Test-mode-only scan attack using the boundary scan chain

Ali, Sk Subidh; Sinanoglu, Ozgur; Karri, Ramesh

doi:10.1109/ets.2014.6847798

Cited by 25 publications

(11 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…6 to illustrate how Rule 1 can help recover missing bits in RK (i,4) . In this example, RK (4,1) and RK (5,1) have 4 bits missing and RK (4,4) has 5 bits missing. We apply Rule 1 as shown in line 7 and derive with the partially known RK (4,1) , RK (5,1) and RK (4,4) .…”

Section: (2) Restoration From Partial Information In Trace Buffermentioning

confidence: 99%

“…In this example, RK (4,1) and RK (5,1) have 4 bits missing and RK (4,4) has 5 bits missing. We apply Rule 1 as shown in line 7 and derive with the partially known RK (4,1) , RK (5,1) and RK (4,4) . After some bit-manipulation, (4,4) by using sbox lookup table (Rule 1) we get sbox mapping from a 32-bit word to another 32-bit word in line 12∼13.…”

Section: (2) Restoration From Partial Information In Trace Buffermentioning

confidence: 99%

“…Among the hardware side-channel attacks reported against AES, attacks based on scan-chain [5] and external fault injections [25] are most prominent. For all these attacks, effective countermeasures are proposed and the inherent resilience of various design points [4] is studied.…”

Section: Aes Attackmentioning

confidence: 99%

See 2 more Smart Citations

Trace Buffer Attack on the AES Cipher

Huang

Mishra

2017

J Hardw Syst Secur

View full text Add to dashboard Cite

Since the standardization of AES/Rijndael symmetric-key cipher by NIST in 2001, it gained widespread acceptance in various protocols and withstood intense scrutiny from the theoretical cryptanalysts. From the physical implementation point of view, however, AES remained vulnerable. Practical attacks on AES via fault injection, differential power analysis, scan-chain and cacheaccess timing have been demonstrated so far. In this paper, we propose a novel and effective attack, termed Trace Buffer Attack. Trace buffers are extensively used for postsilicon debug of integrated circuits. We identify the trace buffer as a source of information leakage. We first report the detailed process of trace buffer attack assuming that the register-transfer level (RTL) implementation is available. We further analyze the AES encryption algorithm and Rijndael's key expansion algorithm, and illustrate that trace buffer attack is feasible without implementation (RTL) knowledge. Our experimental results show that trace buffer attack is capable of partially recovering the secret keys of different AES implementations.

show abstract

Section: (2) Restoration From Partial Information In Trace Buffermentioning

confidence: 99%

Section: (2) Restoration From Partial Information In Trace Buffermentioning

confidence: 99%

See 1 more Smart Citation

Trace Buffer Attack on the AES Cipher

Huang

Mishra

2017

J Hardw Syst Secur

View full text Add to dashboard Cite

show abstract

“…Our future work will focus on contemporary scan architectures where a test stimulus decompressor and a response compactor reside on the scan path. We have already made some progress on attacks using compactor [20] and boundary scan chains [21]. The technique we present in this paper is readily applicable on ICs that enable debug and diagnostics with a bypass of such advanced DFT features.…”

Section: Conclusion and Ongoing Workmentioning

confidence: 99%

New Scan-Based Attack Using Only the Test Mode and an Input Corruption Countermeasure

Ali

Saeed

Sinanoglu

et al. 2015

IFIP Advances in Information and Communication Technology

Self Cite

View full text Add to dashboard Cite

Scan-based design-for-testability, which improves access and thus the test quality, is highly vulnerable to scan attack. While in-field test is enabled through the scan design to provide debug capabilities, an attacker can leverage the test mode to leak the secret key of the chip. The scan attack can be thwarted by a simple defense that resets the data upon a switch from the normal mode to the test mode. We proposed a new class of scan attack in [15] using only the test mode of a chip, circumventing this defense. In this book chapter we extend our earlier work by introducing case studies to explain this new attack in greater detail. Furthermore, we study the effectiveness of existing countermeasures to thwart the attack and propose a new input corruption countermeasure that requires a smaller area overhead compared to the existing countermeasures.

show abstract

“…Test-mode-only attacks [23,24,25] that can be implemented only under the test mode are deemed to be more risky attacks. Such attacks mainly focus on boundary scan design, in which each primary input (PI) is equipped with a boundary scan cell.…”

Section: Introductionmentioning

confidence: 99%

Enhancing Sensor Network Security with Improved Internal Hardware Design

Wang

Deng

Jin

2019

Sensors

View full text Add to dashboard Cite

With the rapid development of the Internet-of-Things (IoT), sensors are being widely applied in industry and human life. Sensor networks based on IoT have strong Information transmission and processing capabilities. The security of sensor networks is progressively crucial. Cryptographic algorithms are widely used in sensor networks to guarantee security. Hardware implementations are preferred, since software implementations offer lower throughout and require more computational resources. Cryptographic chips should be tested in a manufacturing process and in the field to ensure their quality. As a widely used design-for-testability (DFT) technique, scan design can enhance the testability of the chips by improving the controllability and observability of the internal flip-flops. However, it may become a backdoor to leaking sensitive information related to the cipher key, and thus, threaten the security of a cryptographic chip. In this paper, a secure scan test architecture was proposed to resist scan-based noninvasive attacks on cryptographic chips with boundary scan design. Firstly, the proposed DFT architecture provides the scan chain reset mechanism by gating a mode-switching detection signal into reset input of scan cells. The contents of scan chains will be erased when the working mode is switched between test mode and functional mode, and thus, it can deter mode-switching based noninvasive attacks. Secondly, loading the secret key into scan chains of cryptographic chips is prohibited in the test mode. As a result, the test-mode-only scan attack can also be thwarted. On the other hand, shift operation under functional mode is disabled to overcome scan attack in the functional mode. The proposed secure scheme ensures the security of cryptographic chips for sensor networks with extremely low area penalty.

show abstract

Test-mode-only scan attack using the boundary scan chain

Cited by 25 publications

References 8 publications

Trace Buffer Attack on the AES Cipher

Trace Buffer Attack on the AES Cipher

New Scan-Based Attack Using Only the Test Mode and an Input Corruption Countermeasure

Enhancing Sensor Network Security with Improved Internal Hardware Design

Contact Info

Product

Resources

About