. J Electron Test Theory Appl 22(3):301–303

    Google Scholar 

  75. Buskey RF, Frosik BB (2006) Protected JTAG. 2006 international conference on parallel processing workshops (ICPPW’06). Columbus, OH, pp 406–414

    Google Scholar 

  76. Tamir Y, Chi HC (1993) Symmetric crossbar arbiters for VLSI communication switches. IEEE Trans Parallel Distrib Syst 4(1):13–27

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Florida, Gainesville, USA

    Md Tauhidur Rahman, Domenic Forte & Mark M. Tehranipoor

Authors
  1. Md Tauhidur Rahman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Domenic Forte
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mark M. Tehranipoor
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Md Tauhidur Rahman .

Editor information

Editors and Affiliations

  1. University of Florida, Gainseville, Florida, USA

    Domenic Forte

  2. University of Florida, Gainseville, Florida, USA

    Swarup Bhunia

  3. University of Florida, Gainseville, Florida, USA

    Mark M. Tehranipoor

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Tauhidur Rahman, M., Forte, D., Tehranipoor, M.M. (2017). Protection of Assets from Scan Chain Vulnerabilities Through Obfuscation. In: Forte, D., Bhunia, S., Tehranipoor, M. (eds) Hardware Protection through Obfuscation. Springer, Cham. https://doi.org/10.1007/978-3-319-49019-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-49019-9_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-49018-2

  • Online ISBN: 978-3-319-49019-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation