A Secure Test Wrapper Design Against Internal and Boundary Scan Attacks for Embedded Cores

Chiu, Geng-Ming; Li, James Chien-Mo

doi:10.1109/tvlsi.2010.2089071

Cited by 62 publications

(31 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mode-reset countermeasure [34] ScanSAT-vulnerable BIST [36] , scan on-chip comparison [43]/compaction [44], Secure test wrapper (STW) [45] ScanSAT-resilient Scan interface encryption [37] ScanSAT-resilient…”

Section: Comparison Against Nsaa [24]mentioning

confidence: 99%

ScanSAT: Unlocking Static and Dynamic Scan Obfuscation

Alrahis

Yasin

Limaye

et al. 2021

IEEE Trans. Emerg. Topics Comput.

View full text Add to dashboard Cite

While financially advantageous, outsourcing key steps, such as testing, to potentially untrusted Outsourced Assembly and Test (OSAT) companies may pose a risk of compromising on-chip assets. Obfuscation of scan chains is a technique that hides the actual scan data from the untrusted testers; logic inserted between the scan cells, driven by a secret key, hides the transformation functions that map the scan-in stimulus (scan-out response) and the delivered scan pattern (captured response). While static scan obfuscation utilizes the same secret key, and thus, the same secret transformation functions throughout the lifetime of the chip, dynamic scan obfuscation updates the key periodically. In this paper, we propose ScanSAT: an attack that transforms a scan obfuscated circuit to its logic-locked version and applies the Boolean satisfiability (SAT) based attack, thereby extracting the secret key. We implement our attack, apply on representative scan obfuscation techniques, and show that ScanSAT can break both static and dynamic scan obfuscation schemes with 100% success rate. Moreover, ScanSAT is effective even for large key sizes and in the presence of scan compression.

show abstract

Section: Comparison Against Nsaa [24]mentioning

confidence: 99%

ScanSAT: Unlocking Static and Dynamic Scan Obfuscation

Alrahis

Yasin

Limaye

et al. 2021

IEEE Trans. Emerg. Topics Comput.

View full text Add to dashboard Cite

show abstract

“…Weak authentication schemes involve a static secret (password) that is presented to the chip [15], [16], [17], [18], [19], [20]: To access a protected instrument i ∈ I P , the secret k i is directly applied to dedicated primary inputs [15], embedded at constant [16], [18] or variable [20] positions in scan data (scan-in bit sequence), or written to a dedicated data register in a 1149.1 circuitry [17] or an IEEE Std 1500 wrapper [19]. Since the secrets are distributed to all authorized entities and transported to the chip in plaintext, the probability that such protection schemes are eventually compromised by secret leakage is usually too large for systems with security requirements.…”

Section: Problem Formulation and Related Workmentioning

confidence: 99%

Fine-Grained Access Management in Reconfigurable Scan Networks

Baranowski

Kochte

Wunderlich

2015

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

View full text Add to dashboard Cite

Modern VLSI designs incorporate a high amount of instrumentation that supports post-silicon validation and debug, volume test and diagnosis, as well as in-field system monitoring and maintenance. Reconfigurable scan architectures, as allowed by the novel IEEE Std 1149.1-2013 (JTAG) and IEEE Std 1687-2014 (IJTAG), emerge as a scalable mechanism for access to such on-chip instruments.While the on-chip instrumentation is crucial for meeting quality, dependability, and time-to-market goals, it is prone to abuse and threatens system safety and security. A secure access management method is mandatory to assure that critical instruments be accessible to authorized entities only.This work presents a novel protection method for fine-grained access management in complex reconfigurable scan networks based on a challenge-response authentication protocol. The target scan network is extended with an authorization instrument and Secure Segment Insertion Bits (S 2 IB) that together control the accessibility of individual instruments. To the best of the authors' knowledge, this is the first fine-grained access management scheme that scales well with the number of protected instruments and offers a high level of security. Compared with recent stateof-the-art techniques, this scheme is more favorable with respect to implementation cost, performance overhead, and provided security level.Index Terms-Debug and diagnosis, reconfigurable scan network, IJTAG, IEEE Std 1687, secure DFT, hardware security, instrument protection 0278-0070 (c)

show abstract

“…Other countermeasures are based on test locking mechanisms. The so-called secure test wrappers guarantee that only authorized users can unlock the test access with a password [13] or through a secure protocol [14] [15]. In addition to the area and test time overhead introduced with these solutions, a key management is required to share the test session keys with authorized users.…”

Section: Introductionmentioning

confidence: 99%

Stream vs block ciphers for scan encryption

Valea

Silva

Flottes

et al. 2019

Microelectronics Journal

View full text Add to dashboard Cite

Security in the Integrated Circuits (IC) domain is an important challenge, especially with regard to the side channel offered by test infrastructures. Test interfaces provide access to the internal states of the IC by means of the scan chains for testing and debugging purposes. In terms of security, however, scan chains are a potential source of leakage that can be exploited by attackers. A countermeasure against such attacks is to encrypt the data flowing through the scan chains. Two types of ciphers can be employed: stream ciphers or block ciphers. Both have pros and cons in terms of performance (footprint, impact on test activity) and security. In this paper, we present two solutions: one exploiting stream ciphers fulfilling security requirements, and another exploiting block ciphers. We draw a comparison between these two scan encryption countermeasures taking into account design cost functions and security properties.

show abstract

A Secure Test Wrapper Design Against Internal and Boundary Scan Attacks for Embedded Cores

Cited by 62 publications

References 13 publications

ScanSAT: Unlocking Static and Dynamic Scan Obfuscation

ScanSAT: Unlocking Static and Dynamic Scan Obfuscation

Fine-Grained Access Management in Reconfigurable Scan Networks

Stream vs block ciphers for scan encryption

Contact Info

Product

Resources

About