Scan attacks exploit facilities offered by scan chains to retrieve embedded secret data, in particular secret keys used in crypto-processors for encoding information in such a way that only knowledge of the secret key allows to access it. This paper presents a scan attack countermeasure based on the encryption of the scan chain content. The goal is to counteract the security threats and, at the same time, to preserve test efficiency, diagnosis and debugging abilities. We propose to use the secret-key management policy embedded in the device under test in order to encrypt both control and observed data at test time. This solution does not require additional key management, provides same test/diagnostic and debug facilities as under classical scan design with marginal impacts on area and test time.
The growth in complexity of Integrated Circuits (IC) is supported, amongst other factors, by the development of standardized test infrastructures. The feasibility of both end-ofmanufacturing and in-field tests heavily depends on the presence of these infrastructures that give detailed access to the IC. The standard test infrastructures are referred as IEEE Std. 1149.1 (JTAG), IEEE Std. 1500 and IEEE Std. 1687 (IJTAG). The security issues arising from the presence of these infrastructures have been fully exposed in the last two decades. This led to the publication of several practical attacks showing how a non-protected test infrastructure can end into the jeopardizing of the entire system. As a consequence, many countermeasures have been proposed. In this survey, we provide: (i) a taxonomy of the attacks that can be performed exploiting the standard test infrastructures; (ii) a taxonomy of countermeasures inspired by the kind of security primitives that are granted in each case.
The accessibility to the internal IP cores of Systems on Chip (SoC) provided by the testing infrastructures is a serious security threat. It has been known for many years that the scan chains can be exploited to retrieve secret keys of cryptoprocessors. Encryption of the scan chain content is one of the proposed techniques to overtake this threat. Many proposals are based on stream ciphers, due to their moderate area cost compared to that of block ciphers. Stream ciphers encrypt data serially with a keystream generated from an Initialization Vector (IV) and a secret key. Stream ciphers have a crucial limitation concerning the encryption of different data with the same keystream, called two times pad. Not enough caution in the IV and secret key management has been exercised in previous proposed works. In this paper, we show how the existing implementations can be exploited to perform a scan attack bypassing the encryption of the scan data. We also present a new implementation of scan chain encryption with a stream cipher, based on the IV generation by a True Random Number Generator (TRNG). Finally, we show that this new implementation is robust against the aforementioned attack.
Security in the Integrated Circuits (IC) domain is an important challenge, especially with regard to the side channel offered by test infrastructures. Test interfaces provide access to the internal states of the IC by means of the scan chains for testing and debugging purposes. In terms of security, however, scan chains are a potential source of leakage that can be exploited by attackers. A countermeasure against such attacks is to encrypt the data flowing through the scan chains. Two types of ciphers can be employed: stream ciphers or block ciphers. Both have pros and cons in terms of performance (footprint, impact on test activity) and security. In this paper, we present two solutions: one exploiting stream ciphers fulfilling security requirements, and another exploiting block ciphers. We draw a comparison between these two scan encryption countermeasures taking into account design cost functions and security properties.
Crypto-processors are vulnerable to scan attacks. Using the scan chain, an attacker is indeed able to observe intermediate encryption states and steal secret data closelyrelated to the key. However, scan design is the most powerful mean for test and diagnostic purpose. Several countermeasure approaches have thus been proposed for securing scan designs while preserving test efficiency, diagnosis and debugging abilities. One solution is to encrypt test patterns thanks to extra block ciphers preventing control and observation of plain texts in the scan chain. The goal of this paper is to experiment this scan chain encryption approach on different designs in order to evaluate test efficiency and costs in terms of area and test time.
Standard test infrastructures, such as IEEE Std. 1149.1 (JTAG), IEEE Std. 1500 and IEEE Std. 1687 (IJTAG), are widely used in nowadays Integrated Circuits (ICs). However, they pose an important security challenge to the designers because of the high controllability and observability they offer through the Test Access Port (TAP). For instance, malicious users can exploit test infrastructures in order to access the internal scan chains of crypto-cores and perform scan attacks. Moreover, these infrastructures connect all the devices of the system to the same network. For this reason, the data sent to a target device are potentially visible to all the others. Consequently, this poses a threat to the confidentiality of data content. The encryption of test data is a countermeasure that has been conceived in order to overcome these threats. In this paper, we propose a new secure version of the JTAG infrastructure, relying on stream-based encryption.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.