skip to main content
research-article

On Securing Cryptographic ICs against Scan-based Attacks: A Hamming Weight Distribution Perspective

Published: 25 March 2023 Publication History

Abstract

Scan chain-based Design for Testability is the industry standard in use for testing manufacturing defects in the semiconductor industry to ensure the structural and functional correctness of chips. Fault coverage is significantly enhanced due to the higher observability and controllability of the internal latches. These ensuing benefits to testing, if misused, expose vulnerabilities that can be detrimental to the security aspects, especially in the context of crypto-chips that contain a secret key. Hence, it remains of paramount importance for a chip designer to secure crypto-chips against various scan attacks. A countermeasure is proposed in this article that preserves the secrecy of an embedded key in a cryptographic integrated circuit running an Advanced Encryption Standard (AES) implementation. A novel design involving a hardware unit is illustrated that circumvents differential scan attacks by essentially performing bit flips deterministically, using a pre-computed mask value. This helps secure the chip while retaining full testability. The controller logic directly depends on a mask determination algorithm that can defend against any scan attack with 𝒪 theoretical complexity. Security analysis of our proposed defense procedure is performed in the framework of Discrete Event Systems (DES). The sequential scan circuit of an AES cryptosystem is modeled as a DES using Finite State Automata. A security notion, Opacity, is used to quantify and formally verify the security aspects of our controlled system, which shows that the entropy of the secret key is preserved. A case study is performed that shows to mitigate state-of-the-art differential scan attacks successfully at a nominal extra overhead of 1.78%.

References

[1]
AES IP Core. 2020. Retrieved from.
[2]
Sk Subidh Ali, Samah Mohamed Saeed, Ozgur Sinanoglu, and Ramesh Karri. 2013. Scan attack in presence of mode-reset countermeasure. In Proceedings of the IEEE 19th International On-Line Testing Symposium (IOLTS’13). 230–231. DOI:
[3]
Sk Subidh Ali, Samah M. Saeed, Ozgur Sinanoglu, and Ramesh Karri. 2015. Novel test-mode-only scan attack and countermeasure for compression-based scan architectures. IEEE Trans. Comput.-Aided Design Integr. Circ. Syst. 34, 5 (2015), 808–821. DOI:
[4]
Sk Subidh Ali, Ozgur Sinanoglu, and Ramesh Karri. 2014. Test-mode-only scan attack using the boundary scan chain. In Proceedings of the 19th IEEE European Test Symposium (ETS’14). 1–6. DOI:
[5]
Lilas Alrahis, Muhammad Yasin, Nimisha Limaye, Hani Saleh, Baker Mohammad, Mahmoud Al-Qutayri, and Ozgur Sinanoglu. 2021. ScanSAT: Unlocking static and dynamic scan obfuscation. IEEE Trans. Emerg. Top. Comput. 9, 4 (2021), 1867–1882. DOI:
[6]
Lilas Alrahis, Muhammad Yasin, Hani Saleh, Baker Mohammad, Mahmoud Al-Qutayri, and Ozgur Sinanoglu. 2019. ScanSAT: Unlocking obfuscated scan chains. In Proceedings of the Asia and South Pacific Design Automation Conference (ASPDAC’19). ACM, 352–357. DOI:
[7]
Yuta Atobe, Youhua Shi, Masao Yanagisawa, and Nozomu Togawa. 2013. Secure scan design with dynamically configurable connection. In Proceedings of the IEEE 19th Pacific Rim International Symposium on Dependable Computing. 256–262. DOI:
[8]
Kimia Zamiri Azar, Hadi Mardani Kamali, Houman Homayoun, and Avesta Sasan. 2021. From cryptography to logic locking: A survey on the architecture evolution of secure scan chains. IEEE Access 9 (2021), 73133–73151. DOI:
[9]
Christos G. Cassandras and Stéphane Lafortune. 2008. Introduction to Discrete Event Systems (2nd ed.). Springer, New York. DOI:
[10]
Aijiao Cui, Mengyang Li, Gang Qu, and Huawei Li. 2020. A guaranteed secure scan design based on test data obfuscation by cryptographic hash. IEEE Trans. Comput.-Aided Design Integr. Circ. Syst. 39, 12 (2020), 4524–4536. DOI:
[11]
Aijiao Cui, Yanhui Luo, and Chip-Hong Chang. 2017. Static and dynamic obfuscations of scan data against scan-based side-channel attacks. IEEE Trans. Info. Forens. Secur. 12, 2 (2017), 363–376. DOI:
[12]
Jean Da Rolt, Amitabh Das, Giorgio Di Natale, Mane-Lise Flottes, Bruno Rouzeyre, and Ingrid Verbauwhede. 2012. A scan-based attack on Elliptic Curve Cryptosystems in presence of industrial Design-for-Testability structures. In Proceedings of the IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT’12). 43–48. DOI:
[13]
Jean Da Rolt, Giorgio Di Natale, Marie-Lise Flottes, and Bruno Rouzeyre. 2011. New security threats against chips containing scan chain structures. In Proceedings of the IEEE International Symposium on Hardware-Oriented Security and Trust. 110–110. DOI:
[14]
Mathieu Da Silva, Marie-Lise Flottes, Giorgio Di Natale, and Bruno Rouzeyre. 2019. Preventing scan attacks on secure circuits through scan chain encryption. IEEE Trans. Comput.-Aided Design Integr. Circ. Syst. 38, 3 (2019), 538–550. DOI:
[15]
Amitabh Das, Barış Ege, Santosh Ghosh, Lejla Batina, and Ingrid Verbauwhede. 2013. Security analysis of industrial test compression schemes. IEEE Trans. Comput.-Aided Design Integr. Circ. Syst. 32, 12 (2013), 1966–1977. DOI:
[16]
Jérémy Dubreil, Philippe Darondeau, and Hervé Marchand. 2010. Supervisory control for opacity. IEEE Trans. Automat. Control 55, 5 (2010), 1089–1100. DOI:
[17]
Jennifer Dworak, Zoe Conroy, Al Crouch, and John Potter. 2014. Board security enhancement using new locking SIB-based architectures. In Proceedings of the International Test Conference. 1–10. DOI:
[18]
Jennifer Dworak, Al Crouch, John Potter, Adam Zygmontowicz, and Micah Thornton. 2013. Don’t forget to lock your SIB: Hiding instruments using P1687. In Proceedings of the IEEE International Test Conference (ITC’13). 1–10. DOI:
[19]
D. Hely, F. Bancel, M. L. Flottes, and B. Rouzeyre. 2005. Test control for secure scan designs. In Proceedings of the European Test Symposium (ETS’05). 190–195. DOI:
[20]
Abdel Alim Kamal and Amr M. Youssef. 2012. A scan-based side channel attack on the NTRUEncrypt cryptosystem. In Proceedings of the 7th International Conference on Availability, Reliability and Security. 402–409. DOI:
[21]
Rajit Karmakar, Santanu Chattopadhyay, and Rohit Kapur. 2020. A scan obfuscation guided design-for-security approach for sequential circuits. IEEE Trans. Circ. Syst. II: Express Briefs 67, 3 (2020), 546–550. DOI:
[22]
Hirokazu Kodera, Masao Yanagisawa, and Nozomu Togawa. 2012. Scan-based attack against DES cryptosystems using scan signatures. In Proceedings of the IEEE Asia Pacific Conference on Circuits and Systems. 599–602. DOI:
[23]
Jeremy Lee, Mohammad Tehranipoor, Chintan Patel, and Jim Plusquellic. 2007. Securing designs against scan-based side-channel attacks. IEEE Trans. Depend. Secure Comput. 4, 4 (2007), 325–336. DOI:
[24]
Nimisha Limaye and Ozgur Sinanoglu. 2020. DynUnlock: Unlocking scan chains obfuscated using dynamic keys. In Proceedings of the Design, Automation, and Test in Europe Conference and Exhibition (DATE’20). 270–273. DOI:
[25]
Feng Lin. 2011. Opacity of discrete event systems and its applications. Automatica 47, 3 (2011), 496–503. DOI:
[26]
Chunsheng Liu and Yu Huang. 2007. Effects of embedded decompression and compaction architectures on side-channel attack resistance. In Proceedings of the 25th IEEE VLSI Test Symposium (VTS’07). 461–468. DOI:
[27]
Ryuta Nara, Kei Satoh, Masao Yanagisawa, Tatsuo Ohtsuki, and Nozomu Togawa. 2010. Scan-based side-channel attack against RSA cryptosystems using scan signatures. IEICE Transact. 93-A (122010), 2481–2489. DOI:
[28]
Ryuta Nara, Nozomu Togawa, Masao Yanagisawa, and Tatsuo Ohtsuki. 2009. A scan-based attack based on discriminators for AES cryptosystems. IEICE Transact. Fundam. Electr. Commun. Comput. Sci. 92, 12 (Jan.2009), 3229–3237. DOI:
[29]
M. Sazadur Rahman, Adib Nahiyan, Fahim Rahman, Saverio Fazzari, Kenneth Plaks, Farimah Farahmandi, Domenic Forte, and Mark Tehranipoor. 2021. Security assessment of dynamically obfuscated scan chain against oracle-guided attacks. ACM Trans. Des. Autom. Electron. Syst. 26, 4, Article 29 (Mar.2021), 27 pages. DOI:
[30]
Md Tauhidur Rahman, Domenic Forte, and Mark Tehranipoor. 2017. Protection of Assets from Scan Chain Vulnerabilities Through Obfuscation. 135–158. DOI:
[31]
P. J. G. Ramadge and W. M. Wonham. 1989. The control of discrete event systems. Proc. IEEE 77, 1 (1989), 81–98. DOI:
[32]
Dipojjwal Ray, Siddharth Singh, Sk Subidh Ali, and Santosh Biswas. 2019. Co-relation scan attack analysis (COSAA) on AES: A comprehensive approach. In Proceedings of the IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT’19). 1–6. DOI:
[33]
Anooshiravan Saboori and Christoforos N. Hadjicostis. 2007. Notions of security and opacity in discrete event systems. In Proceedings of the 46th IEEE Conference on Decision and Control. 5056–5061. DOI:
[34]
Anooshiravan Saboori and Christoforos N. Hadjicostis. 2008. Verification of initial-state opacity in security applications of DES. In Proceedings of the 9th International Workshop on Discrete Event Systems. 328–333. DOI:
[35]
Yogendra Sao and Sk Subidh Ali. 2021. Security analysis of state-of-the-art scan obfuscation technique. In Proceedings of the IEEE 39th International Conference on Computer Design (ICCD’21). 599–602. DOI:
[36]
Yogendra Sao, Sk Subidh Ali, Dipojjwal Ray, Siddharth Singh, and Santosh Biswas. 2021. Co-relation scan attack analysis (COSAA) on AES: A comprehensive approach. Microelectr. Reliabil. 123 (2021), 114216. DOI:
[37]
Yogendra Sao, Anjum Riaz, Satyadev Ahlawat, and Sk. Subidh Ali. 2022. Evaluating security of new locking SIB-based architectures. In Proceedings of the IEEE European Test Symposium (ETS’22). 1–6. DOI:
[38]
Yogendra Sao, K. K. Soundra Pandian, and Sk Subidh Ali. 2020. Revisiting the security of static masking and compaction: Discovering new vulnerability and improved scan attack on AES. In Proceedings of the Asian Hardware Oriented Security and Trust Symposium (AsianHOST’20). 1–6. DOI:
[39]
Xiaoxiao Wang, Dongrong Zhang, Miao He, Donglin Su, and Mark Tehranipoor. 2018. Secure scan and test using obfuscation throughout supply chain. IEEE Trans. Comput.-Aided Design Integr. Circ. Syst. 37, 9 (2018), 1867–1880. DOI:
[40]
Bo Yang, Kaijie Wu, and Ramesh Karri. 2004. Scan based side channel attack on dedicated hardware implementations of data encryption standard. In Proceedings of the International Test Conference (ITC’04). 339–344. DOI:
[41]
Bo Yang, Kaijie Wu, and Ramesh Karri. 2005. Secure scan: A design-for-test architecture for crypto chips. IEEE Trans. Comput.-Aided Design Integr. Circ. Syst. 25, 135–140. DOI:
[42]
Tingting Yu, Aijiao Cui, Mengyang Li, and André Ivanov. 2015. A new decompressor with ordered parallel scan design for reduction of test data and test time. In Proceedings of the IEEE International Symposium on Circuits and Systems (ISCAS’15). 641–644. DOI:
[43]
Bo Zhang, Shaolong Shu, and Feng Lin. 2014. Maximum information release while ensuring opacity in discrete event systems. In Proceedings of the IEEE International Conference on Robotics and Automation (ICRA’14). 3285–3290. DOI:
[44]
Dongrong Zhang, Miao He, Xiaoxiao Wang, and Mark Tehranipoor. 2017. Dynamically obfuscated scan for protecting IPs against scan-based attacks throughout supply chain. In Proceedings of the IEEE 35th VLSI Test Symposium (VTS’17). 1–6. DOI:
[45]
Zhuo Zhang, S. M. Reddy, I. Pomeranz, Xijiang Lin, and J. Rajski. 2006. Scan tests with multiple fault activation cycles for delay faults. In Proceedings of the 24th IEEE VLSI Test Symposium. DOI:

Cited By

View all
  • (2024)A Boundary Scan Test Vectors Optimization Method Based on Improved GA-AO* Approach Considering Fault Probability ModelApplied Sciences10.3390/app1406241014:6(2410)Online publication date: 13-Mar-2024
  • (2024)DefScan: Provably Defeating Scan Attack on AES-Like CiphersIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.336828943:8(2326-2339)Online publication date: 1-Aug-2024
  • (2023)A classification of cybersecurity strategies in the context of Discrete Event SystemsAnnual Reviews in Control10.1016/j.arcontrol.2023.10090756(100907)Online publication date: 2023

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Journal on Emerging Technologies in Computing Systems
ACM Journal on Emerging Technologies in Computing Systems  Volume 19, Issue 2
April 2023
214 pages
ISSN:1550-4832
EISSN:1550-4840
DOI:10.1145/3587888
  • Editor:
  • Ramesh Karri
Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

Publication History

Published: 25 March 2023
Online AM: 22 December 2022
Accepted: 30 November 2022
Revised: 12 November 2022
Received: 19 December 2021
Published in JETC Volume 19, Issue 2

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Design-for-Testability
  2. Scan-based attack
  3. differential scan attack
  4. IC Security
  5. Discrete Event System
  6. Opacity
  7. Finite State Automata

Qualifiers

  • Research-article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)120
  • Downloads (Last 6 weeks)2
Reflects downloads up to 22 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)A Boundary Scan Test Vectors Optimization Method Based on Improved GA-AO* Approach Considering Fault Probability ModelApplied Sciences10.3390/app1406241014:6(2410)Online publication date: 13-Mar-2024
  • (2024)DefScan: Provably Defeating Scan Attack on AES-Like CiphersIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.336828943:8(2326-2339)Online publication date: 1-Aug-2024
  • (2023)A classification of cybersecurity strategies in the context of Discrete Event SystemsAnnual Reviews in Control10.1016/j.arcontrol.2023.10090756(100907)Online publication date: 2023

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Full Text

View this article in Full Text.

Full Text

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media